adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a3bcbe0-3d70-427d-8744-4bdb950d210f.json

1151 lines
No EOL
51 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5a3bcbe0-3d70-427d-8744-4bdb950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-10T03:01:13.000Z",
"modified": "2018-02-10T03:01:13.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a3bcbe0-3d70-427d-8744-4bdb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-10T03:01:13.000Z",
"modified": "2018-02-10T03:01:13.000Z",
"name": "OSINT - DownAndExec: Banking malware utilizes CDNs in Brazil",
"published": "2018-02-16T08:57:17Z",
"object_refs": [
"observed-data--5a3cc4fd-5fd0-4c16-a65a-4c62950d210f",
"url--5a3cc4fd-5fd0-4c16-a65a-4c62950d210f",
"x-misp-attribute--5a5c6f2a-afc8-41e1-8a1f-43b9950d210f",
"indicator--5a5c771a-0068-47dc-8e20-47ad950d210f",
"indicator--5a5c771b-1804-42f0-9701-4e5d950d210f",
"indicator--5a5c771b-5054-4f25-914e-4aee950d210f",
"indicator--5a5c771b-6a2c-45ff-8d55-47b0950d210f",
"indicator--5a5c771c-9a58-45ea-a3c7-4555950d210f",
"indicator--5a5c7a0d-71d4-465e-b761-ae5c950d210f",
"indicator--5a5c7a0e-4c48-42d5-acbc-ae5c950d210f",
"indicator--5a5c7109-1514-4b03-aca8-c84f950d210f",
"indicator--5a5c712c-c8f0-4033-a3c6-ae5c950d210f",
"indicator--5a5c7153-7a80-4f92-a162-af7f950d210f",
"indicator--5a5c7165-f8fc-41f9-84f1-4c94950d210f",
"indicator--5a5c717d-7e58-4fbf-8c33-c84f950d210f",
"indicator--5a5c7192-cb54-4a77-8f2f-ae1e950d210f",
"indicator--352791b2-86bb-41ad-9481-10549ebea11f",
"x-misp-object--db289675-d7e8-42b0-a80d-1d0f73eac08b",
"indicator--323bf06e-4c08-4825-9e3d-490b985d27f1",
"x-misp-object--3c950c89-f255-4ce4-bdf5-b3cb9a34eada",
"indicator--989dca8a-94e7-414f-9bb9-299b6407cfe4",
"x-misp-object--b8d9d264-06d8-465a-81c9-a4cd48c9deaa",
"indicator--ec87a3b7-5f72-4b59-8d53-6e2767f4328f",
"x-misp-object--8c9d5426-4f3b-4bfd-b166-40f4e69c8998",
"indicator--5e44b32b-6d75-4ac9-a643-96970dee4e3e",
"x-misp-object--532bbc5d-ad5f-4281-88f9-a027f31718ae",
"indicator--362d20e1-90b1-45c8-b536-5e2fc281fe8a",
"x-misp-object--0d641165-660b-4c56-a989-5f27840d94f1",
"indicator--9e1132f7-a6f0-4966-8d8e-a8ba91337184",
"x-misp-object--9ddbe62a-df3a-4968-8fb1-4b46e61d0abe",
"indicator--a4602179-8407-4714-8ce8-73e739f8f93e",
"x-misp-object--23e90ff7-f68e-4f1e-abfb-1d24b0480d18",
"indicator--368ea62b-9c92-41fd-aa29-ad77f6f49144",
"x-misp-object--ffa1925f-32e0-4ddf-ac99-db930609d495",
"indicator--b4c72aed-63bf-4f2a-8794-047d36abe533",
"x-misp-object--43e3402c-ec4a-4afc-859b-18cdd344f48f",
"relationship--957fbde1-d4bb-49ad-a53c-0c27e4469ebb",
"relationship--4c8a6c34-c3d8-43a4-8bb3-868dd42320ac",
"relationship--1639588a-8957-4305-b904-69519b96faf2",
"relationship--7e3fe4c5-527d-46e4-8fe8-37a37a534771",
"relationship--fc2b5318-37cd-4964-bc9e-43012832d7d4",
"relationship--6a0edb32-3fb0-4f47-a3d7-15c888c27fbc",
"relationship--afd301d6-a8a8-4010-97c9-0feec2a623e6",
"relationship--facb6641-8414-412a-995c-1726d8697937",
"relationship--70db0546-b959-46ff-8691-ad5f43724b05",
"relationship--f25a216b-4605-4f1c-a4c9-b6f2ec852a64"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"ms-caro-malware-full:malware-family=\"Banker\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3cc4fd-5fd0-4c16-a65a-4c62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:47.000Z",
"modified": "2018-02-09T14:04:47.000Z",
"first_observed": "2018-02-09T14:04:47Z",
"last_observed": "2018-02-09T14:04:47Z",
"number_observed": 1,
"object_refs": [
"url--5a3cc4fd-5fd0-4c16-a65a-4c62950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a3cc4fd-5fd0-4c16-a65a-4c62950d210f",
"value": "https://www.welivesecurity.com/2017/09/13/downandexec-banking-malware-cdns-brazil/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a5c6f2a-afc8-41e1-8a1f-43b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:47.000Z",
"modified": "2018-02-09T14:04:47.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage as it gives users greater speed when viewing the content, as the server is close to them and is part of the Netflix CDN. This results in faster loading times for series and movies, wherever you are in the world. But, apparently, the CDNs are starting to become a new way of spreading malware.\r\n\r\nThe attack chain is very extensive, and incorporates the execution of remote scripts (similar in some respects to the recent \u00e2\u20ac\u0153fileless\u00e2\u20ac\u009d banking malware trend), plus the use of CDNs for command and control (C&C), and other standard techniques for the execution and protection of malware.\r\n\r\nThe purpose of this article is to offer an analysis of the downAndExec standard that is making extensive use of JS scripts to download and execute \u00e2\u20ac\u201d in this particular instance, banking malware on victims\u00e2\u20ac\u2122 computers."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c771a-0068-47dc-8e20-47ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:40:42.000Z",
"modified": "2018-01-15T09:40:42.000Z",
"description": "NSIS/TrojanDropper.Agent.CL",
"pattern": "[file:hashes.SHA1 = '30fc877887d6845007503f3abd44ec261a0d40c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:40:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c771b-1804-42f0-9701-4e5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:40:43.000Z",
"modified": "2018-01-15T09:40:43.000Z",
"description": "NSIS/TrojanDropper.Agent.CL",
"pattern": "[file:hashes.SHA1 = '34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:40:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c771b-5054-4f25-914e-4aee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:40:43.000Z",
"modified": "2018-01-15T09:40:43.000Z",
"description": "NSIS/TrojanDropper.Agent.CL",
"pattern": "[file:hashes.SHA1 = 'bffaabcce3f4cced896f745a7ec4eba207028683']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:40:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c771b-6a2c-45ff-8d55-47b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:40:43.000Z",
"modified": "2018-01-15T09:40:43.000Z",
"description": "JS/TrojanDownloader.Agent.QPA",
"pattern": "[file:hashes.MD5 = '2ad3b1669e8302035e24c838b3c08f2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:40:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c771c-9a58-45ea-a3c7-4555950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:40:44.000Z",
"modified": "2018-01-15T09:40:44.000Z",
"description": "Win32/Spy.Banker.ADYV",
"pattern": "[file:hashes.MD5 = '51aed47cc54e9671f3ea71f8ee584952']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:40:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c7a0d-71d4-465e-b761-ae5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:48.000Z",
"modified": "2018-02-09T14:04:48.000Z",
"pattern": "[url:value = 'https://1402712571.rsc.cdn77.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:04:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c7a0e-4c48-42d5-acbc-ae5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:48.000Z",
"modified": "2018-02-09T14:04:48.000Z",
"description": "inactive",
"pattern": "[url:value = 'https://1356485243.rsc.cdn77.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:04:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c7109-1514-4b03-aca8-c84f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:14:49.000Z",
"modified": "2018-01-15T09:14:49.000Z",
"pattern": "[file:hashes.SHA1 = '37648e4b95636e3ee5a68e3fa8c0735125126c17' AND file:name = 'AppAdobeFPlayer_1497851813.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c712c-c8f0-4033-a3c6-ae5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:15:24.000Z",
"modified": "2018-01-15T09:15:24.000Z",
"pattern": "[file:hashes.SHA1 = '38b7611bb20985512f86dc2c38247593e58a1df6' AND file:name = 'Consulta_Resultado05062017.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c7153-7a80-4f92-a162-af7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:16:03.000Z",
"modified": "2018-01-15T09:16:03.000Z",
"pattern": "[file:hashes.SHA1 = '67458b503047852dd603080946842472e575b856' AND file:name = 'NotaFiscal.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c7165-f8fc-41f9-84f1-4c94950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:16:21.000Z",
"modified": "2018-01-15T09:16:21.000Z",
"pattern": "[file:hashes.SHA1 = '8ea2c548bcb974a380fece046a7e3f0218632ff2' AND file:name = 'n\u00c3\u00a3o confirmado 923337.crdownload' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:16:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c717d-7e58-4fbf-8c33-c84f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:16:45.000Z",
"modified": "2018-01-15T09:16:45.000Z",
"pattern": "[file:hashes.SHA1 = 'bffaabcce3f4cced896f745a7ec4eba2070286b3' AND file:name = '5ae9e0f3867ae8a317031fc9a5ed886e.virus' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:16:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a5c7192-cb54-4a77-8f2f-ae1e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-15T09:17:06.000Z",
"modified": "2018-01-15T09:17:06.000Z",
"pattern": "[file:hashes.SHA1 = 'effb36259accdfff07c036c5a41b357692577265' AND file:name = 'Consulta_Resultado05062017.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-15T09:17:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--352791b2-86bb-41ad-9481-10549ebea11f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:51.000Z",
"modified": "2018-02-09T14:04:51.000Z",
"pattern": "[file:hashes.MD5 = '51aed47cc54e9671f3ea71f8ee584952' AND file:hashes.SHA1 = '5c5d23fcb759d900c0158948695b43f63df4a99d' AND file:hashes.SHA256 = '08895e31448976adfbe419d1db92650bfb8b937f13597e6222fba965d3e999e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:04:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--db289675-d7e8-42b0-a80d-1d0f73eac08b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:50.000Z",
"modified": "2018-02-09T14:04:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/08895e31448976adfbe419d1db92650bfb8b937f13597e6222fba965d3e999e0/analysis/1509045877/",
"category": "External analysis",
"comment": "Win32/Spy.Banker.ADYV",
"uuid": "5a7daa82-5084-4e96-b1b7-481e02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/66",
"category": "Other",
"comment": "Win32/Spy.Banker.ADYV",
"uuid": "5a7daa82-ce04-4a13-b4dc-4dd902de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-26T19:24:37",
"category": "Other",
"comment": "Win32/Spy.Banker.ADYV",
"uuid": "5a7daa83-7f20-42ba-9919-459c02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--323bf06e-4c08-4825-9e3d-490b985d27f1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:54.000Z",
"modified": "2018-02-09T14:04:54.000Z",
"pattern": "[file:hashes.MD5 = '2ad3b1669e8302035e24c838b3c08f2c' AND file:hashes.SHA1 = '21e6bfad68531acefa1a059015fb008742b5aeec' AND file:hashes.SHA256 = '15a739c1e02245e4f686ff46ca616ab73663fffac9c4de4290a1af4668405878']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:04:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3c950c89-f255-4ce4-bdf5-b3cb9a34eada",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:53.000Z",
"modified": "2018-02-09T14:04:53.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/15a739c1e02245e4f686ff46ca616ab73663fffac9c4de4290a1af4668405878/analysis/1509155544/",
"category": "External analysis",
"comment": "JS/TrojanDownloader.Agent.QPA",
"uuid": "5a7daa85-4e94-4767-b81b-491502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/59",
"category": "Other",
"comment": "JS/TrojanDownloader.Agent.QPA",
"uuid": "5a7daa85-34f4-42de-856c-427902de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-28T01:52:24",
"category": "Other",
"comment": "JS/TrojanDownloader.Agent.QPA",
"uuid": "5a7daa86-e0c4-4f48-a687-466c02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--989dca8a-94e7-414f-9bb9-299b6407cfe4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:57.000Z",
"modified": "2018-02-09T14:04:57.000Z",
"pattern": "[file:hashes.MD5 = 'c5d56198560f2e263c7ae1af6fccae6c' AND file:hashes.SHA1 = '37648e4b95636e3ee5a68e3fa8c0735125126c17' AND file:hashes.SHA256 = 'ce300e38c0adbba46b1d46066cc3be3e5ce990c6406cb3e1713936acd124d174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:04:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b8d9d264-06d8-465a-81c9-a4cd48c9deaa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:55.000Z",
"modified": "2018-02-09T14:04:55.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ce300e38c0adbba46b1d46066cc3be3e5ce990c6406cb3e1713936acd124d174/analysis/1509045679/",
"category": "External analysis",
"uuid": "5a7daa87-4afc-47dd-876d-492602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/67",
"category": "Other",
"uuid": "5a7daa88-e2ac-4bd7-a8c1-484502de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-26T19:21:19",
"category": "Other",
"uuid": "5a7daa88-7f20-461d-890d-44bc02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ec87a3b7-5f72-4b59-8d53-6e2767f4328f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:00.000Z",
"modified": "2018-02-09T14:05:00.000Z",
"pattern": "[file:hashes.MD5 = '1a5748d445565bf35a3cb6e6b6959fe2' AND file:hashes.SHA1 = '67458b503047852dd603080946842472e575b856' AND file:hashes.SHA256 = 'd7b430e18426fad00576add9e88c6b0c78eb194376dfa416ab805f5757188990']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:05:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8c9d5426-4f3b-4bfd-b166-40f4e69c8998",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:04:58.000Z",
"modified": "2018-02-09T14:04:58.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d7b430e18426fad00576add9e88c6b0c78eb194376dfa416ab805f5757188990/analysis/1509045752/",
"category": "External analysis",
"uuid": "5a7daa8a-7c2c-4d8b-b395-413b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/67",
"category": "Other",
"uuid": "5a7daa8b-6934-465e-8d8e-4ff202de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-26T19:22:32",
"category": "Other",
"uuid": "5a7daa8b-a6c8-404d-af6d-4e1302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e44b32b-6d75-4ac9-a643-96970dee4e3e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:02.000Z",
"modified": "2018-02-09T14:05:02.000Z",
"pattern": "[file:hashes.MD5 = 'ab4832be975c95ce0348416741225143' AND file:hashes.SHA1 = '30fc877887d6845007503f3abd44ec261a0d40c7' AND file:hashes.SHA256 = '74c115091077182b4e9f1dc141fd2c91c50b0c61fd22117f71f880ebc4fe72bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:05:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--532bbc5d-ad5f-4281-88f9-a027f31718ae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:01.000Z",
"modified": "2018-02-09T14:05:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/74c115091077182b4e9f1dc141fd2c91c50b0c61fd22117f71f880ebc4fe72bc/analysis/1509045590/",
"category": "External analysis",
"comment": "NSIS/TrojanDropper.Agent.CL",
"uuid": "5a7daa8d-995c-4415-90b2-41a602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/66",
"category": "Other",
"comment": "NSIS/TrojanDropper.Agent.CL",
"uuid": "5a7daa8d-7378-4f23-913b-467a02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-26T19:19:50",
"category": "Other",
"comment": "NSIS/TrojanDropper.Agent.CL",
"uuid": "5a7daa8d-bf5c-453b-8111-49d202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--362d20e1-90b1-45c8-b536-5e2fc281fe8a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:05.000Z",
"modified": "2018-02-09T14:05:05.000Z",
"pattern": "[file:hashes.MD5 = '71b6a493388e7d0b40c83ce903bc6b04' AND file:hashes.SHA1 = '34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d' AND file:hashes.SHA256 = '027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:05:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0d641165-660b-4c56-a989-5f27840d94f1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:03.000Z",
"modified": "2018-02-09T14:05:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745/analysis/1517914078/",
"category": "External analysis",
"comment": "NSIS/TrojanDropper.Agent.CL",
"uuid": "5a7daa8f-e930-4c13-b96f-493d02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "59/65",
"category": "Other",
"comment": "NSIS/TrojanDropper.Agent.CL",
"uuid": "5a7daa90-99dc-4e0c-b651-4bbc02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-02-06T10:47:58",
"category": "Other",
"comment": "NSIS/TrojanDropper.Agent.CL",
"uuid": "5a7daa90-e0ec-488b-87f7-418802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e1132f7-a6f0-4966-8d8e-a8ba91337184",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:08.000Z",
"modified": "2018-02-09T14:05:08.000Z",
"pattern": "[file:hashes.MD5 = '5ae9e0f3867ae8a317031fc9a5ed886e' AND file:hashes.SHA1 = 'bffaabcce3f4cced896f745a7ec4eba2070286b3' AND file:hashes.SHA256 = '45211c815cac28a399e3ad01d742b5811dae54d93918e969c685d4e8356d7c28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:05:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9ddbe62a-df3a-4968-8fb1-4b46e61d0abe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:06.000Z",
"modified": "2018-02-09T14:05:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/45211c815cac28a399e3ad01d742b5811dae54d93918e969c685d4e8356d7c28/analysis/1505331152/",
"category": "External analysis",
"uuid": "5a7daa92-a268-4a80-8fe2-422502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/64",
"category": "Other",
"uuid": "5a7daa92-9ac8-48be-a710-4ceb02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-09-13T19:32:32",
"category": "Other",
"uuid": "5a7daa93-b3d4-4672-b604-454802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a4602179-8407-4714-8ce8-73e739f8f93e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:10.000Z",
"modified": "2018-02-09T14:05:10.000Z",
"pattern": "[file:hashes.MD5 = 'e383d317b3c7bbd65a7c303746b7f12d' AND file:hashes.SHA1 = '38b7611bb20985512f86dc2c38247593e58a1df6' AND file:hashes.SHA256 = '6b08e5d92c7067eae8e222f2d13ba2a59fe36421eb2ece5054b5d97c593a38e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:05:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--23e90ff7-f68e-4f1e-abfb-1d24b0480d18",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:08.000Z",
"modified": "2018-02-09T14:05:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6b08e5d92c7067eae8e222f2d13ba2a59fe36421eb2ece5054b5d97c593a38e2/analysis/1509045704/",
"category": "External analysis",
"uuid": "5a7daa95-e77c-431d-bc9c-4cdc02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/67",
"category": "Other",
"uuid": "5a7daa95-db80-4bcf-8c20-450a02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-26T19:21:44",
"category": "Other",
"uuid": "5a7daa95-88e8-49fe-be81-421b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--368ea62b-9c92-41fd-aa29-ad77f6f49144",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:13.000Z",
"modified": "2018-02-09T14:05:13.000Z",
"pattern": "[file:hashes.MD5 = '782eace45e76c28862396a2b6d5b3f1c' AND file:hashes.SHA1 = '8ea2c548bcb974a380fece046a7e3f0218632ff2' AND file:hashes.SHA256 = '66d9360a2a41a119a9337539e110d79f6e74e405755029d9241bf9afc20beed6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:05:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ffa1925f-32e0-4ddf-ac99-db930609d495",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:11.000Z",
"modified": "2018-02-09T14:05:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/66d9360a2a41a119a9337539e110d79f6e74e405755029d9241bf9afc20beed6/analysis/1510180391/",
"category": "External analysis",
"uuid": "5a7daa97-96ac-4b57-877e-4cc502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/67",
"category": "Other",
"uuid": "5a7daa97-1e08-4336-bef5-44c302de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-08T22:33:11",
"category": "Other",
"uuid": "5a7daa98-6474-4cc5-85d9-481a02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b4c72aed-63bf-4f2a-8794-047d36abe533",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:15.000Z",
"modified": "2018-02-09T14:05:15.000Z",
"pattern": "[file:hashes.MD5 = 'b917b09c778d7aa7e5a2d98a5fba5b1e' AND file:hashes.SHA1 = 'effb36259accdfff07c036c5a41b357692577265' AND file:hashes.SHA256 = '91301d3daab1a87dfc8b4e39f8a120ea5523e04ac86fee970cecc6760e05c8fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:05:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--43e3402c-ec4a-4afc-859b-18cdd344f48f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:05:13.000Z",
"modified": "2018-02-09T14:05:13.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/91301d3daab1a87dfc8b4e39f8a120ea5523e04ac86fee970cecc6760e05c8fe/analysis/1509045798/",
"category": "External analysis",
"uuid": "5a7daa9a-b7e8-4340-a315-416602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/67",
"category": "Other",
"uuid": "5a7daa9a-f554-4959-827d-4d0702de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-26T19:23:18",
"category": "Other",
"uuid": "5a7daa9a-d1fc-4984-9be0-45e902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--957fbde1-d4bb-49ad-a53c-0c27e4469ebb",
"created": "2018-02-16T08:57:16.000Z",
"modified": "2018-02-16T08:57:16.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--352791b2-86bb-41ad-9481-10549ebea11f",
"target_ref": "x-misp-object--db289675-d7e8-42b0-a80d-1d0f73eac08b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4c8a6c34-c3d8-43a4-8bb3-868dd42320ac",
"created": "2018-02-16T08:57:17.000Z",
"modified": "2018-02-16T08:57:17.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--323bf06e-4c08-4825-9e3d-490b985d27f1",
"target_ref": "x-misp-object--3c950c89-f255-4ce4-bdf5-b3cb9a34eada"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1639588a-8957-4305-b904-69519b96faf2",
"created": "2018-02-16T08:57:17.000Z",
"modified": "2018-02-16T08:57:17.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--989dca8a-94e7-414f-9bb9-299b6407cfe4",
"target_ref": "x-misp-object--b8d9d264-06d8-465a-81c9-a4cd48c9deaa"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7e3fe4c5-527d-46e4-8fe8-37a37a534771",
"created": "2018-02-16T08:57:17.000Z",
"modified": "2018-02-16T08:57:17.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ec87a3b7-5f72-4b59-8d53-6e2767f4328f",
"target_ref": "x-misp-object--8c9d5426-4f3b-4bfd-b166-40f4e69c8998"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fc2b5318-37cd-4964-bc9e-43012832d7d4",
"created": "2018-02-16T08:57:17.000Z",
"modified": "2018-02-16T08:57:17.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5e44b32b-6d75-4ac9-a643-96970dee4e3e",
"target_ref": "x-misp-object--532bbc5d-ad5f-4281-88f9-a027f31718ae"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6a0edb32-3fb0-4f47-a3d7-15c888c27fbc",
"created": "2018-02-16T08:57:17.000Z",
"modified": "2018-02-16T08:57:17.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--362d20e1-90b1-45c8-b536-5e2fc281fe8a",
"target_ref": "x-misp-object--0d641165-660b-4c56-a989-5f27840d94f1"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--afd301d6-a8a8-4010-97c9-0feec2a623e6",
"created": "2018-02-16T08:57:17.000Z",
"modified": "2018-02-16T08:57:17.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9e1132f7-a6f0-4966-8d8e-a8ba91337184",
"target_ref": "x-misp-object--9ddbe62a-df3a-4968-8fb1-4b46e61d0abe"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--facb6641-8414-412a-995c-1726d8697937",
"created": "2018-02-16T08:57:17.000Z",
"modified": "2018-02-16T08:57:17.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a4602179-8407-4714-8ce8-73e739f8f93e",
"target_ref": "x-misp-object--23e90ff7-f68e-4f1e-abfb-1d24b0480d18"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--70db0546-b959-46ff-8691-ad5f43724b05",
"created": "2018-02-16T08:57:17.000Z",
"modified": "2018-02-16T08:57:17.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--368ea62b-9c92-41fd-aa29-ad77f6f49144",
"target_ref": "x-misp-object--ffa1925f-32e0-4ddf-ac99-db930609d495"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f25a216b-4605-4f1c-a4c9-b6f2ec852a64",
"created": "2018-02-16T08:57:17.000Z",
"modified": "2018-02-16T08:57:17.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b4c72aed-63bf-4f2a-8794-047d36abe533",
"target_ref": "x-misp-object--43e3402c-ec4a-4afc-859b-18cdd344f48f"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink