{ "type": "bundle", "id": "bundle--174f7375-c811-4c4a-81e0-1d41582f340d", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:58:38.000Z", "modified": "2021-03-26T11:58:38.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--174f7375-c811-4c4a-81e0-1d41582f340d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:58:38.000Z", "modified": "2021-03-26T11:58:38.000Z", "name": "OSINT - Analyzing attacks taking advantage of the Exchange Server vulnerabilities", "published": "2021-03-26T11:59:57Z", "object_refs": [ "indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3", "indicator--0507d917-2bfd-418a-9c91-65edfe6df45f", "indicator--27883473-9495-4bdc-84e1-8898c13d1f52", "indicator--222418c5-b7f1-494e-9044-bfb11f195703", "indicator--fb9b415d-0c5f-4bc2-a966-8f2de3e6b5ad", "indicator--d3418d73-07c0-4c8e-887e-1c0ef132491c", "indicator--30133a6e-5b42-4d43-b14e-14c0ce5c48fd", "indicator--1b11e7b2-b5d3-49ce-a2e4-67b4b733805c", "indicator--09c6e13b-9ee3-4d11-91c7-2934ce6214a5", "indicator--90d44c63-36d4-4adb-94ae-477475eeba3e", "indicator--ca05457f-042b-4300-9c5e-52a335f989ef", "indicator--6a2ad2ef-58be-4303-b7cf-41a1caaab335", "indicator--6a380c0c-1f8f-4f16-92c7-631f398034e9", "indicator--e50aa7c3-ae00-4429-91d7-7962db057e92", "indicator--5ac9bd59-8ee3-44c0-a842-128312afcb41", "indicator--53c5263a-7e99-412a-83ca-bed51b063a7c", "indicator--1c8b9c11-d832-4d3a-aa72-6f20a40e9ce6", "indicator--eb98ccd1-b6c2-459f-877c-6fc9cb5682ed", "indicator--ec22d510-f3af-4807-b40d-0e9a84073347", "indicator--5b9913c1-e277-4947-a05d-52a3528c82ad", "indicator--a1f758e0-7568-4ed1-ab37-a8ee02e22359", "indicator--a7c061b6-8737-4833-9bfb-7dc7a9877edc", "indicator--e8ef454d-3103-4a3c-9660-115baf72420d", "indicator--58eddb96-5c84-408e-9a47-11034fd78da8", "indicator--2d57e2fe-cd02-4ccf-b1fd-d14398c8cff4", "indicator--d3143632-5173-4516-9327-8e22f0deb6e6", "indicator--9eefe9a8-57b4-4af0-9e46-a5ecc756d2a2", "indicator--1eb9c95a-aca6-4e17-95d8-85eb5580f05b", "indicator--151610f0-2fb7-46d6-b3e1-b3b627878ada", "indicator--eecf9939-d3d5-443a-ade5-374142e5bef8", "indicator--637ef6c0-1d6c-4a0e-97a7-8c29d3a272ec", "indicator--fecb1042-b6de-46ee-b3b8-e9b2a7d2e30c", "indicator--e2526249-0422-4096-8b1e-7c189aea6270", "indicator--7f7b791d-774d-4852-9456-2e5cbb6f47f8", "indicator--1f505bb0-aa2c-41c5-bce0-b30cc941a94d", "indicator--741ebe5a-d450-44ba-989d-98b2164a8591", "indicator--debe77bb-8d18-4911-9726-a46c85d44795", "indicator--a011b404-9097-48e4-a602-1372b238d3b3", "indicator--3b0ce211-02ae-466d-9390-cf91f7c73014", "indicator--493ab996-5d1b-4bcf-932d-2305a6541f26", "indicator--a7e87b24-f989-402d-8673-d8741bc08184", "indicator--fd66b672-274f-4bd0-9de6-04b1d46fd965", "indicator--94aecbb8-5189-4e6e-9356-0172dcc89638", "indicator--140c1e65-1d74-4e0f-9306-0690d7c91fed", "indicator--fe58049f-d796-48a7-b572-0256fb1c719f", "indicator--68db0c1e-4c28-43a4-96db-e85fe0dc2e53", "indicator--e26ca02c-6819-4602-bbb8-ce6534aed660", "indicator--411617df-f081-4b02-92fa-6374ee8b0f59", "x-misp-attribute--9749a54a-4be5-4059-acbf-033d614dee7d", "x-misp-attribute--a4071d67-2ea4-49d1-9c9b-0ee81234d809", "x-misp-attribute--0178d543-9d09-4643-b5b6-ef0d2ea32e37", "x-misp-attribute--3e1c27bd-054d-4e1c-a7f6-b1d0aae91db7", "x-misp-attribute--77f83632-b74c-4bfd-a23d-c1cf3221bbf4", "x-misp-attribute--3d8a57d8-98ae-427a-ab43-ff07a8971b36", "x-misp-attribute--eb8743cd-6e7e-40b3-a6c6-b6270ad1dba0", "x-misp-attribute--59e6151f-accb-40b8-b1a4-884ec8c14134", "x-misp-attribute--669a2dc2-269d-4a5d-8025-21151208a7d3", "x-misp-attribute--b0de41c7-ec23-491d-a31f-3dce62abf9af", "x-misp-attribute--a09f91d6-2103-422c-bf5b-6451f4a1acdc", "x-misp-attribute--1315cf20-b279-490f-aded-5ae5c53ba9d3", "x-misp-attribute--368c532e-2cfb-4946-b88f-8c0fea358d20", "x-misp-attribute--7a16683b-3e4a-49dc-941f-13299d77d90a", "x-misp-object--c96a5a0f-a2d4-4072-8eb2-e85fdf0632fb", "indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac", "x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8", "indicator--a195cd72-0b3b-4c16-a185-1dbba192b089", "x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91", "indicator--9e5710ce-d800-4726-b66b-0a2f6568a769", "x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09", "indicator--98476378-a729-4dc9-8381-460968f44e41", "x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba", "indicator--16eab987-8119-482e-81ca-637d7ab2027a", "x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7", "indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a", "x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530", "indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90", "x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44", "indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe", "x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769", "indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5", "x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda", "indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881", "x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98", "indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016", "x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d", "indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48", "x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4", "indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427", "x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d", "indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e", "x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3", "indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c", "x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28", "indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7", "x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f", "indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d", "x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac", "indicator--5b361066-2b82-4c80-b4ae-690998433d3c", "x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996", "indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67", "x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5", "indicator--606c37d3-7072-49e9-ba9a-f091642c58b6", "x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c", "indicator--833d3f3f-8273-4951-b714-6706bc1347d0", "x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8", "indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e", "x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930", "indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de", "x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66", "indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3", "x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d", "indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8", "x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777", "indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04", "x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9", "indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230", "x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59", "indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643", "x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532", "indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461", "x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd", "indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247", "x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d", "indicator--0737e5f5-f011-41ba-aa2d-17120ee75143", "x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548", "indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026", "x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b", "indicator--bcb634ef-c629-450c-a194-3197dcac08bf", "x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7", "indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6", "x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c", "indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd", "x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a", "indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5", "x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078", "x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325", "x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67", "x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95", "relationship--3915cf7c-79e9-4016-847f-7b5ee503aeea", "relationship--444df475-3338-45bb-9432-2aae2c275083", "relationship--216aec7d-fa81-4016-949e-82df8dfd9b67", "relationship--35d6f622-ea78-4c9b-ab8a-a9b9ca4adacc", "relationship--099ca7a7-6692-43b3-bbb5-e414fc7b3c17", "relationship--2bcf658d-72c1-4027-9aeb-8edff6ad08c9", "relationship--1eee086a-af21-4b46-ba90-7785fe140f7b", "relationship--8b86f3d7-3116-4bdc-b837-db0350599e36", "relationship--ec1f776a-4256-410e-8be9-a01bcbce0160", "relationship--5c081a34-48cc-4d27-9532-54d4b2bdb75c", "relationship--3132d6f9-926e-459f-afb2-7b3ef5593874", "relationship--0452314e-1b03-4613-86fc-fd6783fd3924", "relationship--b39debab-f40a-43d1-b10e-4608344b9926", "relationship--80bf4aa4-9461-430f-85c3-4c9118e4db0f", "relationship--022292c1-c4c7-4a2c-97d0-f5b207d00f2a", "relationship--abf9d594-8c5d-400c-aa90-86d9e7ed981b", "relationship--f5839b21-0dec-4e14-a596-7d3e09f1c379", "relationship--e1d538a6-376d-47fb-884e-1e2dd50ba449", "relationship--49176e2e-9496-4530-8e69-7823fdf10400", "relationship--0b1da5ec-9dae-48b2-a9ca-622cef1181bd", "relationship--1f5540a0-2ff4-41ab-bf49-711d5c166c8b", "relationship--277af749-7647-40b4-a688-87247d69ade6", "relationship--77275d9b-3d0e-4dbe-9262-26ec4b569b31", "relationship--0a625a51-d949-45d3-b4e3-65ac3fea50f9", "relationship--242a6241-f623-46e9-abd1-5ac4b4af39e2", "relationship--4c354e42-e792-4723-89be-578d47797956", "relationship--287cb180-12b2-4399-91b1-14cee7aa380c", "relationship--39ce1443-9886-4960-b465-b5f330049f1f", "relationship--501be838-5668-4b33-b399-6a56a561e99f", "relationship--328182c8-a426-4432-ab78-eb40f3c9f7ff", "relationship--e228f230-d975-490e-a2ed-123dbd15f505", "relationship--0f45c76e-c2e6-4dc5-98a0-930cbfe3ce94", "relationship--217ed8b4-c732-42bd-94dc-78503e05c77a", "relationship--57d2a13e-1f99-4467-affc-88844e566b97", "relationship--58672eed-c737-48e1-9d17-a3ceeea4837e", "relationship--596ddda5-5ad5-4221-828e-0206d32e8d23", "relationship--ea99fe51-f62c-4866-8df6-b6c27bf9a852", "relationship--20ece06a-53ab-4ee4-8a7d-90fd73be284b", "relationship--8e46f5a8-1533-4a07-b6e5-49d7c047b2c8" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:50:34.000Z", "modified": "2021-03-26T10:50:34.000Z", "description": "Domains abused by Lemon Duck:", "pattern": "[domain-name:value = 'down.sqlnetcat.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:50:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0507d917-2bfd-418a-9c91-65edfe6df45f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:50:34.000Z", "modified": "2021-03-26T10:50:34.000Z", "description": "Domains abused by Lemon Duck:", "pattern": "[domain-name:value = 't.sqlnetcat.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:50:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--27883473-9495-4bdc-84e1-8898c13d1f52", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:50:34.000Z", "modified": "2021-03-26T10:50:34.000Z", "description": "Domains abused by Lemon Duck:", "pattern": "[domain-name:value = 't.netcatkit.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:50:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--222418c5-b7f1-494e-9044-bfb11f195703", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:07.000Z", "modified": "2021-03-26T10:51:07.000Z", "description": "Pydomer DGA network indicators:", "pattern": "[url:value = 'uiiuui.com/search/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb9b415d-0c5f-4bc2-a966-8f2de3e6b5ad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:07.000Z", "modified": "2021-03-26T10:51:07.000Z", "description": "Pydomer DGA network indicators:", "pattern": "[url:value = 'yuuuuu43.com/vpn-service/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3418d73-07c0-4c8e-887e-1c0ef132491c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:07.000Z", "modified": "2021-03-26T10:51:07.000Z", "description": "Pydomer DGA network indicators:", "pattern": "[url:value = 'yuuuuu44.com/vpn-service/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30133a6e-5b42-4d43-b14e-14c0ce5c48fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:07.000Z", "modified": "2021-03-26T10:51:07.000Z", "description": "Pydomer DGA network indicators:", "pattern": "[url:value = 'yuuuuu46.com/search/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1b11e7b2-b5d3-49ce-a2e4-67b4b733805c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:33.000Z", "modified": "2021-03-26T10:51:33.000Z", "description": "Pydomer associated hashes", "pattern": "[file:hashes.SHA256 = '7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--09c6e13b-9ee3-4d11-91c7-2934ce6214a5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:34.000Z", "modified": "2021-03-26T10:51:34.000Z", "description": "Pydomer associated hashes", "pattern": "[file:hashes.SHA256 = '866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90d44c63-36d4-4adb-94ae-477475eeba3e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:34.000Z", "modified": "2021-03-26T10:51:34.000Z", "description": "Pydomer associated hashes", "pattern": "[file:hashes.SHA256 = '910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca05457f-042b-4300-9c5e-52a335f989ef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:34.000Z", "modified": "2021-03-26T10:51:34.000Z", "description": "Pydomer associated hashes", "pattern": "[file:hashes.SHA256 = 'a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a2ad2ef-58be-4303-b7cf-41a1caaab335", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:34.000Z", "modified": "2021-03-26T10:51:34.000Z", "description": "Pydomer associated hashes", "pattern": "[file:hashes.SHA256 = 'b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a380c0c-1f8f-4f16-92c7-631f398034e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:34.000Z", "modified": "2021-03-26T10:51:34.000Z", "description": "Pydomer associated hashes", "pattern": "[file:hashes.SHA256 = 'c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e50aa7c3-ae00-4429-91d7-7962db057e92", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:34.000Z", "modified": "2021-03-26T10:51:34.000Z", "description": "Pydomer associated hashes", "pattern": "[file:hashes.SHA256 = 'c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ac9bd59-8ee3-44c0-a842-128312afcb41", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = '0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53c5263a-7e99-412a-83ca-bed51b063a7c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = '3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c8b9c11-d832-4d3a-aa72-6f20a40e9ce6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = '4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb98ccd1-b6c2-459f-877c-6fc9cb5682ed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = '56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec22d510-f3af-4807-b40d-0e9a84073347", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = '69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9913c1-e277-4947-a05d-52a3528c82ad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = '737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1f758e0-7568-4ed1-ab37-a8ee02e22359", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = '893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7c061b6-8737-4833-9bfb-7dc7a9877edc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = '9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e8ef454d-3103-4a3c-9660-115baf72420d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = '9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58eddb96-5c84-408e-9a47-11034fd78da8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = 'a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d57e2fe-cd02-4ccf-b1fd-d14398c8cff4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = 'd8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3143632-5173-4516-9327-8e22f0deb6e6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = 'db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9eefe9a8-57b4-4af0-9e46-a5ecc756d2a2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = 'dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1eb9c95a-aca6-4e17-95d8-85eb5580f05b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = 'f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--151610f0-2fb7-46d6-b3e1-b3b627878ada", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = 'f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eecf9939-d3d5-443a-ade5-374142e5bef8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:51:49.000Z", "modified": "2021-03-26T10:51:49.000Z", "description": "Lemon Duck associated hashes", "pattern": "[file:hashes.SHA256 = 'fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:51:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--637ef6c0-1d6c-4a0e-97a7-8c29d3a272ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:14.000Z", "modified": "2021-03-26T10:52:14.000Z", "description": "DoejoCrypt associated hashes", "pattern": "[file:hashes.SHA256 = '027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fecb1042-b6de-46ee-b3b8-e9b2a7d2e30c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:14.000Z", "modified": "2021-03-26T10:52:14.000Z", "description": "DoejoCrypt associated hashes", "pattern": "[file:hashes.SHA256 = '10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2526249-0422-4096-8b1e-7c189aea6270", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:14.000Z", "modified": "2021-03-26T10:52:14.000Z", "description": "DoejoCrypt associated hashes", "pattern": "[file:hashes.SHA256 = '2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f7b791d-774d-4852-9456-2e5cbb6f47f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:14.000Z", "modified": "2021-03-26T10:52:14.000Z", "description": "DoejoCrypt associated hashes", "pattern": "[file:hashes.SHA256 = '904fbea2cd68383f32c5bc630d2227601dc52f94790fe7a6a7b6d44bfd904ff3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f505bb0-aa2c-41c5-bce0-b30cc941a94d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:14.000Z", "modified": "2021-03-26T10:52:14.000Z", "description": "DoejoCrypt associated hashes", "pattern": "[file:hashes.SHA256 = 'bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--741ebe5a-d450-44ba-989d-98b2164a8591", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:14.000Z", "modified": "2021-03-26T10:52:14.000Z", "description": "DoejoCrypt associated hashes", "pattern": "[file:hashes.SHA256 = 'e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--debe77bb-8d18-4911-9726-a46c85d44795", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:14.000Z", "modified": "2021-03-26T10:52:14.000Z", "description": "DoejoCrypt associated hashes", "pattern": "[file:hashes.SHA256 = 'fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a011b404-9097-48e4-a602-1372b238d3b3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:14.000Z", "modified": "2021-03-26T10:52:14.000Z", "description": "DoejoCrypt associated hashes", "pattern": "[file:hashes.SHA256 = 'feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b0ce211-02ae-466d-9390-cf91f7c73014", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:35.000Z", "modified": "2021-03-26T10:52:35.000Z", "description": "file hashes for some of the web shells observed during attacks", "pattern": "[file:hashes.SHA256 = '201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--493ab996-5d1b-4bcf-932d-2305a6541f26", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:35.000Z", "modified": "2021-03-26T10:52:35.000Z", "description": "file hashes for some of the web shells observed during attacks", "pattern": "[file:hashes.SHA256 = '2f0bc81c2ea269643cae307239124d1b6479847867b1adfe9ae712a1d5ef135e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7e87b24-f989-402d-8673-d8741bc08184", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:35.000Z", "modified": "2021-03-26T10:52:35.000Z", "description": "file hashes for some of the web shells observed during attacks", "pattern": "[file:hashes.SHA256 = '4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd66b672-274f-4bd0-9de6-04b1d46fd965", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:35.000Z", "modified": "2021-03-26T10:52:35.000Z", "description": "file hashes for some of the web shells observed during attacks", "pattern": "[file:hashes.SHA256 = '511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94aecbb8-5189-4e6e-9356-0172dcc89638", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:35.000Z", "modified": "2021-03-26T10:52:35.000Z", "description": "file hashes for some of the web shells observed during attacks", "pattern": "[file:hashes.SHA256 = '65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--140c1e65-1d74-4e0f-9306-0690d7c91fed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:35.000Z", "modified": "2021-03-26T10:52:35.000Z", "description": "file hashes for some of the web shells observed during attacks", "pattern": "[file:hashes.SHA256 = '811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe58049f-d796-48a7-b572-0256fb1c719f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:35.000Z", "modified": "2021-03-26T10:52:35.000Z", "description": "file hashes for some of the web shells observed during attacks", "pattern": "[file:hashes.SHA256 = '8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68db0c1e-4c28-43a4-96db-e85fe0dc2e53", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:35.000Z", "modified": "2021-03-26T10:52:35.000Z", "description": "file hashes for some of the web shells observed during attacks", "pattern": "[file:hashes.SHA256 = 'a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e26ca02c-6819-4602-bbb8-ce6534aed660", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:35.000Z", "modified": "2021-03-26T10:52:35.000Z", "description": "file hashes for some of the web shells observed during attacks", "pattern": "[file:hashes.SHA256 = 'b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--411617df-f081-4b02-92fa-6374ee8b0f59", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:52:35.000Z", "modified": "2021-03-26T10:52:35.000Z", "description": "file hashes for some of the web shells observed during attacks", "pattern": "[file:hashes.SHA256 = 'dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T10:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--9749a54a-4be5-4059-acbf-033d614dee7d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Behavior:Win32/Exmann" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--a4071d67-2ea4-49d1-9c9b-0ee81234d809", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Behavior:Win32/IISExchgSpawnEMS" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--0178d543-9d09-4643-b5b6-ef0d2ea32e37", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Exploit:ASP/CVE-2021-27065" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--3e1c27bd-054d-4e1c-a7f6-b1d0aae91db7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Exploit:Script/Exmann" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--77f83632-b74c-4bfd-a23d-c1cf3221bbf4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Trojan:Win32/IISExchgSpawnCMD" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--3d8a57d8-98ae-427a-ab43-ff07a8971b36", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Behavior:Win32/IISExchgDropWebshellBackdoor:JS/Webshell" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--eb8743cd-6e7e-40b3-a6c6-b6270ad1dba0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Backdoor:PHP/Chopper" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--59e6151f-accb-40b8-b1a4-884ec8c14134", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Backdoor:ASP/Chopper" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--669a2dc2-269d-4a5d-8025-21151208a7d3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Backdoor:MSIL/Chopper" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--b0de41c7-ec23-491d-a31f-3dce62abf9af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Trojan:JS/Chopper" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--a09f91d6-2103-422c-bf5b-6451f4a1acdc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Trojan:Win32/Chopper" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--1315cf20-b279-490f-aded-5ae5c53ba9d3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Behavior:Win32/WebShellTerminal" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--368c532e-2cfb-4946-b88f-8c0fea358d20", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Trojan:PowerShell/LemonDuck" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--7a16683b-3e4a-49dc-941f-13299d77d90a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:53:22.000Z", "modified": "2021-03-26T10:53:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Trojan:Win32/LemonDuck" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c96a5a0f-a2d4-4072-8eb2-e85fdf0632fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T10:50:13.000Z", "modified": "2021-03-26T10:50:13.000Z", "labels": [ "misp:name=\"report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "link", "value": "https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/", "category": "External analysis", "uuid": "a0b6693c-59ff-4826-bb18-bf10284c3ac8" }, { "type": "text", "object_relation": "summary", "value": "The first known attacks leveraging the Exchange Server vulnerabilities were by the nation-state actor HAFNIUM, which we detailed in this blog. In the three weeks after the Exchange server vulnerabilities were disclosed and the security updates were released, Microsoft saw numerous other attackers adopting the exploit into their toolkits. Attackers are known to rapidly work to reverse engineer patches and develop exploits. In the case of a remote code execution (RCE) vulnerability, the rewards are high for attackers who can gain access before an organization patches, as patching a system does not necessarily remove the access of the attacker.", "category": "Other", "uuid": "9d33109c-e0e3-480d-9e5d-451d5200837b" } ], "x_misp_meta_category": "misc", "x_misp_name": "report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "pattern": "[file:hashes.MD5 = '1e746f685711c3595bee0585c12f0527' AND file:hashes.SHA1 = '16154da1fa113cd1db105900fcc07b427002ffc3' AND file:hashes.SHA256 = '737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-23T04:27:01+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "2c14bc86-d2e7-421f-97fd-0111b11444ca" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4/detection/f-737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4-1616473621", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "16ade091-6021-4ba4-8743-5cb033d138d2" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/60", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "4be959d2-a3b2-423d-8071-9e27a3c5051c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a195cd72-0b3b-4c16-a185-1dbba192b089", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "pattern": "[file:hashes.MD5 = 'c6eeb14485d93f4e30fb79f3a57518fc' AND file:hashes.SHA1 = 'b7d99521348d319f57d2b2ba7045295fc99cf6a7' AND file:hashes.SHA256 = 'feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-22T07:29:43+00:00", "category": "Other", "comment": "DoejoCrypt associated hashes", "uuid": "869695b6-6123-41ec-b764-34b73b34cd86" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede/detection/f-feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede-1616398183", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "fe0b5dbb-63a9-42e7-9492-c8c45a3a86fd" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/69", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "f3726946-77f5-4753-a2cf-839b5a52ff81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e5710ce-d800-4726-b66b-0a2f6568a769", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "pattern": "[file:hashes.MD5 = '0e55ead3b8fd305d9a54f78c7b56741a' AND file:hashes.SHA1 = 'f7b084e581a8dcea450c2652f8058d93797413c3' AND file:hashes.SHA256 = '2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-25T17:09:24+00:00", "category": "Other", "comment": "DoejoCrypt associated hashes", "uuid": "e07381f9-9bee-4e66-894f-f2bbc781f4e8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff/detection/f-2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff-1616692164", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "12e6d6a8-5382-49d6-a882-1c49a4fef03d" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/69", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "3c8c05fb-53d5-4c0b-b55c-15c4b5e6867f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--98476378-a729-4dc9-8381-460968f44e41", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "pattern": "[file:hashes.MD5 = 'b2511bc215734adbdc43af963bdedb2c' AND file:hashes.SHA1 = 'b50cea98ed2a0704d076eaa4b6f1f2195ee86f5d' AND file:hashes.SHA256 = 'a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-18T08:41:32+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "d22cd8fe-d76c-48a3-9887-b9d52c902884" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85/detection/f-a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85-1613637692", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "c4d928fd-0a39-4333-a5c1-c949bed6ea2a" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/60", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "d065c60f-6b99-488a-82c9-5283e1929633" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16eab987-8119-482e-81ca-637d7ab2027a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "pattern": "[file:hashes.MD5 = 'a7e571312e05d547936aab18f0b30fbf' AND file:hashes.SHA1 = 'e0d643e759b2adf736b451aff9afa92811ab8a99' AND file:hashes.SHA256 = '027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-22T04:07:46+00:00", "category": "Other", "comment": "DoejoCrypt associated hashes", "uuid": "6c62d0c4-7948-4777-b360-0e0ca1f00c15" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27/detection/f-027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27-1616386066", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "c37add88-56ce-4830-b5b2-6e4956834b7b" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "d37f4ba9-848b-4f9c-8aa7-a859dbddf418" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "pattern": "[file:hashes.MD5 = 'faa5f4def7e037324f5f87239ddead2d' AND file:hashes.SHA1 = '00eb93b35a629ecbefca468fa5614c159b3becb9' AND file:hashes.SHA256 = '910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-26T06:32:11+00:00", "category": "Other", "comment": "Pydomer associated hashes", "uuid": "779a7676-e85a-4eb5-b611-cf5015c61f2d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db/detection/f-910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db-1616740331", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "950b8e9d-341b-4f62-a28a-8f494f11e2e9" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/71", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "1281a4ee-9000-485e-849a-eccb2e395abf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "pattern": "[file:hashes.MD5 = 'c914cd653e0e3dedc050e182b04d0877' AND file:hashes.SHA1 = 'dcb9118569388375b855e965a587440f069e68c9' AND file:hashes.SHA256 = 'dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-23T04:27:02+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "ca8b61d9-7a2a-4f5e-ae87-83791af7778d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd/detection/f-dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd-1616473622", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "079d2673-59d0-4e8f-8fd8-a4551bf99f39" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/60", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "c9c9fe50-c187-4197-8af0-2caa64bf3880" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "pattern": "[file:hashes.MD5 = 'e294d6f427c64f77b5b61bb7b17dd12c' AND file:hashes.SHA1 = 'ccdae3ada854cc441106ec52c12823439bab6cba' AND file:hashes.SHA256 = '9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-09T04:36:07+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "fd566086-2351-4fcb-bb21-66e09063e930" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719/detection/f-9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719-1615264567", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "3038f774-92f5-4d00-8ce4-d0052950c231" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/60", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "7238d3f9-a1aa-4050-916a-faef0506f0c7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:35.000Z", "modified": "2021-03-26T11:04:35.000Z", "pattern": "[file:hashes.MD5 = '7778e6a03a9bee17640353d3a11bb0b7' AND file:hashes.SHA1 = '119e1bca56f4d920ef6e2aa54c6f34534aba1182' AND file:hashes.SHA256 = '69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-15T04:27:09+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "ffde5223-08ca-47d2-85f6-90f96f98f06d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e/detection/f-69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e-1615782429", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "97356146-dfa8-4890-873a-55fa6db1a654" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/58", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "4d39fabd-788a-412c-ad6b-cdbe0c6a5e8b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "pattern": "[file:hashes.MD5 = '9f05994819a3d8c1a3769352c7c39d1d' AND file:hashes.SHA1 = 'eb2457196e04dfdd54f70bd32ed02ae854d45bc0' AND file:hashes.SHA256 = '10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-17T12:54:53+00:00", "category": "Other", "comment": "DoejoCrypt associated hashes", "uuid": "4fcee4c5-8cc1-46bb-a02a-8aa51d1d80fa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da/detection/f-10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da-1615985693", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "e04b13ea-7938-4f04-a85b-33cb3b46d734" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "d60fa16f-0465-4515-8225-9dfded930054" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "pattern": "[file:hashes.MD5 = '96c2f4acef5807b54ded4e0dae6ed79d' AND file:hashes.SHA1 = '3e93999954ce080a4dc2875638745a92c539bd50' AND file:hashes.SHA256 = 'c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-26T10:43:42+00:00", "category": "Other", "comment": "Pydomer associated hashes", "uuid": "bf40e2d4-3f17-4de7-ba22-f2b175920607" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908/detection/f-c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908-1616755422", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "05e6b33a-5599-4596-a3e3-0ba912d7e913" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "45af6b9a-9266-4a2d-bcd7-2482ed300deb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "pattern": "[file:hashes.MD5 = 'fe15fc6341baad2a111462854f96a2bc' AND file:hashes.SHA1 = '90cd4f920d48c05fd3cad8275223f596c6388cbd' AND file:hashes.SHA256 = 'a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-18T12:35:49+00:00", "category": "Other", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "3e9b9f18-cf79-4cba-bf36-dd3aca92a364" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a/detection/f-a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a-1616070949", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "ce113efe-ce5c-4923-96f1-4af810a2ee65" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/59", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "ef51397f-7aea-4f59-ba77-0ad6496a261a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "pattern": "[file:hashes.MD5 = 'aef2ae9b36989bab8818696de5ccd5e7' AND file:hashes.SHA1 = 'f985022d7705d1ec575a1eef4ee32506d8b82871' AND file:hashes.SHA256 = '201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-26T03:50:32+00:00", "category": "Other", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "12757096-d165-4389-af0f-6d799d73e476" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41/detection/f-201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41-1616730632", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "51934ad8-7c30-46c7-97a0-81f699bb9b23" }, { "type": "text", "object_relation": "detection-ratio", "value": "21/58", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "13724e64-8624-4872-a693-ca8ecd923611" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "pattern": "[file:hashes.MD5 = 'a5f6b6e95ef8a26081259813ca18e17b' AND file:hashes.SHA1 = '242bc043057bb12e27a9fe4db20d6bdb953cbc11' AND file:hashes.SHA256 = '866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-25T06:49:59+00:00", "category": "Other", "comment": "Pydomer associated hashes", "uuid": "e9085519-41c1-4fa7-8276-2e2cbb45ca85" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc/detection/f-866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc-1616654999", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "117b374e-1ab8-43b8-ade5-3bf3c701b3b1" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/70", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "4266730a-eb89-4cad-9fa8-c5848d9bc3b9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "pattern": "[file:hashes.MD5 = 'aa2efe290df3c38c26c70b1f40f69812' AND file:hashes.SHA1 = 'f6013bcaaa4f2df7c05ed2777bf845e844666297' AND file:hashes.SHA256 = 'a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-25T09:30:16+00:00", "category": "Other", "comment": "Pydomer associated hashes", "uuid": "10c72310-3b26-4d22-9637-4f083d7abcbd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287/detection/f-a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287-1616664616", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "33363245-a8b5-454e-a858-568492e1a9be" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/69", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "9588211c-a3d0-4083-967b-115f56cd2415" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "pattern": "[file:hashes.MD5 = 'aaed26520f0d31b13e8adf80a4e9effd' AND file:hashes.SHA1 = '2c5a683e8119345faf98fb0bb5f31a8cbfe0537e' AND file:hashes.SHA256 = '56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-03T14:02:35+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "3691a68a-97e7-40d1-96d5-279bdbb823fe" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c/detection/f-56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c-1607004155", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "db2973a4-4243-4bfb-a292-dc59b7d221a6" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/59", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "ee1570f1-abde-4958-ade7-c8937a7d2524" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "pattern": "[file:hashes.MD5 = 'efcab2b28307300ee2c918b41f32cf91' AND file:hashes.SHA1 = 'bba0ad4f924e240f60e9a4a57e0d63c948023a6d' AND file:hashes.SHA256 = '9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-06T08:14:53+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "50c88681-8d74-4a69-b928-5795c7d17555" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd/detection/f-9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd-1607242493", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "69adb5ac-d9c3-448e-b037-855ef18f6276" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/60", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "442afd97-0df6-4e62-9930-0590d97ff0a3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b361066-2b82-4c80-b4ae-690998433d3c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "pattern": "[file:hashes.MD5 = 'db49b6f1f379122685be9553c5cc0f37' AND file:hashes.SHA1 = '45788a5c0c0d97d9bed9c0e6115eca1edbad8ba6' AND file:hashes.SHA256 = 'd8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-01-07T03:05:17+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "3de97867-9c81-4932-bf7a-a014dd32cb61" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09/detection/f-d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09-1609988717", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "6cee7b26-43d0-4d2c-b152-8cba5b80813a" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/61", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "463b5e6d-e62f-45eb-a630-83e80c2e3c51" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "pattern": "[file:hashes.MD5 = 'b4b1c0f3183e3c3982f66d31690facaf' AND file:hashes.SHA1 = '0e0d4c62550e0cd384e29699e708ea23faa45306' AND file:hashes.SHA256 = 'fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:36.000Z", "modified": "2021-03-26T11:04:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-15T04:27:09+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "7127659c-1f05-4542-9463-c60b3caa7361" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0/detection/f-fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0-1615782429", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "4fcd49cf-96d4-49de-b561-ba64e807bd8d" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/59", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "fa4661b2-e1d8-4463-ba67-240b1caec5b5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--606c37d3-7072-49e9-ba9a-f091642c58b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "pattern": "[file:hashes.MD5 = '4271c75235072f7ee56f4ce16bd4d853' AND file:hashes.SHA1 = 'd184b29929d7f1aafba350d2782ec9dd87d1237d' AND file:hashes.SHA256 = 'bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-23T17:43:54+00:00", "category": "Other", "comment": "DoejoCrypt associated hashes", "uuid": "c311092c-9fd7-4b98-9331-5b30137dfefe" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748/detection/f-bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748-1616521434", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "e2500eff-8ca7-43e8-8204-7fe8ac52b6a1" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/63", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "fe2dafe7-37c1-47ae-8f67-04193fd9e19c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--833d3f3f-8273-4951-b714-6706bc1347d0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "pattern": "[file:hashes.MD5 = '6be28a4523984698e7154671f73361bf' AND file:hashes.SHA1 = 'b974375ef0f6dcb6ce30558df2ed8570bf1ad642' AND file:hashes.SHA256 = 'fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-25T17:11:43+00:00", "category": "Other", "comment": "DoejoCrypt associated hashes", "uuid": "a3e60ca7-e125-48d8-8980-e78a84afffc6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65/detection/f-fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65-1616692303", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "6e9e247d-ebe2-4145-a351-ab4d0d4700ff" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/69", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "d97605b6-c63f-49f0-8adf-68ec73a1f598" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "pattern": "[file:hashes.MD5 = '5544ba9ad1b56101b5d52b5270421d4a' AND file:hashes.SHA1 = 'fc6f5ce56166d9b4516ba207f3a653b722e1a8df' AND file:hashes.SHA256 = '511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-25T17:44:24+00:00", "category": "Other", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "8b7429ee-e68e-4bdf-8f49-639d1eb15d28" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1/detection/f-511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1-1616694264", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "0626fc1d-da91-4406-9f0d-e47bb57f4380" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/58", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "a92b2542-caa5-45b9-b6a9-bb2ee1daf6e7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "pattern": "[file:hashes.MD5 = '4b3039cf227c611c45d2242d1228a121' AND file:hashes.SHA1 = '0ba9a76f55aaa495670d74d21850d0155ff5d6a5' AND file:hashes.SHA256 = 'b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-25T09:08:41+00:00", "category": "Other", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "0c197ea2-c1df-4351-a387-bd4be90f2662" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0/detection/f-b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0-1616663321", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "182062ff-0869-47fb-ab25-9a1ab1e4757a" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/59", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "b8a7520c-49cf-4bea-a8ed-d8418350286d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "pattern": "[file:hashes.MD5 = 'f8b604ca7aa304a479f2461d1b74e795' AND file:hashes.SHA1 = '0539c6df68e9ef15cbfa1f07daca8fd759fef874' AND file:hashes.SHA256 = 'b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-25T09:28:40+00:00", "category": "Other", "comment": "Pydomer associated hashes", "uuid": "3415562e-3531-4526-ab5a-18e148b88458" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f/detection/f-b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f-1616664520", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "be3f7eea-6ce4-4649-a2cf-04a4e6dc38cf" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/68", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "a472f375-7e35-41c7-a008-50bf3c58b73b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "pattern": "[file:hashes.MD5 = '20e8e55625f68ed42a793d76d359a858' AND file:hashes.SHA1 = '7b7a1653030fd3ad4464b7f09d9ac401a5f691c9' AND file:hashes.SHA256 = 'c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-25T07:25:00+00:00", "category": "Other", "comment": "Pydomer associated hashes", "uuid": "5fe7cddd-dc1e-49bd-b2a6-7863f6e2b18c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a/detection/f-c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a-1616657100", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "f0850dc7-1cfe-46ae-9180-7b25675af3cb" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/70", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "6c4d92c4-d849-4e24-849c-59d7ff0c9958" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "pattern": "[file:hashes.MD5 = '36d1edc364161e1446e015a8feec84c8' AND file:hashes.SHA1 = '995d12119b2ef37bcbbe097d0e520853ef1eb599' AND file:hashes.SHA256 = '3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-23T04:30:17+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "87f05b33-46ac-40a5-92ee-1b1de0a3bea9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec/detection/f-3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec-1616473817", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "24684a9d-9f35-4c32-b640-31095c647fbf" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/60", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "ca52efdb-5859-45cf-bc11-070769185f0c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "pattern": "[file:hashes.MD5 = '8ccd905c0bbf09e76d19ea5de1455cb3' AND file:hashes.SHA1 = '9129fa215f3a35daa0179681c4c0177c5ff731ce' AND file:hashes.SHA256 = '7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-25T12:22:04+00:00", "category": "Other", "comment": "Pydomer associated hashes", "uuid": "969ff01a-1fce-44e1-bcc1-9606b11364ef" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382/detection/f-7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382-1616674924", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "afea2cd9-f8e1-407b-8673-320db908bf88" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/68", "category": "Payload delivery", "comment": "Pydomer associated hashes", "uuid": "1e6bf9ec-f1e3-48d0-bc25-33ac307ed723" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "pattern": "[file:hashes.MD5 = 'f2e22df5e284587dc36f8041129af391' AND file:hashes.SHA1 = '6c9ec01e105f92727d6acee24a0db0f3ee54b02c' AND file:hashes.SHA256 = 'dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:37.000Z", "modified": "2021-03-26T11:04:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-18T14:34:53+00:00", "category": "Other", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "501b4cb9-9c77-42cf-bc67-a853dd21d69c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d/detection/f-dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d-1616078093", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "e50b4719-fbbe-4a2a-bf98-bede02cd0947" }, { "type": "text", "object_relation": "detection-ratio", "value": "8/56", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "b5eabe27-cb81-4090-ae50-2548281d3124" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "pattern": "[file:hashes.MD5 = '321df9000c3de177ad6b5544c621c73c' AND file:hashes.SHA1 = 'e273fdfe22553b5ab45c4775e66ae685ad9d9421' AND file:hashes.SHA256 = 'f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-23T04:33:43+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "5a7f6b6e-5620-42bc-8093-23ae31786bb5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f/detection/f-f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f-1616474023", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "337fcab4-164c-4aa3-b464-50c420934d87" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/60", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "eebcb1d2-65a5-460c-be66-42b15829d872" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "pattern": "[file:hashes.MD5 = '8a047f4917d75bb0bb6659e41569a9b7' AND file:hashes.SHA1 = '388ac00a76db82a0ac2434d1b4fb7420bab1a403' AND file:hashes.SHA256 = 'f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-01-13T04:56:42+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "7796fe41-cc68-488c-866a-72803ef21625" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501/detection/f-f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501-1610513802", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "29441525-7fa9-4f94-90b5-65ec62e47f84" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/60", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "8691f11a-d438-464a-a9c5-c28d06e4cc91" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0737e5f5-f011-41ba-aa2d-17120ee75143", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "pattern": "[file:hashes.MD5 = '4ef04cba6bec2c3a164b9b755efbeb1c' AND file:hashes.SHA1 = '49644cbbb9d234bd4f7a47ed596c8bbfefd39065' AND file:hashes.SHA256 = '8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-23T11:33:56+00:00", "category": "Other", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "02d6ff72-f9d1-4dda-b6b2-22b21f911cf1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc/detection/f-8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc-1616499236", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "33a391d1-534c-43d3-8b89-440a8966be9c" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/59", "category": "Payload delivery", "comment": "file hashes for some of the web shells observed during attacks", "uuid": "b412fd3b-24c9-407c-8550-b7a8c4ab8e66" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "pattern": "[file:hashes.MD5 = '9e1545e5fe21f6d11c7151b7625b4dc2' AND file:hashes.SHA1 = 'b5c4b59a8073730e4001154f104c6e58fa0d69da' AND file:hashes.SHA256 = 'db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-01-15T23:37:13+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "1cedb96f-3b85-4286-abb6-bc4bd0135f90" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd/detection/f-db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd-1610753833", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "d5654fb2-f319-4492-b673-b2a46bf4e397" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/60", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "0b9df251-54d1-4c39-81c0-d1ae7dfc74b6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bcb634ef-c629-450c-a194-3197dcac08bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "pattern": "[file:hashes.MD5 = '3a9ff0529a0d9f0ddb3567d5e1faf1a0' AND file:hashes.SHA1 = '113ea510f7bda4da632e44f53743a158eae9d4f5' AND file:hashes.SHA256 = '893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-15T04:23:56+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "cc1a7dae-41f5-44c2-8276-80e1ae5c6a55" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e/detection/f-893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e-1615782236", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "06399175-7fa7-4c9e-80e9-659eda1fdeb0" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/58", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "c0d6686a-49c6-41f8-b9c6-b8682d1d7820" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "pattern": "[file:hashes.MD5 = 'cdda3913408c4c46a6c575421485fa5b' AND file:hashes.SHA1 = '56eec7392297e7301159094d7e461a696fe5b90f' AND file:hashes.SHA256 = 'e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-25T17:09:58+00:00", "category": "Other", "comment": "DoejoCrypt associated hashes", "uuid": "31a7ec95-06dd-45f2-b5c5-f697e268ff8d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6/detection/f-e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6-1616692198", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "70e4338c-3c35-46e4-89d0-31adb709c954" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/69", "category": "Payload delivery", "comment": "DoejoCrypt associated hashes", "uuid": "622b1cbc-1cfa-45e4-876b-54850e42821c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "pattern": "[file:hashes.MD5 = '0fa1e6af698aa1bac8a404bc39073165' AND file:hashes.SHA1 = '183d1c960d56b6b2c8d0e7a8d1133b2c1a68ab4f' AND file:hashes.SHA256 = '4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-03-17T06:38:46+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "77367d54-61d6-4838-8653-c88b6742386d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9/detection/f-4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9-1615963126", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "018861d0-77ec-4363-a736-166eb6cbfd14" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/60", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "66b6fa85-808c-4517-b5a2-0eebea469065" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:38.000Z", "modified": "2021-03-26T11:04:38.000Z", "pattern": "[file:hashes.MD5 = 'a54b9ccaaf2f66bc9492e2c574fe9be4' AND file:hashes.SHA1 = '60ef117443b1c8a07fd83ed9c44912a24b07539e' AND file:hashes.SHA256 = '0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-03-26T11:04:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-04T10:59:17+00:00", "category": "Other", "comment": "Lemon Duck associated hashes", "uuid": "e3e47dbc-e35d-4bb4-865a-da00c5ce450b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc/detection/f-0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc-1607079557", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "df30a638-4dc5-4215-ae5c-bca49563c24f" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/59", "category": "Payload delivery", "comment": "Lemon Duck associated hashes", "uuid": "edd55caf-4550-435b-b94f-3b3c858ade5d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:57:05.000Z", "modified": "2021-03-26T11:57:05.000Z", "labels": [ "misp:name=\"passive-dns\"", "misp:meta-category=\"network\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "rdata", "value": "down.eatuo.com.", "category": "Other", "comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com", "uuid": "0bddeafa-7a6c-400d-9d17-c7aa61e801e8" }, { "type": "counter", "object_relation": "count", "value": "6928", "category": "Other", "comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com", "uuid": "d3a9ba89-5715-47c2-aaf3-112bd25dfdea" }, { "type": "text", "object_relation": "rrname", "value": "down.sqlnetcat.com.", "category": "Network activity", "comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com", "uuid": "b9a5a870-8263-458d-a835-e59abaf32391" }, { "type": "text", "object_relation": "rrtype", "value": "CNAME", "category": "Network activity", "comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com", "uuid": "743087e5-0cea-4a21-9235-1ddca94dcd29" }, { "type": "text", "object_relation": "bailiwick", "value": "sqlnetcat.com.", "category": "Other", "comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com", "uuid": "f04a1396-21bb-4c5d-8d34-ad6dd4238355" } ], "x_misp_comment": "down.sqlnetcat.com: enriched via the farsight_passivedns module.", "x_misp_meta_category": "network", "x_misp_name": "passive-dns" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:57:11.000Z", "modified": "2021-03-26T11:57:11.000Z", "labels": [ "misp:name=\"passive-dns\"", "misp:meta-category=\"network\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "rdata", "value": "cvc.7766.org.", "category": "Other", "comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com", "uuid": "2571e00a-31e2-44ab-bbf1-fb729c1bd1d9" }, { "type": "counter", "object_relation": "count", "value": "5851", "category": "Other", "comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com", "uuid": "459889b7-6a66-4e7f-81f8-b61a79b90bb9" }, { "type": "text", "object_relation": "rrname", "value": "t.sqlnetcat.com.", "category": "Network activity", "comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com", "uuid": "4eaea8f2-4d8d-466b-83ac-129b7bde1e93" }, { "type": "text", "object_relation": "rrtype", "value": "CNAME", "category": "Network activity", "comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com", "uuid": "88047db8-d719-43a1-ab87-1f975c0d78ec" }, { "type": "text", "object_relation": "bailiwick", "value": "sqlnetcat.com.", "category": "Other", "comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com", "uuid": "2b366322-44f6-456e-8e5c-b74974416de2" } ], "x_misp_comment": "t.sqlnetcat.com: enriched via the farsight_passivedns module.", "x_misp_meta_category": "network", "x_misp_name": "passive-dns" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-03-26T11:57:13.000Z", "modified": "2021-03-26T11:57:13.000Z", "labels": [ "misp:name=\"passive-dns\"", "misp:meta-category=\"network\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "rdata", "value": "cvc.7766.org.", "category": "Other", "comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com", "uuid": "ca77ccb5-20fe-4fd7-9fe3-af3a7808a75e" }, { "type": "counter", "object_relation": "count", "value": "8442", "category": "Other", "comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com", "uuid": "73584055-6503-49ff-b62b-4d9fb61c4bfa" }, { "type": "text", "object_relation": "rrname", "value": "t.netcatkit.com.", "category": "Network activity", "comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com", "uuid": "0c57824d-8a0a-4bb7-b2bc-baccdb26f000" }, { "type": "text", "object_relation": "rrtype", "value": "CNAME", "category": "Network activity", "comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com", "uuid": "ce08cee5-ee8f-4c0e-aae6-1dfca662707b" }, { "type": "text", "object_relation": "bailiwick", "value": "netcatkit.com.", "category": "Other", "comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com", "uuid": "d2ec7460-18fc-49f2-b6f9-5be19664dcdd" } ], "x_misp_comment": "t.netcatkit.com: enriched via the farsight_passivedns module.", "x_misp_meta_category": "network", "x_misp_name": "passive-dns" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3915cf7c-79e9-4016-847f-7b5ee503aeea", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac", "target_ref": "x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--444df475-3338-45bb-9432-2aae2c275083", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a195cd72-0b3b-4c16-a185-1dbba192b089", "target_ref": "x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--216aec7d-fa81-4016-949e-82df8dfd9b67", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9e5710ce-d800-4726-b66b-0a2f6568a769", "target_ref": "x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--35d6f622-ea78-4c9b-ab8a-a9b9ca4adacc", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--98476378-a729-4dc9-8381-460968f44e41", "target_ref": "x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--099ca7a7-6692-43b3-bbb5-e414fc7b3c17", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--16eab987-8119-482e-81ca-637d7ab2027a", "target_ref": "x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2bcf658d-72c1-4027-9aeb-8edff6ad08c9", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a", "target_ref": "x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1eee086a-af21-4b46-ba90-7785fe140f7b", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90", "target_ref": "x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8b86f3d7-3116-4bdc-b837-db0350599e36", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe", "target_ref": "x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec1f776a-4256-410e-8be9-a01bcbce0160", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5", "target_ref": "x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5c081a34-48cc-4d27-9532-54d4b2bdb75c", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881", "target_ref": "x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3132d6f9-926e-459f-afb2-7b3ef5593874", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016", "target_ref": "x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0452314e-1b03-4613-86fc-fd6783fd3924", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48", "target_ref": "x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b39debab-f40a-43d1-b10e-4608344b9926", "created": "2021-03-26T11:04:39.000Z", "modified": "2021-03-26T11:04:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427", "target_ref": "x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--80bf4aa4-9461-430f-85c3-4c9118e4db0f", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e", "target_ref": "x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--022292c1-c4c7-4a2c-97d0-f5b207d00f2a", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c", "target_ref": "x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--abf9d594-8c5d-400c-aa90-86d9e7ed981b", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7", "target_ref": "x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f5839b21-0dec-4e14-a596-7d3e09f1c379", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d", "target_ref": "x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e1d538a6-376d-47fb-884e-1e2dd50ba449", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5b361066-2b82-4c80-b4ae-690998433d3c", "target_ref": "x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--49176e2e-9496-4530-8e69-7823fdf10400", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67", "target_ref": "x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0b1da5ec-9dae-48b2-a9ca-622cef1181bd", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--606c37d3-7072-49e9-ba9a-f091642c58b6", "target_ref": "x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1f5540a0-2ff4-41ab-bf49-711d5c166c8b", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--833d3f3f-8273-4951-b714-6706bc1347d0", "target_ref": "x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--277af749-7647-40b4-a688-87247d69ade6", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e", "target_ref": "x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77275d9b-3d0e-4dbe-9262-26ec4b569b31", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de", "target_ref": "x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0a625a51-d949-45d3-b4e3-65ac3fea50f9", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3", "target_ref": "x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--242a6241-f623-46e9-abd1-5ac4b4af39e2", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8", "target_ref": "x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c354e42-e792-4723-89be-578d47797956", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04", "target_ref": "x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--287cb180-12b2-4399-91b1-14cee7aa380c", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230", "target_ref": "x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--39ce1443-9886-4960-b465-b5f330049f1f", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643", "target_ref": "x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--501be838-5668-4b33-b399-6a56a561e99f", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461", "target_ref": "x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--328182c8-a426-4432-ab78-eb40f3c9f7ff", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247", "target_ref": "x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e228f230-d975-490e-a2ed-123dbd15f505", "created": "2021-03-26T11:04:40.000Z", "modified": "2021-03-26T11:04:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0737e5f5-f011-41ba-aa2d-17120ee75143", "target_ref": "x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f45c76e-c2e6-4dc5-98a0-930cbfe3ce94", "created": "2021-03-26T11:04:41.000Z", "modified": "2021-03-26T11:04:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026", "target_ref": "x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--217ed8b4-c732-42bd-94dc-78503e05c77a", "created": "2021-03-26T11:04:41.000Z", "modified": "2021-03-26T11:04:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bcb634ef-c629-450c-a194-3197dcac08bf", "target_ref": "x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--57d2a13e-1f99-4467-affc-88844e566b97", "created": "2021-03-26T11:04:41.000Z", "modified": "2021-03-26T11:04:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6", "target_ref": "x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--58672eed-c737-48e1-9d17-a3ceeea4837e", "created": "2021-03-26T11:04:41.000Z", "modified": "2021-03-26T11:04:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd", "target_ref": "x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--596ddda5-5ad5-4221-828e-0206d32e8d23", "created": "2021-03-26T11:04:41.000Z", "modified": "2021-03-26T11:04:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5", "target_ref": "x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ea99fe51-f62c-4866-8df6-b6c27bf9a852", "created": "2021-03-26T11:57:10.000Z", "modified": "2021-03-26T11:57:10.000Z", "relationship_type": "related-to", "source_ref": "x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325", "target_ref": "indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--20ece06a-53ab-4ee4-8a7d-90fd73be284b", "created": "2021-03-26T11:57:11.000Z", "modified": "2021-03-26T11:57:11.000Z", "relationship_type": "related-to", "source_ref": "x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67", "target_ref": "indicator--0507d917-2bfd-418a-9c91-65edfe6df45f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8e46f5a8-1533-4a07-b6e5-49d7c047b2c8", "created": "2021-03-26T11:57:13.000Z", "modified": "2021-03-26T11:57:13.000Z", "relationship_type": "related-to", "source_ref": "x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95", "target_ref": "indicator--27883473-9495-4bdc-84e1-8898c13d1f52" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }