{ "type": "bundle", "id": "bundle--5cbd7391-72f0-4905-a438-428102de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T08:06:52.000Z", "modified": "2019-04-22T08:06:52.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5cbd7391-72f0-4905-a438-428102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T08:06:52.000Z", "modified": "2019-04-22T08:06:52.000Z", "name": "OSINT - Nueva campa\u00c3\u00b1a del grupo ruso TA505 dirigida a Chile y Argentina. #ServHelper", "published": "2019-04-22T08:09:31Z", "object_refs": [ "observed-data--5cbd73a2-b97c-4e99-b1fc-4a5402de0b81", "url--5cbd73a2-b97c-4e99-b1fc-4a5402de0b81", "indicator--5cbd73c0-69a8-4d14-baf1-499402de0b81", "indicator--5cbd73c0-3b2c-4cf8-92f1-4f7802de0b81", "indicator--5cbd73c0-b9b0-4164-bc9a-4bf802de0b81", "indicator--5cbd73c0-5134-4712-a2d6-480102de0b81", "indicator--5cbd73c0-454c-4592-95e6-46dc02de0b81", "indicator--5cbd73c0-1da8-4680-b28e-4e1002de0b81", "indicator--5cbd73c0-8a98-49b2-8a25-4ea202de0b81", "indicator--5cbd73c0-d208-4a04-b984-4c4602de0b81", "indicator--5cbd73c0-5028-425f-86c7-478e02de0b81", "indicator--5cbd73c0-00ac-41d6-9513-4d4102de0b81", "indicator--5cbd73dd-3aac-471f-bd19-4ab602de0b81", "indicator--5cbd73dd-ce0c-438a-942b-4ee902de0b81", "indicator--5cbd73dd-d580-4456-a5ca-475202de0b81", "indicator--5cbd73dd-6fb8-4055-9ba6-474602de0b81", "indicator--5cbd73dd-de54-442c-a322-4f7e02de0b81", "indicator--5cbd73dd-6fe8-4c75-b4a6-45e802de0b81", "indicator--5cbd73dd-1bd8-4bf5-b02c-4cb502de0b81", "indicator--5cbd73dd-af2c-4136-8e4d-409c02de0b81", "indicator--5cbd73dd-47f8-4911-b957-4e2602de0b81", "indicator--5cbd73dd-5c18-468d-ab34-498102de0b81", "indicator--5cbd73dd-6a5c-4822-8777-4a0a02de0b81", "indicator--5cbd73dd-bcfc-4824-a499-425302de0b81", "indicator--5cbd73dd-4390-4a98-9a65-492302de0b81", "indicator--5cbd73dd-fb5c-49ed-af22-41a602de0b81", "indicator--5cbd73de-e6dc-4dcd-83fd-456102de0b81", "indicator--5cbd73de-1ba8-426f-b998-48e002de0b81", "indicator--5cbd73de-7c74-450a-8290-494802de0b81", "indicator--5cbd73de-ce04-4fc5-9616-435302de0b81", "observed-data--5cbd7456-69a4-4301-97d6-446e02de0b81", "url--5cbd7456-69a4-4301-97d6-446e02de0b81", "observed-data--5cbd7456-1df0-46c1-88c0-49dd02de0b81", "url--5cbd7456-1df0-46c1-88c0-49dd02de0b81", "observed-data--5cbd7456-c4f4-4727-9bf2-468902de0b81", "url--5cbd7456-c4f4-4727-9bf2-468902de0b81", "observed-data--5cbd747a-c9dc-4ae2-9b67-4add02de0b81", "url--5cbd747a-c9dc-4ae2-9b67-4add02de0b81", "observed-data--5cbd747a-8040-41b7-b544-463102de0b81", "url--5cbd747a-8040-41b7-b544-463102de0b81", "observed-data--5cbd747a-ed34-4317-b5f9-429e02de0b81", "url--5cbd747a-ed34-4317-b5f9-429e02de0b81", "observed-data--5cbd747a-45d8-4b70-82c1-415802de0b81", "url--5cbd747a-45d8-4b70-82c1-415802de0b81", "indicator--867e47bb-adf7-4381-8be6-79dbf5b5e71f", "x-misp-object--b0f25fa4-e9f8-4d03-b5f8-12232b08aeec", "indicator--c3404a75-0222-4173-a99c-60c536dc87d7", "x-misp-object--764657dd-1a00-429d-895f-7c1f6c74eb9d", "indicator--e4348e28-8e87-413d-8e10-f163befd21f8", "x-misp-object--8dc3390e-0e31-4519-861b-46753f4a7724", "indicator--65feef59-f0fd-4662-817d-27c02ac07886", "x-misp-object--54adb423-5c15-424e-bc70-e6467f11fa55", "indicator--effbb231-e3e3-46a3-8749-115ffc451f75", "x-misp-object--cfc10358-f02b-4f0b-83d4-92776013927b", "indicator--1eed6e2d-c5e6-4150-8ccd-d3bc96796553", "x-misp-object--3c563bb6-6ef9-4565-b392-ee9f00d5ff07", "indicator--301a91c9-b7e0-4a0c-9294-c4c998ef4833", "x-misp-object--c6c7b545-e03a-4539-8f5c-214bf4702bdf", "indicator--b4a8764f-f7fc-4571-9b2b-bc9f3283ca04", "x-misp-object--7ff4854a-c7d8-4af1-8173-0cdf26b50991", "relationship--0565a7c7-4664-4d25-9708-19ad05a7173d", "relationship--1c2c6ea2-563d-4dbc-b88f-263090dc4c47", "relationship--019498d1-fac7-4b3c-9dce-e4ecf7d686ba", "relationship--dca844bb-4b37-4cd4-b78b-a1fd43b83280", "relationship--82e478b8-2819-4ebb-8229-1449ebb54300", "relationship--11da7a2b-bd6d-4019-863b-48eab9fe2243", "relationship--3c4a0308-0e6f-493d-b577-eb3e94046852", "relationship--1eca3ca4-b647-40db-8c22-8eaa42fafff6" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:threat-actor=\"TA505\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "osint:source-type=\"blog-post\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5cbd73a2-b97c-4e99-b1fc-4a5402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:17.000Z", "modified": "2019-04-22T07:56:17.000Z", "first_observed": "2019-04-22T07:56:17Z", "last_observed": "2019-04-22T07:56:17Z", "number_observed": 1, "object_refs": [ "url--5cbd73a2-b97c-4e99-b1fc-4a5402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5cbd73a2-b97c-4e99-b1fc-4a5402de0b81", "value": "https://medium.com/@1ZRR4H/nueva-campa%C3%B1a-del-grupo-ruso-ta505-dirigida-a-chile-y-argentina-servhelper-1dc3bfbff0c7" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73c0-69a8-4d14-baf1-499402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:48.000Z", "modified": "2019-04-22T07:56:48.000Z", "pattern": "[url:value = 'canyoning-austria.at/dashost']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73c0-3b2c-4cf8-92f1-4f7802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:48.000Z", "modified": "2019-04-22T07:56:48.000Z", "pattern": "[url:value = 'profan.es/dashost']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73c0-b9b0-4164-bc9a-4bf802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:48.000Z", "modified": "2019-04-22T07:56:48.000Z", "pattern": "[url:value = 'kerrison.com/dashost']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73c0-5134-4712-a2d6-480102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:48.000Z", "modified": "2019-04-22T07:56:48.000Z", "pattern": "[url:value = 'globe-trotterltd.com/dashost']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73c0-454c-4592-95e6-46dc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:48.000Z", "modified": "2019-04-22T07:56:48.000Z", "pattern": "[url:value = '195.123.227.20/dashost']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73c0-1da8-4680-b28e-4e1002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:48.000Z", "modified": "2019-04-22T07:56:48.000Z", "pattern": "[url:value = 'http://houusha33.icu/jquery/jquery.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73c0-8a98-49b2-8a25-4ea202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:48.000Z", "modified": "2019-04-22T07:56:48.000Z", "pattern": "[url:value = 'http://joisff333.icu/jquery/jquery.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73c0-d208-4a04-b984-4c4602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:48.000Z", "modified": "2019-04-22T07:56:48.000Z", "pattern": "[url:value = 'http://91.201.67.96/cyf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73c0-5028-425f-86c7-478e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:48.000Z", "modified": "2019-04-22T07:56:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.232.130.161']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73c0-00ac-41d6-9513-4d4102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:56:48.000Z", "modified": "2019-04-22T07:56:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.123.227.79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-3aac-471f-bd19-4ab602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\Installer\\\\MSI3DA2.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-ce0c-438a-942b-4ee902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:hashes.SHA256 = '64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-d580-4456-a5ca-475202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\Installer\\\\MSI419D.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-6fb8-4055-9ba6-474602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:hashes.SHA256 = '7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-de54-442c-a322-4f7e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsu4228.tmp\\\\ns4229.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-6fe8-4c75-b4a6-45e802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:hashes.SHA256 = '79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-1bd8-4bf5-b02c-4cb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsu4228.tmp\\\\nsExec.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-af2c-4136-8e4d-409c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:hashes.SHA256 = 'b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-47f8-4911-b957-4e2602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\repotaj.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-5c18-468d-ab34-498102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:hashes.SHA256 = 'fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-6a5c-4822-8777-4a0a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\Installer\\\\MSI777D.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-bcfc-4824-a499-425302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:hashes.SHA256 = '75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-4390-4a98-9a65-492302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\Installer\\\\MSI7D8B.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73dd-fb5c-49ed-af22-41a602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:hashes.SHA256 = '843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73de-e6dc-4dcd-83fd-456102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:17.000Z", "modified": "2019-04-22T07:57:17.000Z", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsl7E55.tmp\\\\nsExec.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73de-1ba8-426f-b998-48e002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:18.000Z", "modified": "2019-04-22T07:57:18.000Z", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\pegas.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73de-7c74-450a-8290-494802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:18.000Z", "modified": "2019-04-22T07:57:18.000Z", "pattern": "[file:hashes.SHA256 = '9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cbd73de-ce04-4fc5-9616-435302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:57:18.000Z", "modified": "2019-04-22T07:57:18.000Z", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsl7E55.tmp\\\\ns7E66.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:57:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5cbd7456-69a4-4301-97d6-446e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T08:06:52.000Z", "modified": "2019-04-22T08:06:52.000Z", "first_observed": "2019-04-22T08:06:52Z", "last_observed": "2019-04-22T08:06:52Z", "number_observed": 1, "object_refs": [ "url--5cbd7456-69a4-4301-97d6-446e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"automatic-analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5cbd7456-69a4-4301-97d6-446e02de0b81", "value": "https://app.any.run/tasks/804f1ace-cd13-48b6-8b9a-87a983cfce5a" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5cbd7456-1df0-46c1-88c0-49dd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T08:06:52.000Z", "modified": "2019-04-22T08:06:52.000Z", "first_observed": "2019-04-22T08:06:52Z", "last_observed": "2019-04-22T08:06:52Z", "number_observed": 1, "object_refs": [ "url--5cbd7456-1df0-46c1-88c0-49dd02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"automatic-analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5cbd7456-1df0-46c1-88c0-49dd02de0b81", "value": "https://app.any.run/tasks/1546da9a-d3b0-4e2d-a1e7-90c58b54b134" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5cbd7456-c4f4-4727-9bf2-468902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T08:06:52.000Z", "modified": "2019-04-22T08:06:52.000Z", "first_observed": "2019-04-22T08:06:52Z", "last_observed": "2019-04-22T08:06:52Z", "number_observed": 1, "object_refs": [ "url--5cbd7456-c4f4-4727-9bf2-468902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"automatic-analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5cbd7456-c4f4-4727-9bf2-468902de0b81", "value": "https://app.any.run/tasks/5d68c43e-15b2-48c0-bcbe-2a60f3112639" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5cbd747a-c9dc-4ae2-9b67-4add02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T08:06:21.000Z", "modified": "2019-04-22T08:06:21.000Z", "first_observed": "2019-04-22T08:06:21Z", "last_observed": "2019-04-22T08:06:21Z", "number_observed": 1, "object_refs": [ "url--5cbd747a-c9dc-4ae2-9b67-4add02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5cbd747a-c9dc-4ae2-9b67-4add02de0b81", "value": "https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5cbd747a-8040-41b7-b544-463102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T08:06:22.000Z", "modified": "2019-04-22T08:06:22.000Z", "first_observed": "2019-04-22T08:06:22Z", "last_observed": "2019-04-22T08:06:22Z", "number_observed": 1, "object_refs": [ "url--5cbd747a-8040-41b7-b544-463102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5cbd747a-8040-41b7-b544-463102de0b81", "value": "https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5cbd747a-ed34-4317-b5f9-429e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T08:06:21.000Z", "modified": "2019-04-22T08:06:21.000Z", "first_observed": "2019-04-22T08:06:21Z", "last_observed": "2019-04-22T08:06:21Z", "number_observed": 1, "object_refs": [ "url--5cbd747a-ed34-4317-b5f9-429e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5cbd747a-ed34-4317-b5f9-429e02de0b81", "value": "https://www.deepinstinct.com/2019/04/02/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5cbd747a-45d8-4b70-82c1-415802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T08:06:22.000Z", "modified": "2019-04-22T08:06:22.000Z", "first_observed": "2019-04-22T08:06:22Z", "last_observed": "2019-04-22T08:06:22Z", "number_observed": 1, "object_refs": [ "url--5cbd747a-45d8-4b70-82c1-415802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5cbd747a-45d8-4b70-82c1-415802de0b81", "value": "https://ti.360.net/blog/articles/excel-4.0-macro-utilized-by-ta505-to-target-financial-institutions-recently-en/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--867e47bb-adf7-4381-8be6-79dbf5b5e71f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:34.000Z", "modified": "2019-04-22T07:58:34.000Z", "pattern": "[file:hashes.MD5 = 'e2347a65b30ccc5b2c4230daaeefb897' AND file:hashes.SHA1 = '64c7047898371e81bfc58b8fda6da7892a92108d' AND file:hashes.SHA256 = '79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:58:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b0f25fa4-e9f8-4d03-b5f8-12232b08aeec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:34.000Z", "modified": "2019-04-22T07:58:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-20T08:04:42", "category": "Other", "uuid": "2872b77c-20e0-45c0-b8fb-449e42a8cbc4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec/analysis/1555747482/", "category": "Payload delivery", "uuid": "a9d51e83-3cf6-4cb5-b0bb-68a7f55d6a1a" }, { "type": "text", "object_relation": "detection-ratio", "value": "2/71", "category": "Payload delivery", "uuid": "a2840024-acc7-4c8a-84ff-2032ad1920b7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c3404a75-0222-4173-a99c-60c536dc87d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:34.000Z", "modified": "2019-04-22T07:58:34.000Z", "pattern": "[file:hashes.MD5 = '1f49d8af9be9e915d54b2441c4a79adf' AND file:hashes.SHA1 = '1ee4f809c693e31f34bc6d8153664a6dc2c3e499' AND file:hashes.SHA256 = 'b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:58:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--764657dd-1a00-429d-895f-7c1f6c74eb9d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:34.000Z", "modified": "2019-04-22T07:58:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-16T07:40:38", "category": "Other", "uuid": "9478771f-ebde-47ad-947f-6653868b43c7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782/analysis/1555400438/", "category": "Payload delivery", "uuid": "5e7f9759-3199-4c01-ab49-772bfc783dc7" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/69", "category": "Payload delivery", "uuid": "77aa48f9-ee53-4b88-bfd4-2cff08cb987b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4348e28-8e87-413d-8e10-f163befd21f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:34.000Z", "modified": "2019-04-22T07:58:34.000Z", "pattern": "[file:hashes.MD5 = '4a8198fca604a78dd210803aebd5cbba' AND file:hashes.SHA1 = '06f232210e507f09f01155e7d0cb5389b8a31042' AND file:hashes.SHA256 = '9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:58:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8dc3390e-0e31-4519-861b-46753f4a7724", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:34.000Z", "modified": "2019-04-22T07:58:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-19T13:34:35", "category": "Other", "uuid": "296b39c0-8c18-48de-951a-875ebd5df7c9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e/analysis/1555680875/", "category": "Payload delivery", "uuid": "a8e091a7-599d-4c76-984e-68c366c8ecb6" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/71", "category": "Payload delivery", "uuid": "ff153d9d-15f1-4e2f-8821-ea5f6d40212e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65feef59-f0fd-4662-817d-27c02ac07886", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:34.000Z", "modified": "2019-04-22T07:58:34.000Z", "pattern": "[file:hashes.MD5 = 'a8024347a2bb59bd5cfbde2311f16a20' AND file:hashes.SHA1 = '8ab7dd5b6583f2ff847a970deb591a34a230fa81' AND file:hashes.SHA256 = '64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:58:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--54adb423-5c15-424e-bc70-e6467f11fa55", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:34.000Z", "modified": "2019-04-22T07:58:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-22T00:20:43", "category": "Other", "uuid": "4b216a59-481f-4845-af8f-3138132c3eee" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8/analysis/1555892443/", "category": "Payload delivery", "uuid": "1ad96739-a571-4915-a14c-1a140c5a29de" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/54", "category": "Payload delivery", "uuid": "9c5cae44-8305-4195-88cb-f11ac62651e4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--effbb231-e3e3-46a3-8749-115ffc451f75", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:35.000Z", "modified": "2019-04-22T07:58:35.000Z", "pattern": "[file:hashes.MD5 = '4ca90e372982c864b8eae6d95161a213' AND file:hashes.SHA1 = 'ad35fa0b3799562931b4bfa3abd057214b8721ff' AND file:hashes.SHA256 = '843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:58:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cfc10358-f02b-4f0b-83d4-92776013927b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:35.000Z", "modified": "2019-04-22T07:58:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-22T04:38:01", "category": "Other", "uuid": "d9399e02-1c95-4d3c-a3f9-aff3d110e29b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c/analysis/1555907881/", "category": "Payload delivery", "uuid": "dc01f50c-1875-4765-bf0c-6b67b07bae6a" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/67", "category": "Payload delivery", "uuid": "b128e9ae-2522-447a-bc5d-9038e98e83de" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1eed6e2d-c5e6-4150-8ccd-d3bc96796553", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:35.000Z", "modified": "2019-04-22T07:58:35.000Z", "pattern": "[file:hashes.MD5 = '2f05a4a116a3b152c2a5eabf048f43e8' AND file:hashes.SHA1 = 'd18ef08bf13de20442613a899c4cd07b96d27f8c' AND file:hashes.SHA256 = 'fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:58:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3c563bb6-6ef9-4565-b392-ee9f00d5ff07", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:35.000Z", "modified": "2019-04-22T07:58:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-21T04:19:37", "category": "Other", "uuid": "d58e5a6b-3da3-4ccb-a166-473ca9de5928" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6/analysis/1555820377/", "category": "Payload delivery", "uuid": "fd8b3cb3-390f-45c1-9336-f0907da82030" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/65", "category": "Payload delivery", "uuid": "653716ec-3a07-4e78-8df5-300768b2ca6f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--301a91c9-b7e0-4a0c-9294-c4c998ef4833", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:35.000Z", "modified": "2019-04-22T07:58:35.000Z", "pattern": "[file:hashes.MD5 = '329d3e86fb9fca6a656742c6aa8ee13e' AND file:hashes.SHA1 = '6c76baa8f4f45f5d68b00f88847d42b99fd896e5' AND file:hashes.SHA256 = '7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:58:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c6c7b545-e03a-4539-8f5c-214bf4702bdf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:35.000Z", "modified": "2019-04-22T07:58:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-21T03:35:28", "category": "Other", "uuid": "8e3a6c60-4adf-4a24-a9a5-849ea01b718a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50/analysis/1555817728/", "category": "Payload delivery", "uuid": "4b6b23d6-7a81-40de-ae0a-d3beda6b01b8" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/68", "category": "Payload delivery", "uuid": "bcec37f0-fe53-4db7-b109-04b9c34f1ccc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4a8764f-f7fc-4571-9b2b-bc9f3283ca04", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:35.000Z", "modified": "2019-04-22T07:58:35.000Z", "pattern": "[file:hashes.MD5 = '2c0b36a448fe7131cfb4fbc1a960da2b' AND file:hashes.SHA1 = 'a99e98129f380b8e60f7005b21db2b79edd66dc4' AND file:hashes.SHA256 = '75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-22T07:58:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7ff4854a-c7d8-4af1-8173-0cdf26b50991", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-22T07:58:35.000Z", "modified": "2019-04-22T07:58:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-15T15:05:01", "category": "Other", "uuid": "b80e6745-fd52-427a-a191-2b39e1bd91bc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36/analysis/1555340701/", "category": "Payload delivery", "uuid": "87f84fda-1348-4d28-9f69-7bc895c36a71" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/60", "category": "Payload delivery", "uuid": "7be490c9-16be-4efd-84ca-cedde0d3165f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0565a7c7-4664-4d25-9708-19ad05a7173d", "created": "2019-04-22T07:58:35.000Z", "modified": "2019-04-22T07:58:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--867e47bb-adf7-4381-8be6-79dbf5b5e71f", "target_ref": "x-misp-object--b0f25fa4-e9f8-4d03-b5f8-12232b08aeec" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1c2c6ea2-563d-4dbc-b88f-263090dc4c47", "created": "2019-04-22T07:58:35.000Z", "modified": "2019-04-22T07:58:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c3404a75-0222-4173-a99c-60c536dc87d7", "target_ref": "x-misp-object--764657dd-1a00-429d-895f-7c1f6c74eb9d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--019498d1-fac7-4b3c-9dce-e4ecf7d686ba", "created": "2019-04-22T07:58:36.000Z", "modified": "2019-04-22T07:58:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e4348e28-8e87-413d-8e10-f163befd21f8", "target_ref": "x-misp-object--8dc3390e-0e31-4519-861b-46753f4a7724" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dca844bb-4b37-4cd4-b78b-a1fd43b83280", "created": "2019-04-22T07:58:36.000Z", "modified": "2019-04-22T07:58:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--65feef59-f0fd-4662-817d-27c02ac07886", "target_ref": "x-misp-object--54adb423-5c15-424e-bc70-e6467f11fa55" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--82e478b8-2819-4ebb-8229-1449ebb54300", "created": "2019-04-22T07:58:36.000Z", "modified": "2019-04-22T07:58:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--effbb231-e3e3-46a3-8749-115ffc451f75", "target_ref": "x-misp-object--cfc10358-f02b-4f0b-83d4-92776013927b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--11da7a2b-bd6d-4019-863b-48eab9fe2243", "created": "2019-04-22T07:58:36.000Z", "modified": "2019-04-22T07:58:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1eed6e2d-c5e6-4150-8ccd-d3bc96796553", "target_ref": "x-misp-object--3c563bb6-6ef9-4565-b392-ee9f00d5ff07" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3c4a0308-0e6f-493d-b577-eb3e94046852", "created": "2019-04-22T07:58:36.000Z", "modified": "2019-04-22T07:58:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--301a91c9-b7e0-4a0c-9294-c4c998ef4833", "target_ref": "x-misp-object--c6c7b545-e03a-4539-8f5c-214bf4702bdf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1eca3ca4-b647-40db-8c22-8eaa42fafff6", "created": "2019-04-22T07:58:36.000Z", "modified": "2019-04-22T07:58:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b4a8764f-f7fc-4571-9b2b-bc9f3283ca04", "target_ref": "x-misp-object--7ff4854a-c7d8-4af1-8173-0cdf26b50991" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }