{ "type": "bundle", "id": "bundle--5cf900bc-28e0-4bed-93a9-5225950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:16:16.000Z", "modified": "2019-06-06T12:16:16.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5cf900bc-28e0-4bed-93a9-5225950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:16:16.000Z", "modified": "2019-06-06T12:16:16.000Z", "name": "OSINT - Gaining New Visibility into Financial Threats", "published": "2019-06-06T12:16:29Z", "object_refs": [ "indicator--5cf900e7-bcf4-4373-a0ea-7a17950d210f", "indicator--5cf900e8-2f1c-4894-a23c-7a17950d210f", "indicator--5cf900e8-6870-498d-84d9-7a17950d210f", "indicator--5cf900e8-e61c-44fb-ac10-7a17950d210f", "indicator--5cf900e8-1334-490c-a730-7a17950d210f", "indicator--5cf900e8-bbe4-4902-af9f-7a17950d210f", "indicator--5cf900e8-5b20-46d5-a4a2-7a17950d210f", "indicator--5cf900e8-ddbc-470a-947b-7a17950d210f", "indicator--5cf900e8-f670-48ab-bb14-7a17950d210f", "indicator--5cf9023b-6d44-4c14-bcef-c66a950d210f", "indicator--5cf9023b-81c0-4707-ba3c-c66a950d210f", "indicator--5cf9023b-0f88-4640-8a7a-c66a950d210f", "indicator--5cf9023b-9cfc-4ca1-b965-c66a950d210f", "indicator--5cf9023b-3068-452b-bf0c-c66a950d210f", "indicator--5cf9023c-9060-4187-820f-c66a950d210f", "indicator--5cf9023c-40f0-4df2-93c9-c66a950d210f", "indicator--5cf9023c-12c4-4c92-a77f-c66a950d210f", "indicator--5cf9023c-1f94-40f5-a8a6-c66a950d210f", "indicator--5cf9023c-3880-4332-8439-c66a950d210f", "indicator--5cf9023c-444c-4673-9cb4-c66a950d210f", "indicator--5cf9023c-f954-4501-a996-c66a950d210f", "indicator--5cf9023c-4834-4e22-bec8-c66a950d210f", "indicator--5cf9023c-7518-4541-bb00-c66a950d210f", "indicator--5cf9023c-4630-43f1-9026-c66a950d210f", "indicator--5cf9023c-f7b4-4686-9de1-c66a950d210f", "indicator--5cf9023c-3fa0-4002-b6c1-c66a950d210f", "indicator--5cf9023c-19bc-4207-81e4-c66a950d210f", "indicator--5cf9023c-12ec-48c3-8418-c66a950d210f", "indicator--5cf9023c-a274-460e-921b-c66a950d210f", "indicator--5cf9023c-5220-44d5-9984-c66a950d210f", "indicator--5cf9023c-b7c0-4260-987d-c66a950d210f", "indicator--5cf9023c-f174-48fa-a207-c66a950d210f", "observed-data--5cf90364-3014-4df3-b302-4a48950d210f", "url--5cf90364-3014-4df3-b302-4a48950d210f", "observed-data--5cf903a6-fe08-49aa-8375-77d4950d210f", "url--5cf903a6-fe08-49aa-8375-77d4950d210f", "indicator--ea848d2e-65da-4deb-af74-a9d0e3a0ebea", "x-misp-object--de47fb74-8512-47da-86f7-e8d0cc93cdc7", "indicator--57e3c16f-67f4-468d-9d9e-b2ee77fce921", "x-misp-object--3a75d429-6e69-4e61-a8f9-cb53975d839f", "indicator--2f8c8c8a-924b-4a0e-a78c-eae52f1ba8a7", "x-misp-object--a575205e-629c-4238-ae69-d22e6a64b163", "indicator--33492163-b362-476c-9869-f601ff4b0211", "x-misp-object--cd0334f3-67d3-4324-9b30-28951aabe6c6", "indicator--11184fc9-fcec-4ee2-8097-94d0024f38fc", "x-misp-object--7ae2d99e-26b2-4879-a4e2-caec2c6ac680", "indicator--b62a4ac4-4b20-4eb5-81d5-f9a3fee32519", "x-misp-object--20f86c50-ab0b-42c5-a22a-4a0b861dd753", "indicator--8c139391-532c-41a3-a222-634a8c601a87", "x-misp-object--b6acbebe-39e8-4a6a-8781-7a22d00272b0", "indicator--c7d41beb-3fba-4a5c-8f1b-1776eac57521", "x-misp-object--76cd75eb-9363-4a7a-8a23-568bb8cf2bb7", "indicator--2635adb7-eec5-421d-8084-7b415519ee42", "x-misp-object--d317b55c-3b25-4466-8fac-5ab9a70a2ef2", "indicator--c730930e-72e0-45e5-a3cb-e040521971a3", "x-misp-object--7bc4f11b-34a5-4929-9f93-75081f6a60b4", "indicator--654cf3c0-e403-415e-8dde-d210c2a32c68", "x-misp-object--80f85328-d4bb-4113-a164-a4e080ef8d80", "indicator--978cc9ef-f291-4f48-b98d-7d6ac96c6e00", "x-misp-object--1e23c045-091f-4acd-a090-9b8d21b602ec", "indicator--8b5a1799-619f-4570-9aa6-ac54205c81f4", "x-misp-object--dce4a646-5ab4-4c54-88ea-a2c5a6683155", "indicator--d92702b0-6916-4c5b-a9d7-e035ed8a604a", "x-misp-object--9660acc8-ba12-424d-8085-21d4eb1aae63", "indicator--a0bddce4-2ca6-457b-bce3-61b9599ce66c", "x-misp-object--76b07ec6-98ae-4501-a62f-d2e22a7d9152", "indicator--4954412e-840b-4d4f-8489-6cb21726714b", "x-misp-object--161cae50-743b-45ad-a792-d2570dc1e75f", "indicator--7e91b7fe-21de-467e-8896-aec026eb81b6", "x-misp-object--4fe9f431-3164-4395-9430-6836d9203a7a", "indicator--401965ce-213d-4b3c-8adc-827b3b088b7d", "x-misp-object--5a645eb9-b060-42a4-9edc-f0dcc184e949", "indicator--06a3f94e-a2d3-4af6-8942-eec7ad961249", "x-misp-object--be23a287-3e5a-4a11-9869-f4b80896c730", "relationship--70a619eb-1cfc-4c4e-bc2f-0cbdf8cb4656", "relationship--c05c42d1-7366-441b-bf85-faf65589a8fb", "relationship--c23af317-69ec-4c10-a9e5-39fa69224a77", "relationship--ad3f1a2a-f9f3-4494-ae62-6e58f0ede830", "relationship--2275db3d-9ec4-4403-a59a-27b25dd18d65", "relationship--aad47034-d072-496b-8204-a688c691bc9c", "relationship--97ade690-ba77-4430-bffb-c1a8822173f9", "relationship--eaacd2b2-cf9a-411b-a883-a5658eb79570", "relationship--46ffeab6-9747-4ec3-8810-fd2f00dd63c1", "relationship--1db97bef-aa98-461f-824a-5b6f5989e6e9", "relationship--3888bf66-e82f-4ffb-990e-00533f2df6cf", "relationship--80d9f096-2abc-44cb-8421-690357ec4a70", "relationship--cf146ef6-8a95-4bb4-a8a5-6a95dc788fb2", "relationship--43fc53c3-198b-49ce-b5fc-78b183a29e71", "relationship--3ab89874-f0c8-4197-ae09-2f62dbdd9ce7", "relationship--78b41e95-42d9-441e-99cf-442328780a0e", "relationship--32b02edf-36d1-4cf9-8900-bea5dfe35d31", "relationship--1b04c456-459e-4250-8fa6-a28157f43f72", "relationship--dda1e969-451a-4472-8b5b-bbd606e35bf4" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:threat-actor=\"Anunak\"", "circl:topic=\"finance\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf900e7-bcf4-4373-a0ea-7a17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:02:47.000Z", "modified": "2019-06-06T12:02:47.000Z", "pattern": "[url:value = 'swift-fraud.com/documents/94563784.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf900e8-2f1c-4894-a23c-7a17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:02:48.000Z", "modified": "2019-06-06T12:02:48.000Z", "pattern": "[url:value = 'cloud.yourdocument.biz/robots.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf900e8-6870-498d-84d9-7a17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:02:48.000Z", "modified": "2019-06-06T12:02:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.140.116.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf900e8-e61c-44fb-ac10-7a17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:02:48.000Z", "modified": "2019-06-06T12:02:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.206.145.227']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf900e8-1334-490c-a730-7a17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:02:48.000Z", "modified": "2019-06-06T12:02:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.56.162.8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf900e8-bbe4-4902-af9f-7a17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:02:48.000Z", "modified": "2019-06-06T12:02:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.156.35.118']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf900e8-5b20-46d5-a4a2-7a17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:02:48.000Z", "modified": "2019-06-06T12:02:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.243.115.28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf900e8-ddbc-470a-947b-7a17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:02:48.000Z", "modified": "2019-06-06T12:02:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.206.146.226']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf900e8-f670-48ab-bb14-7a17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:02:48.000Z", "modified": "2019-06-06T12:02:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.140.116.176']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023b-6d44-4c14-bcef-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:27.000Z", "modified": "2019-06-06T12:08:27.000Z", "description": "smrs.exe", "pattern": "[file:hashes.MD5 = 'd68351f754a508a386c06946c8e79088']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023b-81c0-4707-ba3c-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:27.000Z", "modified": "2019-06-06T12:08:27.000Z", "description": "smrs.exe", "pattern": "[file:hashes.MD5 = '341917d17440ee8a334b202eb0378108']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023b-0f88-4640-8a7a-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:27.000Z", "modified": "2019-06-06T12:08:27.000Z", "description": "java.exe", "pattern": "[file:hashes.MD5 = 'd90ecd6c825ce236838112898e1c4a2e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023b-9cfc-4ca1-b965-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:27.000Z", "modified": "2019-06-06T12:08:27.000Z", "description": "94563784.doc", "pattern": "[file:hashes.MD5 = 'd117c73e353193118a6383c30e42a95f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023b-3068-452b-bf0c-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:27.000Z", "modified": "2019-06-06T12:08:27.000Z", "description": "WRF{8F0C5F8E-18A3-48CE-A2F4-2F4DB1B14E94}.tmp", "pattern": "[file:hashes.MD5 = 'b8fc470b9665b33d2071034fdfd6629c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-9060-4187-820f-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "KbhpQIcahFCuZwq.sct", "pattern": "[file:hashes.MD5 = 'bb784d55895db10b67b1b4f1f5b0be16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-40f0-4df2-93c9-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "MGsCOxPSNK.txt", "pattern": "[file:hashes.MD5 = '4bee6ff39103ffe31118260f9b1c4884']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-12c4-4c92-a77f-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "cqHfjCkTtMwG.doc", "pattern": "[file:hashes.MD5 = 'c2a9443aac258a60d8cace43e839cf9f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-1f94-40f5-a8a6-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "tCrrDqBQoCcEkbnK.txt", "pattern": "[file:hashes.MD5 = '581c2a76b382deedb48d1df077e5bdf1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-3880-4332-8439-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "DLL dropper", "pattern": "[file:hashes.MD5 = 'f0645bd9367faf4e21a9c5e8c132bed7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-444c-4673-9cb4-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "DLL dropper", "pattern": "[file:hashes.MD5 = '34a58e62866e5c17db61ee5f95d52c58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-f954-4501-a996-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "DLL dropper", "pattern": "[file:hashes.MD5 = '38242fb29d7cb82a4ffd651189d9821e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-4834-4e22-bec8-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "DLL dropper", "pattern": "[file:hashes.MD5 = 'f0e52df398b938bf82d9e71ce754ab34']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-7518-4541-bb00-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "303F1428C3F", "pattern": "[file:hashes.MD5 = 'eb561d46c6283c632df88bd20ade6df4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-4630-43f1-9026-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "9D01CA.txt", "pattern": "[file:hashes.MD5 = 'bbaee5d936a3809f46fd409b8442f753']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-f7b4-4686-9de1-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "rad353F7.tmp", "pattern": "[file:hashes.MD5 = '63c98b8c34ee9261c0068c7f0435a9f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-3fa0-4002-b6c1-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "nusb1mon.exe", "pattern": "[file:hashes.MD5 = 'ddb9553c6e4e4908b5c7fbbdc4795d6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-19bc-4207-81e4-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "netscan.exe", "pattern": "[file:hashes.MD5 = '1e94f1fdf5ace5e57d8b7832ea2da22e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-12ec-48c3-8418-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "netscan.exe", "pattern": "[file:hashes.MD5 = 'e7aa5608c81ba4fcd8d166501b90fc06']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-a274-460e-921b-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "psexec.exe", "pattern": "[file:hashes.MD5 = '27304b246c7d5b4e149124d5f93c5b01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-5220-44d5-9984-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "psexec.exe", "pattern": "[file:hashes.MD5 = '75b55bb34dac9d02740b9ad6b6820360']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-b7c0-4260-987d-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "psexesvc.exe", "pattern": "[file:hashes.MD5 = 'a7f7a0f74c8b48f1699858b3b6c11eda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf9023c-f174-48fa-a207-c66a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:08:28.000Z", "modified": "2019-06-06T12:08:28.000Z", "description": "psexesvc.exe", "pattern": "[file:hashes.MD5 = '87dfac39f577e5f52f0724455e8832a8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5cf90364-3014-4df3-b302-4a48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:13:24.000Z", "modified": "2019-06-06T12:13:24.000Z", "first_observed": "2019-06-06T12:13:24Z", "last_observed": "2019-06-06T12:13:24Z", "number_observed": 1, "object_refs": [ "url--5cf90364-3014-4df3-b302-4a48950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5cf90364-3014-4df3-b302-4a48950d210f", "value": "https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5cf903a6-fe08-49aa-8375-77d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:14:30.000Z", "modified": "2019-06-06T12:14:30.000Z", "first_observed": "2019-06-06T12:14:30Z", "last_observed": "2019-06-06T12:14:30Z", "number_observed": 1, "object_refs": [ "url--5cf903a6-fe08-49aa-8375-77d4950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5cf903a6-fe08-49aa-8375-77d4950d210f", "value": "https://pastebin.com/FdNVb77d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ea848d2e-65da-4deb-af74-a9d0e3a0ebea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:09:59.000Z", "modified": "2019-06-06T12:09:59.000Z", "pattern": "[file:hashes.MD5 = '87dfac39f577e5f52f0724455e8832a8' AND file:hashes.SHA1 = '0c5a8a0c11b9fcad622b884d48c5f0f379e054ff' AND file:hashes.SHA256 = '6a6a9aa6ed43eb3f857392459c7b05a5a0df89e00a3214d333949a561bcff368']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:09:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--de47fb74-8512-47da-86f7-e8d0cc93cdc7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:09:59.000Z", "modified": "2019-06-06T12:09:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-06T00:05:45", "category": "Other", "comment": "psexesvc.exe", "uuid": "edb4fa20-2435-47a1-930f-681799b0e215" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6a6a9aa6ed43eb3f857392459c7b05a5a0df89e00a3214d333949a561bcff368/analysis/1559779545/", "category": "Payload delivery", "comment": "psexesvc.exe", "uuid": "a8857c21-1482-43b7-82a6-ddb1e08d56e1" }, { "type": "text", "object_relation": "detection-ratio", "value": "1/73", "category": "Payload delivery", "comment": "psexesvc.exe", "uuid": "359d9cd1-3274-43bf-8cb7-342610cdba6f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57e3c16f-67f4-468d-9d9e-b2ee77fce921", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:09:59.000Z", "modified": "2019-06-06T12:09:59.000Z", "pattern": "[file:hashes.MD5 = '63c98b8c34ee9261c0068c7f0435a9f9' AND file:hashes.SHA1 = 'c673cdac0a0edb70c7a649f9d7ef08ceaa16bd2d' AND file:hashes.SHA256 = '28dd81de1a5fa5ca2009abb0daa60e7ff3b9ffba4b8a397147d55b543bc20484']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:09:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3a75d429-6e69-4e61-a8f9-cb53975d839f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:00.000Z", "modified": "2019-06-06T12:10:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T16:39:16", "category": "Other", "comment": "rad353F7.tmp", "uuid": "a8cb3636-92dd-47cc-83d3-25182cdbd9c7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/28dd81de1a5fa5ca2009abb0daa60e7ff3b9ffba4b8a397147d55b543bc20484/analysis/1559752756/", "category": "Payload delivery", "comment": "rad353F7.tmp", "uuid": "010f4707-c282-4a50-b6fe-c198e6abe3b5" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/73", "category": "Payload delivery", "comment": "rad353F7.tmp", "uuid": "b223286d-7c10-4ef3-84cc-45af8741323a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f8c8c8a-924b-4a0e-a78c-eae52f1ba8a7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:00.000Z", "modified": "2019-06-06T12:10:00.000Z", "pattern": "[file:hashes.MD5 = '38242fb29d7cb82a4ffd651189d9821e' AND file:hashes.SHA1 = '7ae97baa869d7ed416b773cc72973255a50fa579' AND file:hashes.SHA256 = '0fef1863af0d7da7ddcfd3727f8fa08d66cd2d9ab4d5300dd3c57e908144edb6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a575205e-629c-4238-ae69-d22e6a64b163", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:00.000Z", "modified": "2019-06-06T12:10:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-06T09:50:59", "category": "Other", "comment": "DLL dropper", "uuid": "4732126c-2568-42c3-9064-1deb92dc6b18" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0fef1863af0d7da7ddcfd3727f8fa08d66cd2d9ab4d5300dd3c57e908144edb6/analysis/1559814659/", "category": "Payload delivery", "comment": "DLL dropper", "uuid": "ef6ddc96-9d46-404d-b6ba-78e8bc713108" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/68", "category": "Payload delivery", "comment": "DLL dropper", "uuid": "f0fb56ae-dd12-4b0e-8014-18c839783a45" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33492163-b362-476c-9869-f601ff4b0211", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:00.000Z", "modified": "2019-06-06T12:10:00.000Z", "pattern": "[file:hashes.MD5 = '34a58e62866e5c17db61ee5f95d52c58' AND file:hashes.SHA1 = '8c0c273d458a85f38dd35d868cc734119773edbe' AND file:hashes.SHA256 = '74af98fb016bf3adb51f49dff0a88c27bf4437e625a0c7557215a618a7b469a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cd0334f3-67d3-4324-9b30-28951aabe6c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:00.000Z", "modified": "2019-06-06T12:10:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-06T09:59:20", "category": "Other", "comment": "DLL dropper", "uuid": "a5f8849e-c2eb-48e8-9c38-248d2e440c76" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/74af98fb016bf3adb51f49dff0a88c27bf4437e625a0c7557215a618a7b469a1/analysis/1559815160/", "category": "Payload delivery", "comment": "DLL dropper", "uuid": "b58a6671-028a-40fc-9131-40f3cab08675" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/71", "category": "Payload delivery", "comment": "DLL dropper", "uuid": "1ff8f77d-f171-49dc-9428-b80758e28b65" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11184fc9-fcec-4ee2-8097-94d0024f38fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:00.000Z", "modified": "2019-06-06T12:10:00.000Z", "pattern": "[file:hashes.MD5 = 'bb784d55895db10b67b1b4f1f5b0be16' AND file:hashes.SHA1 = '3d29fac679c5ce41cacd4510b455dbcbfc33a95e' AND file:hashes.SHA256 = '340025fc4a857bad96a037c6acaaa4d61e03b0fd13f56b724cee46dfcf020bd4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7ae2d99e-26b2-4879-a4e2-caec2c6ac680", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:01.000Z", "modified": "2019-06-06T12:10:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T18:34:57", "category": "Other", "comment": "KbhpQIcahFCuZwq.sct", "uuid": "7e6cf628-7384-4e39-9e01-973a74927d29" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/340025fc4a857bad96a037c6acaaa4d61e03b0fd13f56b724cee46dfcf020bd4/analysis/1559759697/", "category": "Payload delivery", "comment": "KbhpQIcahFCuZwq.sct", "uuid": "db2ad86f-6749-4397-a9a0-2c6635bbe918" }, { "type": "text", "object_relation": "detection-ratio", "value": "21/56", "category": "Payload delivery", "comment": "KbhpQIcahFCuZwq.sct", "uuid": "d1214470-81bb-4d00-9d3b-4cf4f6a3644d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b62a4ac4-4b20-4eb5-81d5-f9a3fee32519", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:01.000Z", "modified": "2019-06-06T12:10:01.000Z", "pattern": "[file:hashes.MD5 = 'f0645bd9367faf4e21a9c5e8c132bed7' AND file:hashes.SHA1 = '8245fca43d35c309fa64532b03ec20a31014572f' AND file:hashes.SHA256 = 'cc2e9c6d8bce799829351bd25a64c9b332958038365195e054411b136be61a4f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--20f86c50-ab0b-42c5-a22a-4a0b861dd753", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:01.000Z", "modified": "2019-06-06T12:10:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T18:34:38", "category": "Other", "comment": "DLL dropper", "uuid": "cc6e41d6-0011-4337-9cd1-21936ff90bbf" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cc2e9c6d8bce799829351bd25a64c9b332958038365195e054411b136be61a4f/analysis/1559759678/", "category": "Payload delivery", "comment": "DLL dropper", "uuid": "f63df462-3a2d-4bf4-be13-d2960864cf7e" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/70", "category": "Payload delivery", "comment": "DLL dropper", "uuid": "11d7631b-1d40-42cb-979c-949d49db670d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c139391-532c-41a3-a222-634a8c601a87", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:01.000Z", "modified": "2019-06-06T12:10:01.000Z", "pattern": "[file:hashes.MD5 = '27304b246c7d5b4e149124d5f93c5b01' AND file:hashes.SHA1 = 'e50d9e3bd91908e13a26b3e23edeaf577fb3a095' AND file:hashes.SHA256 = '3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b6acbebe-39e8-4a6a-8781-7a22d00272b0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:01.000Z", "modified": "2019-06-06T12:10:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T23:56:48", "category": "Other", "comment": "psexec.exe", "uuid": "a54e618c-709f-4c4c-96f8-475a27c9ba36" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef/analysis/1559779008/", "category": "Payload delivery", "comment": "psexec.exe", "uuid": "181a1c58-4800-43e6-a903-009a1f96f197" }, { "type": "text", "object_relation": "detection-ratio", "value": "2/73", "category": "Payload delivery", "comment": "psexec.exe", "uuid": "9e26cdbd-8e6e-4a39-930d-987d58e8e85e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7d41beb-3fba-4a5c-8f1b-1776eac57521", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:01.000Z", "modified": "2019-06-06T12:10:01.000Z", "pattern": "[file:hashes.MD5 = '581c2a76b382deedb48d1df077e5bdf1' AND file:hashes.SHA1 = '8b7b20d1a81af09a42e7dd1b3e02f2fa8038413c' AND file:hashes.SHA256 = 'b6ab9705591e9066df9ce4ab79ff532eff4adff88d899522cddc814158f95663']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--76cd75eb-9363-4a7a-8a23-568bb8cf2bb7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:02.000Z", "modified": "2019-06-06T12:10:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T16:39:41", "category": "Other", "comment": "tCrrDqBQoCcEkbnK.txt", "uuid": "1bcfe86d-7072-4afe-a20f-9f9e11cb6d36" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b6ab9705591e9066df9ce4ab79ff532eff4adff88d899522cddc814158f95663/analysis/1559752781/", "category": "Payload delivery", "comment": "tCrrDqBQoCcEkbnK.txt", "uuid": "e1e7432c-c31a-405a-a881-ec4c7f7c92dd" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/59", "category": "Payload delivery", "comment": "tCrrDqBQoCcEkbnK.txt", "uuid": "c78bfbb2-cfc8-4c52-bfd1-b7a2c97b01ad" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2635adb7-eec5-421d-8084-7b415519ee42", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:02.000Z", "modified": "2019-06-06T12:10:02.000Z", "pattern": "[file:hashes.MD5 = 'f0e52df398b938bf82d9e71ce754ab34' AND file:hashes.SHA1 = 'b58b6e2049fbaae7eb0c7aa14564604813c9e06b' AND file:hashes.SHA256 = '69f7822cac20a27c4fe955c0864a9fe9b3798f54f39ac3ebdba12b0ab4a9cdbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d317b55c-3b25-4466-8fac-5ab9a70a2ef2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:02.000Z", "modified": "2019-06-06T12:10:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T16:39:26", "category": "Other", "comment": "DLL dropper", "uuid": "35f48480-2d3c-4845-9a0b-e4302f6dfd1c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/69f7822cac20a27c4fe955c0864a9fe9b3798f54f39ac3ebdba12b0ab4a9cdbd/analysis/1559752766/", "category": "Payload delivery", "comment": "DLL dropper", "uuid": "b8ddf93c-d397-4187-a061-f2317b8a4aa3" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/73", "category": "Payload delivery", "comment": "DLL dropper", "uuid": "787821f0-07d0-49da-a0be-c875035086ca" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c730930e-72e0-45e5-a3cb-e040521971a3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:02.000Z", "modified": "2019-06-06T12:10:02.000Z", "pattern": "[file:hashes.MD5 = '4bee6ff39103ffe31118260f9b1c4884' AND file:hashes.SHA1 = 'ae9ee7088142c9c13427f9cac6b604d04dea4db4' AND file:hashes.SHA256 = '127e185dc7308e6a7bfa9c91601c9dfc8b0b2ce410e4e6157992e995169c1699']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7bc4f11b-34a5-4929-9f93-75081f6a60b4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:02.000Z", "modified": "2019-06-06T12:10:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T16:39:11", "category": "Other", "comment": "MGsCOxPSNK.txt", "uuid": "24d4b68b-979f-40a2-8ae3-7fbab006b695" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/127e185dc7308e6a7bfa9c91601c9dfc8b0b2ce410e4e6157992e995169c1699/analysis/1559752751/", "category": "Payload delivery", "comment": "MGsCOxPSNK.txt", "uuid": "7eab0bbb-e934-4101-8725-255aeebcc24c" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/60", "category": "Payload delivery", "comment": "MGsCOxPSNK.txt", "uuid": "7a5f5574-3b98-4b2e-9453-13d93cfad79f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--654cf3c0-e403-415e-8dde-d210c2a32c68", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:03.000Z", "modified": "2019-06-06T12:10:03.000Z", "pattern": "[file:hashes.MD5 = '75b55bb34dac9d02740b9ad6b6820360' AND file:hashes.SHA1 = 'a17c21b909c56d93d978014e63fb06926eaea8e7' AND file:hashes.SHA256 = '141b2190f51397dbd0dfde0e3904b264c91b6f81febc823ff0c33da980b69944']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--80f85328-d4bb-4113-a164-a4e080ef8d80", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:03.000Z", "modified": "2019-06-06T12:10:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T18:30:17", "category": "Other", "comment": "psexec.exe", "uuid": "a6d55295-0037-48dd-8cdc-9618997f3d83" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/141b2190f51397dbd0dfde0e3904b264c91b6f81febc823ff0c33da980b69944/analysis/1559759417/", "category": "Payload delivery", "comment": "psexec.exe", "uuid": "8f93c372-fb61-4b5f-b72d-0bb26c38e3a2" }, { "type": "text", "object_relation": "detection-ratio", "value": "1/74", "category": "Payload delivery", "comment": "psexec.exe", "uuid": "9637d4d7-f3dd-43e2-b1e8-cc524e61425b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--978cc9ef-f291-4f48-b98d-7d6ac96c6e00", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:03.000Z", "modified": "2019-06-06T12:10:03.000Z", "pattern": "[file:hashes.MD5 = 'd117c73e353193118a6383c30e42a95f' AND file:hashes.SHA1 = 'fa191c27a162589ba54f0e7a30ffb23623f3872c' AND file:hashes.SHA256 = 'bebd4cd9aece49fbe6e7024e239638004358ff87d02f9bd4328993409da9e17c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1e23c045-091f-4acd-a090-9b8d21b602ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:03.000Z", "modified": "2019-06-06T12:10:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T10:41:17", "category": "Other", "comment": "94563784.doc", "uuid": "740acfa3-9fa9-48c9-8754-14166e8d67ed" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bebd4cd9aece49fbe6e7024e239638004358ff87d02f9bd4328993409da9e17c/analysis/1559731277/", "category": "Payload delivery", "comment": "94563784.doc", "uuid": "77c482d6-0a9c-4f2b-9294-1c3f91493103" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/59", "category": "Payload delivery", "comment": "94563784.doc", "uuid": "7e4241d3-c145-40c1-b7ca-0b512993b4e4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b5a1799-619f-4570-9aa6-ac54205c81f4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:03.000Z", "modified": "2019-06-06T12:10:03.000Z", "pattern": "[file:hashes.MD5 = 'eb561d46c6283c632df88bd20ade6df4' AND file:hashes.SHA1 = '1313dadf5e3a1dc414798dc746e32509766dcd70' AND file:hashes.SHA256 = '2169cc5e019acf1825025603651055481fb0dc82927a371016efc974634b784c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dce4a646-5ab4-4c54-88ea-a2c5a6683155", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:03.000Z", "modified": "2019-06-06T12:10:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-06T10:01:38", "category": "Other", "comment": "303F1428C3F", "uuid": "6d0b1b34-a70f-4b78-bca5-40357670d29a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2169cc5e019acf1825025603651055481fb0dc82927a371016efc974634b784c/analysis/1559815298/", "category": "Payload delivery", "comment": "303F1428C3F", "uuid": "54560188-5647-47cb-800a-54622b884041" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/59", "category": "Payload delivery", "comment": "303F1428C3F", "uuid": "a04712ac-3b5c-4576-ab6d-bfae097f9fc3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d92702b0-6916-4c5b-a9d7-e035ed8a604a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:04.000Z", "modified": "2019-06-06T12:10:04.000Z", "pattern": "[file:hashes.MD5 = 'a7f7a0f74c8b48f1699858b3b6c11eda' AND file:hashes.SHA1 = 'b5c62d79eda4f7e4b60a9caa5736a3fdc2f1b27e' AND file:hashes.SHA256 = '3b08535b4add194f5661e1131c8e81af373ca322cf669674cf1272095e5cab95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9660acc8-ba12-424d-8085-21d4eb1aae63", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:04.000Z", "modified": "2019-06-06T12:10:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-06T00:08:36", "category": "Other", "comment": "psexesvc.exe", "uuid": "4c862820-246b-42f4-be45-74f6e17253cd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3b08535b4add194f5661e1131c8e81af373ca322cf669674cf1272095e5cab95/analysis/1559779716/", "category": "Payload delivery", "comment": "psexesvc.exe", "uuid": "983fc4e8-8c61-4b03-b5de-c41a52edc523" }, { "type": "text", "object_relation": "detection-ratio", "value": "1/73", "category": "Payload delivery", "comment": "psexesvc.exe", "uuid": "975d0ecd-96f1-4945-a935-c9cbaf9487ec" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a0bddce4-2ca6-457b-bce3-61b9599ce66c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:04.000Z", "modified": "2019-06-06T12:10:04.000Z", "pattern": "[file:hashes.MD5 = '1e94f1fdf5ace5e57d8b7832ea2da22e' AND file:hashes.SHA1 = 'f03ca4748433d0e1067ae05fcd2e1abec5e0c5e0' AND file:hashes.SHA256 = '08ecf6450d83904a15674148b78b531b930b658a401cd193c0fa91f29cde5ca8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--76b07ec6-98ae-4501-a62f-d2e22a7d9152", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:04.000Z", "modified": "2019-06-06T12:10:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T16:39:07", "category": "Other", "comment": "netscan.exe", "uuid": "a9f7e2da-7733-4985-83a4-3e4b6119061e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/08ecf6450d83904a15674148b78b531b930b658a401cd193c0fa91f29cde5ca8/analysis/1559752747/", "category": "Payload delivery", "comment": "netscan.exe", "uuid": "577a9a9d-aa41-48a8-956b-4ff92654ceb7" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/73", "category": "Payload delivery", "comment": "netscan.exe", "uuid": "13c7acd4-b4da-4f21-b684-231919426afd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4954412e-840b-4d4f-8489-6cb21726714b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:04.000Z", "modified": "2019-06-06T12:10:04.000Z", "pattern": "[file:hashes.MD5 = 'd68351f754a508a386c06946c8e79088' AND file:hashes.SHA1 = 'dcb3231b004c2fbfc2a74c4c64b130210ca5103b' AND file:hashes.SHA256 = '6b47df30b5773c35e77204d7a8e49777aea489876d48de455fd533ae27da668b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--161cae50-743b-45ad-a792-d2570dc1e75f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:04.000Z", "modified": "2019-06-06T12:10:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T16:39:27", "category": "Other", "comment": "smrs.exe", "uuid": "761a3d84-fe38-4cd0-95e2-861dedb0b0b4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6b47df30b5773c35e77204d7a8e49777aea489876d48de455fd533ae27da668b/analysis/1559752767/", "category": "Payload delivery", "comment": "smrs.exe", "uuid": "14ee7223-8496-41eb-886f-c781abc2609e" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/74", "category": "Payload delivery", "comment": "smrs.exe", "uuid": "5e9898a2-d06d-47b5-b3b6-7033867044a2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e91b7fe-21de-467e-8896-aec026eb81b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:04.000Z", "modified": "2019-06-06T12:10:04.000Z", "pattern": "[file:hashes.MD5 = 'c2a9443aac258a60d8cace43e839cf9f' AND file:hashes.SHA1 = 'fa1340e1a9aea1fceb4b5c1b015029476c26b985' AND file:hashes.SHA256 = '1c56f98778fb741ef2a8f050070f2d8c33f05ce8e3f069ae131060c70c4e2e3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4fe9f431-3164-4395-9430-6836d9203a7a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:05.000Z", "modified": "2019-06-06T12:10:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-04T12:12:15", "category": "Other", "comment": "cqHfjCkTtMwG.doc", "uuid": "033b37c1-c433-462b-b3e1-9a6c4c558718" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1c56f98778fb741ef2a8f050070f2d8c33f05ce8e3f069ae131060c70c4e2e3d/analysis/1559650335/", "category": "Payload delivery", "comment": "cqHfjCkTtMwG.doc", "uuid": "df393102-f192-4bc5-b474-8b2882101f43" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/59", "category": "Payload delivery", "comment": "cqHfjCkTtMwG.doc", "uuid": "198ebd11-937c-49ab-bc7b-ddf56fa2ff89" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--401965ce-213d-4b3c-8adc-827b3b088b7d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:05.000Z", "modified": "2019-06-06T12:10:05.000Z", "pattern": "[file:hashes.MD5 = 'e7aa5608c81ba4fcd8d166501b90fc06' AND file:hashes.SHA1 = '5c714fda5b78726541301672a44eaf886728f88c' AND file:hashes.SHA256 = '5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5a645eb9-b060-42a4-9edc-f0dcc184e949", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:05.000Z", "modified": "2019-06-06T12:10:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T16:39:24", "category": "Other", "comment": "netscan.exe", "uuid": "5339b7e7-46f7-4c42-9ef6-db60704d36f8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992/analysis/1559752764/", "category": "Payload delivery", "comment": "netscan.exe", "uuid": "49a26e6b-b3b6-4676-9bb2-be3ada41ef7c" }, { "type": "text", "object_relation": "detection-ratio", "value": "1/74", "category": "Payload delivery", "comment": "netscan.exe", "uuid": "101ab576-3119-445d-9166-c808284d63c2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06a3f94e-a2d3-4af6-8942-eec7ad961249", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:05.000Z", "modified": "2019-06-06T12:10:05.000Z", "pattern": "[file:hashes.MD5 = 'bbaee5d936a3809f46fd409b8442f753' AND file:hashes.SHA1 = 'a59d5a1e78b2db7405cd2182aca80d4d932bc792' AND file:hashes.SHA256 = '41978d7c5a1bb909f1f0f4db0c927f98fb67b3dcf61907f0404418510e1eabff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T12:10:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--be23a287-3e5a-4a11-9869-f4b80896c730", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T12:10:05.000Z", "modified": "2019-06-06T12:10:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-05T18:36:14", "category": "Other", "comment": "9D01CA.txt", "uuid": "77ec3ffb-528d-44ad-a9d8-f2168c9fd9c6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/41978d7c5a1bb909f1f0f4db0c927f98fb67b3dcf61907f0404418510e1eabff/analysis/1559759774/", "category": "Payload delivery", "comment": "9D01CA.txt", "uuid": "c57d774a-98bc-4946-86ed-67b2a1b85334" }, { "type": "text", "object_relation": "detection-ratio", "value": "19/57", "category": "Payload delivery", "comment": "9D01CA.txt", "uuid": "d244f0ab-f2f0-4b6b-88fe-35a4c8dd7b80" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--70a619eb-1cfc-4c4e-bc2f-0cbdf8cb4656", "created": "2019-06-06T12:10:05.000Z", "modified": "2019-06-06T12:10:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ea848d2e-65da-4deb-af74-a9d0e3a0ebea", "target_ref": "x-misp-object--de47fb74-8512-47da-86f7-e8d0cc93cdc7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c05c42d1-7366-441b-bf85-faf65589a8fb", "created": "2019-06-06T12:10:05.000Z", "modified": "2019-06-06T12:10:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--57e3c16f-67f4-468d-9d9e-b2ee77fce921", "target_ref": "x-misp-object--3a75d429-6e69-4e61-a8f9-cb53975d839f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c23af317-69ec-4c10-a9e5-39fa69224a77", "created": "2019-06-06T12:10:05.000Z", "modified": "2019-06-06T12:10:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2f8c8c8a-924b-4a0e-a78c-eae52f1ba8a7", "target_ref": "x-misp-object--a575205e-629c-4238-ae69-d22e6a64b163" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ad3f1a2a-f9f3-4494-ae62-6e58f0ede830", "created": "2019-06-06T12:10:05.000Z", "modified": "2019-06-06T12:10:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--33492163-b362-476c-9869-f601ff4b0211", "target_ref": "x-misp-object--cd0334f3-67d3-4324-9b30-28951aabe6c6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2275db3d-9ec4-4403-a59a-27b25dd18d65", "created": "2019-06-06T12:10:06.000Z", "modified": "2019-06-06T12:10:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--11184fc9-fcec-4ee2-8097-94d0024f38fc", "target_ref": "x-misp-object--7ae2d99e-26b2-4879-a4e2-caec2c6ac680" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aad47034-d072-496b-8204-a688c691bc9c", "created": "2019-06-06T12:10:06.000Z", "modified": "2019-06-06T12:10:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b62a4ac4-4b20-4eb5-81d5-f9a3fee32519", "target_ref": "x-misp-object--20f86c50-ab0b-42c5-a22a-4a0b861dd753" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--97ade690-ba77-4430-bffb-c1a8822173f9", "created": "2019-06-06T12:10:06.000Z", "modified": "2019-06-06T12:10:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8c139391-532c-41a3-a222-634a8c601a87", "target_ref": "x-misp-object--b6acbebe-39e8-4a6a-8781-7a22d00272b0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eaacd2b2-cf9a-411b-a883-a5658eb79570", "created": "2019-06-06T12:10:06.000Z", "modified": "2019-06-06T12:10:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c7d41beb-3fba-4a5c-8f1b-1776eac57521", "target_ref": "x-misp-object--76cd75eb-9363-4a7a-8a23-568bb8cf2bb7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--46ffeab6-9747-4ec3-8810-fd2f00dd63c1", "created": "2019-06-06T12:10:06.000Z", "modified": "2019-06-06T12:10:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2635adb7-eec5-421d-8084-7b415519ee42", "target_ref": "x-misp-object--d317b55c-3b25-4466-8fac-5ab9a70a2ef2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1db97bef-aa98-461f-824a-5b6f5989e6e9", "created": "2019-06-06T12:10:06.000Z", "modified": "2019-06-06T12:10:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c730930e-72e0-45e5-a3cb-e040521971a3", "target_ref": "x-misp-object--7bc4f11b-34a5-4929-9f93-75081f6a60b4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3888bf66-e82f-4ffb-990e-00533f2df6cf", "created": "2019-06-06T12:10:06.000Z", "modified": "2019-06-06T12:10:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--654cf3c0-e403-415e-8dde-d210c2a32c68", "target_ref": "x-misp-object--80f85328-d4bb-4113-a164-a4e080ef8d80" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--80d9f096-2abc-44cb-8421-690357ec4a70", "created": "2019-06-06T12:10:06.000Z", "modified": "2019-06-06T12:10:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--978cc9ef-f291-4f48-b98d-7d6ac96c6e00", "target_ref": "x-misp-object--1e23c045-091f-4acd-a090-9b8d21b602ec" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cf146ef6-8a95-4bb4-a8a5-6a95dc788fb2", "created": "2019-06-06T12:10:06.000Z", "modified": "2019-06-06T12:10:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8b5a1799-619f-4570-9aa6-ac54205c81f4", "target_ref": "x-misp-object--dce4a646-5ab4-4c54-88ea-a2c5a6683155" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--43fc53c3-198b-49ce-b5fc-78b183a29e71", "created": "2019-06-06T12:10:06.000Z", "modified": "2019-06-06T12:10:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d92702b0-6916-4c5b-a9d7-e035ed8a604a", "target_ref": "x-misp-object--9660acc8-ba12-424d-8085-21d4eb1aae63" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3ab89874-f0c8-4197-ae09-2f62dbdd9ce7", "created": "2019-06-06T12:10:07.000Z", "modified": "2019-06-06T12:10:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a0bddce4-2ca6-457b-bce3-61b9599ce66c", "target_ref": "x-misp-object--76b07ec6-98ae-4501-a62f-d2e22a7d9152" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--78b41e95-42d9-441e-99cf-442328780a0e", "created": "2019-06-06T12:10:07.000Z", "modified": "2019-06-06T12:10:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4954412e-840b-4d4f-8489-6cb21726714b", "target_ref": "x-misp-object--161cae50-743b-45ad-a792-d2570dc1e75f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--32b02edf-36d1-4cf9-8900-bea5dfe35d31", "created": "2019-06-06T12:10:07.000Z", "modified": "2019-06-06T12:10:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7e91b7fe-21de-467e-8896-aec026eb81b6", "target_ref": "x-misp-object--4fe9f431-3164-4395-9430-6836d9203a7a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b04c456-459e-4250-8fa6-a28157f43f72", "created": "2019-06-06T12:10:07.000Z", "modified": "2019-06-06T12:10:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--401965ce-213d-4b3c-8adc-827b3b088b7d", "target_ref": "x-misp-object--5a645eb9-b060-42a4-9edc-f0dcc184e949" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dda1e969-451a-4472-8b5b-bbd606e35bf4", "created": "2019-06-06T12:10:07.000Z", "modified": "2019-06-06T12:10:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--06a3f94e-a2d3-4af6-8942-eec7ad961249", "target_ref": "x-misp-object--be23a287-3e5a-4a11-9869-f4b80896c730" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }