{ "type": "bundle", "id": "bundle--5d47cdea-435c-45aa-8db0-4693950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:43:15.000Z", "modified": "2019-08-11T06:43:15.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5d47cdea-435c-45aa-8db0-4693950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:43:15.000Z", "modified": "2019-08-11T06:43:15.000Z", "name": "OSINT - From Carnaval to Cinco de Mayo \u00e2\u20ac\u201c The journey of Amavaldo", "published": "2019-08-11T06:43:34Z", "object_refs": [ "observed-data--5d47cdfa-0d14-464f-8041-4abe950d210f", "url--5d47cdfa-0d14-464f-8041-4abe950d210f", "indicator--5d482f74-badc-495e-920c-4329950d210f", "indicator--5d483181-9e28-42d9-b8a9-460d950d210f", "indicator--5d48319b-07ec-4769-9c2f-4fda950d210f", "observed-data--5d492766-d074-47b5-9e28-4a78950d210f", "mutex--5d492766-d074-47b5-9e28-4a78950d210f", "indicator--5d493cd2-4ca4-44a7-a9f0-4b5b950d210f", "indicator--5d493cf7-aeac-4fd3-99f3-6ecc950d210f", "indicator--5d493d5f-8ba4-4543-bcd8-6752950d210f", "indicator--5d493d77-e7e4-4082-82c3-41d0950d210f", "indicator--5d493ef5-9554-4e6d-884f-490f950d210f", "indicator--5d493f8a-85c0-4389-9644-aca6950d210f", "indicator--5d494a11-3c6c-4c89-9d11-daa8950d210f", "indicator--5d494a3f-1b3c-4bcc-8b34-4db5950d210f", "indicator--5d494a5d-de44-423a-b8d1-daa7950d210f", "indicator--5d49553d-701c-4eb3-954a-eaeb950d210f", "indicator--5d496104-67d8-48c9-a044-7a57950d210f", "indicator--5d4982df-1a94-4914-9cf1-464e950d210f", "indicator--5d4982f2-0190-427f-b4c5-4f08950d210f", "indicator--e462def8-1643-4d2f-a15a-825ff3fb335e", "x-misp-object--6b54feea-5cb0-4c57-b10c-7a1d4a274581", "indicator--211c8a88-4c1a-447b-a768-0ab6e30246b8", "x-misp-object--e1227ba7-e304-4792-8a0d-039b87b94ec0", "indicator--18ccf1e5-236a-4ad0-8556-2d5ff4532a11", "x-misp-object--ef63bd95-99e9-4843-9ad6-725ee617c410", "indicator--66ffca83-f5bf-46b5-aa17-25a0da26b4a8", "x-misp-object--fa950a27-172c-4243-92fe-c54894fe8f03", "indicator--168eca3c-6b0c-495b-bc97-76fc044663da", "x-misp-object--299f2cd3-4943-45c0-89fd-688831a58235", "indicator--0f1baa55-4a99-4cc2-84d1-7032ab3b20a6", "x-misp-object--fef464cf-27a2-4bfb-bf12-4adb789baa4e", "indicator--a7c89ed2-b308-4953-98a4-8b7b7f74f90e", "x-misp-object--76da6429-cbfd-4a4b-83ad-a6511f97a14e", "indicator--8ea7872e-f1cb-4652-945b-4f8f9558f662", "x-misp-object--569e0439-c30e-444a-8ef9-76c1388c03a6", "indicator--71291c97-7e50-4601-8836-d13f6a601564", "x-misp-object--29b46ebc-f105-45dd-9b0e-c50ac28523bb", "relationship--4387a0c5-2ed1-4daf-8485-c40c12483629", "relationship--1ca59d37-d511-4cb7-95f0-84c169e80fb3", "relationship--bcc5885a-3cda-451f-80d1-73d7171724f4", "relationship--5abba282-8735-48a5-b47d-305b56d82ec9", "relationship--915758e6-74d1-48b0-8f39-4c627366ac38", "relationship--c743c2bf-2d5e-4c1d-9fd6-2a28ad5f7b80", "relationship--d5525338-15d6-44e9-98cb-af86568bc545", "relationship--ec11bf1e-008d-421b-9282-1ff89b69430d", "relationship--377fcc84-b3e6-41c2-aa74-8bb8c1d96314", "relationship--5586f3ff-97db-40ae-b568-766e871ed8be", "relationship--988ab046-1bd8-44c3-be8b-d43c5ee145e4", "relationship--7604157f-f461-4db5-8436-142b081fa697", "relationship--0c8e1089-3d89-4c1f-b2f9-76aa5cdb5475" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ecsirt:intrusions=\"backdoor\"", "veris:action:malware:variety=\"Backdoor\"", "ms-caro-malware:malware-type=\"Backdoor\"", "ms-caro-malware-full:malware-type=\"Backdoor\"", "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1194\"", "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "misp-galaxy:mitre-attack-pattern=\"Video Capture - T1125\"", "misp-galaxy:mitre-attack-pattern=\"Forced Authentication - T1187\"", "misp-galaxy:mitre-attack-pattern=\"Application Deployment Software - T1017\"", "veris:action:malware:variety=\"Spyware/Keylogger\"", "misp-galaxy:rat=\"Amavaldo Banking Trojan\"", "misp-galaxy:tool=\"Amavaldo\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d47cdfa-0d14-464f-8041-4abe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-05T06:34:34.000Z", "modified": "2019-08-05T06:34:34.000Z", "first_observed": "2019-08-05T06:34:34Z", "last_observed": "2019-08-05T06:34:34Z", "number_observed": 1, "object_refs": [ "url--5d47cdfa-0d14-464f-8041-4abe950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d47cdfa-0d14-464f-8041-4abe950d210f", "value": "https://www.welivesecurity.com/2019/08/01/banking-trojans-amavaldo/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d482f74-badc-495e-920c-4329950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T11:27:20.000Z", "modified": "2019-08-06T11:27:20.000Z", "description": "Abused legitimate application", "pattern": "[file:hashes.SHA1 = '6c04499f7406e270b590374ef813c4012530273e' AND file:name = 'ctfmon.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T11:27:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d483181-9e28-42d9-b8a9-460d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T11:42:32.000Z", "modified": "2019-08-06T11:42:32.000Z", "description": "encrypted banking trojan - ESET detection name: Win32/Spy.Amavaldo.N trojan", "pattern": "[file:hashes.SHA1 = 'b761d9216c00f5e2871de16ae157de13c6283b5d' AND file:name = 'MsCtfMonitor']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T11:42:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d48319b-07ec-4769-9c2f-4fda950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T11:28:11.000Z", "modified": "2019-08-06T11:28:11.000Z", "description": "Injector for Amavaldo - ESET detection name: Win32/Spy.Amavaldo.U trojan", "pattern": "[file:hashes.SHA1 = '1d56bab28793e3ab96e390f09f02425e52e28ffc' AND file:name = 'MsCtfMonitor.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T11:28:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d492766-d074-47b5-9e28-4a78950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T07:08:22.000Z", "modified": "2019-08-06T07:08:22.000Z", "first_observed": "2019-08-06T07:08:22Z", "last_observed": "2019-08-06T07:08:22Z", "number_observed": 1, "object_refs": [ "mutex--5d492766-d074-47b5-9e28-4a78950d210f" ], "labels": [ "misp:name=\"mutex\"", "misp:meta-category=\"misc\"", "misp:to_ids=\"False\"" ] }, { "type": "mutex", "spec_version": "2.1", "id": "mutex--5d492766-d074-47b5-9e28-4a78950d210f", "name": "D7F8FEDF-D9A0-4335-A619-D3BB3EEAEDDB", "x_misp_description": "Additionally, the latest versions of Amavaldo can be identified by a mutex that seems to have the constant name" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d493cd2-4ca4-44a7-a9f0-4b5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T13:35:56.000Z", "modified": "2019-08-06T13:35:56.000Z", "description": "a tool for checking internet connectivity", "pattern": "[file:hashes.SHA1 = 'b80294261c8a1635e16e14f55a3d76889ff2c857' AND file:name = 'AICustAct.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T13:35:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d493cf7-aeac-4fd3-99f3-6ecc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T13:35:33.000Z", "modified": "2019-08-06T13:35:33.000Z", "description": "a tool for detecting virtual environment\t", "pattern": "[file:hashes.SHA1 = 'b191810094dd2ee6b13c0d33458fafcd459681ae' AND file:name = 'VmDetect.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T13:35:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d493d5f-8ba4-4543-bcd8-6752950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T13:13:20.000Z", "modified": "2019-08-06T13:13:20.000Z", "description": "Abuse legitimate application", "pattern": "[file:hashes.SHA1 = '12c93bb262696314123562f8a4b158074c9f6b95' AND file:name = 'nvsmartmaxapp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T13:13:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d493d77-e7e4-4082-82c3-41d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T13:13:57.000Z", "modified": "2019-08-06T13:13:57.000Z", "description": "Injector for Amavaldo - ESET detection name: Win32/Spy.Amavaldo.P trojan", "pattern": "[file:hashes.SHA1 = '6d80a959e7f52150fda2241a4073a29085c9386b' AND file:name = 'NvSmartMax.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T13:13:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d493ef5-9554-4e6d-884f-490f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T13:33:28.000Z", "modified": "2019-08-06T13:33:28.000Z", "description": "Amavaldo - ESET detection name: Win32/Spy.Amavaldo.N trojan", "pattern": "[file:hashes.SHA1 = 'b855d8b1bad07d578013bdb472122e405d49acc1' AND file:name = 'NvSmartMax']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T13:33:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d493f8a-85c0-4389-9644-aca6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T13:35:09.000Z", "modified": "2019-08-06T13:35:09.000Z", "description": "Abused legitimate application", "pattern": "[file:hashes.SHA1 = 'fc37ac7523cf3b4020ec46d6a47bc26957e3c054' AND file:name = 'Gup.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T13:35:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d494a11-3c6c-4c89-9d11-daa8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T11:57:41.000Z", "modified": "2019-08-06T11:57:41.000Z", "description": "Injector for email tool - ESET detection name: Win32/Spy.Amavaldo.P trojan", "pattern": "[file:hashes.SHA1 = '4dba5fe842b01b641a7228a4c8f805e4627c0012' AND file:name = 'libcurl.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T11:57:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d494a3f-1b3c-4bcc-8b34-4db5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T13:37:59.000Z", "modified": "2019-08-06T13:37:59.000Z", "description": "Email tool - ESET detection name: Win32/Spy.Banker.AEGH trojan", "pattern": "[file:hashes.SHA1 = '9a968341c65ab47bf5c7290f3b36fcf70e9c574b' AND file:name = 'Libcurl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T13:37:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d494a5d-de44-423a-b8d1-daa7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T09:40:47.000Z", "modified": "2019-08-06T09:40:47.000Z", "description": "Configuration file for gup.exe", "pattern": "[file:name = 'gup.xml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T09:40:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d49553d-701c-4eb3-954a-eaeb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T10:23:57.000Z", "modified": "2019-08-06T10:23:57.000Z", "pattern": "[file:name = 'CurriculumVitae[\u00e2\u20ac\u00a6].msi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T10:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d496104-67d8-48c9-a044-7a57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T11:14:12.000Z", "modified": "2019-08-06T11:14:12.000Z", "pattern": "[file:name = 'FotosPost[\u00e2\u20ac\u00a6].msi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T11:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d4982df-1a94-4914-9cf1-464e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T13:38:39.000Z", "modified": "2019-08-06T13:38:39.000Z", "description": "Downloader (MSI installer) - ESET detection name: Trojan.VBS/TrojanDownloader.Agent.QSL", "pattern": "[file:hashes.SHA1 = 'e0c8e11f8b271c1e40f5c184afa427ffe99444f8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T13:38:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d4982f2-0190-427f-b4c5-4f08950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-06T13:38:58.000Z", "modified": "2019-08-06T13:38:58.000Z", "description": "Downloader (MSI installer) - ESET detection name: Win32/TrojanDownloader.Delf.CSG trojan", "pattern": "[file:hashes.SHA1 = 'ad1fce0c62b532d097dacfce149c452154d51eb0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-06T13:38:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e462def8-1643-4d2f-a15a-825ff3fb335e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:54.000Z", "modified": "2019-08-11T06:32:54.000Z", "pattern": "[file:hashes.MD5 = '45c01734ed56c52797156620a5f8b414' AND file:hashes.SHA1 = 'fc37ac7523cf3b4020ec46d6a47bc26957e3c054' AND file:hashes.SHA256 = '20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-11T06:32:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6b54feea-5cb0-4c57-b10c-7a1d4a274581", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:54.000Z", "modified": "2019-08-11T06:32:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-08T11:14:28", "category": "Other", "uuid": "7e4b14b4-0aae-4ef9-a053-82ed74c31fb7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503/analysis/1565262868/", "category": "Payload delivery", "uuid": "adeb231a-0e31-41ab-98e6-b1f51bf56107" }, { "type": "text", "object_relation": "detection-ratio", "value": "1/66", "category": "Payload delivery", "uuid": "c8287316-9bfc-4ab0-8fe1-1784b0a875df" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--211c8a88-4c1a-447b-a768-0ab6e30246b8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:55.000Z", "modified": "2019-08-11T06:32:55.000Z", "pattern": "[file:hashes.MD5 = 'df3e0e32d1e1fb50cc292aebc5e5b322' AND file:hashes.SHA1 = '12c93bb262696314123562f8a4b158074c9f6b95' AND file:hashes.SHA256 = '6a1f91b94bc6c7167967983a78aa1c8780decad66c278e3d7da5e8d4dbec4412']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-11T06:32:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e1227ba7-e304-4792-8a0d-039b87b94ec0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:55.000Z", "modified": "2019-08-11T06:32:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-07T07:57:31", "category": "Other", "uuid": "7e17b294-cd02-4cbf-8360-6b980e944a60" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6a1f91b94bc6c7167967983a78aa1c8780decad66c278e3d7da5e8d4dbec4412/analysis/1565164651/", "category": "Payload delivery", "uuid": "3004172e-acdc-4959-b3db-66f1c5d0abe0" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/66", "category": "Payload delivery", "uuid": "d02a7092-c6ff-445e-b8df-fa9ce122458f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18ccf1e5-236a-4ad0-8556-2d5ff4532a11", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:55.000Z", "modified": "2019-08-11T06:32:55.000Z", "pattern": "[file:hashes.MD5 = 'e880c09454a68b4714c6f184f7968070' AND file:hashes.SHA1 = '4dba5fe842b01b641a7228a4c8f805e4627c0012' AND file:hashes.SHA256 = 'c9cf8e159809cfa97971a0b84801c6aead32e03a423a2fd0ca1c402032b16a82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-11T06:32:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ef63bd95-99e9-4843-9ad6-725ee617c410", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:55.000Z", "modified": "2019-08-11T06:32:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-09T10:12:09", "category": "Other", "uuid": "73ae0c5f-3822-44a5-8e6a-e0c5cc7ae015" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c9cf8e159809cfa97971a0b84801c6aead32e03a423a2fd0ca1c402032b16a82/analysis/1565345529/", "category": "Payload delivery", "uuid": "147b157c-4060-4849-8597-6b3cf41e56be" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/62", "category": "Payload delivery", "uuid": "cab2413e-ee43-4916-8f7f-77eab426ae20" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--66ffca83-f5bf-46b5-aa17-25a0da26b4a8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:55.000Z", "modified": "2019-08-11T06:32:55.000Z", "pattern": "[file:hashes.MD5 = '6f2bf181f8b9ca1d28465ed6bab6f3e2' AND file:hashes.SHA1 = 'ad1fce0c62b532d097dacfce149c452154d51eb0' AND file:hashes.SHA256 = '8171cbd7bc06d905a7d77d2d0dd147b0b9305d76f76a176fbda4b78768656a47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-11T06:32:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fa950a27-172c-4243-92fe-c54894fe8f03", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:55.000Z", "modified": "2019-08-11T06:32:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-09T10:13:10", "category": "Other", "uuid": "514b8275-5a02-4fa7-bbf3-44d83f3d4c03" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8171cbd7bc06d905a7d77d2d0dd147b0b9305d76f76a176fbda4b78768656a47/analysis/1565345590/", "category": "Payload delivery", "uuid": "18817da9-db4e-468c-81ab-f0fc22af73df" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/53", "category": "Payload delivery", "uuid": "fe7700b1-4509-452c-83e0-697b67eea1de" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--168eca3c-6b0c-495b-bc97-76fc044663da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:56.000Z", "modified": "2019-08-11T06:32:56.000Z", "pattern": "[file:hashes.MD5 = '9f1e5d66c2889018daef4aef604eebc4' AND file:hashes.SHA1 = 'b80294261c8a1635e16e14f55a3d76889ff2c857' AND file:hashes.SHA256 = '02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-11T06:32:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--299f2cd3-4943-45c0-89fd-688831a58235", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:56.000Z", "modified": "2019-08-11T06:32:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-06T18:49:02", "category": "Other", "uuid": "0abdb5b6-5361-4012-ba4b-bca90ddac639" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222/analysis/1565117342/", "category": "Payload delivery", "uuid": "e629edd0-952f-4a57-87c7-3ebfe9e54987" }, { "type": "text", "object_relation": "detection-ratio", "value": "1/66", "category": "Payload delivery", "uuid": "98555b2e-b57c-4506-9068-8f11a7d07ca1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0f1baa55-4a99-4cc2-84d1-7032ab3b20a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:56.000Z", "modified": "2019-08-11T06:32:56.000Z", "pattern": "[file:hashes.MD5 = '55ffee241709ae96cf64cb0b9a96f0d7' AND file:hashes.SHA1 = 'b191810094dd2ee6b13c0d33458fafcd459681ae' AND file:hashes.SHA256 = '64bc6cf6b6e9850cea2a36cabc88982b0b936dd7f0bc169a2f6dd2a5d1e86abf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-11T06:32:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fef464cf-27a2-4bfb-bf12-4adb789baa4e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:56.000Z", "modified": "2019-08-11T06:32:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-09T01:41:32", "category": "Other", "uuid": "932dfeb4-c96d-4337-b8ac-b19215b28b68" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/64bc6cf6b6e9850cea2a36cabc88982b0b936dd7f0bc169a2f6dd2a5d1e86abf/analysis/1565314892/", "category": "Payload delivery", "uuid": "2ef12f33-7867-4996-a410-c4022c862b9d" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/68", "category": "Payload delivery", "uuid": "40e4ead5-bde4-4c4e-80ff-95d7236b9f0a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7c89ed2-b308-4953-98a4-8b7b7f74f90e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:56.000Z", "modified": "2019-08-11T06:32:56.000Z", "pattern": "[file:hashes.MD5 = '1091a566e2f44bada1f814998034bd04' AND file:hashes.SHA1 = 'e0c8e11f8b271c1e40f5c184afa427ffe99444f8' AND file:hashes.SHA256 = '1c17cf7af862cdb0af2f5540391ac3d0b427bd6369cf1a5fbb8d82fb80964d1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-11T06:32:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--76da6429-cbfd-4a4b-83ad-a6511f97a14e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:57.000Z", "modified": "2019-08-11T06:32:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-09T10:12:08", "category": "Other", "uuid": "753365f1-529c-40e2-80d8-2996a57fb0f6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1c17cf7af862cdb0af2f5540391ac3d0b427bd6369cf1a5fbb8d82fb80964d1c/analysis/1565345528/", "category": "Payload delivery", "uuid": "b2c2427d-024a-4003-97f2-4c661da00e90" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/52", "category": "Payload delivery", "uuid": "f6edb2bf-fafc-4ee9-9aae-82b2531b3718" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ea7872e-f1cb-4652-945b-4f8f9558f662", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:57.000Z", "modified": "2019-08-11T06:32:57.000Z", "pattern": "[file:hashes.MD5 = '4a3cdcef8ed41b221f3dbef5792fb52d' AND file:hashes.SHA1 = '6c04499f7406e270b590374ef813c4012530273e' AND file:hashes.SHA256 = '6bb5f3a7147660db416b838893c7d0734872ada9f7db68b1d019043a1cb89397']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-11T06:32:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--569e0439-c30e-444a-8ef9-76c1388c03a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:57.000Z", "modified": "2019-08-11T06:32:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-09T12:53:04", "category": "Other", "uuid": "0ccdca69-9f20-42e3-ab13-e2e6b98cc13e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6bb5f3a7147660db416b838893c7d0734872ada9f7db68b1d019043a1cb89397/analysis/1565355184/", "category": "Payload delivery", "uuid": "8db662d3-7baf-4543-b958-bdebb1bdb185" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/66", "category": "Payload delivery", "uuid": "8c2c7ee6-599a-4468-bb8f-e90793092ed1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71291c97-7e50-4601-8836-d13f6a601564", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:57.000Z", "modified": "2019-08-11T06:32:57.000Z", "pattern": "[file:hashes.MD5 = '88eca26e7f720a3faa94864359681590' AND file:hashes.SHA1 = '6d80a959e7f52150fda2241a4073a29085c9386b' AND file:hashes.SHA256 = 'b7e72ad59f05b67e7f44f071e7c3e46a490261c653cac66063ceed52c176fae0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-11T06:32:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--29b46ebc-f105-45dd-9b0e-c50ac28523bb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-11T06:32:58.000Z", "modified": "2019-08-11T06:32:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-09T10:12:08", "category": "Other", "uuid": "9d0e29a6-ce2e-4af8-baa0-f1a20ea19ae3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b7e72ad59f05b67e7f44f071e7c3e46a490261c653cac66063ceed52c176fae0/analysis/1565345528/", "category": "Payload delivery", "uuid": "9bb01340-6430-43f8-be1d-2c9c37985fcc" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/62", "category": "Payload delivery", "uuid": "dae0b425-f835-4ad2-87f8-709822134d4b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4387a0c5-2ed1-4daf-8485-c40c12483629", "created": "2019-08-06T06:54:44.000Z", "modified": "2019-08-06T06:54:44.000Z", "relationship_type": "executed-by", "source_ref": "indicator--5d483181-9e28-42d9-b8a9-460d950d210f", "target_ref": "indicator--5d48319b-07ec-4769-9c2f-4fda950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1ca59d37-d511-4cb7-95f0-84c169e80fb3", "created": "2019-08-06T06:54:27.000Z", "modified": "2019-08-06T06:54:27.000Z", "relationship_type": "executes", "source_ref": "indicator--5d48319b-07ec-4769-9c2f-4fda950d210f", "target_ref": "indicator--5d483181-9e28-42d9-b8a9-460d950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bcc5885a-3cda-451f-80d1-73d7171724f4", "created": "2019-08-06T09:41:07.000Z", "modified": "2019-08-06T09:41:07.000Z", "relationship_type": "uses", "source_ref": "indicator--5d493f8a-85c0-4389-9644-aca6950d210f", "target_ref": "indicator--5d494a5d-de44-423a-b8d1-daa7950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5abba282-8735-48a5-b47d-305b56d82ec9", "created": "2019-08-06T09:40:47.000Z", "modified": "2019-08-06T09:40:47.000Z", "relationship_type": "used-by", "source_ref": "indicator--5d494a5d-de44-423a-b8d1-daa7950d210f", "target_ref": "indicator--5d493f8a-85c0-4389-9644-aca6950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--915758e6-74d1-48b0-8f39-4c627366ac38", "created": "2019-08-11T06:32:58.000Z", "modified": "2019-08-11T06:32:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e462def8-1643-4d2f-a15a-825ff3fb335e", "target_ref": "x-misp-object--6b54feea-5cb0-4c57-b10c-7a1d4a274581" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c743c2bf-2d5e-4c1d-9fd6-2a28ad5f7b80", "created": "2019-08-11T06:32:59.000Z", "modified": "2019-08-11T06:32:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--211c8a88-4c1a-447b-a768-0ab6e30246b8", "target_ref": "x-misp-object--e1227ba7-e304-4792-8a0d-039b87b94ec0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d5525338-15d6-44e9-98cb-af86568bc545", "created": "2019-08-11T06:32:59.000Z", "modified": "2019-08-11T06:32:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--18ccf1e5-236a-4ad0-8556-2d5ff4532a11", "target_ref": "x-misp-object--ef63bd95-99e9-4843-9ad6-725ee617c410" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec11bf1e-008d-421b-9282-1ff89b69430d", "created": "2019-08-11T06:32:59.000Z", "modified": "2019-08-11T06:32:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--66ffca83-f5bf-46b5-aa17-25a0da26b4a8", "target_ref": "x-misp-object--fa950a27-172c-4243-92fe-c54894fe8f03" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--377fcc84-b3e6-41c2-aa74-8bb8c1d96314", "created": "2019-08-11T06:32:59.000Z", "modified": "2019-08-11T06:32:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--168eca3c-6b0c-495b-bc97-76fc044663da", "target_ref": "x-misp-object--299f2cd3-4943-45c0-89fd-688831a58235" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5586f3ff-97db-40ae-b568-766e871ed8be", "created": "2019-08-11T06:32:59.000Z", "modified": "2019-08-11T06:32:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0f1baa55-4a99-4cc2-84d1-7032ab3b20a6", "target_ref": "x-misp-object--fef464cf-27a2-4bfb-bf12-4adb789baa4e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--988ab046-1bd8-44c3-be8b-d43c5ee145e4", "created": "2019-08-11T06:32:59.000Z", "modified": "2019-08-11T06:32:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a7c89ed2-b308-4953-98a4-8b7b7f74f90e", "target_ref": "x-misp-object--76da6429-cbfd-4a4b-83ad-a6511f97a14e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7604157f-f461-4db5-8436-142b081fa697", "created": "2019-08-11T06:32:59.000Z", "modified": "2019-08-11T06:32:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8ea7872e-f1cb-4652-945b-4f8f9558f662", "target_ref": "x-misp-object--569e0439-c30e-444a-8ef9-76c1388c03a6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c8e1089-3d89-4c1f-b2f9-76aa5cdb5475", "created": "2019-08-11T06:32:59.000Z", "modified": "2019-08-11T06:32:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--71291c97-7e50-4601-8836-d13f6a601564", "target_ref": "x-misp-object--29b46ebc-f105-45dd-9b0e-c50ac28523bb" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }