12238 lines
No EOL
536 KiB
JSON
12238 lines
No EOL
536 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5cf3787c-625c-4782-9f1a-da8f950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:33:22.000Z",
|
|
"modified": "2019-06-02T07:33:22.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5cf3787c-625c-4782-9f1a-da8f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:33:22.000Z",
|
|
"modified": "2019-06-02T07:33:22.000Z",
|
|
"name": "OSINT - 10 years of virtual dynamite: A high-level retrospective of ATM malware",
|
|
"published": "2019-06-02T07:33:28Z",
|
|
"object_refs": [
|
|
"indicator--5cf37895-dec8-4044-bcdc-48f7950d210f",
|
|
"indicator--5cf37895-f024-4b35-98d3-4719950d210f",
|
|
"indicator--5cf37895-2668-40ec-8f11-41ad950d210f",
|
|
"indicator--5cf37895-bedc-42d1-84de-4fb7950d210f",
|
|
"indicator--5cf37895-a0c0-4817-a1b0-421b950d210f",
|
|
"indicator--5cf37895-cc5c-41e1-ab47-40d0950d210f",
|
|
"indicator--5cf37895-dde8-4f61-bf0d-4a05950d210f",
|
|
"indicator--5cf37895-efd8-4940-89e9-4692950d210f",
|
|
"indicator--5cf378af-78cc-49e5-b901-4cca950d210f",
|
|
"indicator--5cf378af-1384-457a-925d-4582950d210f",
|
|
"indicator--5cf378af-55dc-4f48-95d0-402b950d210f",
|
|
"indicator--5cf378af-3fb4-491a-99aa-49c2950d210f",
|
|
"indicator--5cf378af-04b0-4758-9673-4c1e950d210f",
|
|
"indicator--5cf378af-02d8-4858-bdb3-4a28950d210f",
|
|
"indicator--5cf378af-ec4c-4000-a907-402b950d210f",
|
|
"indicator--5cf378c0-18e0-42ef-adea-4be2950d210f",
|
|
"indicator--5cf378c0-0b14-47bc-bdec-45d3950d210f",
|
|
"indicator--5cf378c0-a85c-4e91-96b4-4360950d210f",
|
|
"indicator--5cf378c1-76cc-4c2a-ac8e-4f67950d210f",
|
|
"indicator--5cf378d1-9130-49ec-89b6-48f2950d210f",
|
|
"indicator--5cf378d1-e550-4b22-80ad-42d5950d210f",
|
|
"indicator--5cf378d1-f918-44d4-bc17-4321950d210f",
|
|
"indicator--5cf378d1-f65c-4947-9691-42ed950d210f",
|
|
"indicator--5cf378d1-1134-4cc1-8300-4aa2950d210f",
|
|
"indicator--5cf378e0-91dc-4f25-a125-4ad2950d210f",
|
|
"indicator--5cf378e0-07b8-437a-b19a-45f1950d210f",
|
|
"indicator--5cf378e0-6eec-4de4-a49c-4102950d210f",
|
|
"indicator--5cf378e0-df24-49c1-8994-4711950d210f",
|
|
"indicator--5cf378e0-3100-4831-a267-4f4c950d210f",
|
|
"indicator--5cf378e0-8cc4-43cf-97ec-4b7c950d210f",
|
|
"indicator--5cf378f1-2370-4630-8f4a-4561950d210f",
|
|
"indicator--5cf378f1-1a00-40e7-bb19-49e4950d210f",
|
|
"indicator--5cf378f1-eef8-4f90-a6dc-49a5950d210f",
|
|
"indicator--5cf378f1-d200-4d8e-936e-4379950d210f",
|
|
"indicator--5cf378f1-8f08-47cb-b991-4217950d210f",
|
|
"indicator--5cf37901-a67c-4f97-9c28-6829950d210f",
|
|
"indicator--5cf37901-8020-4ab1-86c6-6829950d210f",
|
|
"indicator--5cf37910-2bc0-423a-aed8-d2a3950d210f",
|
|
"indicator--5cf37911-434c-49ba-ba57-d2a3950d210f",
|
|
"indicator--5cf37911-722c-430a-9572-d2a3950d210f",
|
|
"indicator--5cf37923-be60-4ce3-85b3-4af3950d210f",
|
|
"indicator--5cf37923-30a4-4340-bf80-45ce950d210f",
|
|
"indicator--5cf37923-1c44-4147-b2f8-4562950d210f",
|
|
"indicator--5cf37923-fc08-4812-845c-414c950d210f",
|
|
"indicator--5cf37923-a47c-425b-a4da-40d5950d210f",
|
|
"indicator--5cf37923-1768-433e-9287-41fa950d210f",
|
|
"indicator--5cf37923-6ee8-474f-aae6-4c3c950d210f",
|
|
"indicator--5cf37933-411c-417b-b021-4705950d210f",
|
|
"indicator--5cf37933-103c-49ab-b8b4-4f2c950d210f",
|
|
"indicator--5cf37933-b790-430f-8430-486d950d210f",
|
|
"indicator--5cf37933-c8a4-49a3-9989-4d67950d210f",
|
|
"indicator--5cf37933-ab50-48ac-95b1-4211950d210f",
|
|
"indicator--5cf37933-56f0-4333-b300-49ad950d210f",
|
|
"indicator--5cf37942-ebe4-4db0-8b77-4aec950d210f",
|
|
"indicator--5cf3795a-51d0-4713-8abf-d5b6950d210f",
|
|
"indicator--5cf3795f-fd38-4cf1-a067-d5b6950d210f",
|
|
"indicator--5cf3795f-8ce0-445e-b516-d5b6950d210f",
|
|
"indicator--5cf37960-f77c-4dce-a3b5-d5b6950d210f",
|
|
"indicator--5cf37960-1748-4406-b54e-d5b6950d210f",
|
|
"indicator--5cf3796e-39cc-4de5-9805-4111950d210f",
|
|
"indicator--5cf3796e-431c-407e-b2b9-4686950d210f",
|
|
"indicator--5cf3796e-d7e0-4150-a903-4b6b950d210f",
|
|
"indicator--5cf3796e-5b10-4abf-bf80-4f9e950d210f",
|
|
"indicator--5cf3796e-72f8-4c6b-874d-4560950d210f",
|
|
"indicator--5cf3796e-d6a8-461a-8abf-444a950d210f",
|
|
"indicator--5cf3796e-1aac-46f3-9e91-497b950d210f",
|
|
"indicator--5cf3797c-ae1c-4feb-bdc6-40fd950d210f",
|
|
"indicator--5cf3798b-8b80-4716-a27e-41c4950d210f",
|
|
"indicator--5cf3798b-1360-4aba-ba69-4984950d210f",
|
|
"indicator--5cf3798b-0f44-464d-bb0d-4db0950d210f",
|
|
"indicator--5cf3799b-74f4-44f1-a586-d4c1950d210f",
|
|
"indicator--5cf3799b-98b4-4865-9748-d4c1950d210f",
|
|
"indicator--5cf3799b-97dc-4f5c-bd15-d4c1950d210f",
|
|
"indicator--5cf3799b-52f8-4b00-993f-d4c1950d210f",
|
|
"indicator--5cf3799b-19f0-4f3c-a0aa-d4c1950d210f",
|
|
"indicator--5cf3799b-1d50-49b1-bf8a-d4c1950d210f",
|
|
"indicator--5cf3799b-1fc4-4f92-ae0d-d4c1950d210f",
|
|
"indicator--5cf3799b-fbbc-493b-9668-d4c1950d210f",
|
|
"indicator--5cf379ac-eaf8-4cd0-8051-4aa9950d210f",
|
|
"indicator--5cf379ac-37d8-4c59-92bd-407a950d210f",
|
|
"indicator--5cf379bd-1488-4103-8b0b-4b56950d210f",
|
|
"indicator--5cf379bd-4594-499c-ba40-45a2950d210f",
|
|
"indicator--5cf379bd-a87c-4bf0-92b7-4d28950d210f",
|
|
"indicator--5cf379bd-9aac-4d45-b415-4d6b950d210f",
|
|
"indicator--5cf379bd-0744-4548-8106-4252950d210f",
|
|
"indicator--5cf379bd-1788-483d-ac87-4153950d210f",
|
|
"indicator--5cf379bd-51bc-4385-94d7-4ed3950d210f",
|
|
"indicator--5cf379bd-2214-49ba-af37-43b8950d210f",
|
|
"indicator--5cf379bd-9254-4a74-988f-494a950d210f",
|
|
"indicator--5cf379bd-59f0-4d0d-8a32-43b9950d210f",
|
|
"indicator--5cf379bd-8840-4ddc-8685-4f57950d210f",
|
|
"indicator--5cf379bd-dcc4-4fe0-b44e-4bb1950d210f",
|
|
"indicator--5cf379bd-2760-45b6-9b82-4711950d210f",
|
|
"indicator--5cf379cf-251c-44c6-a8cd-4996950d210f",
|
|
"indicator--5cf379cf-9e4c-417c-a13c-42be950d210f",
|
|
"indicator--5cf379dd-4310-4552-a893-4f0c950d210f",
|
|
"indicator--5cf379ef-f6b4-4c3a-82a1-4636950d210f",
|
|
"indicator--5cf379ef-7e2c-40ee-bcc8-4166950d210f",
|
|
"indicator--5cf379ff-c64c-453f-a457-4ce0950d210f",
|
|
"indicator--5cf379ff-1ad8-4a30-a174-4cd1950d210f",
|
|
"indicator--5cf379ff-0d1c-4e6f-8d1e-4c4a950d210f",
|
|
"indicator--5cf379ff-ec04-4d59-b269-4424950d210f",
|
|
"indicator--5cf379ff-bc14-4d63-9ce9-45ef950d210f",
|
|
"indicator--5cf37a0d-e03c-44fe-a1f6-4a2b950d210f",
|
|
"indicator--5cf37a1c-5718-45ab-991d-6829950d210f",
|
|
"indicator--5cf37a2a-c6e0-42e3-9166-fcfb950d210f",
|
|
"indicator--5cf37a2a-7a2c-40bb-b95d-fcfb950d210f",
|
|
"indicator--5cf37a2a-0d8c-44f5-bc23-fcfb950d210f",
|
|
"indicator--5cf37a2a-d92c-4154-803f-fcfb950d210f",
|
|
"indicator--5cf37a2a-37b4-4f19-918d-fcfb950d210f",
|
|
"indicator--5cf37a2a-00d8-4c52-87d5-fcfb950d210f",
|
|
"indicator--5cf37a3a-0238-4b2d-9f1b-d5b6950d210f",
|
|
"indicator--5cf37a49-d9ac-46d3-a457-4007950d210f",
|
|
"indicator--5cf37a49-6f10-4c66-933b-40c7950d210f",
|
|
"indicator--5cf37a49-e3b8-4461-bf55-483c950d210f",
|
|
"indicator--5cf37a49-7e04-4911-91b8-496a950d210f",
|
|
"indicator--5cf37a57-e7b8-4cb1-991a-448c950d210f",
|
|
"indicator--5cf37a57-f838-4c66-8e06-4312950d210f",
|
|
"indicator--5cf37a57-6744-456b-b5ec-431b950d210f",
|
|
"indicator--5cf37a57-38c0-4fe8-ac67-4614950d210f",
|
|
"indicator--5cf37a57-c730-470f-8f61-45ec950d210f",
|
|
"observed-data--5cf37a6c-dcfc-486e-9f2b-4e02950d210f",
|
|
"url--5cf37a6c-dcfc-486e-9f2b-4e02950d210f",
|
|
"x-misp-attribute--5cf37a7e-d6a8-4f97-890e-474b950d210f",
|
|
"indicator--4e9389f5-efa0-4f44-91fc-0c76588fcafe",
|
|
"x-misp-object--f9a4ed3f-ce06-4b81-83ba-433dcdeae6e1",
|
|
"indicator--debf3fc0-afd9-4a29-bb93-3eeda774a6c4",
|
|
"x-misp-object--c3fe1a30-b661-47d7-a1b6-c761917f249d",
|
|
"indicator--d673ebe6-4d3a-46b3-84f4-aa596c14a2c4",
|
|
"x-misp-object--973c1b1b-139e-4cac-8e88-4d7926955993",
|
|
"indicator--8622a557-f7b5-447f-8ef2-de736a37d53f",
|
|
"x-misp-object--36c7dc3d-aed7-43a2-83fc-ac719299d71e",
|
|
"indicator--36474312-d715-4ea0-b2b5-5dc44269f913",
|
|
"x-misp-object--52ca996c-bc2b-4739-ac9e-bc7dd85923ba",
|
|
"indicator--0679f30f-f3f7-4b7a-adeb-5e331c959580",
|
|
"x-misp-object--ab628320-1176-4770-b844-742dcddcb0cf",
|
|
"indicator--58f5581e-25a8-4845-9e62-a3fcc12ac9dc",
|
|
"x-misp-object--8ad9b272-f1ad-4dbb-8f54-16d23bbf13e8",
|
|
"indicator--20bc31c6-ec6b-4bf3-92a8-6fcd9a84cf79",
|
|
"x-misp-object--b59d17a2-cfdc-4bdb-857d-4d072408fcc4",
|
|
"indicator--c37a0b5e-8135-4547-9468-f4c40d749e4b",
|
|
"x-misp-object--27d02881-c91f-40e3-96ed-1006bbe1a633",
|
|
"indicator--f4d25908-fa3f-4504-afa0-0f587162caae",
|
|
"x-misp-object--286599cf-b80a-40c0-b8ac-168ef913024d",
|
|
"indicator--8952097a-81ee-4e3e-86ec-b6d8a5d9bbe3",
|
|
"x-misp-object--f7c3eba5-e21e-4575-9b60-0058e51f0562",
|
|
"indicator--c8bf76f7-af93-4b6f-9956-bd2d3ba757ce",
|
|
"x-misp-object--3492cc64-74f3-40d0-bd1d-de90c08e836a",
|
|
"indicator--23fe1574-4071-416e-9bc8-bc000931d5fa",
|
|
"x-misp-object--62cf131f-4604-4172-93b0-ddc09a5a2eef",
|
|
"indicator--afc33a8a-f0bd-4ee9-a0fe-3a78ad442eac",
|
|
"x-misp-object--50d3db02-8f85-49bb-bfdb-1f5b790fa78a",
|
|
"indicator--bbd0e909-a799-4b8b-af33-2e2b06984894",
|
|
"x-misp-object--bd1855b5-3e62-4fba-a33c-22aa7915a052",
|
|
"indicator--69947a46-fe46-496b-b677-aa891525577f",
|
|
"x-misp-object--46b3e12f-d54f-4502-a3a4-8cd0b1151279",
|
|
"indicator--59a853ea-2a24-4522-8caf-31116b4540a1",
|
|
"x-misp-object--8462e162-3d1d-41a5-b259-25b56014ecd1",
|
|
"indicator--72fa3519-3988-43d8-9261-aa9e2eed24cf",
|
|
"x-misp-object--a416f449-acdd-4e69-9636-b33248a2bdd3",
|
|
"indicator--90369019-7f27-4d9f-b24e-064dce9bb9ff",
|
|
"x-misp-object--9c43344e-12b5-4e91-96ab-e8f7e3939ef6",
|
|
"indicator--fa4415d9-9b90-4646-b8cf-e2810be2f2ea",
|
|
"x-misp-object--a1d6d8e9-5a62-4bf2-932b-4bfe3f686ecd",
|
|
"indicator--0b1e7b0c-01c5-4261-810c-79ee889cf041",
|
|
"x-misp-object--89095777-3676-41fb-b745-6d0cc579c782",
|
|
"indicator--d837aac4-8a86-4538-b882-358daa5ec55f",
|
|
"x-misp-object--9d6e3d6b-0847-498e-885b-df5576bcdbcc",
|
|
"indicator--6233ba88-e454-4931-85fd-b1c07492a684",
|
|
"x-misp-object--3d43da57-37ca-4aec-9e28-739ae5ec4cf6",
|
|
"indicator--2af4fed3-7abe-4bd0-9e07-78f99b75b02a",
|
|
"x-misp-object--e5651225-768d-4ef0-a852-6859df9ebc50",
|
|
"indicator--f65269df-3231-420c-afe2-cb9d182e8e52",
|
|
"x-misp-object--1e4c672b-f6ed-42a7-b1a6-2afdf236e7b4",
|
|
"indicator--059e1ff5-337c-43b8-b2a3-3bd1a141ae5b",
|
|
"x-misp-object--3ef9e33c-b041-49fd-b3d0-a4635aa80082",
|
|
"indicator--53426774-0b9a-423d-96e5-258c563551e8",
|
|
"x-misp-object--bbc42520-4fab-426a-9e7f-ca0d3dfdd8d5",
|
|
"indicator--4de765ce-30ef-4d98-ad0d-f91e29e02261",
|
|
"x-misp-object--5061c53e-1a32-413d-9d20-d1ae7c1a23bd",
|
|
"indicator--e6c71e20-622b-4fa1-98a3-049d8fa792cf",
|
|
"x-misp-object--e996b91d-bda3-4904-8d59-bd7e6e48c017",
|
|
"indicator--09721354-5254-4f34-99c2-c6bfdfc2a013",
|
|
"x-misp-object--dcd7b5e5-32ae-439a-8d76-d29db0cfe1be",
|
|
"indicator--038aeee6-160b-4b99-975d-c08f2252a243",
|
|
"x-misp-object--2f677d16-9287-4cb6-94a2-f789ff3dbb0d",
|
|
"indicator--afc80670-f512-4668-a52b-92120997f276",
|
|
"x-misp-object--6be40e2f-088b-45f8-8a93-2c139dd1717f",
|
|
"indicator--926b7bd6-2e77-4c03-ba85-77655deb2b6e",
|
|
"x-misp-object--b646014e-f7b5-40e1-aaf2-d47303e69b9c",
|
|
"indicator--8a3528b9-bc2e-4e32-ac93-4c8a46cc6b2d",
|
|
"x-misp-object--1adb843b-7121-47fa-a368-76c9cfd0b246",
|
|
"indicator--6038bf6c-1f5c-4b29-a890-0514f93246da",
|
|
"x-misp-object--011daee4-ac24-4071-bb9f-ee36ed5c8b5e",
|
|
"indicator--4892d578-41fd-4500-b607-bb71e079aa54",
|
|
"x-misp-object--c344c0d9-4251-460a-90b8-efeb08a354f5",
|
|
"indicator--20931e8f-e75d-4b8b-b4ae-6db30c54e355",
|
|
"x-misp-object--19697d5f-9fce-41c0-a762-93dcf7479bb5",
|
|
"indicator--3c1cf1e3-9ce4-4d57-a90b-62d03bac4126",
|
|
"x-misp-object--a26082fe-b3c8-44c8-817a-286666cfa8e9",
|
|
"indicator--1faad245-0601-4322-b915-cfbb31a5795f",
|
|
"x-misp-object--14bd5db8-ee14-46bf-add5-38c0239113ab",
|
|
"indicator--1bce7fb2-c2d0-4032-b6bb-dd12011a586c",
|
|
"x-misp-object--f7a56679-e2ee-4418-92c3-ec83dbc7cf69",
|
|
"indicator--edcba3d5-9d16-4c26-b036-a783054a0201",
|
|
"x-misp-object--1682fbe3-7192-44a4-9240-2e558891fa92",
|
|
"indicator--c0446e9d-4d30-4c58-adb6-1fd627e127f0",
|
|
"x-misp-object--842bd8c7-4933-4db4-bbf4-062093187ea1",
|
|
"indicator--2a17841a-d493-4ebe-8f1f-eeb8ac8e2306",
|
|
"x-misp-object--7c72b9df-49a4-4325-b269-238b4cfdf298",
|
|
"indicator--8ea7a65a-ad1b-44bb-9cab-439599dfd007",
|
|
"x-misp-object--139b4507-7bbb-49e4-80ed-63adb9265bb8",
|
|
"indicator--dbfa13a9-c6ba-47bf-96fe-624fdf317bb6",
|
|
"x-misp-object--be6277af-27c1-49b4-a6fb-665023d4b859",
|
|
"indicator--d75b18de-3b5b-4280-ac08-62fd1a3b2028",
|
|
"x-misp-object--4e34b407-cc37-4139-9c1f-9e65ab576fa2",
|
|
"indicator--a28f47bc-9c3f-43da-836e-566801c37af3",
|
|
"x-misp-object--82e1a278-1e8f-42da-9165-88748d3b97e9",
|
|
"indicator--e129d219-2e21-4bb0-80f5-b86c12280449",
|
|
"x-misp-object--58e83e28-fbea-4868-a994-60f4de007d99",
|
|
"indicator--493a431d-5b81-4845-b0ef-251375c0373b",
|
|
"x-misp-object--350e44bd-9cf3-49c4-b79d-4085722249f1",
|
|
"indicator--1a246cda-41a5-49f3-8cda-6268811a7b9c",
|
|
"x-misp-object--6180ec62-cb52-473e-a755-69730222ba29",
|
|
"indicator--2be66c70-853f-4f7c-a92c-06f6ba36e77c",
|
|
"x-misp-object--db4d615e-ac5f-4345-9443-a1f21f120cc5",
|
|
"indicator--a131f43e-2785-48a1-8947-8b82e1aaa5ab",
|
|
"x-misp-object--3066167d-9e78-4ed6-9459-f009a151fe41",
|
|
"indicator--3181de68-5e89-497e-b087-57b51ecbef08",
|
|
"x-misp-object--6aa56cbd-16ee-4811-81d9-4af960c3518d",
|
|
"indicator--6b2065b0-b2fc-431a-9ab4-94b1a58b9d1d",
|
|
"x-misp-object--89320365-5158-4b98-9194-f2883d3c2c36",
|
|
"indicator--c75413c5-ac2d-48e1-85a6-26d59da40b2d",
|
|
"x-misp-object--22de11ea-f09d-456d-b04a-d9d2ed231361",
|
|
"indicator--0f1722a1-311b-4965-b355-7ae365e38a1b",
|
|
"x-misp-object--b187b049-a9e0-4e18-b1f5-32350b0d2b33",
|
|
"indicator--e623166e-60c6-48c5-9d77-dc65668de4bb",
|
|
"x-misp-object--b7bb76ce-eba0-43ff-8242-af513ba697ac",
|
|
"indicator--518e8321-d45d-47c1-94a5-4ed465d2122f",
|
|
"x-misp-object--2bd8993a-3374-4868-895b-31745d45d556",
|
|
"indicator--a0e70bcc-2c0d-4556-a3e8-4bdd6ce2ab00",
|
|
"x-misp-object--a1aca217-f549-4846-99ad-85432a8ee8fa",
|
|
"indicator--426bf823-1fe0-47a8-8a28-28f1c6c12911",
|
|
"x-misp-object--052c17c1-fc2a-4922-8d1f-c1c4659677c9",
|
|
"indicator--285bf247-3a77-4b6b-b0cf-95f327d8e720",
|
|
"x-misp-object--ee92cc82-3b6b-4b3d-b7b4-62deb508eced",
|
|
"indicator--3f4eda4d-eadf-47f8-8901-1f598dd74fee",
|
|
"x-misp-object--71681f92-49fb-4c75-8174-fb659cb4d73b",
|
|
"indicator--ca412922-c341-4132-b68c-29881ecfc37c",
|
|
"x-misp-object--b1eff610-3c61-4201-8d01-263133fba839",
|
|
"indicator--bf924e79-ad8a-431e-ba9b-c5492520e160",
|
|
"x-misp-object--cc21c434-9260-41d3-a614-b133375f24ee",
|
|
"indicator--1a5bddeb-8677-4a75-ac19-99205239f3b7",
|
|
"x-misp-object--66eed121-39b0-4068-8398-65d6e5555d7c",
|
|
"indicator--489c0352-e36f-4cb3-874b-7724ebb7b544",
|
|
"x-misp-object--3789a48b-d259-456e-9cb6-4dcd8d8b332a",
|
|
"indicator--6de5692d-8e5c-460c-a525-2041d7a48c6b",
|
|
"x-misp-object--c579698f-d8ca-4926-a3d1-faee6b1d14fa",
|
|
"indicator--7e9b9964-9f85-457b-a68e-4d57d216a676",
|
|
"x-misp-object--c65d59bb-2353-4255-a521-00491026938e",
|
|
"indicator--7701de0b-39e3-4f29-92d3-367acfaf7da4",
|
|
"x-misp-object--5a66509e-55c3-4f73-ba44-ef9d7a670687",
|
|
"indicator--64e6740d-db89-4721-b931-cca5f3131f24",
|
|
"x-misp-object--985dd522-fd96-47a8-9271-703843c2e8fa",
|
|
"indicator--f67a4b48-4754-4364-ba60-cffdf6098346",
|
|
"x-misp-object--51f62180-23c6-4f50-8b29-60f208683bba",
|
|
"indicator--be9ecc17-1c1d-4a40-9401-954926e240c5",
|
|
"x-misp-object--217bba47-5310-4bf5-914b-c0d3015a1b0f",
|
|
"indicator--a32b0183-4187-4dd2-a8dd-af1f550a895d",
|
|
"x-misp-object--8edd7b20-8c0d-4ec5-8377-f91b2bc14df9",
|
|
"indicator--4e16407e-a152-4a11-a169-e45b71d2f5b9",
|
|
"x-misp-object--f7be55e7-5559-4dc2-a64c-3b399c676e28",
|
|
"indicator--47e549fb-5165-4fde-8894-16f554d846b2",
|
|
"x-misp-object--38eb9333-7756-4ef1-84f3-40b11f95c38b",
|
|
"indicator--4323e483-a2d7-4c59-a770-d6f7603eaeda",
|
|
"x-misp-object--cb558419-e9a9-4864-96b4-e0c1a05bf28c",
|
|
"indicator--c1485cd8-7304-4ab9-867d-657b3b4539eb",
|
|
"x-misp-object--92d58414-05a5-4064-89fa-4064243cd9e0",
|
|
"indicator--035ba73e-cc14-4912-baf9-e93dd6d802f0",
|
|
"x-misp-object--e3388a02-63e9-47b4-be96-b98ef6445e5d",
|
|
"indicator--2a858aa7-dba0-494e-b925-3b66b5fc616a",
|
|
"x-misp-object--4abf6300-36e7-4563-a282-6bec690732a6",
|
|
"indicator--442e577a-51c7-479e-a130-2354ce9fa332",
|
|
"x-misp-object--4590636d-859a-4a7e-8de0-1abe61c45dd3",
|
|
"indicator--82522c87-2116-4ad0-9878-6e93503b2f34",
|
|
"x-misp-object--e9fd0c43-dfc9-4b41-b257-74df3185bee2",
|
|
"indicator--2690ba26-376c-4046-9976-b415e1a49af5",
|
|
"x-misp-object--dafea516-a72d-4320-8339-0361507b10a0",
|
|
"indicator--9df2dfe6-af34-4439-a39c-99bb002afc9f",
|
|
"x-misp-object--b989eb7e-8f0a-4093-8a1c-3381331b0479",
|
|
"indicator--1acc6608-0f9d-436a-9543-691bda129647",
|
|
"x-misp-object--e79f4594-9967-4fc4-98fb-02be42825e7e",
|
|
"indicator--8e8c4134-70b1-427a-8163-af67d04e06f5",
|
|
"x-misp-object--1f00f0b0-4b93-41ac-9296-86159172b56f",
|
|
"indicator--efbdd787-1c2f-4f98-af94-73bace5b1e7c",
|
|
"x-misp-object--56630769-4583-4a48-8dc7-e9cc3db3fa04",
|
|
"indicator--8c0a6865-151d-4949-a7f3-0b55c4c2b816",
|
|
"x-misp-object--decdf69d-655d-4289-9fb8-bcb04b66e6de",
|
|
"indicator--fa27fb54-023e-4b33-945f-f261e5d27510",
|
|
"x-misp-object--f7d70b47-467c-4d41-96cd-c3679cd22a38",
|
|
"indicator--2d557448-fab3-4cdb-9b5b-93f6fff5dcb3",
|
|
"x-misp-object--024c8a02-43dc-446c-8ea1-070a1a7e6f7d",
|
|
"indicator--30ca555e-8a3e-4752-b272-9456cdd3e99e",
|
|
"x-misp-object--fe4b52be-56bc-4161-ad46-14bbf2f0b4e4",
|
|
"indicator--26300a37-bcc7-42ff-b086-d71cfc768584",
|
|
"x-misp-object--ae2273a7-8af8-401d-8c92-34bdd0b35db2",
|
|
"indicator--73cbad38-3b4a-4427-9146-ad2e627cf51b",
|
|
"x-misp-object--413bde3c-386d-4b7a-b090-becb555e4c93",
|
|
"indicator--5da215ba-d9ed-48bc-b3f2-e04e17764277",
|
|
"x-misp-object--ac1ba177-5e24-475d-b3ca-58ec1fc3a28d",
|
|
"indicator--be260f87-96de-48c6-9fee-5d96cbdc5b40",
|
|
"x-misp-object--7de7c441-438b-43cc-9a44-519fdbac2468",
|
|
"indicator--e8e28f79-ae78-4ace-8753-952848d0df64",
|
|
"x-misp-object--08764b70-0639-4974-a1d7-464db05a4a01",
|
|
"indicator--75977ea0-6f0b-4d63-a3ad-152ae3c63086",
|
|
"x-misp-object--2836199b-90bb-4f44-9546-81df3c53aaba",
|
|
"indicator--349fb1c6-9d44-4be6-a30e-6373fe3973de",
|
|
"x-misp-object--c8cc9792-d686-490a-91d7-d207bc62a3c8",
|
|
"indicator--dc144da4-b0aa-4d36-a788-453eafbeb938",
|
|
"x-misp-object--3c8cc20e-2fd8-43c4-adb6-72b3caceaa43",
|
|
"indicator--82676173-677a-4196-b3aa-4aca467cb3a2",
|
|
"x-misp-object--66c25aae-8335-4191-b0d4-7a8dac19fa89",
|
|
"indicator--0341606e-3420-4a27-88a9-da0563f82bdf",
|
|
"x-misp-object--b1dcedec-f5fa-4e0e-a90d-c877950b4c98",
|
|
"indicator--f8a6c308-c897-4dac-842c-da63ce7f81f6",
|
|
"x-misp-object--4a6b3dcf-f1df-4fcc-8b84-6b88bde168a0",
|
|
"indicator--db74144a-938d-41c5-b3e0-fea80fd6f893",
|
|
"x-misp-object--7adac80c-5633-46de-8404-4c999375f9e6",
|
|
"indicator--d5caf1d8-c7fe-4023-9874-154c2e351c15",
|
|
"x-misp-object--b5ef1fa1-84c0-4899-84b0-b6a8ecc51556",
|
|
"indicator--7410379c-c381-45ea-8a33-b4bcc85818b4",
|
|
"x-misp-object--4eb96ae6-5b0a-4ded-bf8c-57cfc03e1d25",
|
|
"indicator--c54c28e0-f02b-41c6-b8fc-d78dd9b5ef46",
|
|
"x-misp-object--4ab3206c-feda-4db4-adfb-98f2b681c6ed",
|
|
"indicator--2b85c45c-2fdb-485c-a342-45cff2444d44",
|
|
"x-misp-object--72c851a8-5a70-487d-b63c-b7df09475ddf",
|
|
"indicator--09548961-d207-4312-a75a-b3cadedf47fa",
|
|
"x-misp-object--57e9b96b-f5eb-4937-8d9e-c7d91a1164ce",
|
|
"indicator--abcd01bc-8233-4915-8bed-8d4922d61868",
|
|
"x-misp-object--669ac948-0bab-45ff-86e0-cc1c8907a62d",
|
|
"indicator--3d3585f0-1858-40c6-873c-538edfd12617",
|
|
"x-misp-object--addb0706-ec6b-440c-b41e-94f549ac73d0",
|
|
"indicator--2aa173da-7c89-4432-91ff-f2323a5f9281",
|
|
"x-misp-object--204b34ed-6af4-489d-8b75-f633df8f76e4",
|
|
"indicator--d72f8954-bc2a-4d03-a811-dbbf37f69c3f",
|
|
"x-misp-object--fa1ceeb9-e779-4f3f-beb5-6fef609bd53f",
|
|
"indicator--aebf0a64-4feb-4d83-8162-dfb6476c2d56",
|
|
"x-misp-object--45bec62c-cf12-4170-a37b-5cd249f4eb35",
|
|
"indicator--71dcf277-31eb-4415-997b-04ba8c086da4",
|
|
"x-misp-object--ed9c1aa8-0937-4724-8305-a6d19f28b737",
|
|
"indicator--87923be3-33e9-4404-875b-624d9b326db0",
|
|
"x-misp-object--4bf3bcb0-91ca-40e3-b2ba-1c9eab452263",
|
|
"indicator--c6a31281-93cb-4294-b30a-0fe43608ae58",
|
|
"x-misp-object--b24fd631-684d-43f3-b8d9-d1965c3ddea0",
|
|
"indicator--73bca111-8ebf-4180-afeb-09889747699d",
|
|
"x-misp-object--bb1ceb2c-04eb-410a-84e1-a53f9ef26ec2",
|
|
"indicator--b95b8d4e-c4f2-4c3a-ac56-5985c0f56426",
|
|
"x-misp-object--db749366-5a6a-477f-b812-a468bc49f257",
|
|
"indicator--dedbee2a-96ea-4afa-8c59-69d07be55fa4",
|
|
"x-misp-object--31432274-c4b8-4983-af78-33ce823ffd68",
|
|
"indicator--0b2c0f8e-1af9-4e8e-9f8e-8fb45c401224",
|
|
"x-misp-object--98feb68b-c2ad-4663-87c3-d1b523867d7a",
|
|
"indicator--e33f4932-2a00-4e6a-af61-d2fe8bb882e9",
|
|
"x-misp-object--0657c5d4-40bc-4e82-9166-9e8b5a74e3fc",
|
|
"relationship--b627c63b-4b98-4bec-9fcf-9bdf0efb3ee9",
|
|
"relationship--0be9ae35-5da1-4616-81ab-5acb30b416f0",
|
|
"relationship--292a36c2-e693-4a6d-b4a7-46504efedcac",
|
|
"relationship--7a6002e0-038a-4d84-b087-8307dc3ae8c9",
|
|
"relationship--67ff7d89-c7c0-4006-896a-fe34ee65b507",
|
|
"relationship--b09f245f-2f2d-4a84-b851-e3366542cc83",
|
|
"relationship--ae39be7e-c57c-4b14-8537-39868534d7b9",
|
|
"relationship--0a086d03-5e00-4a60-8fb6-8dc9f2743116",
|
|
"relationship--bd3c71c1-e9fb-403b-a7cd-00d02c93b79d",
|
|
"relationship--b2faf13f-6e52-42ac-915b-c0c9d8b2ca7e",
|
|
"relationship--9d1f4b0b-26b0-4f31-aded-79d602d37d64",
|
|
"relationship--3b1d6fde-cd8b-47a2-b2d6-16d260e0a61d",
|
|
"relationship--fdf063de-a652-4760-b3b7-37a85d3a3285",
|
|
"relationship--bf57422f-feee-43d4-a875-faf72c1550be",
|
|
"relationship--1e147e29-bffa-4d5b-a1ce-c9908282ed3e",
|
|
"relationship--588b1be0-c9c8-48df-a496-fc38f494ee32",
|
|
"relationship--b196dcb5-2d6a-4411-994a-8b72f1a9e879",
|
|
"relationship--e18b434a-81cf-4697-9d9e-a271b7ed61c5",
|
|
"relationship--31379a6e-30ec-4be0-9c73-08edef0dc8d7",
|
|
"relationship--f9fec56e-4ab6-4525-ac78-19a4fed85a33",
|
|
"relationship--01adc2f5-a9b6-47ea-9976-5fd28ffea807",
|
|
"relationship--0f55475d-0b3a-477b-acc8-bf5723cb29f5",
|
|
"relationship--65328135-408e-4f9f-be6f-3545fd6deeb8",
|
|
"relationship--6f7181cf-b8b8-4b94-b076-41af6b75393b",
|
|
"relationship--961f7a1e-723d-416c-97ea-9383fec17708",
|
|
"relationship--21bbd65e-2122-45a0-97e1-dc823bd9bb0b",
|
|
"relationship--bffc239f-d11f-4c9a-8e80-441c1c44975e",
|
|
"relationship--ecce8fe3-b85a-4646-8a3e-f2ffde7a93f0",
|
|
"relationship--4dfa1535-0745-425b-b2bb-a5a956800d51",
|
|
"relationship--97d3c65c-1f7a-4dd4-b4bc-cf837c565b62",
|
|
"relationship--c420da91-d32d-43de-9f38-caf15e2eec21",
|
|
"relationship--83efc689-4c7d-4fe5-b002-313332eddf0c",
|
|
"relationship--fe082c72-d66f-46dd-852b-01358442e1f3",
|
|
"relationship--04908675-5e76-4005-9786-fb5ddc8329a7",
|
|
"relationship--78e32422-83e1-4ef2-8a58-069027dc02d2",
|
|
"relationship--8e81370f-4366-41ca-bb98-117ab904ff25",
|
|
"relationship--ea2a61bd-a4b4-49fd-80df-fc47a145cd89",
|
|
"relationship--e0c3ea81-a642-4d69-98d2-929efd4506ba",
|
|
"relationship--0d1cfa02-32ab-4c07-a6e2-d9c3f1fdc5b8",
|
|
"relationship--8845368b-588b-4175-b701-ac9396bb4947",
|
|
"relationship--e6478b3d-af10-4c7d-897a-42b8e6aa868a",
|
|
"relationship--d6df65ef-6135-4098-a2d7-ab84d5761157",
|
|
"relationship--b7ae936e-4a9e-452d-b719-b77f5891f768",
|
|
"relationship--764c3c1b-05a7-4ffc-88bb-0981ed389e60",
|
|
"relationship--a2be7b56-9ca6-4d5e-8ac8-512f9a628efa",
|
|
"relationship--ecaa69c4-9e5c-46ab-ad20-f5c7c727b2d7",
|
|
"relationship--09d76b8b-ec6c-4c76-a389-cbbed8e8104c",
|
|
"relationship--3aed51eb-6e65-4284-ba4f-6ca086473544",
|
|
"relationship--2d66d8f4-70c4-4ceb-8558-0cbc9b3388ac",
|
|
"relationship--3e55144b-3e74-4f44-ab76-edbd05f93b50",
|
|
"relationship--4fa82267-0938-4d87-a10f-1ae64e57332c",
|
|
"relationship--9be50a24-ff7d-407f-827a-928289233cd7",
|
|
"relationship--f41a1e44-599e-4a6f-9252-a9d2118e8979",
|
|
"relationship--6a92fae6-1cf6-48e7-8263-5ccab67897e8",
|
|
"relationship--068dc807-b104-44cf-92b1-908893633196",
|
|
"relationship--470a172a-d68b-480c-9a96-c29f19f3b8c0",
|
|
"relationship--7a3cbee6-857f-4804-80d2-e0f82a8713e5",
|
|
"relationship--5a5260a5-01a8-4cbb-8813-37771a5237d4",
|
|
"relationship--c7f7148f-bcd4-488c-ad4b-d7c796a250fe",
|
|
"relationship--e09fc230-5400-447d-9408-9fa28e8267ec",
|
|
"relationship--d8b33592-d207-4c1c-95bd-8013eb1e6a7d",
|
|
"relationship--b8b5bb55-2e89-4be1-9c10-8d6ccafe8382",
|
|
"relationship--022207cd-12b6-4bd6-8515-c92ba7e36298",
|
|
"relationship--54536e5b-e418-4955-a259-527e077be96a",
|
|
"relationship--219b96bd-ff30-4448-9c34-4cd5b9979e43",
|
|
"relationship--3f03e127-fe15-4f45-bd90-a9abb79d1626",
|
|
"relationship--91078657-489c-4a12-bcfe-b78197f990b1",
|
|
"relationship--f65aa6c6-9e54-444b-b943-3daea61d41c3",
|
|
"relationship--68326778-dbd2-47d0-ac43-8192ed41a4f7",
|
|
"relationship--1fd076be-8e1c-474a-acc4-0ef4d889a276",
|
|
"relationship--44cfe9ae-f2b1-404b-ab6b-cfa947dae24e",
|
|
"relationship--167e2364-ce8f-4039-9c6a-f54a487814fd",
|
|
"relationship--0327a61e-254f-48a3-9364-ac0c2509e23b",
|
|
"relationship--9c96b387-00dd-49f5-ae7f-28fddd5eaea1",
|
|
"relationship--90b5337c-9f83-4b22-961d-8b9f58eb0dd8",
|
|
"relationship--a1bcd2b6-bd74-47a1-9ed2-f78d370f98ab",
|
|
"relationship--1c5d88f6-0a2b-431a-a469-b70d8a33d998",
|
|
"relationship--d1c80ed2-f150-405c-9464-59d54f87c4b9",
|
|
"relationship--2bff1e6b-69dd-4727-8857-fbae9e07eb22",
|
|
"relationship--b81e9ca4-63c4-4778-bc5e-0f91f154b92a",
|
|
"relationship--b296da86-c4d4-47c1-b4c1-e2b693852a43",
|
|
"relationship--e457acdc-c877-466b-a1e7-0b7df54e5cf9",
|
|
"relationship--8cd03493-3af0-4520-a444-2cb06395a8a0",
|
|
"relationship--9d620e93-376a-4bf6-8bc6-201c93000edb",
|
|
"relationship--8360d267-8a87-4c20-877d-09cc9907d9c5",
|
|
"relationship--ef921df3-c2d4-4153-9646-491f1879644a",
|
|
"relationship--405dcd42-72d2-4e4c-bd20-887cf0bef719",
|
|
"relationship--dc3dfbce-6227-4018-81c3-76fffed0d846",
|
|
"relationship--1ef224b3-1e6f-4eb2-8a02-e140b1c25ed4",
|
|
"relationship--cb209d1e-dac9-4429-b8d7-68d74f15660b",
|
|
"relationship--9ed749bb-4c27-4a8a-aeca-7e4454ff8a52",
|
|
"relationship--09ed11ea-71d8-43ed-8650-93ff5c24e24b",
|
|
"relationship--b3c4705f-b1ae-4cc8-84c7-20c01d87f7fb",
|
|
"relationship--37ec27e8-029c-4f65-ba6b-f154da23e728",
|
|
"relationship--1294ca17-a17f-43b4-8137-8b85cfaf3dc1",
|
|
"relationship--d6db8d14-a5d0-41dc-8e5d-a0f682758d66",
|
|
"relationship--9a2f698e-6958-4036-93e9-7a99c6fd89ab",
|
|
"relationship--2f042531-3f62-4559-b440-bfa8b4af1728",
|
|
"relationship--951a5023-aeef-4c63-b465-9ce7bdf1cc46",
|
|
"relationship--1062fca5-429f-43b4-8b79-0e7c3e8b9864",
|
|
"relationship--9fa33f46-0c0d-4a60-92eb-6768ddda20d9",
|
|
"relationship--14535603-a479-4b58-9cad-6fc797a1b2c9",
|
|
"relationship--a891a5b2-e211-455a-8fc4-74af2aa407a4",
|
|
"relationship--8fc0b41c-438d-469d-9a47-999716351927",
|
|
"relationship--c7866988-fdc8-4d71-b4c4-7c8dc355cbfa",
|
|
"relationship--1576cfe4-a607-49c9-a328-9b28eb8c9b64",
|
|
"relationship--b67c9e9f-3f30-4f91-b7a4-b8202793c536",
|
|
"relationship--9bb43f1c-84d5-4c11-9e45-bc92bc7c4c69",
|
|
"relationship--f0ede91a-1616-4fa8-b2b3-6341bce4c75d",
|
|
"relationship--0a560841-20d7-4a9c-9f35-6d9234d654c0",
|
|
"relationship--544556b8-74a7-41b6-84de-c83c278c7a74",
|
|
"relationship--54a39dfc-6360-44a5-af6d-bc4c9c03ff5b",
|
|
"relationship--3ff8baff-9939-4c12-9f60-6b4881fac5c8",
|
|
"relationship--6632a91c-0da0-4827-adc1-38ec19f1dd14",
|
|
"relationship--2fe4ee71-adb6-4868-a884-44c85c874dbe",
|
|
"relationship--0603fe99-1b0f-4130-a92b-12bf979c0d9c",
|
|
"relationship--d3cfd73b-1346-4fc1-a402-3bdd4280d9b9",
|
|
"relationship--cc5b2ba6-2b1a-40a4-8233-f202a69f26ec",
|
|
"relationship--8b28812d-fcdc-47da-b49c-6cc7a4a32561",
|
|
"relationship--0b3ea5e4-2586-4230-bdea-8c3ac8d96485"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\"",
|
|
"misp-galaxy:financial-fraud=\"ATM Black Box Attack\"",
|
|
"misp-galaxy:financial-fraud=\"Malware\"",
|
|
"veris:asset:variety=\"T - ATM\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37895-dec8-4044-bcdc-48f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:19:49.000Z",
|
|
"modified": "2019-06-02T07:19:49.000Z",
|
|
"description": "WinPotv3",
|
|
"pattern": "[file:hashes.SHA256 = '009b677564b3ebb0831171edf3fb0deb0fa3b0010b74586e01d8df4af965ef3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:19:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37895-f024-4b35-98d3-4719950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:19:49.000Z",
|
|
"modified": "2019-06-02T07:19:49.000Z",
|
|
"description": "WinPotv3",
|
|
"pattern": "[file:hashes.SHA256 = '1d6508cbe5f7ccaa991572f05aef52bab8a59851ca9a4367605a9637b10ae081']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:19:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37895-2668-40ec-8f11-41ad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:19:49.000Z",
|
|
"modified": "2019-06-02T07:19:49.000Z",
|
|
"description": "WinPotv3",
|
|
"pattern": "[file:hashes.SHA256 = '20fb2edfcece271f87d006e263c4a6de48ed518901211a76dc38aac43e1b9d19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:19:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37895-bedc-42d1-84de-4fb7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:19:49.000Z",
|
|
"modified": "2019-06-02T07:19:49.000Z",
|
|
"description": "WinPotv3",
|
|
"pattern": "[file:hashes.SHA256 = '6670ccc940cca6983340dbce1a9bbce7b49643ac924e18ca25def8b632b70720']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:19:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37895-a0c0-4817-a1b0-421b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:19:49.000Z",
|
|
"modified": "2019-06-02T07:19:49.000Z",
|
|
"description": "WinPotv3",
|
|
"pattern": "[file:hashes.SHA256 = '70cc5070ce058682c1d44cef887c0ec8a50dba6b717802c5a8f2c8f2ed377c13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:19:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37895-cc5c-41e1-ab47-40d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:19:49.000Z",
|
|
"modified": "2019-06-02T07:19:49.000Z",
|
|
"description": "WinPotv3",
|
|
"pattern": "[file:hashes.SHA256 = '8d7f932d8236671018c5cd02781301134aa6df315253f7a56559350d2616ff8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:19:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37895-dde8-4f61-bf0d-4a05950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:19:49.000Z",
|
|
"modified": "2019-06-02T07:19:49.000Z",
|
|
"description": "WinPotv3",
|
|
"pattern": "[file:hashes.SHA256 = 'b57bc410683aba4c211e407320e6b7746ce25e06d81ddf480711228efd921a6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:19:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37895-efd8-4940-89e9-4692950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:19:49.000Z",
|
|
"modified": "2019-06-02T07:19:49.000Z",
|
|
"description": "WinPotv3",
|
|
"pattern": "[file:hashes.SHA256 = 'e2c87bca353016aced41305ddd66ee7430bf61a20c0f4c8c0f0650f006f05160']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:19:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378af-78cc-49e5-b901-4cca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:15.000Z",
|
|
"modified": "2019-06-02T07:20:15.000Z",
|
|
"description": "Skimer",
|
|
"pattern": "[file:hashes.SHA256 = '34e7060e7a0c0ba24fcb55c641e5b586cef744e10ebd5a9f73ecd2ed2f4e9c1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378af-1384-457a-925d-4582950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:15.000Z",
|
|
"modified": "2019-06-02T07:20:15.000Z",
|
|
"description": "Skimer",
|
|
"pattern": "[file:hashes.SHA256 = 'b51973c530802ae19df8ac4d9643fc3317952242d9d42f951e094c72d730dd66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378af-55dc-4f48-95d0-402b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:15.000Z",
|
|
"modified": "2019-06-02T07:20:15.000Z",
|
|
"description": "Skimer",
|
|
"pattern": "[file:hashes.SHA256 = '359bb8596e4befafdaca706630bec598400694305622c116acdfa59074f1858e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378af-3fb4-491a-99aa-49c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:15.000Z",
|
|
"modified": "2019-06-02T07:20:15.000Z",
|
|
"description": "Skimer",
|
|
"pattern": "[file:hashes.SHA256 = 'ac8e8216e71e078198ef67d4cb48118767d0696610a02137492814422153d3c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378af-04b0-4758-9673-4c1e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:15.000Z",
|
|
"modified": "2019-06-02T07:20:15.000Z",
|
|
"description": "Skimer",
|
|
"pattern": "[file:hashes.SHA256 = '7888e9a27b27f026f09997414504be5822f35b69ddec826eb2a56f6347e2d147']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378af-02d8-4858-bdb3-4a28950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:15.000Z",
|
|
"modified": "2019-06-02T07:20:15.000Z",
|
|
"description": "Skimer",
|
|
"pattern": "[file:hashes.SHA256 = 'cde6f7fb2fbdefffe22a012295ab157cffc07cab26ba0e34ced0bae484355187']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378af-ec4c-4000-a907-402b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:15.000Z",
|
|
"modified": "2019-06-02T07:20:15.000Z",
|
|
"description": "Skimer",
|
|
"pattern": "[file:hashes.SHA256 = 'b39c5992c2cb70c76c82d6fba3cc0b7972c2f9b35227934b766e810f20a5f053']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378c0-18e0-42ef-adea-4be2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:32.000Z",
|
|
"modified": "2019-06-02T07:20:32.000Z",
|
|
"description": "Trojan.Fastcash",
|
|
"pattern": "[file:hashes.SHA256 = 'd465637518024262c063f4a82d799a4e40ff3381014972f24ea18bc23c3b27ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378c0-0b14-47bc-bdec-45d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:32.000Z",
|
|
"modified": "2019-06-02T07:20:32.000Z",
|
|
"description": "Trojan.Fastcash",
|
|
"pattern": "[file:hashes.SHA256 = 'ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378c0-a85c-4e91-96b4-4360950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:32.000Z",
|
|
"modified": "2019-06-02T07:20:32.000Z",
|
|
"description": "Trojan.Fastcash",
|
|
"pattern": "[file:hashes.SHA256 = '10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378c1-76cc-4c2a-ac8e-4f67950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:33.000Z",
|
|
"modified": "2019-06-02T07:20:33.000Z",
|
|
"description": "Trojan.Fastcash",
|
|
"pattern": "[file:hashes.SHA256 = '3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378d1-9130-49ec-89b6-48f2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:49.000Z",
|
|
"modified": "2019-06-02T07:20:49.000Z",
|
|
"description": "ATM.DispCash.3",
|
|
"pattern": "[file:hashes.SHA256 = '622d7489208578eaaaae054a07e16b4b8c91a3fde6e61d082a09aee5a1b1f829']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378d1-e550-4b22-80ad-42d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:49.000Z",
|
|
"modified": "2019-06-02T07:20:49.000Z",
|
|
"description": "ATM.DispCash.3",
|
|
"pattern": "[file:hashes.SHA256 = 'b00cd2ca5247c93e3a40f73006051bbfada3b1bc73c4d44105384824bb60131d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378d1-f918-44d4-bc17-4321950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:49.000Z",
|
|
"modified": "2019-06-02T07:20:49.000Z",
|
|
"description": "ATM.DispCash.3",
|
|
"pattern": "[file:hashes.SHA256 = 'b66615b186bf7067cdb937220f86b1d9411351e0b06ee8d02cf6c5358348e884']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378d1-f65c-4947-9691-42ed950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:49.000Z",
|
|
"modified": "2019-06-02T07:20:49.000Z",
|
|
"description": "ATM.DispCash.3",
|
|
"pattern": "[file:hashes.SHA256 = '9feea4b7a5b438335353bb4eac82f8f2a16232a90b7cddbf77dc73dd451e9a6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378d1-1134-4cc1-8300-4aa2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:20:49.000Z",
|
|
"modified": "2019-06-02T07:20:49.000Z",
|
|
"description": "ATM.DispCash.3",
|
|
"pattern": "[file:hashes.SHA256 = '6efedf9bde951ad6c3e240ec498767bb693ecc8fa62040e624c5a7fa21c5bdaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:20:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378e0-91dc-4f25-a125-4ad2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:04.000Z",
|
|
"modified": "2019-06-02T07:21:04.000Z",
|
|
"description": "GreenDispenser",
|
|
"pattern": "[file:hashes.SHA256 = '20a1490b666f8c75c47b682cf10a48b7b0278068cb260b14d8d0584ee6c006a5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378e0-07b8-437a-b19a-45f1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:04.000Z",
|
|
"modified": "2019-06-02T07:21:04.000Z",
|
|
"description": "GreenDispenser",
|
|
"pattern": "[file:hashes.SHA256 = '50db1f5e9692f217f356a592e413e6c9cb31105a94efc70a5ca1c2c73d95d572']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378e0-6eec-4de4-a49c-4102950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:04.000Z",
|
|
"modified": "2019-06-02T07:21:04.000Z",
|
|
"description": "GreenDispenser",
|
|
"pattern": "[file:hashes.SHA256 = '5a37be2d298145b766ba54616677d802cfabc62e3b9be2ffb6d4719d3f8143e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378e0-df24-49c1-8994-4711950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:04.000Z",
|
|
"modified": "2019-06-02T07:21:04.000Z",
|
|
"description": "GreenDispenser",
|
|
"pattern": "[file:hashes.SHA256 = '7544e7a798b791cb36caaa1860974f33d30bc4659ceab3063d1ab4fd71c8c7e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378e0-3100-4831-a267-4f4c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:04.000Z",
|
|
"modified": "2019-06-02T07:21:04.000Z",
|
|
"description": "GreenDispenser",
|
|
"pattern": "[file:hashes.SHA256 = '77850f738ba42fd9da299b2282314709ad8dc93623b318b116bfc25c5280c541']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378e0-8cc4-43cf-97ec-4b7c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:04.000Z",
|
|
"modified": "2019-06-02T07:21:04.000Z",
|
|
"description": "GreenDispenser",
|
|
"pattern": "[file:hashes.SHA256 = 'b7e61f65e147885ec1fe6a787b62d9ee82d1f34f1c9ba8068d3570adca87c54f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378f1-2370-4630-8f4a-4561950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:21.000Z",
|
|
"modified": "2019-06-02T07:21:21.000Z",
|
|
"description": "Trojan.Skimer",
|
|
"pattern": "[file:hashes.SHA256 = '2721a5a6478bfff2c5de0d105623ba5f411401bbd92bd3e2bee4c51c2d12f5a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378f1-1a00-40e7-bb19-49e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:21.000Z",
|
|
"modified": "2019-06-02T07:21:21.000Z",
|
|
"description": "Trojan.Skimer",
|
|
"pattern": "[file:hashes.SHA256 = '4941331c64e0389d5ec966122ef71a99d8f9830f13e9afa758e03275f896c2eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378f1-eef8-4f90-a6dc-49a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:21.000Z",
|
|
"modified": "2019-06-02T07:21:21.000Z",
|
|
"description": "Trojan.Skimer",
|
|
"pattern": "[file:hashes.SHA256 = '5ab6358e1886655257c437ebad71b98a6575313b2f9327359661aac5d450c45a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378f1-d200-4d8e-936e-4379950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:21.000Z",
|
|
"modified": "2019-06-02T07:21:21.000Z",
|
|
"description": "Trojan.Skimer",
|
|
"pattern": "[file:hashes.SHA256 = '653701d02c5d8d39b3da9b0848d20921cd65ea28e77c8e9254e222601264bcc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf378f1-8f08-47cb-b991-4217950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:21.000Z",
|
|
"modified": "2019-06-02T07:21:21.000Z",
|
|
"description": "Trojan.Skimer",
|
|
"pattern": "[file:hashes.SHA256 = 'd90257af70401984d5d41dd057114df88566d00329874ced3103a6f8cd1991e5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37901-a67c-4f97-9c28-6829950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:37.000Z",
|
|
"modified": "2019-06-02T07:21:37.000Z",
|
|
"description": "Java/Dispcash",
|
|
"pattern": "[file:hashes.SHA256 = '0149667c0f8cbfc216ef9d1f3154643cbbf6940e6f24a09c92a82dd7370a5027']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37901-8020-4ab1-86c6-6829950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:37.000Z",
|
|
"modified": "2019-06-02T07:21:37.000Z",
|
|
"description": "Java/Dispcash",
|
|
"pattern": "[file:hashes.SHA256 = 'ef407db8c79033027858364fd7a04eeb70cf37b7c3a10069a92bae96da88dfaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37910-2bc0-423a-aed8-d2a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:52.000Z",
|
|
"modified": "2019-06-02T07:21:52.000Z",
|
|
"description": "HelloWorld",
|
|
"pattern": "[file:hashes.SHA256 = '2de4a510ee303c04c8d7bd59b7987b22c3471c9f4ba69b5f83ba36de88b63a8d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37911-434c-49ba-ba57-d2a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:53.000Z",
|
|
"modified": "2019-06-02T07:21:53.000Z",
|
|
"description": "HelloWorld",
|
|
"pattern": "[file:hashes.SHA256 = '867991ade335186baa19a227e3a044c8321a6cef96c23c98eef21fe6b87edf6a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37911-722c-430a-9572-d2a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:21:53.000Z",
|
|
"modified": "2019-06-02T07:21:53.000Z",
|
|
"description": "HelloWorld",
|
|
"pattern": "[file:hashes.SHA256 = 'f6609bb3c3197ace26ebdeb372ba657ac84b05a3e9e265b5211e1ea42da70dbe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:21:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37923-be60-4ce3-85b3-4af3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:11.000Z",
|
|
"modified": "2019-06-02T07:22:11.000Z",
|
|
"description": "ATMSpitter",
|
|
"pattern": "[file:hashes.SHA256 = '4035d977202b44666885f9781ac8755c799350a03838ff782eb730c0d7069958']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37923-30a4-4340-bf80-45ce950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:11.000Z",
|
|
"modified": "2019-06-02T07:22:11.000Z",
|
|
"description": "ATMSpitter",
|
|
"pattern": "[file:hashes.SHA256 = '85e5aacbc9113520d93f1d9d73193c3501ebab8032661052d9a66348e204cde6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37923-1c44-4147-b2f8-4562950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:11.000Z",
|
|
"modified": "2019-06-02T07:22:11.000Z",
|
|
"description": "ATMSpitter",
|
|
"pattern": "[file:hashes.SHA256 = '8770f760af320d30681a4eb4ded331eab2481f54c657aac607df8babe8c11a6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37923-fc08-4812-845c-414c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:11.000Z",
|
|
"modified": "2019-06-02T07:22:11.000Z",
|
|
"description": "ATMSpitter",
|
|
"pattern": "[file:hashes.SHA256 = 'bf20c674a0533e7c0d825de097629a96cb42ae2d4840b07dd1168993d95163e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37923-a47c-425b-a4da-40d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:11.000Z",
|
|
"modified": "2019-06-02T07:22:11.000Z",
|
|
"description": "ATMSpitter",
|
|
"pattern": "[file:hashes.SHA256 = 'c5b43b02a62d424a4e8a63b23bef8b022c08a889a15a6ad7f5bf1fd4fe73291f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37923-1768-433e-9287-41fa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:11.000Z",
|
|
"modified": "2019-06-02T07:22:11.000Z",
|
|
"description": "ATMSpitter",
|
|
"pattern": "[file:hashes.SHA256 = 'e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37923-6ee8-474f-aae6-4c3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:11.000Z",
|
|
"modified": "2019-06-02T07:22:11.000Z",
|
|
"description": "ATMSpitter",
|
|
"pattern": "[file:hashes.SHA256 = 'f27e27244233f2bb5b02412d4b05315625928adaa340708e91d61ad3bce54bf6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37933-411c-417b-b021-4705950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:27.000Z",
|
|
"modified": "2019-06-02T07:22:27.000Z",
|
|
"description": "Atmosphere",
|
|
"pattern": "[file:hashes.SHA256 = '26b2daa6fbf5ec13599d24e6819202ddb3f770428d732100be15c23be317bd47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37933-103c-49ab-b8b4-4f2c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:27.000Z",
|
|
"modified": "2019-06-02T07:22:27.000Z",
|
|
"description": "Atmosphere",
|
|
"pattern": "[file:hashes.SHA256 = '5c838658b25d44edab79a4bd2af7c56bef96768b93addbbaaaea36da604fca62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37933-b790-430f-8430-486d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:27.000Z",
|
|
"modified": "2019-06-02T07:22:27.000Z",
|
|
"description": "Atmosphere",
|
|
"pattern": "[file:hashes.SHA256 = '956968e6f4bf611137ea0e747891ba8dc200ca809c252ef249294912fb3dbe3c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37933-c8a4-49a3-9989-4d67950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:27.000Z",
|
|
"modified": "2019-06-02T07:22:27.000Z",
|
|
"description": "Atmosphere",
|
|
"pattern": "[file:hashes.SHA256 = 'a6c33d7275c46397593f53ea136ea8669794f4d787044106594631c07a9ee71d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37933-ab50-48ac-95b1-4211950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:27.000Z",
|
|
"modified": "2019-06-02T07:22:27.000Z",
|
|
"description": "Atmosphere",
|
|
"pattern": "[file:hashes.SHA256 = 'd60126545fa68b14c36cd4cffa3f81ed487381482582acbba786fa88884f636b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37933-56f0-4333-b300-49ad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:27.000Z",
|
|
"modified": "2019-06-02T07:22:27.000Z",
|
|
"description": "Atmosphere",
|
|
"pattern": "[file:hashes.SHA256 = 'eeb8390e885612e1f0b8f8922baa4ebc9ba420224b30370d08b45f3453949937']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37942-ebe4-4db0-8b77-4aec950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:22:42.000Z",
|
|
"modified": "2019-06-02T07:22:42.000Z",
|
|
"description": "NeoPocket",
|
|
"pattern": "[file:hashes.SHA256 = '85652bbd0379d73395102edc299c892f21a4bba3378aa3b0aaea9b1130022bdd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:22:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3795a-51d0-4713-8abf-d5b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:06.000Z",
|
|
"modified": "2019-06-02T07:23:06.000Z",
|
|
"description": "Ligsterac",
|
|
"pattern": "[file:hashes.SHA256 = '1243c478a7145fa08a03200611fcf5fae9bb58039c5069ef93e150d53cf22524']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3795f-fd38-4cf1-a067-d5b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:11.000Z",
|
|
"modified": "2019-06-02T07:23:11.000Z",
|
|
"description": "Ligsterac",
|
|
"pattern": "[file:hashes.SHA256 = '377f85562e9ec16cae8fed87e43b6dd230eaa6e1c8f2732f5096f1ec951f045a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3795f-8ce0-445e-b516-d5b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:11.000Z",
|
|
"modified": "2019-06-02T07:23:11.000Z",
|
|
"description": "Ligsterac",
|
|
"pattern": "[file:hashes.SHA256 = 'aaeee605cb1850dd81da8990fe4115fe85e5d4eb84ddaf2fa8d0b21afdc2b293']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37960-f77c-4dce-a3b5-d5b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:11.000Z",
|
|
"modified": "2019-06-02T07:23:11.000Z",
|
|
"description": "Ligsterac",
|
|
"pattern": "[file:hashes.SHA256 = 'b361963fe11b149afc526a6e0656c08226f943bdba0f2c7c0a7640fba09afce8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37960-1748-4406-b54e-d5b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:12.000Z",
|
|
"modified": "2019-06-02T07:23:12.000Z",
|
|
"description": "Ligsterac",
|
|
"pattern": "[file:hashes.SHA256 = 'e130bc1603893155d87946a430b6d6ad167760cde24aa2834c61dd0eace30e8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3796e-39cc-4de5-9805-4111950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:26.000Z",
|
|
"modified": "2019-06-02T07:23:26.000Z",
|
|
"description": "ATMripper",
|
|
"pattern": "[file:hashes.SHA256 = '21f3c0bf3fc05685ec5b7bf3c98103761894d7c6783c2c12afae958eb103598e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3796e-431c-407e-b2b9-4686950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:26.000Z",
|
|
"modified": "2019-06-02T07:23:26.000Z",
|
|
"description": "ATMripper",
|
|
"pattern": "[file:hashes.SHA256 = '22db6a994eb057715b499c5641cc608fb0380aeea25f78180436c35ecd81ce7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3796e-d7e0-4150-a903-4b6b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:26.000Z",
|
|
"modified": "2019-06-02T07:23:26.000Z",
|
|
"description": "ATMripper",
|
|
"pattern": "[file:hashes.SHA256 = '3d8c7fb9e55f96cf3073b321ee5e59ff2189d70b0662bc0b88990971bc8b73d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3796e-5b10-4abf-bf80-4f9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:26.000Z",
|
|
"modified": "2019-06-02T07:23:26.000Z",
|
|
"description": "ATMripper",
|
|
"pattern": "[file:hashes.SHA256 = '4c98d5cd865d7fe2f293862fae42895045e43facfdd2a3495383be4ddbb220dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3796e-72f8-4c6b-874d-4560950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:26.000Z",
|
|
"modified": "2019-06-02T07:23:26.000Z",
|
|
"description": "ATMripper",
|
|
"pattern": "[file:hashes.SHA256 = '64499b2584d239380ffecf07e94167e0414c4bb5438620659fe37d595ef3f361']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3796e-d6a8-461a-8abf-444a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:26.000Z",
|
|
"modified": "2019-06-02T07:23:26.000Z",
|
|
"description": "ATMripper",
|
|
"pattern": "[file:hashes.SHA256 = 'cc85e8ca86c787a1c031e67242e23f4ef503840739f9cdc7e18a48e4a6773b38']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3796e-1aac-46f3-9e91-497b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:26.000Z",
|
|
"modified": "2019-06-02T07:23:26.000Z",
|
|
"description": "ATMripper",
|
|
"pattern": "[file:hashes.SHA256 = 'e3a6970d66bc4687b21381353826fabd469007c869efc711fdd0e4711aa77ffc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3797c-ae1c-4feb-bdc6-40fd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:40.000Z",
|
|
"modified": "2019-06-02T07:23:40.000Z",
|
|
"description": "ATMitch.B",
|
|
"pattern": "[file:hashes.SHA256 = '66db5b6b5dc51de7e5380f214f703bdc69ab3c3bec7c3b67179940a06560f126']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3798b-8b80-4716-a27e-41c4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:55.000Z",
|
|
"modified": "2019-06-02T07:23:55.000Z",
|
|
"description": "SkimerWC",
|
|
"pattern": "[file:hashes.SHA256 = 'dff7ee95100ffaec5848a73a7b306eaaee94ae691dfccff9fe6ce0a8f3b82c56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3798b-1360-4aba-ba69-4984950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:55.000Z",
|
|
"modified": "2019-06-02T07:23:55.000Z",
|
|
"description": "SkimerWC",
|
|
"pattern": "[file:hashes.SHA256 = 'e267fb3044c31256f06dd712c7aeae97ad148fd3157995a7e536e5473c1a2bc0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3798b-0f44-464d-bb0d-4db0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:23:55.000Z",
|
|
"modified": "2019-06-02T07:23:55.000Z",
|
|
"description": "SkimerWC",
|
|
"pattern": "[file:hashes.SHA256 = 'e78e6155b8dfd206ba5a5e7253409891bfed1b943d217e0fbc416a25fa761580']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:23:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3799b-74f4-44f1-a586-d4c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:11.000Z",
|
|
"modified": "2019-06-02T07:24:11.000Z",
|
|
"description": "Tyupkin",
|
|
"pattern": "[file:hashes.SHA256 = '16166533c69f2f04110e8b8e9cc45ed2aeaf7850fa68845c64d92ff907dd44f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3799b-98b4-4865-9748-d4c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:11.000Z",
|
|
"modified": "2019-06-02T07:24:11.000Z",
|
|
"description": "Tyupkin",
|
|
"pattern": "[file:hashes.SHA256 = '3639e8cc463922b427ea20dce8f237c0c0e82aa51d2502c48662e60fb405f677']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3799b-97dc-4f5c-bd15-d4c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:11.000Z",
|
|
"modified": "2019-06-02T07:24:11.000Z",
|
|
"description": "Tyupkin",
|
|
"pattern": "[file:hashes.SHA256 = '639d2d926325275cb023014d0b446d03f1dcc8526bff1aa72373e27d78a6a674']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3799b-52f8-4b00-993f-d4c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:11.000Z",
|
|
"modified": "2019-06-02T07:24:11.000Z",
|
|
"description": "Tyupkin",
|
|
"pattern": "[file:hashes.SHA256 = '646433de5c56fdbc7e6e934a05e9e99012ef39a0ed6cc4bdb1d984cd4435379e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3799b-19f0-4f3c-a0aa-d4c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:11.000Z",
|
|
"modified": "2019-06-02T07:24:11.000Z",
|
|
"description": "Tyupkin",
|
|
"pattern": "[file:hashes.SHA256 = '6c59cd1e12bc1037031af48b934e9398fc85efb2a067d03b6a100dd8423e5d9b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3799b-1d50-49b1-bf8a-d4c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:11.000Z",
|
|
"modified": "2019-06-02T07:24:11.000Z",
|
|
"description": "Tyupkin",
|
|
"pattern": "[file:hashes.SHA256 = '853fb4e85d8b0ad7c156ad6d3fc4b0340c8b29fa0548a3df758e7845ba8b23ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3799b-1fc4-4f92-ae0d-d4c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:11.000Z",
|
|
"modified": "2019-06-02T07:24:11.000Z",
|
|
"description": "Tyupkin",
|
|
"pattern": "[file:hashes.SHA256 = '8bb5c766de0a73dc0eff7c9fce086565b6220465185e258c21c5b9dfb0bef51d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf3799b-fbbc-493b-9668-d4c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:11.000Z",
|
|
"modified": "2019-06-02T07:24:11.000Z",
|
|
"description": "Tyupkin",
|
|
"pattern": "[file:hashes.SHA256 = 'b670fe2d803705f811b5a0c9e69ccfec3a6c3a31cfd42a30d9e8902af7b9ed80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379ac-eaf8-4cd0-8051-4aa9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:28.000Z",
|
|
"modified": "2019-06-02T07:24:28.000Z",
|
|
"description": "Suceful",
|
|
"pattern": "[file:hashes.SHA256 = 'c7cb44e0b075cbc90a7c280ef8f1c69e8fe06e7dabce054b61b10c3105eda1c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379ac-37d8-4c59-92bd-407a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:28.000Z",
|
|
"modified": "2019-06-02T07:24:28.000Z",
|
|
"description": "Suceful",
|
|
"pattern": "[file:hashes.SHA256 = 'd33d69b454efba519bffd3ba63c99ffce058e3105745f8a7ae699f72db1e70eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-1488-4103-8b0b-4b56950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = '0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-4594-499c-ba40-45a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = '04db39463012add2eece6dfe6f311ad46b76dae55460eea30dec02d3d3f1c00a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-a87c-4bf0-92b7-4d28950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = '0971c166826163093093fb199d883f2544055bdcfc671e7789bd5088992debe5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-9aac-4d45-b415-4d6b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = '0e37b8a6711a3118daa1ce2e2f22c09b3f3c6179155b98215a1d96a81c767889']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-0744-4548-8106-4252950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = '34acc4c0b61b5ce0b37c3589f97d1f23e6d84011a241e6f85683ee517ce786f1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-1788-483d-ac87-4153950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = '398e335f2d6379771d86d508a43c567b4156104f89161812005a6122e9c899be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-51bc-4385-94d7-4ed3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = '62b61f1d3f876300e8768b57d35c260cfc60b768a3e430725bd8d2f919619db2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-2214-49ba-af37-43b8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = '7fd109532f1e49cf074be541df38e0ce190497847fdb5588767ca35b9620a6c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-9254-4a74-988f-494a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = 'aee97881d3e45ba0cae91f471db78aded16bcff1468d9e66edf9d3c0223d238f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-59f0-4d0d-8a32-43b9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = 'c8d57b32ab86a3a97f89ae7f1044a63cca2b58f748bed250a1f9df5c50fc8fbb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-8840-4ddc-8685-4f57950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = 'd93342bd12ef44d92bf58ed2f0f88443385a0192804a5d0976352484c0d37685']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-dcc4-4fe0-b44e-4bb1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = 'd99339d3dc6891cdd832754c5739640c62cd229c84e04e9e3cad743c6f66b1b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379bd-2760-45b6-9b82-4711950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:24:45.000Z",
|
|
"modified": "2019-06-02T07:24:45.000Z",
|
|
"description": "Ploutus",
|
|
"pattern": "[file:hashes.SHA256 = 'e75e13d3b7a581014edcc2a397eaffbf91c3e5094d4afd81632d9ad872f935f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379cf-251c-44c6-a8cd-4996950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:25:03.000Z",
|
|
"modified": "2019-06-02T07:25:03.000Z",
|
|
"description": "ATMWizX",
|
|
"pattern": "[file:hashes.SHA256 = '7bd2c97ac5027c360011dc5aa8f2371cd934f73e885e41f7e80152332b3af1db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:25:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379cf-9e4c-417c-a13c-42be950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:25:03.000Z",
|
|
"modified": "2019-06-02T07:25:03.000Z",
|
|
"description": "ATMWizX",
|
|
"pattern": "[file:hashes.SHA256 = 'a4b42f503090cd3cd53963ddaf0be3e4eeedbd81ff02664668e68612816e727f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:25:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379dd-4310-4552-a893-4f0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:25:17.000Z",
|
|
"modified": "2019-06-02T07:25:17.000Z",
|
|
"description": "ATMtest",
|
|
"pattern": "[file:hashes.SHA256 = '9f8a7828d833ed7f28f9f5ceaf1c073c6de0645172b8316d86edc16c84b61c4f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:25:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379ef-f6b4-4c3a-82a1-4636950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:25:35.000Z",
|
|
"modified": "2019-06-02T07:25:35.000Z",
|
|
"description": "ATMitch",
|
|
"pattern": "[file:hashes.SHA256 = '1065502d7171df7be3776b839410a227c540cd977e5e856bbbcd837b0872bdb6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:25:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379ef-7e2c-40ee-bcc8-4166950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:25:35.000Z",
|
|
"modified": "2019-06-02T07:25:35.000Z",
|
|
"description": "ATMitch",
|
|
"pattern": "[file:hashes.SHA256 = 'ea5ebd1e5f98e10b1e7c834dd54707ad06772bccb4179cae7e50c7e6e772a1ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:25:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379ff-c64c-453f-a457-4ce0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:25:51.000Z",
|
|
"modified": "2019-06-02T07:25:51.000Z",
|
|
"description": "WinPot",
|
|
"pattern": "[file:hashes.SHA256 = '0720db2469a61d41c1e67a8f32020927a32422a5d58067bb328a2ff407e14e98']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:25:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379ff-1ad8-4a30-a174-4cd1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:25:51.000Z",
|
|
"modified": "2019-06-02T07:25:51.000Z",
|
|
"description": "WinPot",
|
|
"pattern": "[file:hashes.SHA256 = '3f5ff48aa4dc2c1af3deeb33a9cc576616dad37156ae9182831b1b2a5ae4ae20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:25:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379ff-0d1c-4e6f-8d1e-4c4a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:25:51.000Z",
|
|
"modified": "2019-06-02T07:25:51.000Z",
|
|
"description": "WinPot",
|
|
"pattern": "[file:hashes.SHA256 = 'a5d0cd1bc33f44d25695ebd6530757180f4fc4d87a1658ee2f0d8fc42d09fb80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:25:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379ff-ec04-4d59-b269-4424950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:25:51.000Z",
|
|
"modified": "2019-06-02T07:25:51.000Z",
|
|
"description": "WinPot",
|
|
"pattern": "[file:hashes.SHA256 = 'c3a5c8e9195163cef8e0e70bd8f3d49c8048e37af7c969341e1753aee63df0ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:25:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf379ff-bc14-4d63-9ce9-45ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:25:51.000Z",
|
|
"modified": "2019-06-02T07:25:51.000Z",
|
|
"description": "WinPot",
|
|
"pattern": "[file:hashes.SHA256 = 'd9c6515fd0fb3cd14b4bb4d11ecda78602d17f370780a4b9ee006a9830106213']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:25:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a0d-e03c-44fe-a1f6-4a2b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:26:05.000Z",
|
|
"modified": "2019-06-02T07:26:05.000Z",
|
|
"description": "Prilex",
|
|
"pattern": "[file:hashes.SHA256 = 'd10a0e0621a164fad0d7f3690b5d63ecb9561e5ad30a66f353a98395b774384e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:26:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a1c-5718-45ab-991d-6829950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:26:20.000Z",
|
|
"modified": "2019-06-02T07:26:20.000Z",
|
|
"description": "Piolin",
|
|
"pattern": "[file:hashes.SHA256 = '5f4215368817570e7a390c9f6e265a7db343c9664d22008d5971dac707751524']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:26:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a2a-c6e0-42e3-9166-fcfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:26:34.000Z",
|
|
"modified": "2019-06-02T07:26:34.000Z",
|
|
"description": "Cutlet",
|
|
"pattern": "[file:hashes.SHA256 = '05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a2a-7a2c-40bb-b95d-fcfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:26:34.000Z",
|
|
"modified": "2019-06-02T07:26:34.000Z",
|
|
"description": "Cutlet",
|
|
"pattern": "[file:hashes.SHA256 = '4a340a0a95f2af5ab7f3bfe6f304154e617d0c47ce31ee8426c70b86e195320c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a2a-0d8c-44f5-bc23-fcfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:26:34.000Z",
|
|
"modified": "2019-06-02T07:26:34.000Z",
|
|
"description": "Cutlet",
|
|
"pattern": "[file:hashes.SHA256 = 'c18b23cc493f89d73a2710ebb177d54beafe0edf0e17cc79e28d9efdfb69a630']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a2a-d92c-4154-803f-fcfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:26:34.000Z",
|
|
"modified": "2019-06-02T07:26:34.000Z",
|
|
"description": "Cutlet",
|
|
"pattern": "[file:hashes.SHA256 = 'd1a0b2a251fa69818784e8937403c18f09b2c37eead80ba61a3edf4ac2b6b7ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a2a-37b4-4f19-918d-fcfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:26:34.000Z",
|
|
"modified": "2019-06-02T07:26:34.000Z",
|
|
"description": "Cutlet",
|
|
"pattern": "[file:hashes.SHA256 = 'd4a463c135d17239047ad4151ab2f2d084e223970e900904ecedabc0fd916545']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a2a-00d8-4c52-87d5-fcfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:26:34.000Z",
|
|
"modified": "2019-06-02T07:26:34.000Z",
|
|
"description": "Cutlet",
|
|
"pattern": "[file:hashes.SHA256 = 'fe1634318e27e3af856506d49a54d1d12e1cf650cbc31eeb0c805949edc8fc85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a3a-0238-4b2d-9f1b-d5b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:26:50.000Z",
|
|
"modified": "2019-06-02T07:26:50.000Z",
|
|
"description": "DIAGK",
|
|
"pattern": "[file:hashes.SHA256 = '03bb8decefc540bff5b08425adddb404b345452c8adedee0c8af13572891865b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:26:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a49-d9ac-46d3-a457-4007950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:05.000Z",
|
|
"modified": "2019-06-02T07:27:05.000Z",
|
|
"description": "ATMii",
|
|
"pattern": "[file:hashes.SHA256 = '0ef71569308d44e89bde48096c67caf73ec177c1c970a2fd843fd3a094502d78']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:27:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a49-6f10-4c66-933b-40c7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:05.000Z",
|
|
"modified": "2019-06-02T07:27:05.000Z",
|
|
"description": "ATMii",
|
|
"pattern": "[file:hashes.SHA256 = '5f5d483c1fcd1638b32d11183c5ed5fd36362fb12d62e1d9940b47906733d672']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:27:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a49-e3b8-4461-bf55-483c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:05.000Z",
|
|
"modified": "2019-06-02T07:27:05.000Z",
|
|
"description": "ATMii",
|
|
"pattern": "[file:hashes.SHA256 = '7fac4b739c412b074ee13e181c0900a350b4df9499515febb75008e6955b9674']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:27:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a49-7e04-4911-91b8-496a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:05.000Z",
|
|
"modified": "2019-06-02T07:27:05.000Z",
|
|
"description": "ATMii",
|
|
"pattern": "[file:hashes.SHA256 = 'd74cbd2e39dc0a00dc4c0fb0823c5a86455cdad2be48d32866165c9e5557c3e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:27:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a57-e7b8-4cb1-991a-448c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:19.000Z",
|
|
"modified": "2019-06-02T07:27:19.000Z",
|
|
"description": "Alice",
|
|
"pattern": "[file:hashes.SHA256 = '04f25013eb088d5e8a6e55bdb005c464123e6605897bd80ac245ce7ca12a7a70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:27:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a57-f838-4c66-8e06-4312950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:19.000Z",
|
|
"modified": "2019-06-02T07:27:19.000Z",
|
|
"description": "Alice",
|
|
"pattern": "[file:hashes.SHA256 = '23c50f1c37b7c55554c282ba1781e9d6279cbbd7bfc5f64772d2e7a8962ebe70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:27:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a57-6744-456b-b5ec-431b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:19.000Z",
|
|
"modified": "2019-06-02T07:27:19.000Z",
|
|
"description": "Alice",
|
|
"pattern": "[file:hashes.SHA256 = 'b8063f1323a4ae8846163cc6e84a3b8a80463b25b9ff35d70a1c497509d48539']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:27:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a57-38c0-4fe8-ac67-4614950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:19.000Z",
|
|
"modified": "2019-06-02T07:27:19.000Z",
|
|
"description": "Alice",
|
|
"pattern": "[file:hashes.SHA256 = 'db1169df116fda46319c4b87607df7b6a5e80b48de5411d47684974ca22dd35a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:27:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf37a57-c730-470f-8f61-45ec950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:19.000Z",
|
|
"modified": "2019-06-02T07:27:19.000Z",
|
|
"description": "Alice",
|
|
"pattern": "[file:hashes.SHA256 = 'e3bf733cc85da7421522a0b1ff788d43bcacd02815a88d19426e80de564174b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:27:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5cf37a6c-dcfc-486e-9f2b-4e02950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:40.000Z",
|
|
"modified": "2019-06-02T07:27:40.000Z",
|
|
"first_observed": "2019-06-02T07:27:40Z",
|
|
"last_observed": "2019-06-02T07:27:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5cf37a6c-dcfc-486e-9f2b-4e02950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5cf37a6c-dcfc-486e-9f2b-4e02950d210f",
|
|
"value": "https://blog.talosintelligence.com/2019/05/10-years-of-virtual-dynamite.html?m=1"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5cf37a7e-d6a8-4f97-890e-474b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:27:58.000Z",
|
|
"modified": "2019-06-02T07:27:58.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "It has been 10 years since the discovery of Skimer, first malware specifically designed to attack automated teller machines (ATMs). At the time, the learning curve for understanding its functionality was rather steep and analysis required specific knowledge of a manufacturer's ATM API functions and parameters, which were not publicly documented.\r\n\r\nBefore the discovery of Skimer, anti-malware researchers' considered ATMs secure machines containing proprietary hardware, running non-standard operating systems, and implementing a number of advanced protection techniques designed to prevent attacks using malicious code. Researchers eventually discovered that the most popular ATM manufacturers use a standard Windows operating system and add on some auxiliary devices, such as a safe and card reader.\r\n\r\nOver time, actors behind some of the newer ATM malware families such as GreenDispenser and Tyupkin realized that there is a generic Windows extension for Financial Services API (CEN/XFS) that can be used to make malware that runs independent of the underlying hardware platform, as long as the ATM manufacturer supports the framework. This malware can trick the machines into dispensing cash, regardless of whether the attacker has a legitimate bank card.\r\n\r\nATM malware has evolved to include a number of different families and different actors behind them, ranging from criminal groups to actors affiliated with nation states. The significance of ATM malware stems from the fact that it can bring significant financial benefits to attackers and as a consequence cause a significant damage to targeted banks, financial institutions and end users.\r\n\r\nNow that this type of malware has been around for more than 10 years, we wanted to round up the specific families we've seen during that time and attempt to find out if the different families share any code."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4e9389f5-efa0-4f44-91fc-0c76588fcafe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:51.000Z",
|
|
"modified": "2019-06-02T07:29:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ae5417c3cb12443ce98fdbc1e7f9e1a3' AND file:hashes.SHA1 = 'd5ebde21768d6d9203750ddc8d0c25a642757b04' AND file:hashes.SHA256 = 'b57bc410683aba4c211e407320e6b7746ce25e06d81ddf480711228efd921a6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f9a4ed3f-ce06-4b81-83ba-433dcdeae6e1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:51.000Z",
|
|
"modified": "2019-06-02T07:29:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:26",
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"uuid": "0a6ebce6-47ce-4f8f-94dd-3ab951861d73"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b57bc410683aba4c211e407320e6b7746ce25e06d81ddf480711228efd921a6c/analysis/1559335106/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "a367544b-1443-4c6d-a979-4d7305e99cc1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/72",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "96e1cedf-8ad9-4c82-9445-0226864b0416"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--debf3fc0-afd9-4a29-bb93-3eeda774a6c4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:52.000Z",
|
|
"modified": "2019-06-02T07:29:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1781c712ad66a8e2b30df2f99a916245' AND file:hashes.SHA1 = '62aa206264a97c9c3a440feeb35363e2c546a9e6' AND file:hashes.SHA256 = '1d6508cbe5f7ccaa991572f05aef52bab8a59851ca9a4367605a9637b10ae081']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c3fe1a30-b661-47d7-a1b6-c761917f249d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:52.000Z",
|
|
"modified": "2019-06-02T07:29:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:39",
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"uuid": "4d231862-2246-4d4a-95b9-846e7238c568"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1d6508cbe5f7ccaa991572f05aef52bab8a59851ca9a4367605a9637b10ae081/analysis/1559335059/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "e0495afc-33dc-4e2e-ba86-256c0e5fbe17"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/63",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "e500b1b4-373f-46e3-8dd1-df60b71efdf7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d673ebe6-4d3a-46b3-84f4-aa596c14a2c4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:52.000Z",
|
|
"modified": "2019-06-02T07:29:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'eca2ca8ecf63816d9a157888e3d871dc' AND file:hashes.SHA1 = 'b0b13b336ee8770bb2a90fb1292fd9dcabd046f4' AND file:hashes.SHA256 = 'd99339d3dc6891cdd832754c5739640c62cd229c84e04e9e3cad743c6f66b1b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--973c1b1b-139e-4cac-8e88-4d7926955993",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:52.000Z",
|
|
"modified": "2019-06-02T07:29:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:35",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "460449c6-1ecf-4e48-8894-d9d49c08a3f3"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d99339d3dc6891cdd832754c5739640c62cd229c84e04e9e3cad743c6f66b1b9/analysis/1559335115/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "7e829a88-dc8b-447a-bd38-93d47dc99b85"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/71",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "690e52b0-7ecf-4657-a32a-e9032ed818ce"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8622a557-f7b5-447f-8ef2-de736a37d53f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:52.000Z",
|
|
"modified": "2019-06-02T07:29:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = '79d4b46f48d029df44b51486e8cf5169' AND file:hashes.SHA1 = 'f051296ab1989768ef765fa459baaf6cc5b883af' AND file:hashes.SHA256 = 'eeb8390e885612e1f0b8f8922baa4ebc9ba420224b30370d08b45f3453949937']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--36c7dc3d-aed7-43a2-83fc-ac719299d71e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:52.000Z",
|
|
"modified": "2019-06-02T07:29:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:44",
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"uuid": "b809c743-b39b-4548-a94d-3860f205469f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/eeb8390e885612e1f0b8f8922baa4ebc9ba420224b30370d08b45f3453949937/analysis/1559335124/",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "442da1f1-61a5-4c21-b39e-86011e5a1a57"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/62",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "897e4350-555c-492e-b2a0-fe8ab37faa9f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--36474312-d715-4ea0-b2b5-5dc44269f913",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:52.000Z",
|
|
"modified": "2019-06-02T07:29:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b807cdceb9472b16be200793c09c251c' AND file:hashes.SHA1 = '8a5a98891c475d9971766a0b05ba69da2ad7429a' AND file:hashes.SHA256 = 'b361963fe11b149afc526a6e0656c08226f943bdba0f2c7c0a7640fba09afce8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--52ca996c-bc2b-4739-ac9e-bc7dd85923ba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:52.000Z",
|
|
"modified": "2019-06-02T07:29:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:25",
|
|
"category": "Other",
|
|
"comment": "Ligsterac",
|
|
"uuid": "2efbbdf3-6563-403f-852b-613106684573"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b361963fe11b149afc526a6e0656c08226f943bdba0f2c7c0a7640fba09afce8/analysis/1559335105/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"uuid": "b355e22e-c8f9-404b-97e2-4e1e6036802c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"uuid": "a4b19cc2-a677-4eec-8abb-07dd1013c5ec"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0679f30f-f3f7-4b7a-adeb-5e331c959580",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:53.000Z",
|
|
"modified": "2019-06-02T07:29:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f74755b92ffe04f97ac506960e6324bb' AND file:hashes.SHA1 = 'ccafd4e255880a7f9bceebad5f7e98d0bc753edf' AND file:hashes.SHA256 = 'c7cb44e0b075cbc90a7c280ef8f1c69e8fe06e7dabce054b61b10c3105eda1c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ab628320-1176-4770-b844-742dcddcb0cf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:53.000Z",
|
|
"modified": "2019-06-02T07:29:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:30",
|
|
"category": "Other",
|
|
"comment": "Suceful",
|
|
"uuid": "37e75f40-b48c-4761-9550-6aea1c64a80d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c7cb44e0b075cbc90a7c280ef8f1c69e8fe06e7dabce054b61b10c3105eda1c4/analysis/1559335110/",
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"uuid": "760568e4-193c-4afe-8b34-742c54c5ec74"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/72",
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"uuid": "d0dacbbf-4bbe-462c-a8bb-9710c3897242"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58f5581e-25a8-4845-9e62-a3fcc12ac9dc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:53.000Z",
|
|
"modified": "2019-06-02T07:29:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd0e6a7c89ed75ea559bd9d22e2de3625' AND file:hashes.SHA1 = '041fc8035b7e3ea0c64b8350b65337f2fac3d654' AND file:hashes.SHA256 = '009b677564b3ebb0831171edf3fb0deb0fa3b0010b74586e01d8df4af965ef3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8ad9b272-f1ad-4dbb-8f54-16d23bbf13e8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:53.000Z",
|
|
"modified": "2019-06-02T07:29:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:30",
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"uuid": "dcec8770-7e58-4a5f-af80-dde1c95d6756"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/009b677564b3ebb0831171edf3fb0deb0fa3b0010b74586e01d8df4af965ef3f/analysis/1559335050/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "f738b4de-538e-419d-b8f3-a53e6b3ec360"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/71",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "d60385ee-78d4-4861-a6e0-27577d6502b5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--20bc31c6-ec6b-4bf3-92a8-6fcd9a84cf79",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:53.000Z",
|
|
"modified": "2019-06-02T07:29:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a67d3a0974f0941f1860cb81ebc4c37c' AND file:hashes.SHA1 = 'eb4343969e2280d790c084d4aec774617e575cf6' AND file:hashes.SHA256 = '4941331c64e0389d5ec966122ef71a99d8f9830f13e9afa758e03275f896c2eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b59d17a2-cfdc-4bdb-857d-4d072408fcc4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:53.000Z",
|
|
"modified": "2019-06-02T07:29:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:50",
|
|
"category": "Other",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "9d9ba794-196f-44f8-90c6-6dd879821aec"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4941331c64e0389d5ec966122ef71a99d8f9830f13e9afa758e03275f896c2eb/analysis/1559335070/",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "4a7dc010-8aeb-4f48-beff-1980d65067dc"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/66",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "4323c28b-27c0-4c39-a31d-01f4e0fdd01d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c37a0b5e-8135-4547-9468-f4c40d749e4b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:53.000Z",
|
|
"modified": "2019-06-02T07:29:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ec3cd3bcf0a3a89ea55a3acd054284d7' AND file:hashes.SHA1 = '7df18677254c45a6b57ff00517ae38b18e8f7d7c' AND file:hashes.SHA256 = '6670ccc940cca6983340dbce1a9bbce7b49643ac924e18ca25def8b632b70720']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--27d02881-c91f-40e3-96ed-1006bbe1a633",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:53.000Z",
|
|
"modified": "2019-06-02T07:29:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:59",
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"uuid": "7df95608-1e20-463e-946f-dd67fbf90fe7"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6670ccc940cca6983340dbce1a9bbce7b49643ac924e18ca25def8b632b70720/analysis/1559335079/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "5e7d53c3-9362-4ebf-8a55-2aefc71b031f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/70",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "100099ec-fa6a-4b6e-b683-a9d749a506b1"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f4d25908-fa3f-4504-afa0-0f587162caae",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:54.000Z",
|
|
"modified": "2019-06-02T07:29:54.000Z",
|
|
"pattern": "[file:hashes.MD5 = '86ea1f46df745a30577f02fc24e266ff' AND file:hashes.SHA1 = '645a4e154dfa773897248fffa7e8e7fc930bec59' AND file:hashes.SHA256 = 'e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--286599cf-b80a-40c0-b8ac-168ef913024d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:54.000Z",
|
|
"modified": "2019-06-02T07:29:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-17T14:28:23",
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "61e66cff-a8c3-488c-9526-d6baa3e8cc1e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000/analysis/1558103303/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "1ae0f8f9-8926-4cb4-8205-aeb0bab88289"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "39/58",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "c807bd36-699d-46cc-a207-c2c06947db37"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8952097a-81ee-4e3e-86ec-b6d8a5d9bbe3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:54.000Z",
|
|
"modified": "2019-06-02T07:29:54.000Z",
|
|
"pattern": "[file:hashes.MD5 = '45c0b59f31da310078a029eb2e58a02d' AND file:hashes.SHA1 = '15a9745ba2b383d55ccda653df8d1506373ac7c9' AND file:hashes.SHA256 = '62b61f1d3f876300e8768b57d35c260cfc60b768a3e430725bd8d2f919619db2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f7c3eba5-e21e-4575-9b60-0058e51f0562",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:54.000Z",
|
|
"modified": "2019-06-02T07:29:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:56",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "43dfc7ce-35d5-43ae-8b13-f9fe167bc6e9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/62b61f1d3f876300e8768b57d35c260cfc60b768a3e430725bd8d2f919619db2/analysis/1559335076/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "7107c190-e62d-4144-bdb2-184e0bd16722"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "7d27f166-326b-4435-8f17-d4adf313359e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c8bf76f7-af93-4b6f-9956-bd2d3ba757ce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:54.000Z",
|
|
"modified": "2019-06-02T07:29:54.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'dc42ed8e1de55185c9240f33863a6aa4' AND file:hashes.SHA1 = '7b969c7cd3a5a54006b7f6837e3ef3344890659c' AND file:hashes.SHA256 = '0ef71569308d44e89bde48096c67caf73ec177c1c970a2fd843fd3a094502d78']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3492cc64-74f3-40d0-bd1d-de90c08e836a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:54.000Z",
|
|
"modified": "2019-06-02T07:29:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:34",
|
|
"category": "Other",
|
|
"comment": "ATMii",
|
|
"uuid": "767caa52-57cc-4cc9-b853-797515366abe"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0ef71569308d44e89bde48096c67caf73ec177c1c970a2fd843fd3a094502d78/analysis/1559335054/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"uuid": "9c9b5a79-346b-430c-aa9b-1b739bd32332"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/68",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"uuid": "92241b6c-61f6-436f-b803-0ebb6c53a916"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--23fe1574-4071-416e-9bc8-bc000931d5fa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:54.000Z",
|
|
"modified": "2019-06-02T07:29:54.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5af1f92832378772a7e3b07a0cad4fc5' AND file:hashes.SHA1 = 'dadf8493072a479950af004a58fa774f83fc984c' AND file:hashes.SHA256 = 'aee97881d3e45ba0cae91f471db78aded16bcff1468d9e66edf9d3c0223d238f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--62cf131f-4604-4172-93b0-ddc09a5a2eef",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:54.000Z",
|
|
"modified": "2019-06-02T07:29:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:22",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "becefca6-0631-4570-8693-a2d24a7738b3"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/aee97881d3e45ba0cae91f471db78aded16bcff1468d9e66edf9d3c0223d238f/analysis/1559335102/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "075d2c0d-f491-4e80-8da8-6ba321400e93"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/63",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "a7f5e14e-a4e1-4bd4-93db-baac05cecc35"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--afc33a8a-f0bd-4ee9-a0fe-3a78ad442eac",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:55.000Z",
|
|
"modified": "2019-06-02T07:29:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4cf5a1145ee873652512275ef6cff93c' AND file:hashes.SHA1 = '44b1eea742b63c7abc479e96c316bcd613e26ff2' AND file:hashes.SHA256 = 'd1a0b2a251fa69818784e8937403c18f09b2c37eead80ba61a3edf4ac2b6b7ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--50d3db02-8f85-49bb-bfdb-1f5b790fa78a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:55.000Z",
|
|
"modified": "2019-06-02T07:29:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:34",
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"uuid": "cdf893e0-8d71-41e0-b80e-3c3e3f6d4eb8"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d1a0b2a251fa69818784e8937403c18f09b2c37eead80ba61a3edf4ac2b6b7ff/analysis/1559335114/",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "0b057bc8-39a8-425a-b286-61dfce040742"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/66",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "ddc87d3c-c83e-411b-84cc-6f626c5c0bd3"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bbd0e909-a799-4b8b-af33-2e2b06984894",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:55.000Z",
|
|
"modified": "2019-06-02T07:29:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'eab2648a9ecc5e5f7d085252213f1e84' AND file:hashes.SHA1 = 'b1f3eab726a642ec204af6c71c22db0763b52c67' AND file:hashes.SHA256 = '5a37be2d298145b766ba54616677d802cfabc62e3b9be2ffb6d4719d3f8143e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bd1855b5-3e62-4fba-a33c-22aa7915a052",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:55.000Z",
|
|
"modified": "2019-06-02T07:29:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:55",
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "60d41a23-6f60-4474-bb73-9ef5da5c09c1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5a37be2d298145b766ba54616677d802cfabc62e3b9be2ffb6d4719d3f8143e9/analysis/1559335075/",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "b4bae591-c57f-4ab8-b5a7-b4265cfcc213"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/71",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "8d64eabb-acf4-4e46-a0e6-81013d0ca2e8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--69947a46-fe46-496b-b677-aa891525577f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:55.000Z",
|
|
"modified": "2019-06-02T07:29:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e77be161723ab80ed386da3bf61abddc' AND file:hashes.SHA1 = 'f1f53a6f59d31a8ba93676ef41a726885916766e' AND file:hashes.SHA256 = 'e75e13d3b7a581014edcc2a397eaffbf91c3e5094d4afd81632d9ad872f935f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--46b3e12f-d54f-4502-a3a4-8cd0b1151279",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:55.000Z",
|
|
"modified": "2019-06-02T07:29:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:39",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "5e6f724b-1faa-4ad3-a107-e511abb5c87f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e75e13d3b7a581014edcc2a397eaffbf91c3e5094d4afd81632d9ad872f935f4/analysis/1559335119/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "ca9be74a-8bf1-4c57-b7ae-2b65c2c24a74"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/72",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "643eb28e-aa03-4009-8d8f-d0ea0cad6ee7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59a853ea-2a24-4522-8caf-31116b4540a1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:55.000Z",
|
|
"modified": "2019-06-02T07:29:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2f2b21e172ca17dc474d1299f7e4cd1a' AND file:hashes.SHA1 = 'bcd6671ce3d356a83ec8d499397ccadfd4121978' AND file:hashes.SHA256 = '8d7f932d8236671018c5cd02781301134aa6df315253f7a56559350d2616ff8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8462e162-3d1d-41a5-b259-25b56014ecd1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:55.000Z",
|
|
"modified": "2019-06-02T07:29:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:11",
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"uuid": "aa967f62-db25-47f4-942b-cb19da03cad3"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/8d7f932d8236671018c5cd02781301134aa6df315253f7a56559350d2616ff8e/analysis/1559335091/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "3d00e43b-d7a4-4b48-8a1f-3246d0407bd4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/69",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "0c026b77-2a1a-4dd4-a3af-082b5f9e11d6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--72fa3519-3988-43d8-9261-aa9e2eed24cf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:56.000Z",
|
|
"modified": "2019-06-02T07:29:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '754997c47c088060d376dcf29d6d9ac1' AND file:hashes.SHA1 = '6af7753279241d1977739a8e51c8b5bc47d219f0' AND file:hashes.SHA256 = '66db5b6b5dc51de7e5380f214f703bdc69ab3c3bec7c3b67179940a06560f126']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a416f449-acdd-4e69-9636-b33248a2bdd3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:56.000Z",
|
|
"modified": "2019-06-02T07:29:56.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:59",
|
|
"category": "Other",
|
|
"comment": "ATMitch.B",
|
|
"uuid": "2348a053-acc3-4831-94a6-f2423b88d406"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/66db5b6b5dc51de7e5380f214f703bdc69ab3c3bec7c3b67179940a06560f126/analysis/1559335079/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch.B",
|
|
"uuid": "92cf654e-6a10-4b03-9dc9-0e6ab7205242"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/69",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch.B",
|
|
"uuid": "0f680c12-f8ca-4a31-804c-55403c625bff"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--90369019-7f27-4d9f-b24e-064dce9bb9ff",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:56.000Z",
|
|
"modified": "2019-06-02T07:29:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '34d10423c00300b47265e477e4b2a6a5' AND file:hashes.SHA1 = 'f535d0bd14c706faba76cdc1d7b068282f743c16' AND file:hashes.SHA256 = '21f3c0bf3fc05685ec5b7bf3c98103761894d7c6783c2c12afae958eb103598e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9c43344e-12b5-4e91-96ab-e8f7e3939ef6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:57.000Z",
|
|
"modified": "2019-06-02T07:29:57.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:39",
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"uuid": "d3a846c7-f50d-45de-aeef-3f32b18fc1bc"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/21f3c0bf3fc05685ec5b7bf3c98103761894d7c6783c2c12afae958eb103598e/analysis/1559335059/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "1735f888-a094-4002-8f18-829cc8538046"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/63",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "7460aa6e-7b93-4289-9654-a30473e426ac"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fa4415d9-9b90-4646-b8cf-e2810be2f2ea",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:57.000Z",
|
|
"modified": "2019-06-02T07:29:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = '40e8885bb95659243d46b6bfd3b0bc36' AND file:hashes.SHA1 = '354c29f10071e62aa225b18ef456d452c54e1fec' AND file:hashes.SHA256 = 'b66615b186bf7067cdb937220f86b1d9411351e0b06ee8d02cf6c5358348e884']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a1d6d8e9-5a62-4bf2-932b-4bfe3f686ecd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:57.000Z",
|
|
"modified": "2019-06-02T07:29:57.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:26",
|
|
"category": "Other",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "27df945b-76c2-4283-8a06-3bea99421fe0"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b66615b186bf7067cdb937220f86b1d9411351e0b06ee8d02cf6c5358348e884/analysis/1559335106/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "ebc17c91-4e91-4dcf-a931-47079f80146c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/72",
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "fa639541-5f28-4cdc-bcee-a4afd91b65f5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0b1e7b0c-01c5-4261-810c-79ee889cf041",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:57.000Z",
|
|
"modified": "2019-06-02T07:29:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b3efec620885e6cf5b60f72e66d908a9' AND file:hashes.SHA1 = '274b0bccb1bfc2731d86782de7babdeece379cf4' AND file:hashes.SHA256 = 'd465637518024262c063f4a82d799a4e40ff3381014972f24ea18bc23c3b27ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--89095777-3676-41fb-b745-6d0cc579c782",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:58.000Z",
|
|
"modified": "2019-06-02T07:29:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-11T08:21:28",
|
|
"category": "Other",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "6aeee43b-ab86-4ee1-a79a-0fc30a15d3cb"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d465637518024262c063f4a82d799a4e40ff3381014972f24ea18bc23c3b27ee/analysis/1554970888/",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "72e68fb1-33d9-4047-ae58-42a94b4f25ce"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/59",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "abf0409d-e163-482a-b01c-e1890fa4a1c5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d837aac4-8a86-4538-b882-358daa5ec55f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:58.000Z",
|
|
"modified": "2019-06-02T07:29:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '700e91a24f5cadd0cb7507f0d0077b26' AND file:hashes.SHA1 = 'bfa9791ccc407819907b9d38341dd6d50b663e55' AND file:hashes.SHA256 = '16166533c69f2f04110e8b8e9cc45ed2aeaf7850fa68845c64d92ff907dd44f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9d6e3d6b-0847-498e-885b-df5576bcdbcc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:59.000Z",
|
|
"modified": "2019-06-02T07:29:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:36",
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"uuid": "fecf0e2b-10f9-4631-8676-aaf4df7fa1a9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/16166533c69f2f04110e8b8e9cc45ed2aeaf7850fa68845c64d92ff907dd44f0/analysis/1559335056/",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "014b39d7-43f1-4de4-af9d-cf148802f4bc"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/65",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "549e96f7-2906-489b-9377-ffd9679ef4ee"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6233ba88-e454-4931-85fd-b1c07492a684",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:59.000Z",
|
|
"modified": "2019-06-02T07:29:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1a103f187bc84e6c0e194a74f7abb7b4' AND file:hashes.SHA1 = 'b215ce142b024e1ab6ceabf42c5b304938181677' AND file:hashes.SHA256 = 'e3bf733cc85da7421522a0b1ff788d43bcacd02815a88d19426e80de564174b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3d43da57-37ca-4aec-9e28-739ae5ec4cf6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:59.000Z",
|
|
"modified": "2019-06-02T07:29:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:42",
|
|
"category": "Other",
|
|
"comment": "Alice",
|
|
"uuid": "445e50a1-0440-4cc5-a699-4a738446ef6b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e3bf733cc85da7421522a0b1ff788d43bcacd02815a88d19426e80de564174b3/analysis/1559335122/",
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"uuid": "4df03149-42ac-4aa5-9e11-d6f3ef5c98d1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/71",
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"uuid": "13ce854f-1244-4764-b27d-4be8e87cb6f4"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2af4fed3-7abe-4bd0-9e07-78f99b75b02a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:59.000Z",
|
|
"modified": "2019-06-02T07:29:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = '08a3a817ab805d73d89e9ef2dca9c352' AND file:hashes.SHA1 = '376afa8b852d28b385447cb1fe50bcf956a7d7f9' AND file:hashes.SHA256 = 'e2c87bca353016aced41305ddd66ee7430bf61a20c0f4c8c0f0650f006f05160']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e5651225-768d-4ef0-a852-6859df9ebc50",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:59.000Z",
|
|
"modified": "2019-06-02T07:29:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:41",
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"uuid": "6a216dbf-9280-4d76-9442-71a2b8fbe413"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e2c87bca353016aced41305ddd66ee7430bf61a20c0f4c8c0f0650f006f05160/analysis/1559335121/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "b471c935-a03d-4ddc-b1ea-479d8646e74b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/63",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "8ea41408-542f-4901-a4ec-18eab47e9e34"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f65269df-3231-420c-afe2-cb9d182e8e52",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:29:59.000Z",
|
|
"modified": "2019-06-02T07:29:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c25334e63cd0207d3107d1c5dd2d1e72' AND file:hashes.SHA1 = '4d953f09dec970b583d1033ce49a9004721d8131' AND file:hashes.SHA256 = '5f5d483c1fcd1638b32d11183c5ed5fd36362fb12d62e1d9940b47906733d672']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:29:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1e4c672b-f6ed-42a7-b1a6-2afdf236e7b4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:00.000Z",
|
|
"modified": "2019-06-02T07:30:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:55",
|
|
"category": "Other",
|
|
"comment": "ATMii",
|
|
"uuid": "e42d6a78-6fef-45cb-8404-551e2b655c74"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5f5d483c1fcd1638b32d11183c5ed5fd36362fb12d62e1d9940b47906733d672/analysis/1559335075/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"uuid": "b5c51ec9-943d-4067-b39c-7ec732f08004"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/71",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"uuid": "b2f00224-1d26-4173-a307-feacd346b586"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--059e1ff5-337c-43b8-b2a3-3bd1a141ae5b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:00.000Z",
|
|
"modified": "2019-06-02T07:30:00.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd790997dd950bb39229dc5bd3c2047ff' AND file:hashes.SHA1 = '7e6407c28c55475aa81853fac984267058627877' AND file:hashes.SHA256 = '3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3ef9e33c-b041-49fd-b3d0-a4635aa80082",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:00.000Z",
|
|
"modified": "2019-06-02T07:30:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-29T03:11:20",
|
|
"category": "Other",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "f218ca67-d2a9-4b33-829d-26d99eaa7575"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c/analysis/1559099480/",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "d2bc48a7-8532-4e83-8832-877f0fc94c63"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/57",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "f3e0e2cc-0f49-4a41-8409-1643da0fda19"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--53426774-0b9a-423d-96e5-258c563551e8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:00.000Z",
|
|
"modified": "2019-06-02T07:30:00.000Z",
|
|
"pattern": "[file:hashes.MD5 = '795ff3e400d08e83de67d23dfc4f0201' AND file:hashes.SHA1 = '1f087445edee192d810d383d182c8350e45008ae' AND file:hashes.SHA256 = '4c98d5cd865d7fe2f293862fae42895045e43facfdd2a3495383be4ddbb220dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bbc42520-4fab-426a-9e7f-ca0d3dfdd8d5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:00.000Z",
|
|
"modified": "2019-06-02T07:30:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:51",
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"uuid": "dad304e4-c98c-4010-af82-f6aac7557e35"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4c98d5cd865d7fe2f293862fae42895045e43facfdd2a3495383be4ddbb220dc/analysis/1559335071/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "41e58b7a-883e-4a30-973d-009bc1f711e4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/68",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "e911adf9-ddc2-472e-b04b-8da576f28ba8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4de765ce-30ef-4d98-ad0d-f91e29e02261",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:00.000Z",
|
|
"modified": "2019-06-02T07:30:00.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b66be2f7c046205b01453951c161e6cc' AND file:hashes.SHA1 = 'ec5784548ffb33055d224c184ab2393f47566c7a' AND file:hashes.SHA256 = 'ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5061c53e-1a32-413d-9d20-d1ae7c1a23bd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:00.000Z",
|
|
"modified": "2019-06-02T07:30:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-11T08:23:58",
|
|
"category": "Other",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "9b52f7e1-c60a-4307-a7da-791ac95a7eaf"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c/analysis/1554971038/",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "5f554615-a857-4202-b608-eb6c1c0fffe2"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/57",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "0d85a709-4633-4795-9f52-f70e7b0f8969"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e6c71e20-622b-4fa1-98a3-049d8fa792cf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:01.000Z",
|
|
"modified": "2019-06-02T07:30:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c8d0ccd2e58c1c467ee8b138c8a15eec' AND file:hashes.SHA1 = 'a9903adb99b41e943541116d32fa4d4043be15fa' AND file:hashes.SHA256 = 'a6c33d7275c46397593f53ea136ea8669794f4d787044106594631c07a9ee71d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e996b91d-bda3-4904-8d59-bd7e6e48c017",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:01.000Z",
|
|
"modified": "2019-06-02T07:30:01.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:19",
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"uuid": "14af7669-d21c-43fa-a092-287e5c336e02"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a6c33d7275c46397593f53ea136ea8669794f4d787044106594631c07a9ee71d/analysis/1559335099/",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "9fb243e5-963a-4c5f-9ace-aefb12c268dd"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/69",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "60e78cd6-5131-4c01-b11f-74fc4f2883b2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--09721354-5254-4f34-99c2-c6bfdfc2a013",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:01.000Z",
|
|
"modified": "2019-06-02T07:30:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1156a1e003c19be6664e0189827a4278' AND file:hashes.SHA1 = 'b68897138a56e27fb12af8b15cbfed2fbd71dcbd' AND file:hashes.SHA256 = 'aaeee605cb1850dd81da8990fe4115fe85e5d4eb84ddaf2fa8d0b21afdc2b293']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--dcd7b5e5-32ae-439a-8d76-d29db0cfe1be",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:01.000Z",
|
|
"modified": "2019-06-02T07:30:01.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:21",
|
|
"category": "Other",
|
|
"comment": "Ligsterac",
|
|
"uuid": "7fd795a7-deb4-4867-9d7c-fd07edc1bd1e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/aaeee605cb1850dd81da8990fe4115fe85e5d4eb84ddaf2fa8d0b21afdc2b293/analysis/1559335101/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"uuid": "6a2686d3-842d-4e2c-b3fa-248d249ce6fa"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/72",
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"uuid": "29da7dd9-1330-4c79-8c78-030ffb0c005e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--038aeee6-160b-4b99-975d-c08f2252a243",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:02.000Z",
|
|
"modified": "2019-06-02T07:30:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e1f9360f952acf5dabdf2f46458e7842' AND file:hashes.SHA1 = '027f6e1ab57db86fc400e5c0ea8f943791ca9943' AND file:hashes.SHA256 = '77850f738ba42fd9da299b2282314709ad8dc93623b318b116bfc25c5280c541']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2f677d16-9287-4cb6-94a2-f789ff3dbb0d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:02.000Z",
|
|
"modified": "2019-06-02T07:30:02.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:03",
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "f9200e7d-805f-41e0-bc21-0dfa4875cc5d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/77850f738ba42fd9da299b2282314709ad8dc93623b318b116bfc25c5280c541/analysis/1559335083/",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "fa7061c9-0d1d-4ab2-a534-40a225689ce4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/66",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "b2a0e7ff-ebea-443c-857c-62ca3c4ee208"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--afc80670-f512-4668-a52b-92120997f276",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:02.000Z",
|
|
"modified": "2019-06-02T07:30:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b2ad4409323147b63e370745e5209996' AND file:hashes.SHA1 = '15e8fac9c9d5e541940a3c2782df6196ec1e9326' AND file:hashes.SHA256 = '867991ade335186baa19a227e3a044c8321a6cef96c23c98eef21fe6b87edf6a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6be40e2f-088b-45f8-8a93-2c139dd1717f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:02.000Z",
|
|
"modified": "2019-06-02T07:30:02.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:11",
|
|
"category": "Other",
|
|
"comment": "HelloWorld",
|
|
"uuid": "dc382f61-1e67-48f0-b879-ba496d6c6385"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/867991ade335186baa19a227e3a044c8321a6cef96c23c98eef21fe6b87edf6a/analysis/1559335091/",
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"uuid": "5d916ec2-83cd-42c0-8b3b-29d60efc4fd5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/71",
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"uuid": "58f63ade-9cb1-4751-9d60-3202c7910c21"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--926b7bd6-2e77-4c03-ba85-77655deb2b6e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:02.000Z",
|
|
"modified": "2019-06-02T07:30:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = '24e501248f4b48f0194e67d7f7d71c0e' AND file:hashes.SHA1 = '5ffded28ee96493e3ad0b4c59b13484f9edc1abe' AND file:hashes.SHA256 = 'e3a6970d66bc4687b21381353826fabd469007c869efc711fdd0e4711aa77ffc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b646014e-f7b5-40e1-aaf2-d47303e69b9c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:02.000Z",
|
|
"modified": "2019-06-02T07:30:02.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:42",
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"uuid": "048edc49-5450-41b0-8703-7e4c4507ddae"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e3a6970d66bc4687b21381353826fabd469007c869efc711fdd0e4711aa77ffc/analysis/1559335122/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "ebd96e80-6d4a-4307-b58a-37e360ac7415"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/71",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "05b4b602-0adc-48dd-ba40-6de0826fb924"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8a3528b9-bc2e-4e32-ac93-4c8a46cc6b2d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:03.000Z",
|
|
"modified": "2019-06-02T07:30:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = '93c043e9480e3b618a74e2cae7c8c086' AND file:hashes.SHA1 = 'd7ec2fdee3abfc6a9e4385d9e320bd07b49039cc' AND file:hashes.SHA256 = '7888e9a27b27f026f09997414504be5822f35b69ddec826eb2a56f6347e2d147']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1adb843b-7121-47fa-a368-76c9cfd0b246",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:03.000Z",
|
|
"modified": "2019-06-02T07:30:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:04",
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"uuid": "e44dcf12-e938-4a69-9746-8c0559cf2c9d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7888e9a27b27f026f09997414504be5822f35b69ddec826eb2a56f6347e2d147/analysis/1559335084/",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "1cd84f3e-4f2f-4965-92aa-38b32cdaa1a9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "2d60b13f-84e0-4e10-a729-0682497fced5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6038bf6c-1f5c-4b29-a890-0514f93246da",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:03.000Z",
|
|
"modified": "2019-06-02T07:30:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e5957ccf597223d69d56ff50d810246b' AND file:hashes.SHA1 = 'd41e96dedbe7c04439ba489535eb65d0c7b17674' AND file:hashes.SHA256 = '7fd109532f1e49cf074be541df38e0ce190497847fdb5588767ca35b9620a6c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--011daee4-ac24-4071-bb9f-ee36ed5c8b5e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:03.000Z",
|
|
"modified": "2019-06-02T07:30:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-06-01T06:11:19",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "22856791-b40d-4a61-b67e-c82831945d99"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7fd109532f1e49cf074be541df38e0ce190497847fdb5588767ca35b9620a6c2/analysis/1559369479/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "edbb49a6-4f3d-4785-9885-6ebb95415bb3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/73",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "4f5fe4d2-8c8a-47aa-a2e4-22aa9ca2ed25"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4892d578-41fd-4500-b607-bb71e079aa54",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:03.000Z",
|
|
"modified": "2019-06-02T07:30:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fac356509a156a8f11ce69f149198108' AND file:hashes.SHA1 = '66b0d9b10c2898d388bdfd2be4a66ac76d5822f4' AND file:hashes.SHA256 = '4a340a0a95f2af5ab7f3bfe6f304154e617d0c47ce31ee8426c70b86e195320c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c344c0d9-4251-460a-90b8-efeb08a354f5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:03.000Z",
|
|
"modified": "2019-06-02T07:30:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-06-01T11:31:52",
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"uuid": "334f4eb5-982c-4dba-8a4d-a0cc8eef12f9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4a340a0a95f2af5ab7f3bfe6f304154e617d0c47ce31ee8426c70b86e195320c/analysis/1559388712/",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "708de2c6-621a-4a57-ba4d-52007df4d5c1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "56/70",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "ce93c5a5-f6b7-4e8d-a723-42aa98a39afa"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--20931e8f-e75d-4b8b-b4ae-6db30c54e355",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:03.000Z",
|
|
"modified": "2019-06-02T07:30:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd94a7f243abba321477afc3f756cae0e' AND file:hashes.SHA1 = 'eed56fdd5f8f57871fd443719950be66e06ae68b' AND file:hashes.SHA256 = 'd60126545fa68b14c36cd4cffa3f81ed487381482582acbba786fa88884f636b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--19697d5f-9fce-41c0-a762-93dcf7479bb5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:03.000Z",
|
|
"modified": "2019-06-02T07:30:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:35",
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"uuid": "2ab7c40c-9df2-4eef-9937-502ba05fe15d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d60126545fa68b14c36cd4cffa3f81ed487381482582acbba786fa88884f636b/analysis/1559335115/",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "99b86863-71e6-4be4-9485-a1a3c24ffd7c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/70",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "ce19e034-b1e6-48b6-b39d-10b939a89a6a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3c1cf1e3-9ce4-4d57-a90b-62d03bac4126",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:03.000Z",
|
|
"modified": "2019-06-02T07:30:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b428c8af87e85522dc847f054f4d1e5f' AND file:hashes.SHA1 = '7dc0efabf70133fb8d30b4de75811c9d771d01da' AND file:hashes.SHA256 = '3d8c7fb9e55f96cf3073b321ee5e59ff2189d70b0662bc0b88990971bc8b73d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a26082fe-b3c8-44c8-817a-286666cfa8e9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:04.000Z",
|
|
"modified": "2019-06-02T07:30:04.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:46",
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"uuid": "5acae290-2761-4d2d-8048-1095273d6c09"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3d8c7fb9e55f96cf3073b321ee5e59ff2189d70b0662bc0b88990971bc8b73d8/analysis/1559335066/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "adac4da8-c70d-4123-9639-9d23a69a71d6"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/73",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "665420d1-8954-4c6c-93d5-bdc8747e0519"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1faad245-0601-4322-b915-cfbb31a5795f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:04.000Z",
|
|
"modified": "2019-06-02T07:30:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3c434d7b73be228dfa4fb3f9367910d3' AND file:hashes.SHA1 = 'b7fc0dd1f939d7bca337b0d9cd562e3b1b5c8947' AND file:hashes.SHA256 = '5ab6358e1886655257c437ebad71b98a6575313b2f9327359661aac5d450c45a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--14bd5db8-ee14-46bf-add5-38c0239113ab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:04.000Z",
|
|
"modified": "2019-06-02T07:30:04.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:56",
|
|
"category": "Other",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "fcbea3cb-8cfa-4920-9027-846cf7ba8174"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5ab6358e1886655257c437ebad71b98a6575313b2f9327359661aac5d450c45a/analysis/1559335076/",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "7169f6ae-142c-4744-8d86-9da92b7b89a7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/64",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "23070997-5e57-4d68-b6f2-07dea4ead1bb"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1bce7fb2-c2d0-4032-b6bb-dd12011a586c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:04.000Z",
|
|
"modified": "2019-06-02T07:30:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0f75dd5ecd9ac36f98462a63bfdc88c2' AND file:hashes.SHA1 = '07afc6b69535e638c5fb59c215a10104de334c2a' AND file:hashes.SHA256 = 'b00cd2ca5247c93e3a40f73006051bbfada3b1bc73c4d44105384824bb60131d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f7a56679-e2ee-4418-92c3-ec83dbc7cf69",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:04.000Z",
|
|
"modified": "2019-06-02T07:30:04.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:22",
|
|
"category": "Other",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "f0f6a844-bce4-41c7-9896-20aeb73c2834"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b00cd2ca5247c93e3a40f73006051bbfada3b1bc73c4d44105384824bb60131d/analysis/1559335102/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "4556723a-7fb1-4790-a340-77be1e9cfb4f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "23/60",
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "50cd7d03-6d84-4cf4-855f-47f59fabf059"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--edcba3d5-9d16-4c26-b036-a783054a0201",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:04.000Z",
|
|
"modified": "2019-06-02T07:30:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '658b0502b53f718bd0611a638dfd5969' AND file:hashes.SHA1 = 'd8879121597693aa54eda9f5cf3247d6e9bc4426' AND file:hashes.SHA256 = '4035d977202b44666885f9781ac8755c799350a03838ff782eb730c0d7069958']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1682fbe3-7192-44a4-9240-2e558891fa92",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:04.000Z",
|
|
"modified": "2019-06-02T07:30:04.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T22:44:12",
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "6899284f-fc02-4dbf-be76-7223977f8cc6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4035d977202b44666885f9781ac8755c799350a03838ff782eb730c0d7069958/analysis/1559342652/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "b01e9195-4842-437d-85a1-46b2df93e864"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/71",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "49c640ff-015e-4132-a11e-d322e4f4c29b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c0446e9d-4d30-4c58-adb6-1fd627e127f0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:05.000Z",
|
|
"modified": "2019-06-02T07:30:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c04a7cb926ccbf829d0a36a91ebf91bd' AND file:hashes.SHA1 = '66adf3ab1913e92be7f34adcd9be1b6eda677d59' AND file:hashes.SHA256 = '04db39463012add2eece6dfe6f311ad46b76dae55460eea30dec02d3d3f1c00a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--842bd8c7-4933-4db4-bbf4-062093187ea1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:05.000Z",
|
|
"modified": "2019-06-02T07:30:05.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:33",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "1eb5a1e0-0693-4ff6-bdc4-0e41f4d16b96"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/04db39463012add2eece6dfe6f311ad46b76dae55460eea30dec02d3d3f1c00a/analysis/1559335053/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "e2baa963-49f8-42ce-a6b0-a2f2a682a2ff"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "a63558fd-ebe8-448e-a3a8-e06c8ca73bde"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2a17841a-d493-4ebe-8f1f-eeb8ac8e2306",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:05.000Z",
|
|
"modified": "2019-06-02T07:30:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a46fde545ed044f541f25aa4d42d6954' AND file:hashes.SHA1 = 'a73df524ccce3c1acbbfd67f1105a9e1f7b3f947' AND file:hashes.SHA256 = '398e335f2d6379771d86d508a43c567b4156104f89161812005a6122e9c899be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7c72b9df-49a4-4325-b269-238b4cfdf298",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:05.000Z",
|
|
"modified": "2019-06-02T07:30:05.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:46",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "e8b323b2-b0da-4440-a919-8d722d63530e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/398e335f2d6379771d86d508a43c567b4156104f89161812005a6122e9c899be/analysis/1559335066/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "5998d9ac-a109-476d-9958-e5ec1ef8267c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "c77209f4-e6b9-4565-9c02-92e9d7294685"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8ea7a65a-ad1b-44bb-9cab-439599dfd007",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:05.000Z",
|
|
"modified": "2019-06-02T07:30:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c19913e42d5ce13afd1df05593d72634' AND file:hashes.SHA1 = 'cc4f98e897e66bdc0c21fb48ac76da6099e710b2' AND file:hashes.SHA256 = 'd10a0e0621a164fad0d7f3690b5d63ecb9561e5ad30a66f353a98395b774384e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--139b4507-7bbb-49e4-80ed-63adb9265bb8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:06.000Z",
|
|
"modified": "2019-06-02T07:30:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:33",
|
|
"category": "Other",
|
|
"comment": "Prilex",
|
|
"uuid": "5b156efc-5351-447a-b13a-296cf811cc8c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d10a0e0621a164fad0d7f3690b5d63ecb9561e5ad30a66f353a98395b774384e/analysis/1559335113/",
|
|
"category": "Payload delivery",
|
|
"comment": "Prilex",
|
|
"uuid": "f0b1158a-fe41-4116-8ce0-a84e898879cf"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/71",
|
|
"category": "Payload delivery",
|
|
"comment": "Prilex",
|
|
"uuid": "0b8ca6bc-e898-4162-88bd-a4e61a569946"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dbfa13a9-c6ba-47bf-96fe-624fdf317bb6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:06.000Z",
|
|
"modified": "2019-06-02T07:30:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2b3a13a952853263142a83030ed11709' AND file:hashes.SHA1 = '4ffbae930fe4f323d63c1cd64e60c8bf02a07522' AND file:hashes.SHA256 = 'fe1634318e27e3af856506d49a54d1d12e1cf650cbc31eeb0c805949edc8fc85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--be6277af-27c1-49b4-a6fb-665023d4b859",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:06.000Z",
|
|
"modified": "2019-06-02T07:30:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:48",
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"uuid": "1677402f-1140-4af4-b81f-03fddbb26c5c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/fe1634318e27e3af856506d49a54d1d12e1cf650cbc31eeb0c805949edc8fc85/analysis/1559335128/",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "01fd602e-d80d-46b4-a335-5e1cb6f47221"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/69",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "cbf1dc74-acad-46d1-b9f9-f74f3ba8c8e0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d75b18de-3b5b-4280-ac08-62fd1a3b2028",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:06.000Z",
|
|
"modified": "2019-06-02T07:30:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c4234c5a9817a7db447c042aa92f5186' AND file:hashes.SHA1 = 'a27b8c49ecfb647d1b7eaca7653b271062dd5462' AND file:hashes.SHA256 = 'f6609bb3c3197ace26ebdeb372ba657ac84b05a3e9e265b5211e1ea42da70dbe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4e34b407-cc37-4139-9c1f-9e65ab576fa2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:06.000Z",
|
|
"modified": "2019-06-02T07:30:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:46",
|
|
"category": "Other",
|
|
"comment": "HelloWorld",
|
|
"uuid": "4f106aef-e6cf-43ef-b5a5-48b9da83586e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f6609bb3c3197ace26ebdeb372ba657ac84b05a3e9e265b5211e1ea42da70dbe/analysis/1559335126/",
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"uuid": "c988e2d8-d03c-4d70-94df-31388b23874f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/70",
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"uuid": "50c79ded-c117-421f-9a5b-dd94f3bff8e0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a28f47bc-9c3f-43da-836e-566801c37af3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:06.000Z",
|
|
"modified": "2019-06-02T07:30:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = '59287133730f114570cce0d6b2bfec47' AND file:hashes.SHA1 = 'd15c97b8e5ef165bbbecedb1abf553ae9fec20e0' AND file:hashes.SHA256 = 'b39c5992c2cb70c76c82d6fba3cc0b7972c2f9b35227934b766e810f20a5f053']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--82e1a278-1e8f-42da-9165-88748d3b97e9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:08.000Z",
|
|
"modified": "2019-06-02T07:30:08.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:24",
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"uuid": "a453a41b-f067-472f-b4fc-2296f6214cbe"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b39c5992c2cb70c76c82d6fba3cc0b7972c2f9b35227934b766e810f20a5f053/analysis/1559335104/",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "a6c96f8f-9eb9-4adc-a903-f638befde839"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "3317b910-c2b9-4ade-aff8-7f6d17b1c4d9"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e129d219-2e21-4bb0-80f5-b86c12280449",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:09.000Z",
|
|
"modified": "2019-06-02T07:30:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '654f1b90cf1f1969ecdcd738f1eb70a7' AND file:hashes.SHA1 = '4888eed3cfbe66ec23ab1fdaaa1ade65d2a49732' AND file:hashes.SHA256 = '1065502d7171df7be3776b839410a227c540cd977e5e856bbbcd837b0872bdb6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--58e83e28-fbea-4868-a994-60f4de007d99",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:09.000Z",
|
|
"modified": "2019-06-02T07:30:09.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:35",
|
|
"category": "Other",
|
|
"comment": "ATMitch",
|
|
"uuid": "fa230657-879a-4f45-b450-9c6e998f4c90"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1065502d7171df7be3776b839410a227c540cd977e5e856bbbcd837b0872bdb6/analysis/1559335055/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"uuid": "0023fe5f-b385-4a33-8d7e-0f22c0697799"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/70",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"uuid": "27b9460c-7af1-40ab-8f76-f311bc90eb38"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--493a431d-5b81-4845-b0ef-251375c0373b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:09.000Z",
|
|
"modified": "2019-06-02T07:30:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '821e593e80c598883433da88a5431e9d' AND file:hashes.SHA1 = '95ddd765865919f7328fef4d15f69b1ee67c0841' AND file:hashes.SHA256 = '3f5ff48aa4dc2c1af3deeb33a9cc576616dad37156ae9182831b1b2a5ae4ae20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--350e44bd-9cf3-49c4-b79d-4085722249f1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:09.000Z",
|
|
"modified": "2019-06-02T07:30:09.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-09T15:56:49",
|
|
"category": "Other",
|
|
"comment": "WinPot",
|
|
"uuid": "089319d9-21fa-4479-9f0e-0421b84f1103"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3f5ff48aa4dc2c1af3deeb33a9cc576616dad37156ae9182831b1b2a5ae4ae20/analysis/1557417409/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"uuid": "2c25b5f2-0ed3-4747-b319-699890219caa"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/72",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"uuid": "e142a0fa-e22a-4b8f-a555-d0706f9de24f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1a246cda-41a5-49f3-8cda-6268811a7b9c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:09.000Z",
|
|
"modified": "2019-06-02T07:30:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f18a9fd8178ebbcaac9baf6b7acc417a' AND file:hashes.SHA1 = 'e4f3d0267ea70186e5a0feaacc7b5d1b4cc80b33' AND file:hashes.SHA256 = '622d7489208578eaaaae054a07e16b4b8c91a3fde6e61d082a09aee5a1b1f829']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6180ec62-cb52-473e-a755-69730222ba29",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:09.000Z",
|
|
"modified": "2019-06-02T07:30:09.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:56",
|
|
"category": "Other",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "30239132-d04b-43d5-bbdf-70e8d5dc3a05"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/622d7489208578eaaaae054a07e16b4b8c91a3fde6e61d082a09aee5a1b1f829/analysis/1559335076/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "af6993c2-0adf-404c-a10c-f7de33181ec7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/65",
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "3d8098f3-ffe1-47bc-8039-980495c25e49"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2be66c70-853f-4f7c-a92c-06f6ba36e77c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:09.000Z",
|
|
"modified": "2019-06-02T07:30:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fce2550a8a4b3c8feb0fec704b16cd43' AND file:hashes.SHA1 = 'a061d9f0bd75735e891e3a1fd7f279bd4e285c28' AND file:hashes.SHA256 = '5c838658b25d44edab79a4bd2af7c56bef96768b93addbbaaaea36da604fca62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--db4d615e-ac5f-4345-9443-a1f21f120cc5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:09.000Z",
|
|
"modified": "2019-06-02T07:30:09.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:57",
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"uuid": "874606a3-5638-487b-9464-705886de1c7b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5c838658b25d44edab79a4bd2af7c56bef96768b93addbbaaaea36da604fca62/analysis/1559335077/",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "ba027047-a1cb-4645-aede-2100be04dea2"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/67",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "0e99f221-8808-4aa3-8ad9-90b2364b3bc0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a131f43e-2785-48a1-8947-8b82e1aaa5ab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:09.000Z",
|
|
"modified": "2019-06-02T07:30:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e563e3113918a59745e98e2a425b4e81' AND file:hashes.SHA1 = 'fa8e5a1a0542facc5729f33591e5b8152fb4ea9f' AND file:hashes.SHA256 = '2721a5a6478bfff2c5de0d105623ba5f411401bbd92bd3e2bee4c51c2d12f5a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3066167d-9e78-4ed6-9459-f009a151fe41",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:10.000Z",
|
|
"modified": "2019-06-02T07:30:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:41",
|
|
"category": "Other",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "1d9c31f8-e68f-4b59-9372-44f5bea67c5f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2721a5a6478bfff2c5de0d105623ba5f411401bbd92bd3e2bee4c51c2d12f5a8/analysis/1559335061/",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "af7e9b88-5f3c-4163-b3b3-5b7463de07ed"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/67",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "19a6d030-b575-4569-9fa2-b44f52425be6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3181de68-5e89-497e-b087-57b51ecbef08",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:10.000Z",
|
|
"modified": "2019-06-02T07:30:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '328ec445fce0ec1e15972fef9ec4ce38' AND file:hashes.SHA1 = 'ad8a7c5d1287b1fb8b8e874ba9bdb7be0ee971f9' AND file:hashes.SHA256 = '0971c166826163093093fb199d883f2544055bdcfc671e7789bd5088992debe5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6aa56cbd-16ee-4811-81d9-4af960c3518d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:10.000Z",
|
|
"modified": "2019-06-02T07:30:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:33",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "cfddc425-816e-4fe1-ae00-e1ef4e5c0ae2"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0971c166826163093093fb199d883f2544055bdcfc671e7789bd5088992debe5/analysis/1559335053/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "edb0333b-cb0f-456d-bc3c-ae4c68dac66e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "a147ae32-c478-4c64-ac27-c23e7b46dff8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6b2065b0-b2fc-431a-9ab4-94b1a58b9d1d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:10.000Z",
|
|
"modified": "2019-06-02T07:30:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '01390aeb5c4bbf2eebdb154d706e7117' AND file:hashes.SHA1 = '0d484d7adc95caf1b375c30dc949a32bd8b932c1' AND file:hashes.SHA256 = '34e7060e7a0c0ba24fcb55c641e5b586cef744e10ebd5a9f73ecd2ed2f4e9c1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--89320365-5158-4b98-9194-f2883d3c2c36",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:10.000Z",
|
|
"modified": "2019-06-02T07:30:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-06-01T10:08:28",
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"uuid": "d74d1e16-3996-43b7-87fb-575448bd2d7b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/34e7060e7a0c0ba24fcb55c641e5b586cef744e10ebd5a9f73ecd2ed2f4e9c1f/analysis/1559383708/",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "4b9e05d9-cce0-4697-a4d0-17c72750eac4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "56/72",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "5fce43e6-4f67-46eb-ab4e-00c89aa89940"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c75413c5-ac2d-48e1-85a6-26d59da40b2d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:10.000Z",
|
|
"modified": "2019-06-02T07:30:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a7441033925c390ddfc360b545750ff4' AND file:hashes.SHA1 = '3022e60790e17303def03761c8fa7e7393a0ad26' AND file:hashes.SHA256 = 'd90257af70401984d5d41dd057114df88566d00329874ced3103a6f8cd1991e5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--22de11ea-f09d-456d-b04a-d9d2ed231361",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:10.000Z",
|
|
"modified": "2019-06-02T07:30:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:37",
|
|
"category": "Other",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "93816fde-2b73-4fd4-96ce-0076fabeafa1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d90257af70401984d5d41dd057114df88566d00329874ced3103a6f8cd1991e5/analysis/1559335117/",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "ae473f3b-5f7a-4fdc-8c39-bd14d3686e4a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "28f17295-0f98-4300-9d39-c20df51f22c7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0f1722a1-311b-4965-b355-7ae365e38a1b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:10.000Z",
|
|
"modified": "2019-06-02T07:30:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '733678dda902f949234c227c8b7e4882' AND file:hashes.SHA1 = '350e40aad87380faa51bd8f63afc6f5311f38148' AND file:hashes.SHA256 = '1243c478a7145fa08a03200611fcf5fae9bb58039c5069ef93e150d53cf22524']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b187b049-a9e0-4e18-b1f5-32350b0d2b33",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:10.000Z",
|
|
"modified": "2019-06-02T07:30:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:36",
|
|
"category": "Other",
|
|
"comment": "Ligsterac",
|
|
"uuid": "9aeacd2b-77ca-4940-96c9-cc77d8883dd6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1243c478a7145fa08a03200611fcf5fae9bb58039c5069ef93e150d53cf22524/analysis/1559335056/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"uuid": "964f08ae-5f2f-4899-8448-d0c57b01ba5e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/65",
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"uuid": "765f3762-a249-4683-9945-0a9c2f0395a0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e623166e-60c6-48c5-9d77-dc65668de4bb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:11.000Z",
|
|
"modified": "2019-06-02T07:30:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ea40b06b673d190b4edf38d4b3eef48b' AND file:hashes.SHA1 = '7a53ad4a579b5518d42259f3bfa8c97a84a4dff0' AND file:hashes.SHA256 = '85e5aacbc9113520d93f1d9d73193c3501ebab8032661052d9a66348e204cde6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b7bb76ce-eba0-43ff-8242-af513ba697ac",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:11.000Z",
|
|
"modified": "2019-06-02T07:30:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:10",
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "3a5e8201-87e9-4423-99d5-dc9a81093cef"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/85e5aacbc9113520d93f1d9d73193c3501ebab8032661052d9a66348e204cde6/analysis/1559335090/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "19b3baec-0141-4c1c-b5cc-e3e15975982f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/63",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "93e20d2e-83c8-4e55-92b4-ca83010e648e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--518e8321-d45d-47c1-94a5-4ed465d2122f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:11.000Z",
|
|
"modified": "2019-06-02T07:30:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd5d6fd384de9fb23b3a65efeadac7e21' AND file:hashes.SHA1 = 'd075dd37f436b5d6d9353ccb25dfdd5b875b0567' AND file:hashes.SHA256 = '9feea4b7a5b438335353bb4eac82f8f2a16232a90b7cddbf77dc73dd451e9a6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2bd8993a-3374-4868-895b-31745d45d556",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:11.000Z",
|
|
"modified": "2019-06-02T07:30:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:20",
|
|
"category": "Other",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "98827caa-4040-4f46-b4c0-69b5500dd062"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9feea4b7a5b438335353bb4eac82f8f2a16232a90b7cddbf77dc73dd451e9a6e/analysis/1559335100/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "8a13a2ad-fc9f-492f-b0ae-f125129a1d27"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/70",
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "cd268ae1-8e9c-499d-aa26-fce56fd10097"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a0e70bcc-2c0d-4556-a3e8-4bdd6ce2ab00",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:11.000Z",
|
|
"modified": "2019-06-02T07:30:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fa1fb907051b8f95830792fc534ddf9d' AND file:hashes.SHA1 = 'd02b95adb54f0f1578316faa03e5df7a2d799a5c' AND file:hashes.SHA256 = '64499b2584d239380ffecf07e94167e0414c4bb5438620659fe37d595ef3f361']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a1aca217-f549-4846-99ad-85432a8ee8fa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:11.000Z",
|
|
"modified": "2019-06-02T07:30:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:57",
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"uuid": "03705c86-322a-4e1b-a6ae-f4dd21546064"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/64499b2584d239380ffecf07e94167e0414c4bb5438620659fe37d595ef3f361/analysis/1559335077/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "eeb47eca-9cf5-475a-a9d0-001af82adc25"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/68",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "0c34a5ef-002d-4c20-9154-802941e19c0c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--426bf823-1fe0-47a8-8a28-28f1c6c12911",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:11.000Z",
|
|
"modified": "2019-06-02T07:30:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '46b318bbb72ee68c9d9183d78e79fb5a' AND file:hashes.SHA1 = '5375ad3746ce42a6f262f55c4f1f0d273fb69c54' AND file:hashes.SHA256 = '10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--052c17c1-fc2a-4922-8d1f-c1c4659677c9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:11.000Z",
|
|
"modified": "2019-06-02T07:30:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-02-28T10:46:34",
|
|
"category": "Other",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "7164ac9f-f644-41e4-911e-cde0b1b38254"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba/analysis/1551350794/",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "c71e6526-5bca-4baa-b317-ba6fba8f79f2"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/58",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"uuid": "1741853f-c1df-4ce9-85bb-6987de46a57a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--285bf247-3a77-4b6b-b0cf-95f327d8e720",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:11.000Z",
|
|
"modified": "2019-06-02T07:30:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '085b70e88f7de403194c7b6c725ea9ba' AND file:hashes.SHA1 = '52da479911e86ad5b7da6105de6b23becb746632' AND file:hashes.SHA256 = '8770f760af320d30681a4eb4ded331eab2481f54c657aac607df8babe8c11a6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ee92cc82-3b6b-4b3d-b7b4-62deb508eced",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:12.000Z",
|
|
"modified": "2019-06-02T07:30:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:07",
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "c9a659ad-4ddf-46b5-8a6e-6d842ffa189a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/8770f760af320d30681a4eb4ded331eab2481f54c657aac607df8babe8c11a6b/analysis/1559335087/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "2feaf6d0-838d-434e-984b-b7f1224deed2"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "39/66",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "84b9b008-3daf-4615-97c2-6d714f54d382"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3f4eda4d-eadf-47f8-8901-1f598dd74fee",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:12.000Z",
|
|
"modified": "2019-06-02T07:30:12.000Z",
|
|
"pattern": "[file:hashes.MD5 = '27640bb7908ca7303d13d50c14ccf669' AND file:hashes.SHA1 = '7813becfec5dba77f94131c943137d8642449881' AND file:hashes.SHA256 = '05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--71681f92-49fb-4c75-8174-fb659cb4d73b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:12.000Z",
|
|
"modified": "2019-06-02T07:30:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:33",
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"uuid": "c260303a-a917-4163-839b-f8b2da03fe42"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd/analysis/1559335053/",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "37ea0123-036e-4f30-a066-1ea04ac5b13c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/70",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "02d2beb5-d011-46d7-aca1-57eb941c373d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ca412922-c341-4132-b68c-29881ecfc37c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:13.000Z",
|
|
"modified": "2019-06-02T07:30:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f66c4d00d9b415dde0a81e8b8dab850b' AND file:hashes.SHA1 = 'beb5a2ce8c43cd16be5cd46c3ac2246b40e23e39' AND file:hashes.SHA256 = 'e78e6155b8dfd206ba5a5e7253409891bfed1b943d217e0fbc416a25fa761580']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b1eff610-3c61-4201-8d01-263133fba839",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:13.000Z",
|
|
"modified": "2019-06-02T07:30:13.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:39",
|
|
"category": "Other",
|
|
"comment": "SkimerWC",
|
|
"uuid": "48380e82-5d2e-46ee-b44c-6ae83f2341b5"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e78e6155b8dfd206ba5a5e7253409891bfed1b943d217e0fbc416a25fa761580/analysis/1559335119/",
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"uuid": "bda6809d-8daa-4bfe-98cc-086634da4d47"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/72",
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"uuid": "8147e7f3-408a-4b41-ba72-57cf2cbb04d4"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bf924e79-ad8a-431e-ba9b-c5492520e160",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:14.000Z",
|
|
"modified": "2019-06-02T07:30:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f0f0095484f014b3062603721fecf2cf' AND file:hashes.SHA1 = '7b7479391cc1654b068b77d4c1e58d3a5b85dfc9' AND file:hashes.SHA256 = '0149667c0f8cbfc216ef9d1f3154643cbbf6940e6f24a09c92a82dd7370a5027']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--cc21c434-9260-41d3-a614-b133375f24ee",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:14.000Z",
|
|
"modified": "2019-06-02T07:30:14.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:32",
|
|
"category": "Other",
|
|
"comment": "Java/Dispcash",
|
|
"uuid": "0a2d9377-d49c-43ac-8a54-fa6c68fd3480"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0149667c0f8cbfc216ef9d1f3154643cbbf6940e6f24a09c92a82dd7370a5027/analysis/1559335052/",
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"uuid": "a58e1c94-44a6-420e-874c-461ddcb6ef74"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/61",
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"uuid": "bc5ccc6f-352d-483e-a1be-887acbc1a46a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1a5bddeb-8677-4a75-ac19-99205239f3b7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:14.000Z",
|
|
"modified": "2019-06-02T07:30:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'af945758905e0615a10fe23070998b9b' AND file:hashes.SHA1 = '0c3e6c1d4873416dec94c16e97163746d580603d' AND file:hashes.SHA256 = 'b670fe2d803705f811b5a0c9e69ccfec3a6c3a31cfd42a30d9e8902af7b9ed80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--66eed121-39b0-4068-8398-65d6e5555d7c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:14.000Z",
|
|
"modified": "2019-06-02T07:30:14.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:27",
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"uuid": "d5223a80-a681-4753-82d1-c5318d77aa4e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b670fe2d803705f811b5a0c9e69ccfec3a6c3a31cfd42a30d9e8902af7b9ed80/analysis/1559335107/",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "bdfbc162-32a9-46ad-b5f1-6f65e1c403c5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "56/72",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "23615656-fa40-42e1-b754-d9694c955b88"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--489c0352-e36f-4cb3-874b-7724ebb7b544",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:14.000Z",
|
|
"modified": "2019-06-02T07:30:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '035484d750f13e763eae758a5f243133' AND file:hashes.SHA1 = '74758372d3860ef97ab5b9a7060600a929134543' AND file:hashes.SHA256 = 'b51973c530802ae19df8ac4d9643fc3317952242d9d42f951e094c72d730dd66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3789a48b-d259-456e-9cb6-4dcd8d8b332a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:14.000Z",
|
|
"modified": "2019-06-02T07:30:14.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:26",
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"uuid": "082f0a76-1673-411b-bf62-6ffcb4442b95"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b51973c530802ae19df8ac4d9643fc3317952242d9d42f951e094c72d730dd66/analysis/1559335106/",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "8aaf8d34-5aa8-4a01-9d8a-e492eac6299d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/62",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "72b0fd79-19b4-4676-b2f9-eb62bf3d9e7d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6de5692d-8e5c-460c-a525-2041d7a48c6b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:14.000Z",
|
|
"modified": "2019-06-02T07:30:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e6c44150a0eea3f3ff3919953cfe3ff8' AND file:hashes.SHA1 = '8c51cc3df79dd894e6349bd0e3958db654dcdc47' AND file:hashes.SHA256 = 'c3a5c8e9195163cef8e0e70bd8f3d49c8048e37af7c969341e1753aee63df0ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c579698f-d8ca-4926-a3d1-faee6b1d14fa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:14.000Z",
|
|
"modified": "2019-06-02T07:30:14.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:32",
|
|
"category": "Other",
|
|
"comment": "WinPot",
|
|
"uuid": "cf60897a-8193-4d4f-abef-abeb49ee6fa5"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c3a5c8e9195163cef8e0e70bd8f3d49c8048e37af7c969341e1753aee63df0ae/analysis/1559335112/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"uuid": "3b5a1470-2fbf-4641-93ea-b21e12556143"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/70",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"uuid": "9130ba00-8ad6-4c2c-9dae-5e37167bdba6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7e9b9964-9f85-457b-a68e-4d57d216a676",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:14.000Z",
|
|
"modified": "2019-06-02T07:30:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8f4c346007c2273fbf95ababd3e39e3a' AND file:hashes.SHA1 = '8212b6b2e73581ae9a077f84c18982e5e94c5148' AND file:hashes.SHA256 = 'd74cbd2e39dc0a00dc4c0fb0823c5a86455cdad2be48d32866165c9e5557c3e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c65d59bb-2353-4255-a521-00491026938e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:15.000Z",
|
|
"modified": "2019-06-02T07:30:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:35",
|
|
"category": "Other",
|
|
"comment": "ATMii",
|
|
"uuid": "e94a836a-6e9e-46a4-ba9f-73a1cb02b5d4"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d74cbd2e39dc0a00dc4c0fb0823c5a86455cdad2be48d32866165c9e5557c3e0/analysis/1559335115/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"uuid": "2b8bb496-60e9-40ac-a4cb-d6b57d9c3255"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/70",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"uuid": "97378694-1401-435b-ba49-1a4d9d422e0b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7701de0b-39e3-4f29-92d3-367acfaf7da4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:15.000Z",
|
|
"modified": "2019-06-02T07:30:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = '44707298e30eef47e2f50b7fbcf187d0' AND file:hashes.SHA1 = '2fe0089a68b1d039ea166a2b6b782e5ef22753fb' AND file:hashes.SHA256 = 'ef407db8c79033027858364fd7a04eeb70cf37b7c3a10069a92bae96da88dfaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5a66509e-55c3-4f73-ba44-ef9d7a670687",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:15.000Z",
|
|
"modified": "2019-06-02T07:30:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:44",
|
|
"category": "Other",
|
|
"comment": "Java/Dispcash",
|
|
"uuid": "3624bfd0-c8c0-4680-89b4-5c3b13596bf1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ef407db8c79033027858364fd7a04eeb70cf37b7c3a10069a92bae96da88dfaa/analysis/1559335124/",
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"uuid": "1565608f-5edb-4809-8b5c-a4622c78f3c5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "24/58",
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"uuid": "450f695a-3460-4863-94e1-6a3b8976d04f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--64e6740d-db89-4721-b931-cca5f3131f24",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:15.000Z",
|
|
"modified": "2019-06-02T07:30:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c10b0157f6fd6590424a748f3c6c80ee' AND file:hashes.SHA1 = 'b3401a57ddde3b944bafd348f6575ce195883acc' AND file:hashes.SHA256 = '20a1490b666f8c75c47b682cf10a48b7b0278068cb260b14d8d0584ee6c006a5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--985dd522-fd96-47a8-9271-703843c2e8fa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:15.000Z",
|
|
"modified": "2019-06-02T07:30:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:38",
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "d02f0643-4b00-43f1-8ceb-0342aee7c9d9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/20a1490b666f8c75c47b682cf10a48b7b0278068cb260b14d8d0584ee6c006a5/analysis/1559335058/",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "e099554e-378d-4e76-a215-d1dba5769ba1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/71",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "d0e4882f-c60c-437e-a840-9fa36278d0a2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f67a4b48-4754-4364-ba60-cffdf6098346",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:15.000Z",
|
|
"modified": "2019-06-02T07:30:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f19b2e94ddfcc7bcee9c2065ebeaa66c' AND file:hashes.SHA1 = '83989be7e0de579b1bd99079c490e00a997e6709' AND file:hashes.SHA256 = '653701d02c5d8d39b3da9b0848d20921cd65ea28e77c8e9254e222601264bcc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--51f62180-23c6-4f50-8b29-60f208683bba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:15.000Z",
|
|
"modified": "2019-06-02T07:30:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:58",
|
|
"category": "Other",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "448e960d-3165-49ff-8199-ff4a6830df4f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/653701d02c5d8d39b3da9b0848d20921cd65ea28e77c8e9254e222601264bcc6/analysis/1559335078/",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "2b4434db-c95d-44c0-bd9e-c1b368d35a11"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/70",
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"uuid": "21d1dd8e-82fa-4347-816f-ed1786a343f1"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--be9ecc17-1c1d-4a40-9401-954926e240c5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:15.000Z",
|
|
"modified": "2019-06-02T07:30:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = '162ad6dbd50f3be407f49f65b938512a' AND file:hashes.SHA1 = '535f24c37102387fb3dd7869523aedb1805f3733' AND file:hashes.SHA256 = '8bb5c766de0a73dc0eff7c9fce086565b6220465185e258c21c5b9dfb0bef51d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--217bba47-5310-4bf5-914b-c0d3015a1b0f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:16.000Z",
|
|
"modified": "2019-06-02T07:30:16.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:10",
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"uuid": "62ea8bf7-1eaa-4674-99d6-da35eb2e4f84"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/8bb5c766de0a73dc0eff7c9fce086565b6220465185e258c21c5b9dfb0bef51d/analysis/1559335090/",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "4b9d2857-ccc5-4414-a615-52c13b9a091c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/63",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "9db2254b-cea0-478b-8970-0f5939ca4d55"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a32b0183-4187-4dd2-a8dd-af1f550a895d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:16.000Z",
|
|
"modified": "2019-06-02T07:30:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ebc66db4dd04ca972de9d4a3a59552d2' AND file:hashes.SHA1 = 'ef6f5acfe78a50fd5fa61a9f8c3b04e78733d9a3' AND file:hashes.SHA256 = '7bd2c97ac5027c360011dc5aa8f2371cd934f73e885e41f7e80152332b3af1db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8edd7b20-8c0d-4ec5-8377-f91b2bc14df9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:16.000Z",
|
|
"modified": "2019-06-02T07:30:16.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:06",
|
|
"category": "Other",
|
|
"comment": "ATMWizX",
|
|
"uuid": "ac569e80-185e-48ad-8f43-6e4242aacabc"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7bd2c97ac5027c360011dc5aa8f2371cd934f73e885e41f7e80152332b3af1db/analysis/1559335086/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"uuid": "de30922b-25bf-4ed8-81a0-66587f10c607"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/72",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"uuid": "2eaa45a1-a927-4799-b26a-0bc4e1de98b8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4e16407e-a152-4a11-a169-e45b71d2f5b9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:16.000Z",
|
|
"modified": "2019-06-02T07:30:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1876442db107de88ad1dd01cb6c764a3' AND file:hashes.SHA1 = '232163c4c6e6455d22c57453166269dbf3140692' AND file:hashes.SHA256 = '0e37b8a6711a3118daa1ce2e2f22c09b3f3c6179155b98215a1d96a81c767889']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f7be55e7-5559-4dc2-a64c-3b399c676e28",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:16.000Z",
|
|
"modified": "2019-06-02T07:30:16.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:34",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "c9626a4f-252f-4960-b63f-209f3c73cba8"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0e37b8a6711a3118daa1ce2e2f22c09b3f3c6179155b98215a1d96a81c767889/analysis/1559335054/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "34b19d17-7266-47b6-8850-bfc6f821e8a9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/70",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "c13d9539-a0b9-48f8-953b-719e56f3a901"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--47e549fb-5165-4fde-8894-16f554d846b2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:16.000Z",
|
|
"modified": "2019-06-02T07:30:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5e6986ebf2ccf69347569c75c054c1a8' AND file:hashes.SHA1 = 'fda071723db7a1de6a1c11984c843ea3a54bf0c5' AND file:hashes.SHA256 = '359bb8596e4befafdaca706630bec598400694305622c116acdfa59074f1858e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--38eb9333-7756-4ef1-84f3-40b11f95c38b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:17.000Z",
|
|
"modified": "2019-06-02T07:30:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:45",
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"uuid": "868af5ab-1eba-4848-abf9-f6952c70f7b0"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/359bb8596e4befafdaca706630bec598400694305622c116acdfa59074f1858e/analysis/1559335065/",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "50a35d55-3ffc-45ba-8e62-2ba549e1911b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/66",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "d6c023f6-1636-4259-b48e-78010e213023"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4323e483-a2d7-4c59-a770-d6f7603eaeda",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:17.000Z",
|
|
"modified": "2019-06-02T07:30:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1dbac403209d1f5aac9bdac28d4ea335' AND file:hashes.SHA1 = '8f9428c689aa1953293d240e83530ec00fe1df47' AND file:hashes.SHA256 = '50db1f5e9692f217f356a592e413e6c9cb31105a94efc70a5ca1c2c73d95d572']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--cb558419-e9a9-4864-96b4-e0c1a05bf28c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:17.000Z",
|
|
"modified": "2019-06-02T07:30:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:54",
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "dd55cea0-87c7-4392-81c6-13b90d01a518"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/50db1f5e9692f217f356a592e413e6c9cb31105a94efc70a5ca1c2c73d95d572/analysis/1559335074/",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "bf1dc769-100e-41db-aac0-698dfa97704c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/70",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "e50575d3-5e5a-4e33-a40e-08ebdd5da510"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c1485cd8-7304-4ab9-867d-657b3b4539eb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:17.000Z",
|
|
"modified": "2019-06-02T07:30:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5e5b867ad32f3eb31197ec038215230d' AND file:hashes.SHA1 = '4d5493d93e600a61b21debad299dc178dcdadca3' AND file:hashes.SHA256 = '6c59cd1e12bc1037031af48b934e9398fc85efb2a067d03b6a100dd8423e5d9b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--92d58414-05a5-4064-89fa-4064243cd9e0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:17.000Z",
|
|
"modified": "2019-06-02T07:30:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:58",
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"uuid": "fd203916-0e9a-44ee-879f-22b57f34ab5b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6c59cd1e12bc1037031af48b934e9398fc85efb2a067d03b6a100dd8423e5d9b/analysis/1559335078/",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "565f8d77-e8a5-4e79-ba9c-fa612b5326a3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/69",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "265f4a01-a74a-43e9-a7b0-f273f6d12bf5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--035ba73e-cc14-4912-baf9-e93dd6d802f0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:17.000Z",
|
|
"modified": "2019-06-02T07:30:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = '69c9595b8b5fa249a96a4e6cd60bc969' AND file:hashes.SHA1 = 'b9abd8b934a56e47c62745b77cca16d6de8ec5cc' AND file:hashes.SHA256 = '70cc5070ce058682c1d44cef887c0ec8a50dba6b717802c5a8f2c8f2ed377c13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e3388a02-63e9-47b4-be96-b98ef6445e5d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:17.000Z",
|
|
"modified": "2019-06-02T07:30:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:01",
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"uuid": "663fd72d-df27-40b6-8e33-23ade6849dd9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/70cc5070ce058682c1d44cef887c0ec8a50dba6b717802c5a8f2c8f2ed377c13/analysis/1559335081/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "42f69ce4-ffc6-484a-9525-26d60e608fcb"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/70",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "058441f4-3c74-4dc7-9e35-70d1143162c1"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2a858aa7-dba0-494e-b925-3b66b5fc616a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:20.000Z",
|
|
"modified": "2019-06-02T07:30:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bff1bf173b934a4255b4eca0fbaa6309' AND file:hashes.SHA1 = 'd9aae7e14b1f6267bc37d5c2ea3ee681b90fbed2' AND file:hashes.SHA256 = '7544e7a798b791cb36caaa1860974f33d30bc4659ceab3063d1ab4fd71c8c7e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4abf6300-36e7-4563-a282-6bec690732a6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:20.000Z",
|
|
"modified": "2019-06-02T07:30:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:04",
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "499961e9-6afc-4cf2-8686-7ef57873acbf"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7544e7a798b791cb36caaa1860974f33d30bc4659ceab3063d1ab4fd71c8c7e0/analysis/1559335084/",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "b5343cb9-2da4-413d-a54a-9e0ef8cd266d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/71",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "e458f237-e696-4e93-af55-04e885be1c4e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--442e577a-51c7-479e-a130-2354ce9fa332",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:20.000Z",
|
|
"modified": "2019-06-02T07:30:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c092bf1244c88b6e7e112e3614db79dc' AND file:hashes.SHA1 = 'bc32ac2ce56f12baae935b684b2022e4366a9117' AND file:hashes.SHA256 = '22db6a994eb057715b499c5641cc608fb0380aeea25f78180436c35ecd81ce7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4590636d-859a-4a7e-8de0-1abe61c45dd3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:20.000Z",
|
|
"modified": "2019-06-02T07:30:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:39",
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"uuid": "ca749cd3-6b37-4dc7-ad55-80a102f492de"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/22db6a994eb057715b499c5641cc608fb0380aeea25f78180436c35ecd81ce7d/analysis/1559335059/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "497b2c10-75e8-41b3-b896-0898adb436fb"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/69",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "d4beb9ae-5437-4455-baa0-a772509d9b8d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--82522c87-2116-4ad0-9878-6e93503b2f34",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:20.000Z",
|
|
"modified": "2019-06-02T07:30:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = '90613e037c12dd0d1eb1a7d3747e908f' AND file:hashes.SHA1 = '09899d4095fc77e8deac787f60eb98571aec919c' AND file:hashes.SHA256 = 'e267fb3044c31256f06dd712c7aeae97ad148fd3157995a7e536e5473c1a2bc0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e9fd0c43-dfc9-4b41-b257-74df3185bee2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:20.000Z",
|
|
"modified": "2019-06-02T07:30:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:40",
|
|
"category": "Other",
|
|
"comment": "SkimerWC",
|
|
"uuid": "3f9cd594-cfef-4ed2-a134-530655857e09"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e267fb3044c31256f06dd712c7aeae97ad148fd3157995a7e536e5473c1a2bc0/analysis/1559335120/",
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"uuid": "cb503571-a33d-4573-a2dd-ec3be397e1ba"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/65",
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"uuid": "53482472-805d-4035-bdbb-c7e769ef9dd5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2690ba26-376c-4046-9976-b415e1a49af5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:20.000Z",
|
|
"modified": "2019-06-02T07:30:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4bdd67ff852c221112337fecd0681eac' AND file:hashes.SHA1 = '4610093687b0f2c42fe80adca217988c8947a546' AND file:hashes.SHA256 = 'd33d69b454efba519bffd3ba63c99ffce058e3105745f8a7ae699f72db1e70eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--dafea516-a72d-4320-8339-0361507b10a0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:21.000Z",
|
|
"modified": "2019-06-02T07:30:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:35",
|
|
"category": "Other",
|
|
"comment": "Suceful",
|
|
"uuid": "5e0ce246-fdb2-4afc-a9f7-c667aec52df1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d33d69b454efba519bffd3ba63c99ffce058e3105745f8a7ae699f72db1e70eb/analysis/1559335115/",
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"uuid": "ed40136c-d6cf-426c-8d2e-bd5738659d62"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"uuid": "d71b81b4-5456-41a2-bd02-b3f3b937219a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9df2dfe6-af34-4439-a39c-99bb002afc9f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:21.000Z",
|
|
"modified": "2019-06-02T07:30:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '80d6a5f6796a2ef2cd8b3b170ec1a23b' AND file:hashes.SHA1 = '9b909caafebc353643fd030c0faecabffa592f90' AND file:hashes.SHA256 = 'a4b42f503090cd3cd53963ddaf0be3e4eeedbd81ff02664668e68612816e727f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b989eb7e-8f0a-4093-8a1c-3381331b0479",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:21.000Z",
|
|
"modified": "2019-06-02T07:30:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:18",
|
|
"category": "Other",
|
|
"comment": "ATMWizX",
|
|
"uuid": "d65b14ac-a4da-4272-993d-7f7b8eb02baa"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a4b42f503090cd3cd53963ddaf0be3e4eeedbd81ff02664668e68612816e727f/analysis/1559335098/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"uuid": "6dcf2013-696f-410e-97b8-7ae27cb048fe"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/64",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"uuid": "cad09be2-5c14-4cb9-92d9-c33c5046942f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1acc6608-0f9d-436a-9543-691bda129647",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:21.000Z",
|
|
"modified": "2019-06-02T07:30:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1a6a240d2d03eb2c66c17a6593d4b6d2' AND file:hashes.SHA1 = '6905848e0f6b5d760cdb553ca30a13e29cb22504' AND file:hashes.SHA256 = '85652bbd0379d73395102edc299c892f21a4bba3378aa3b0aaea9b1130022bdd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e79f4594-9967-4fc4-98fb-02be42825e7e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:21.000Z",
|
|
"modified": "2019-06-02T07:30:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:10",
|
|
"category": "Other",
|
|
"comment": "NeoPocket",
|
|
"uuid": "2440e701-c9df-4962-bc7d-d63e0c4de979"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/85652bbd0379d73395102edc299c892f21a4bba3378aa3b0aaea9b1130022bdd/analysis/1559335090/",
|
|
"category": "Payload delivery",
|
|
"comment": "NeoPocket",
|
|
"uuid": "6066831d-cc44-4eec-b9da-44b9c972044a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/63",
|
|
"category": "Payload delivery",
|
|
"comment": "NeoPocket",
|
|
"uuid": "bb1d7b2a-1d69-4ee3-beb5-cfa5650989dd"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8e8c4134-70b1-427a-8163-af67d04e06f5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:21.000Z",
|
|
"modified": "2019-06-02T07:30:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '58f98bf643ce58be13d9daaf51b055a1' AND file:hashes.SHA1 = '45343fc8ba75e188174d0b09dd71345b88fa0a24' AND file:hashes.SHA256 = '639d2d926325275cb023014d0b446d03f1dcc8526bff1aa72373e27d78a6a674']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1f00f0b0-4b93-41ac-9296-86159172b56f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:21.000Z",
|
|
"modified": "2019-06-02T07:30:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:57",
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"uuid": "3744443c-8710-456b-a2b0-2d730b72099f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/639d2d926325275cb023014d0b446d03f1dcc8526bff1aa72373e27d78a6a674/analysis/1559335077/",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "7cf997cd-cd32-4cc8-8f6a-65e9c86044ea"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "8b089596-b60a-4be7-980c-9f9c68fae77f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--efbdd787-1c2f-4f98-af94-73bace5b1e7c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:21.000Z",
|
|
"modified": "2019-06-02T07:30:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a0293bffb47843bc67897b3351f54a88' AND file:hashes.SHA1 = '3a0fa3deb4b5bfc2a2decc25a11a742399663ca1' AND file:hashes.SHA256 = 'cde6f7fb2fbdefffe22a012295ab157cffc07cab26ba0e34ced0bae484355187']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--56630769-4583-4a48-8dc7-e9cc3db3fa04",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:21.000Z",
|
|
"modified": "2019-06-02T07:30:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:32",
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"uuid": "e5e9fb49-7834-4efa-a786-6683ebf0471b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/cde6f7fb2fbdefffe22a012295ab157cffc07cab26ba0e34ced0bae484355187/analysis/1559335112/",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "15dd3d88-89e3-416c-bd3c-427a3019bc81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "1f2c286b-3fec-4ae5-ab00-621d8322d3a7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8c0a6865-151d-4949-a7f3-0b55c4c2b816",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:22.000Z",
|
|
"modified": "2019-06-02T07:30:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b9f5bd514485fb06da39beff051b9fdc' AND file:hashes.SHA1 = 'c72a2e50410475a51d897d29ffbbaf2103754d53' AND file:hashes.SHA256 = '34acc4c0b61b5ce0b37c3589f97d1f23e6d84011a241e6f85683ee517ce786f1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--decdf69d-655d-4289-9fb8-bcb04b66e6de",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:22.000Z",
|
|
"modified": "2019-06-02T07:30:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:44",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "1e826067-1296-4031-a407-24d6e2f7b579"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/34acc4c0b61b5ce0b37c3589f97d1f23e6d84011a241e6f85683ee517ce786f1/analysis/1559335064/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "d8a61439-38ad-4769-9dd8-b472b6a716da"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "56/66",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "eafd0e3b-e7a5-4d65-bb5e-81741fb443c5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fa27fb54-023e-4b33-945f-f261e5d27510",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:22.000Z",
|
|
"modified": "2019-06-02T07:30:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bcd3cdbded825b96861bfbc7a399b89a' AND file:hashes.SHA1 = '25f4d7bd393fb8e65de716e6353a1ec11bf6d3b2' AND file:hashes.SHA256 = 'b7e61f65e147885ec1fe6a787b62d9ee82d1f34f1c9ba8068d3570adca87c54f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f7d70b47-467c-4d41-96cd-c3679cd22a38",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:22.000Z",
|
|
"modified": "2019-06-02T07:30:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:27",
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "a4923e4e-9ba2-416b-a4db-0ee06d8f0d38"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b7e61f65e147885ec1fe6a787b62d9ee82d1f34f1c9ba8068d3570adca87c54f/analysis/1559335107/",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "52c2014b-c414-4935-a48d-697cf593ff53"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/72",
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"uuid": "ce8f8e4f-3f4e-49e6-9e0c-3556b4272b2f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2d557448-fab3-4cdb-9b5b-93f6fff5dcb3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:22.000Z",
|
|
"modified": "2019-06-02T07:30:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '21b42a3b18333f10f21099eb72e6a385' AND file:hashes.SHA1 = 'e3c4807778eacec75f3f3df3914affaff630494d' AND file:hashes.SHA256 = '0720db2469a61d41c1e67a8f32020927a32422a5d58067bb328a2ff407e14e98']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--024c8a02-43dc-446c-8ea1-070a1a7e6f7d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:22.000Z",
|
|
"modified": "2019-06-02T07:30:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:32",
|
|
"category": "Other",
|
|
"comment": "WinPot",
|
|
"uuid": "6fa159ff-1554-43f3-b28c-1164ac7ae06e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0720db2469a61d41c1e67a8f32020927a32422a5d58067bb328a2ff407e14e98/analysis/1559335052/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"uuid": "e69194aa-941f-4b6e-9007-b5768fc9b6fb"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/71",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"uuid": "477d3466-90b1-4516-8a99-dcc6c0a12a9c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--30ca555e-8a3e-4752-b272-9456cdd3e99e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:22.000Z",
|
|
"modified": "2019-06-02T07:30:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6404449efdd356d270a015e9659772bb' AND file:hashes.SHA1 = '8584ba9a58d90264c1ff91d7ca8710545d67b4f5' AND file:hashes.SHA256 = 'c18b23cc493f89d73a2710ebb177d54beafe0edf0e17cc79e28d9efdfb69a630']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--fe4b52be-56bc-4161-ad46-14bbf2f0b4e4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:22.000Z",
|
|
"modified": "2019-06-02T07:30:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:31",
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"uuid": "96ffeca5-080d-42b9-a4d8-5d3e826498c2"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c18b23cc493f89d73a2710ebb177d54beafe0edf0e17cc79e28d9efdfb69a630/analysis/1559335111/",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "706b87fb-c313-459b-a59b-36ff600d3408"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "99471c47-015d-48c1-8bf3-856d8da90bda"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--26300a37-bcc7-42ff-b086-d71cfc768584",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:23.000Z",
|
|
"modified": "2019-06-02T07:30:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6b4d26b3b61ae1696331dac07d99a603' AND file:hashes.SHA1 = 'acca4aa8884ad923cb54530463e2b73a1bdbe11a' AND file:hashes.SHA256 = 'd4a463c135d17239047ad4151ab2f2d084e223970e900904ecedabc0fd916545']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ae2273a7-8af8-401d-8c92-34bdd0b35db2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:23.000Z",
|
|
"modified": "2019-06-02T07:30:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:34",
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"uuid": "7bbc7694-6248-48ef-a18b-c378a0691f41"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d4a463c135d17239047ad4151ab2f2d084e223970e900904ecedabc0fd916545/analysis/1559335114/",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "5474ce46-69c6-4579-8a50-699224958a06"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "39/55",
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"uuid": "5d705fd4-56cc-478e-961a-0bfc445117fa"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--73cbad38-3b4a-4427-9146-ad2e627cf51b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:23.000Z",
|
|
"modified": "2019-06-02T07:30:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3a989d5de21268d200fd1ca7476fe918' AND file:hashes.SHA1 = '2c3f69391f6e1d841f29872932aa9bb02d4d8921' AND file:hashes.SHA256 = '23c50f1c37b7c55554c282ba1781e9d6279cbbd7bfc5f64772d2e7a8962ebe70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--413bde3c-386d-4b7a-b090-becb555e4c93",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:24.000Z",
|
|
"modified": "2019-06-02T07:30:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:40",
|
|
"category": "Other",
|
|
"comment": "Alice",
|
|
"uuid": "ec240f46-fba6-42bb-aa31-3844135fe665"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/23c50f1c37b7c55554c282ba1781e9d6279cbbd7bfc5f64772d2e7a8962ebe70/analysis/1559335060/",
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"uuid": "de9c6895-1a75-4d54-84d8-644d8c113442"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/69",
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"uuid": "705e119d-2920-497a-8341-468d740cf62b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5da215ba-d9ed-48bc-b3f2-e04e17764277",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:24.000Z",
|
|
"modified": "2019-06-02T07:30:24.000Z",
|
|
"pattern": "[file:hashes.MD5 = '06b767c73f35fd2e7770ff91a18bb2ee' AND file:hashes.SHA1 = 'ef7d7ec3530fb7bd14ccff5ac29abf5d0d78c276' AND file:hashes.SHA256 = 'c5b43b02a62d424a4e8a63b23bef8b022c08a889a15a6ad7f5bf1fd4fe73291f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ac1ba177-5e24-475d-b3ca-58ec1fc3a28d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:24.000Z",
|
|
"modified": "2019-06-02T07:30:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:29",
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "00001f7a-eef5-4e27-9cbb-000e54a8fdbb"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c5b43b02a62d424a4e8a63b23bef8b022c08a889a15a6ad7f5bf1fd4fe73291f/analysis/1559335109/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "38ffee9f-e6ed-4c29-930e-d04513c0bd48"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/67",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "06c1584c-76e5-4078-93d7-7e5cacf6bbc3"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--be260f87-96de-48c6-9fee-5d96cbdc5b40",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:25.000Z",
|
|
"modified": "2019-06-02T07:30:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c0105ada8686dc537a64919c73a18db7' AND file:hashes.SHA1 = '04daa15196bee693690f530d32d4ace5fb14f03f' AND file:hashes.SHA256 = 'f27e27244233f2bb5b02412d4b05315625928adaa340708e91d61ad3bce54bf6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7de7c441-438b-43cc-9a44-519fdbac2468",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:25.000Z",
|
|
"modified": "2019-06-02T07:30:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:44",
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "7ca9e67b-eb7d-40fe-bbc4-c727fcd6f524"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f27e27244233f2bb5b02412d4b05315625928adaa340708e91d61ad3bce54bf6/analysis/1559335124/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "888c400c-1b07-4b4d-bb5f-cb8260284ddb"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/70",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "cabc8060-af44-4491-b225-eda533e9e989"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e8e28f79-ae78-4ace-8753-952848d0df64",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:25.000Z",
|
|
"modified": "2019-06-02T07:30:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9cceef84ddef8c165800004aa0a30000' AND file:hashes.SHA1 = 'e0fbc9e643923d2b4fe58e227911b36942cf1150' AND file:hashes.SHA256 = 'c8d57b32ab86a3a97f89ae7f1044a63cca2b58f748bed250a1f9df5c50fc8fbb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--08764b70-0639-4974-a1d7-464db05a4a01",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:25.000Z",
|
|
"modified": "2019-06-02T07:30:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:30",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "72b287f5-a8d8-4deb-8178-20ecfd7e074c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c8d57b32ab86a3a97f89ae7f1044a63cca2b58f748bed250a1f9df5c50fc8fbb/analysis/1559335110/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "68117ab4-226b-4a47-914c-e6b099ec0618"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/69",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "a28a15c9-e414-42d8-b265-441082642563"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--75977ea0-6f0b-4d63-a3ad-152ae3c63086",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:25.000Z",
|
|
"modified": "2019-06-02T07:30:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7faec476c914cdf0a595bdb9a1b5d59d' AND file:hashes.SHA1 = 'e19d68ac17c1787ecf795261f7c38a88ab7fdcbc' AND file:hashes.SHA256 = '5f4215368817570e7a390c9f6e265a7db343c9664d22008d5971dac707751524']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2836199b-90bb-4f44-9546-81df3c53aaba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:25.000Z",
|
|
"modified": "2019-06-02T07:30:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:55",
|
|
"category": "Other",
|
|
"comment": "Piolin",
|
|
"uuid": "aa69bfda-3ea1-4431-8171-6ecc6ba6ded5"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5f4215368817570e7a390c9f6e265a7db343c9664d22008d5971dac707751524/analysis/1559335075/",
|
|
"category": "Payload delivery",
|
|
"comment": "Piolin",
|
|
"uuid": "ae45c292-f498-43c7-a38f-6ce6984e09db"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/72",
|
|
"category": "Payload delivery",
|
|
"comment": "Piolin",
|
|
"uuid": "e1c3714d-e3a8-4816-8381-3a157007104a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--349fb1c6-9d44-4be6-a30e-6373fe3973de",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:25.000Z",
|
|
"modified": "2019-06-02T07:30:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3ed14dd6dec1d56dc514974449229398' AND file:hashes.SHA1 = '187465383031c02aa3c079dc06e14688d344850b' AND file:hashes.SHA256 = 'db1169df116fda46319c4b87607df7b6a5e80b48de5411d47684974ca22dd35a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c8cc9792-d686-490a-91d7-d207bc62a3c8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:25.000Z",
|
|
"modified": "2019-06-02T07:30:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:36",
|
|
"category": "Other",
|
|
"comment": "Alice",
|
|
"uuid": "e1240c1c-0243-4254-9531-6c207c86a67a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/db1169df116fda46319c4b87607df7b6a5e80b48de5411d47684974ca22dd35a/analysis/1559335116/",
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"uuid": "df845d01-69b4-4317-b53c-c00e44da0ad7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/69",
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"uuid": "7f31f1a1-70cf-45e8-8574-3585cf6067db"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dc144da4-b0aa-4d36-a788-453eafbeb938",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:25.000Z",
|
|
"modified": "2019-06-02T07:30:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6f04dc904cd11c7a1a67e0ebe78b8f5f' AND file:hashes.SHA1 = '556739ba7c6d3a310c2ce187387385c8dcd110ad' AND file:hashes.SHA256 = '2de4a510ee303c04c8d7bd59b7987b22c3471c9f4ba69b5f83ba36de88b63a8d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3c8cc20e-2fd8-43c4-adb6-72b3caceaa43",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:26.000Z",
|
|
"modified": "2019-06-02T07:30:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:41",
|
|
"category": "Other",
|
|
"comment": "HelloWorld",
|
|
"uuid": "c5520fba-8188-4ce8-bc56-f768b0b5f8da"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2de4a510ee303c04c8d7bd59b7987b22c3471c9f4ba69b5f83ba36de88b63a8d/analysis/1559335061/",
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"uuid": "1146ec5e-f6df-4a3f-9abe-14485c66cedd"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/70",
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"uuid": "a5238c7f-cf0b-4266-b5c4-41dd76fd3528"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--82676173-677a-4196-b3aa-4aca467cb3a2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:26.000Z",
|
|
"modified": "2019-06-02T07:30:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = '488acf3e6ba215edef77fd900e6eb33b' AND file:hashes.SHA1 = '8c52518f3e0208b8e1ba6174a988e2378d69fae0' AND file:hashes.SHA256 = '0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--66c25aae-8335-4191-b0d4-7a8dac19fa89",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:26.000Z",
|
|
"modified": "2019-06-02T07:30:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:31",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "9d160c11-1039-47ce-ba35-0dabb96d0a5c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025/analysis/1559335051/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "c89b9b56-b4dd-4eda-919c-9da663a7d051"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "59/71",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "8ca5b570-519b-4532-8e82-51f759a1868a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0341606e-3420-4a27-88a9-da0563f82bdf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:27.000Z",
|
|
"modified": "2019-06-02T07:30:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = '180fa13f1c5174b273b3a531090e0edb' AND file:hashes.SHA1 = '607af637784ebe5902ec10bba8abefee9df00b62' AND file:hashes.SHA256 = '646433de5c56fdbc7e6e934a05e9e99012ef39a0ed6cc4bdb1d984cd4435379e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b1dcedec-f5fa-4e0e-a90d-c877950b4c98",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:27.000Z",
|
|
"modified": "2019-06-02T07:30:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:58",
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"uuid": "b2b4ece5-065b-422e-a141-ef173b898f5e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/646433de5c56fdbc7e6e934a05e9e99012ef39a0ed6cc4bdb1d984cd4435379e/analysis/1559335078/",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "a51dcd4f-0c03-4a6e-b26d-d2b90885c8f7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "10/67",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "410a59e1-68d6-4f1d-a528-4c29433fc628"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f8a6c308-c897-4dac-842c-da63ce7f81f6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:27.000Z",
|
|
"modified": "2019-06-02T07:30:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = '53aff010e2eb70a7afbe661b1c25a216' AND file:hashes.SHA1 = '2b28ce1b6e861cbc4ca728235edfd6c398674857' AND file:hashes.SHA256 = '20fb2edfcece271f87d006e263c4a6de48ed518901211a76dc38aac43e1b9d19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4a6b3dcf-f1df-4fcc-8b84-6b88bde168a0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:27.000Z",
|
|
"modified": "2019-06-02T07:30:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:38",
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"uuid": "12b7665f-29bb-4c67-ba4e-8c788dd6f88c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/20fb2edfcece271f87d006e263c4a6de48ed518901211a76dc38aac43e1b9d19/analysis/1559335058/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "44c2b076-98d3-4bf9-8716-02c992a23e3a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/63",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"uuid": "65567e5c-8cdc-4928-aacf-dcfea84cb5ad"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--db74144a-938d-41c5-b3e0-fea80fd6f893",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:27.000Z",
|
|
"modified": "2019-06-02T07:30:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cef6c2aa78ff69d894903e41a3308452' AND file:hashes.SHA1 = '8615ef60b17d16fcf7fb23a57bfd155c22ac4378' AND file:hashes.SHA256 = 'ea5ebd1e5f98e10b1e7c834dd54707ad06772bccb4179cae7e50c7e6e772a1ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7adac80c-5633-46de-8404-4c999375f9e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:27.000Z",
|
|
"modified": "2019-06-02T07:30:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:40",
|
|
"category": "Other",
|
|
"comment": "ATMitch",
|
|
"uuid": "64740d78-72d9-492c-86da-b04beeb5ad3b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ea5ebd1e5f98e10b1e7c834dd54707ad06772bccb4179cae7e50c7e6e772a1ab/analysis/1559335120/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"uuid": "8e6b6a2f-5ecc-43e5-98f1-fdbfdbe4b804"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/64",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"uuid": "ec45f7e8-d4d7-44dd-b3fe-0e611629ae3f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d5caf1d8-c7fe-4023-9874-154c2e351c15",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:28.000Z",
|
|
"modified": "2019-06-02T07:30:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'acaf7bafb7304e38e6a478c8738d9db3' AND file:hashes.SHA1 = '8e9242dcbb1ce1e6c3794aec9ae5b3279641a5cf' AND file:hashes.SHA256 = '6efedf9bde951ad6c3e240ec498767bb693ecc8fa62040e624c5a7fa21c5bdaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b5ef1fa1-84c0-4899-84b0-b6a8ecc51556",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:28.000Z",
|
|
"modified": "2019-06-02T07:30:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:00",
|
|
"category": "Other",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "9401ab4f-108c-446f-825a-7abe01de9c59"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6efedf9bde951ad6c3e240ec498767bb693ecc8fa62040e624c5a7fa21c5bdaa/analysis/1559335080/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "862ecdb8-ed0d-4fb6-923c-56eb8503ede3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/68",
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"uuid": "165557f6-b492-41f6-bdb7-f0e948c7d92b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7410379c-c381-45ea-8a33-b4bcc85818b4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:28.000Z",
|
|
"modified": "2019-06-02T07:30:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3fddbf20b41e335b6b1615536b8e1292' AND file:hashes.SHA1 = '803693358e7b1f6a85eb194d4f582f628b0c1a5c' AND file:hashes.SHA256 = '7fac4b739c412b074ee13e181c0900a350b4df9499515febb75008e6955b9674']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4eb96ae6-5b0a-4ded-bf8c-57cfc03e1d25",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:28.000Z",
|
|
"modified": "2019-06-02T07:30:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-06-01T06:11:19",
|
|
"category": "Other",
|
|
"comment": "ATMii",
|
|
"uuid": "6bfa32bc-6125-41d8-86c5-8e47302dfe3e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7fac4b739c412b074ee13e181c0900a350b4df9499515febb75008e6955b9674/analysis/1559369479/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"uuid": "e815d4dd-adbf-4559-92d0-1fa1ae3577a9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/73",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"uuid": "6b6a53d4-87f8-495d-9e21-dcb32b663fe5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c54c28e0-f02b-41c6-b8fc-d78dd9b5ef46",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:28.000Z",
|
|
"modified": "2019-06-02T07:30:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4dadb61081f7c8bce33510b0a812db17' AND file:hashes.SHA1 = 'b8a09e9aa17259b1d597af9805a8cb5ba7b2e849' AND file:hashes.SHA256 = 'dff7ee95100ffaec5848a73a7b306eaaee94ae691dfccff9fe6ce0a8f3b82c56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4ab3206c-feda-4db4-adfb-98f2b681c6ed",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:28.000Z",
|
|
"modified": "2019-06-02T07:30:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:38",
|
|
"category": "Other",
|
|
"comment": "SkimerWC",
|
|
"uuid": "4f120ff8-43c7-44b2-ba08-a8d24524c063"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/dff7ee95100ffaec5848a73a7b306eaaee94ae691dfccff9fe6ce0a8f3b82c56/analysis/1559335118/",
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"uuid": "2e9dffb5-e191-41e9-a0ac-0f48cfda9f5e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/69",
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"uuid": "2177ec13-a1ef-49f6-8717-0ad620e1eee2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2b85c45c-2fdb-485c-a342-45cff2444d44",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:28.000Z",
|
|
"modified": "2019-06-02T07:30:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'dc9eb40429d6fa2f15cd34479cb320c8' AND file:hashes.SHA1 = 'a3b8abc42ea76a4e25c2fe5faf90ccb1f0f4616b' AND file:hashes.SHA256 = '9f8a7828d833ed7f28f9f5ceaf1c073c6de0645172b8316d86edc16c84b61c4f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--72c851a8-5a70-487d-b63c-b7df09475ddf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:28.000Z",
|
|
"modified": "2019-06-02T07:30:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:16",
|
|
"category": "Other",
|
|
"comment": "ATMtest",
|
|
"uuid": "8099d012-68d7-4352-97ae-0840543cddc9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9f8a7828d833ed7f28f9f5ceaf1c073c6de0645172b8316d86edc16c84b61c4f/analysis/1559335096/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMtest",
|
|
"uuid": "6060a655-231e-43d0-9caf-b297ba2155d5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/71",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMtest",
|
|
"uuid": "e554a817-6308-441d-ad2c-20e596cb6644"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--09548961-d207-4312-a75a-b3cadedf47fa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:28.000Z",
|
|
"modified": "2019-06-02T07:30:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd81ae5e0680d09c118a1705762b0bfce' AND file:hashes.SHA1 = 'f164d1d85c1779f87663dc1ca390e118d5340caa' AND file:hashes.SHA256 = '26b2daa6fbf5ec13599d24e6819202ddb3f770428d732100be15c23be317bd47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--57e9b96b-f5eb-4937-8d9e-c7d91a1164ce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:29.000Z",
|
|
"modified": "2019-06-02T07:30:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:40",
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"uuid": "7d1131fb-fd4d-4ce5-8f68-92ab223cd2d6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/26b2daa6fbf5ec13599d24e6819202ddb3f770428d732100be15c23be317bd47/analysis/1559335060/",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "9c6cd439-54ad-4d17-9a9a-d847f33d4fc8"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/71",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "dd2cc77b-8296-41ae-8e1e-44cf79fad0d3"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--abcd01bc-8233-4915-8bed-8d4922d61868",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:29.000Z",
|
|
"modified": "2019-06-02T07:30:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '15632224b7e5ca0ccb0a042daf2adc13' AND file:hashes.SHA1 = 'c9381c5d6f39c54aad5b57c3b1deecab6887af57' AND file:hashes.SHA256 = 'cc85e8ca86c787a1c031e67242e23f4ef503840739f9cdc7e18a48e4a6773b38']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--669ac948-0bab-45ff-86e0-cc1c8907a62d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:29.000Z",
|
|
"modified": "2019-06-02T07:30:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:31",
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"uuid": "160a3839-2c62-4191-b73f-41799e329634"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/cc85e8ca86c787a1c031e67242e23f4ef503840739f9cdc7e18a48e4a6773b38/analysis/1559335111/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "25bd3013-4b13-492c-8353-f86f72fe2bfa"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/68",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"uuid": "1677c75d-cdfc-45d2-beb9-7bf673d6bf2a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3d3585f0-1858-40c6-873c-538edfd12617",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:29.000Z",
|
|
"modified": "2019-06-02T07:30:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '19ed96914796770c7b86eaab0370c0e8' AND file:hashes.SHA1 = '6c838f3809e83e3661041574737ba859b335df4d' AND file:hashes.SHA256 = 'd9c6515fd0fb3cd14b4bb4d11ecda78602d17f370780a4b9ee006a9830106213']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--addb0706-ec6b-440c-b41e-94f549ac73d0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:29.000Z",
|
|
"modified": "2019-06-02T07:30:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:35",
|
|
"category": "Other",
|
|
"comment": "WinPot",
|
|
"uuid": "c3615c32-faac-41cd-9b04-b73f70a9c2d0"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d9c6515fd0fb3cd14b4bb4d11ecda78602d17f370780a4b9ee006a9830106213/analysis/1559335115/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"uuid": "395ff372-924d-4564-b25f-447bbad8f20e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/71",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"uuid": "0c838d83-acd3-4e08-9fa1-80dd29ff1179"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2aa173da-7c89-4432-91ff-f2323a5f9281",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:29.000Z",
|
|
"modified": "2019-06-02T07:30:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f1478aa747a976fb2ad526fa71eca853' AND file:hashes.SHA1 = '4292df415c11f4155e8910ebcde8bd2da24e4426' AND file:hashes.SHA256 = '04f25013eb088d5e8a6e55bdb005c464123e6605897bd80ac245ce7ca12a7a70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--204b34ed-6af4-489d-8b75-f633df8f76e4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:29.000Z",
|
|
"modified": "2019-06-02T07:30:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:33",
|
|
"category": "Other",
|
|
"comment": "Alice",
|
|
"uuid": "dfd6be3d-52fc-4a0a-bce3-0d002c935198"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/04f25013eb088d5e8a6e55bdb005c464123e6605897bd80ac245ce7ca12a7a70/analysis/1559335053/",
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"uuid": "ac0f3cb1-17f5-4a6e-a9b1-027d39d1365d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"uuid": "72a060d9-7994-421a-8abf-26152a9a9fc2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d72f8954-bc2a-4d03-a811-dbbf37f69c3f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:29.000Z",
|
|
"modified": "2019-06-02T07:30:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cefd39402d7f91d8cf5f1cd6ecbf0681' AND file:hashes.SHA1 = '7b2be8be75a7e018d9038a33b129551275198f52' AND file:hashes.SHA256 = '956968e6f4bf611137ea0e747891ba8dc200ca809c252ef249294912fb3dbe3c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--fa1ceeb9-e779-4f3f-beb5-6fef609bd53f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:29.000Z",
|
|
"modified": "2019-06-02T07:30:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:13",
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"uuid": "f101fec2-b9a4-4d39-af14-1ce381bfe6d8"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/956968e6f4bf611137ea0e747891ba8dc200ca809c252ef249294912fb3dbe3c/analysis/1559335093/",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "47087de8-cb18-4f88-ada3-2c5ec820a2d3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/65",
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"uuid": "a6e93456-c00b-4fe4-b63d-337170e5c438"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--aebf0a64-4feb-4d83-8162-dfb6476c2d56",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:29.000Z",
|
|
"modified": "2019-06-02T07:30:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '603dea23dba9c311705108d2daae9c66' AND file:hashes.SHA1 = 'ca6af5c4d273b88a9e3ec78b5e77baabb6a54e36' AND file:hashes.SHA256 = '377f85562e9ec16cae8fed87e43b6dd230eaa6e1c8f2732f5096f1ec951f045a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--45bec62c-cf12-4170-a37b-5cd249f4eb35",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:30.000Z",
|
|
"modified": "2019-06-02T07:30:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:46",
|
|
"category": "Other",
|
|
"comment": "Ligsterac",
|
|
"uuid": "55b1cda9-7aac-47e8-a0ca-beaef402778d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/377f85562e9ec16cae8fed87e43b6dd230eaa6e1c8f2732f5096f1ec951f045a/analysis/1559335066/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"uuid": "da1c7e19-809e-40a4-a6ca-a3a9e591c7b5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "37/58",
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"uuid": "06e8c747-7af8-4c41-bb02-fe510a20ecc7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--71dcf277-31eb-4415-997b-04ba8c086da4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:30.000Z",
|
|
"modified": "2019-06-02T07:30:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = '49c708aad19596cca380fd02ab036eb2' AND file:hashes.SHA1 = 'ef74bf742b3d15492e46fc6887f83f1785385332' AND file:hashes.SHA256 = '03bb8decefc540bff5b08425adddb404b345452c8adedee0c8af13572891865b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ed9c1aa8-0937-4724-8305-a6d19f28b737",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:30.000Z",
|
|
"modified": "2019-06-02T07:30:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-09T15:55:33",
|
|
"category": "Other",
|
|
"comment": "DIAGK",
|
|
"uuid": "a6ab0fb8-3ed2-4883-ac8b-faff471d7cf4"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/03bb8decefc540bff5b08425adddb404b345452c8adedee0c8af13572891865b/analysis/1557417333/",
|
|
"category": "Payload delivery",
|
|
"comment": "DIAGK",
|
|
"uuid": "10dd7911-aaa2-4364-873c-80303cebaa51"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/71",
|
|
"category": "Payload delivery",
|
|
"comment": "DIAGK",
|
|
"uuid": "e8e3e484-4027-4afa-8795-5150c8fe9e9b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--87923be3-33e9-4404-875b-624d9b326db0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:30.000Z",
|
|
"modified": "2019-06-02T07:30:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ae3adcc482edc3e0579e152038c3844e' AND file:hashes.SHA1 = 'f8bf68cba29aca320ad0bce63b9ce8754915524c' AND file:hashes.SHA256 = 'd93342bd12ef44d92bf58ed2f0f88443385a0192804a5d0976352484c0d37685']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4bf3bcb0-91ca-40e3-b2ba-1c9eab452263",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:30.000Z",
|
|
"modified": "2019-06-02T07:30:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:37",
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"uuid": "e2fad499-73cb-4d33-9755-554ce4fa8fba"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d93342bd12ef44d92bf58ed2f0f88443385a0192804a5d0976352484c0d37685/analysis/1559335117/",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "7e6f27a4-5b20-43ee-876b-da00fb284dc5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/69",
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"uuid": "f4509677-0b6f-4bdb-b65f-d356703b8103"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c6a31281-93cb-4294-b30a-0fe43608ae58",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:30.000Z",
|
|
"modified": "2019-06-02T07:30:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = '69be938abe7f28615d933d5ce155057c' AND file:hashes.SHA1 = 'bd8ab63f2544ca55858b6407e0b52d5494cf3715' AND file:hashes.SHA256 = '853fb4e85d8b0ad7c156ad6d3fc4b0340c8b29fa0548a3df758e7845ba8b23ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b24fd631-684d-43f3-b8d9-d1965c3ddea0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:30.000Z",
|
|
"modified": "2019-06-02T07:30:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:09",
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"uuid": "f3eab10b-1eef-4fe2-970b-6e246d4100f0"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/853fb4e85d8b0ad7c156ad6d3fc4b0340c8b29fa0548a3df758e7845ba8b23ae/analysis/1559335089/",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "888afe31-f044-429c-a7fa-34e92e725855"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/65",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "87207f51-4fe3-4c66-8f3e-5d51c79fcd8e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--73bca111-8ebf-4180-afeb-09889747699d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:30.000Z",
|
|
"modified": "2019-06-02T07:30:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1b9b341b35ec9cf3fe1bac8cd6dd8775' AND file:hashes.SHA1 = '32c4f80726ce719b16be9bd6e5b123132eb16103' AND file:hashes.SHA256 = 'ac8e8216e71e078198ef67d4cb48118767d0696610a02137492814422153d3c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bb1ceb2c-04eb-410a-84e1-a53f9ef26ec2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:31.000Z",
|
|
"modified": "2019-06-02T07:30:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:22",
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"uuid": "6105d6c1-63db-4549-946f-7e6f9558e1e8"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ac8e8216e71e078198ef67d4cb48118767d0696610a02137492814422153d3c6/analysis/1559335102/",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "651a785e-6dbb-4aca-a100-3a9041b8f93b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/62",
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"uuid": "67a12ce8-6647-4f7e-8fa9-7a31bf44c37c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b95b8d4e-c4f2-4c3a-ac56-5985c0f56426",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:31.000Z",
|
|
"modified": "2019-06-02T07:30:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = '250b77dfbb1b666e95b3bcda082de287' AND file:hashes.SHA1 = '5a699a8f64046d3d7fb5014d0242c159a04b8eed' AND file:hashes.SHA256 = '3639e8cc463922b427ea20dce8f237c0c0e82aa51d2502c48662e60fb405f677']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--db749366-5a6a-477f-b812-a468bc49f257",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:31.000Z",
|
|
"modified": "2019-06-02T07:30:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:37:46",
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"uuid": "28e2b52c-8f1b-4ce7-94a8-c160c74819f1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3639e8cc463922b427ea20dce8f237c0c0e82aa51d2502c48662e60fb405f677/analysis/1559335066/",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "8dc822e5-b917-49d5-8db1-b128feeece9b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/72",
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"uuid": "3b04bfae-45ea-4666-9cce-8f76f5aec28e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dedbee2a-96ea-4afa-8c59-69d07be55fa4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:31.000Z",
|
|
"modified": "2019-06-02T07:30:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2f08a942430e2dc7c7d8197e649954a4' AND file:hashes.SHA1 = '9a6bbe7c8fe330a73f745b656ddfe240f5630412' AND file:hashes.SHA256 = 'bf20c674a0533e7c0d825de097629a96cb42ae2d4840b07dd1168993d95163e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--31432274-c4b8-4983-af78-33ce823ffd68",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:31.000Z",
|
|
"modified": "2019-06-02T07:30:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:28",
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "b68b9397-ac16-49e7-b188-9846ba15447b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/bf20c674a0533e7c0d825de097629a96cb42ae2d4840b07dd1168993d95163e8/analysis/1559335108/",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "d1fb3a2c-9d05-460c-bc40-ba098c33ab52"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/70",
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"uuid": "1babef85-4ba3-4da9-b3cf-43a15399684f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0b2c0f8e-1af9-4e8e-9f8e-8fb45c401224",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:31.000Z",
|
|
"modified": "2019-06-02T07:30:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6a2eecea0581e77a9d50ff0e57016383' AND file:hashes.SHA1 = '1e3f1dd472169491047180e6b4a27b85fa1cabfb' AND file:hashes.SHA256 = 'a5d0cd1bc33f44d25695ebd6530757180f4fc4d87a1658ee2f0d8fc42d09fb80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--98feb68b-c2ad-4663-87c3-d1b523867d7a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:31.000Z",
|
|
"modified": "2019-06-02T07:30:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:18",
|
|
"category": "Other",
|
|
"comment": "WinPot",
|
|
"uuid": "53fde2c9-b0fd-4b8b-a8c8-d9a002e65db2"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a5d0cd1bc33f44d25695ebd6530757180f4fc4d87a1658ee2f0d8fc42d09fb80/analysis/1559335098/",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"uuid": "a07659da-86bc-4020-b0e0-78c12eaa8df3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/65",
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"uuid": "4e1ac133-52f7-467b-be78-7cc8cf57f7da"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e33f4932-2a00-4e6a-af61-d2fe8bb882e9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:31.000Z",
|
|
"modified": "2019-06-02T07:30:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9ff193d4bc804bdab34e1122c968dddc' AND file:hashes.SHA1 = '9701bf4e8a77a6c890251c89b5c8c984f9049627' AND file:hashes.SHA256 = 'b8063f1323a4ae8846163cc6e84a3b8a80463b25b9ff35d70a1c497509d48539']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-02T07:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0657c5d4-40bc-4e82-9166-9e8b5a74e3fc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-02T07:30:31.000Z",
|
|
"modified": "2019-06-02T07:30:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-31T20:38:27",
|
|
"category": "Other",
|
|
"comment": "Alice",
|
|
"uuid": "c735ceb0-a65b-4370-8d44-dd5c78432258"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b8063f1323a4ae8846163cc6e84a3b8a80463b25b9ff35d70a1c497509d48539/analysis/1559335107/",
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"uuid": "6424fee6-3c6b-45cb-8787-0f948838a294"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/72",
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"uuid": "b99b7a2f-5f76-4e13-91bb-7b96368fa84c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b627c63b-4b98-4bec-9fcf-9bdf0efb3ee9",
|
|
"created": "2019-06-02T07:30:31.000Z",
|
|
"modified": "2019-06-02T07:30:31.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4e9389f5-efa0-4f44-91fc-0c76588fcafe",
|
|
"target_ref": "x-misp-object--f9a4ed3f-ce06-4b81-83ba-433dcdeae6e1"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0be9ae35-5da1-4616-81ab-5acb30b416f0",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--debf3fc0-afd9-4a29-bb93-3eeda774a6c4",
|
|
"target_ref": "x-misp-object--c3fe1a30-b661-47d7-a1b6-c761917f249d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--292a36c2-e693-4a6d-b4a7-46504efedcac",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d673ebe6-4d3a-46b3-84f4-aa596c14a2c4",
|
|
"target_ref": "x-misp-object--973c1b1b-139e-4cac-8e88-4d7926955993"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7a6002e0-038a-4d84-b087-8307dc3ae8c9",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8622a557-f7b5-447f-8ef2-de736a37d53f",
|
|
"target_ref": "x-misp-object--36c7dc3d-aed7-43a2-83fc-ac719299d71e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--67ff7d89-c7c0-4006-896a-fe34ee65b507",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--36474312-d715-4ea0-b2b5-5dc44269f913",
|
|
"target_ref": "x-misp-object--52ca996c-bc2b-4739-ac9e-bc7dd85923ba"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b09f245f-2f2d-4a84-b851-e3366542cc83",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0679f30f-f3f7-4b7a-adeb-5e331c959580",
|
|
"target_ref": "x-misp-object--ab628320-1176-4770-b844-742dcddcb0cf"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ae39be7e-c57c-4b14-8537-39868534d7b9",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--58f5581e-25a8-4845-9e62-a3fcc12ac9dc",
|
|
"target_ref": "x-misp-object--8ad9b272-f1ad-4dbb-8f54-16d23bbf13e8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0a086d03-5e00-4a60-8fb6-8dc9f2743116",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--20bc31c6-ec6b-4bf3-92a8-6fcd9a84cf79",
|
|
"target_ref": "x-misp-object--b59d17a2-cfdc-4bdb-857d-4d072408fcc4"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--bd3c71c1-e9fb-403b-a7cd-00d02c93b79d",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c37a0b5e-8135-4547-9468-f4c40d749e4b",
|
|
"target_ref": "x-misp-object--27d02881-c91f-40e3-96ed-1006bbe1a633"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b2faf13f-6e52-42ac-915b-c0c9d8b2ca7e",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f4d25908-fa3f-4504-afa0-0f587162caae",
|
|
"target_ref": "x-misp-object--286599cf-b80a-40c0-b8ac-168ef913024d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9d1f4b0b-26b0-4f31-aded-79d602d37d64",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8952097a-81ee-4e3e-86ec-b6d8a5d9bbe3",
|
|
"target_ref": "x-misp-object--f7c3eba5-e21e-4575-9b60-0058e51f0562"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3b1d6fde-cd8b-47a2-b2d6-16d260e0a61d",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c8bf76f7-af93-4b6f-9956-bd2d3ba757ce",
|
|
"target_ref": "x-misp-object--3492cc64-74f3-40d0-bd1d-de90c08e836a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fdf063de-a652-4760-b3b7-37a85d3a3285",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--23fe1574-4071-416e-9bc8-bc000931d5fa",
|
|
"target_ref": "x-misp-object--62cf131f-4604-4172-93b0-ddc09a5a2eef"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--bf57422f-feee-43d4-a875-faf72c1550be",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--afc33a8a-f0bd-4ee9-a0fe-3a78ad442eac",
|
|
"target_ref": "x-misp-object--50d3db02-8f85-49bb-bfdb-1f5b790fa78a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1e147e29-bffa-4d5b-a1ce-c9908282ed3e",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bbd0e909-a799-4b8b-af33-2e2b06984894",
|
|
"target_ref": "x-misp-object--bd1855b5-3e62-4fba-a33c-22aa7915a052"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--588b1be0-c9c8-48df-a496-fc38f494ee32",
|
|
"created": "2019-06-02T07:30:32.000Z",
|
|
"modified": "2019-06-02T07:30:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--69947a46-fe46-496b-b677-aa891525577f",
|
|
"target_ref": "x-misp-object--46b3e12f-d54f-4502-a3a4-8cd0b1151279"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b196dcb5-2d6a-4411-994a-8b72f1a9e879",
|
|
"created": "2019-06-02T07:30:33.000Z",
|
|
"modified": "2019-06-02T07:30:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--59a853ea-2a24-4522-8caf-31116b4540a1",
|
|
"target_ref": "x-misp-object--8462e162-3d1d-41a5-b259-25b56014ecd1"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e18b434a-81cf-4697-9d9e-a271b7ed61c5",
|
|
"created": "2019-06-02T07:30:33.000Z",
|
|
"modified": "2019-06-02T07:30:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--72fa3519-3988-43d8-9261-aa9e2eed24cf",
|
|
"target_ref": "x-misp-object--a416f449-acdd-4e69-9636-b33248a2bdd3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--31379a6e-30ec-4be0-9c73-08edef0dc8d7",
|
|
"created": "2019-06-02T07:30:33.000Z",
|
|
"modified": "2019-06-02T07:30:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--90369019-7f27-4d9f-b24e-064dce9bb9ff",
|
|
"target_ref": "x-misp-object--9c43344e-12b5-4e91-96ab-e8f7e3939ef6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f9fec56e-4ab6-4525-ac78-19a4fed85a33",
|
|
"created": "2019-06-02T07:30:33.000Z",
|
|
"modified": "2019-06-02T07:30:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--fa4415d9-9b90-4646-b8cf-e2810be2f2ea",
|
|
"target_ref": "x-misp-object--a1d6d8e9-5a62-4bf2-932b-4bfe3f686ecd"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--01adc2f5-a9b6-47ea-9976-5fd28ffea807",
|
|
"created": "2019-06-02T07:30:33.000Z",
|
|
"modified": "2019-06-02T07:30:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0b1e7b0c-01c5-4261-810c-79ee889cf041",
|
|
"target_ref": "x-misp-object--89095777-3676-41fb-b745-6d0cc579c782"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0f55475d-0b3a-477b-acc8-bf5723cb29f5",
|
|
"created": "2019-06-02T07:30:33.000Z",
|
|
"modified": "2019-06-02T07:30:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d837aac4-8a86-4538-b882-358daa5ec55f",
|
|
"target_ref": "x-misp-object--9d6e3d6b-0847-498e-885b-df5576bcdbcc"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--65328135-408e-4f9f-be6f-3545fd6deeb8",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6233ba88-e454-4931-85fd-b1c07492a684",
|
|
"target_ref": "x-misp-object--3d43da57-37ca-4aec-9e28-739ae5ec4cf6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6f7181cf-b8b8-4b94-b076-41af6b75393b",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2af4fed3-7abe-4bd0-9e07-78f99b75b02a",
|
|
"target_ref": "x-misp-object--e5651225-768d-4ef0-a852-6859df9ebc50"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--961f7a1e-723d-416c-97ea-9383fec17708",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f65269df-3231-420c-afe2-cb9d182e8e52",
|
|
"target_ref": "x-misp-object--1e4c672b-f6ed-42a7-b1a6-2afdf236e7b4"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--21bbd65e-2122-45a0-97e1-dc823bd9bb0b",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--059e1ff5-337c-43b8-b2a3-3bd1a141ae5b",
|
|
"target_ref": "x-misp-object--3ef9e33c-b041-49fd-b3d0-a4635aa80082"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--bffc239f-d11f-4c9a-8e80-441c1c44975e",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--53426774-0b9a-423d-96e5-258c563551e8",
|
|
"target_ref": "x-misp-object--bbc42520-4fab-426a-9e7f-ca0d3dfdd8d5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ecce8fe3-b85a-4646-8a3e-f2ffde7a93f0",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4de765ce-30ef-4d98-ad0d-f91e29e02261",
|
|
"target_ref": "x-misp-object--5061c53e-1a32-413d-9d20-d1ae7c1a23bd"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4dfa1535-0745-425b-b2bb-a5a956800d51",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e6c71e20-622b-4fa1-98a3-049d8fa792cf",
|
|
"target_ref": "x-misp-object--e996b91d-bda3-4904-8d59-bd7e6e48c017"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--97d3c65c-1f7a-4dd4-b4bc-cf837c565b62",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--09721354-5254-4f34-99c2-c6bfdfc2a013",
|
|
"target_ref": "x-misp-object--dcd7b5e5-32ae-439a-8d76-d29db0cfe1be"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c420da91-d32d-43de-9f38-caf15e2eec21",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--038aeee6-160b-4b99-975d-c08f2252a243",
|
|
"target_ref": "x-misp-object--2f677d16-9287-4cb6-94a2-f789ff3dbb0d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--83efc689-4c7d-4fe5-b002-313332eddf0c",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--afc80670-f512-4668-a52b-92120997f276",
|
|
"target_ref": "x-misp-object--6be40e2f-088b-45f8-8a93-2c139dd1717f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fe082c72-d66f-46dd-852b-01358442e1f3",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--926b7bd6-2e77-4c03-ba85-77655deb2b6e",
|
|
"target_ref": "x-misp-object--b646014e-f7b5-40e1-aaf2-d47303e69b9c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--04908675-5e76-4005-9786-fb5ddc8329a7",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8a3528b9-bc2e-4e32-ac93-4c8a46cc6b2d",
|
|
"target_ref": "x-misp-object--1adb843b-7121-47fa-a368-76c9cfd0b246"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--78e32422-83e1-4ef2-8a58-069027dc02d2",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6038bf6c-1f5c-4b29-a890-0514f93246da",
|
|
"target_ref": "x-misp-object--011daee4-ac24-4071-bb9f-ee36ed5c8b5e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8e81370f-4366-41ca-bb98-117ab904ff25",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4892d578-41fd-4500-b607-bb71e079aa54",
|
|
"target_ref": "x-misp-object--c344c0d9-4251-460a-90b8-efeb08a354f5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ea2a61bd-a4b4-49fd-80df-fc47a145cd89",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--20931e8f-e75d-4b8b-b4ae-6db30c54e355",
|
|
"target_ref": "x-misp-object--19697d5f-9fce-41c0-a762-93dcf7479bb5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e0c3ea81-a642-4d69-98d2-929efd4506ba",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3c1cf1e3-9ce4-4d57-a90b-62d03bac4126",
|
|
"target_ref": "x-misp-object--a26082fe-b3c8-44c8-817a-286666cfa8e9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0d1cfa02-32ab-4c07-a6e2-d9c3f1fdc5b8",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1faad245-0601-4322-b915-cfbb31a5795f",
|
|
"target_ref": "x-misp-object--14bd5db8-ee14-46bf-add5-38c0239113ab"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8845368b-588b-4175-b701-ac9396bb4947",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1bce7fb2-c2d0-4032-b6bb-dd12011a586c",
|
|
"target_ref": "x-misp-object--f7a56679-e2ee-4418-92c3-ec83dbc7cf69"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e6478b3d-af10-4c7d-897a-42b8e6aa868a",
|
|
"created": "2019-06-02T07:30:34.000Z",
|
|
"modified": "2019-06-02T07:30:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--edcba3d5-9d16-4c26-b036-a783054a0201",
|
|
"target_ref": "x-misp-object--1682fbe3-7192-44a4-9240-2e558891fa92"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d6df65ef-6135-4098-a2d7-ab84d5761157",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c0446e9d-4d30-4c58-adb6-1fd627e127f0",
|
|
"target_ref": "x-misp-object--842bd8c7-4933-4db4-bbf4-062093187ea1"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b7ae936e-4a9e-452d-b719-b77f5891f768",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2a17841a-d493-4ebe-8f1f-eeb8ac8e2306",
|
|
"target_ref": "x-misp-object--7c72b9df-49a4-4325-b269-238b4cfdf298"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--764c3c1b-05a7-4ffc-88bb-0981ed389e60",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8ea7a65a-ad1b-44bb-9cab-439599dfd007",
|
|
"target_ref": "x-misp-object--139b4507-7bbb-49e4-80ed-63adb9265bb8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a2be7b56-9ca6-4d5e-8ac8-512f9a628efa",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--dbfa13a9-c6ba-47bf-96fe-624fdf317bb6",
|
|
"target_ref": "x-misp-object--be6277af-27c1-49b4-a6fb-665023d4b859"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ecaa69c4-9e5c-46ab-ad20-f5c7c727b2d7",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d75b18de-3b5b-4280-ac08-62fd1a3b2028",
|
|
"target_ref": "x-misp-object--4e34b407-cc37-4139-9c1f-9e65ab576fa2"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--09d76b8b-ec6c-4c76-a389-cbbed8e8104c",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a28f47bc-9c3f-43da-836e-566801c37af3",
|
|
"target_ref": "x-misp-object--82e1a278-1e8f-42da-9165-88748d3b97e9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3aed51eb-6e65-4284-ba4f-6ca086473544",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e129d219-2e21-4bb0-80f5-b86c12280449",
|
|
"target_ref": "x-misp-object--58e83e28-fbea-4868-a994-60f4de007d99"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2d66d8f4-70c4-4ceb-8558-0cbc9b3388ac",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--493a431d-5b81-4845-b0ef-251375c0373b",
|
|
"target_ref": "x-misp-object--350e44bd-9cf3-49c4-b79d-4085722249f1"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3e55144b-3e74-4f44-ab76-edbd05f93b50",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1a246cda-41a5-49f3-8cda-6268811a7b9c",
|
|
"target_ref": "x-misp-object--6180ec62-cb52-473e-a755-69730222ba29"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4fa82267-0938-4d87-a10f-1ae64e57332c",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2be66c70-853f-4f7c-a92c-06f6ba36e77c",
|
|
"target_ref": "x-misp-object--db4d615e-ac5f-4345-9443-a1f21f120cc5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9be50a24-ff7d-407f-827a-928289233cd7",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a131f43e-2785-48a1-8947-8b82e1aaa5ab",
|
|
"target_ref": "x-misp-object--3066167d-9e78-4ed6-9459-f009a151fe41"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f41a1e44-599e-4a6f-9252-a9d2118e8979",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3181de68-5e89-497e-b087-57b51ecbef08",
|
|
"target_ref": "x-misp-object--6aa56cbd-16ee-4811-81d9-4af960c3518d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6a92fae6-1cf6-48e7-8263-5ccab67897e8",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6b2065b0-b2fc-431a-9ab4-94b1a58b9d1d",
|
|
"target_ref": "x-misp-object--89320365-5158-4b98-9194-f2883d3c2c36"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--068dc807-b104-44cf-92b1-908893633196",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c75413c5-ac2d-48e1-85a6-26d59da40b2d",
|
|
"target_ref": "x-misp-object--22de11ea-f09d-456d-b04a-d9d2ed231361"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--470a172a-d68b-480c-9a96-c29f19f3b8c0",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0f1722a1-311b-4965-b355-7ae365e38a1b",
|
|
"target_ref": "x-misp-object--b187b049-a9e0-4e18-b1f5-32350b0d2b33"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7a3cbee6-857f-4804-80d2-e0f82a8713e5",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e623166e-60c6-48c5-9d77-dc65668de4bb",
|
|
"target_ref": "x-misp-object--b7bb76ce-eba0-43ff-8242-af513ba697ac"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5a5260a5-01a8-4cbb-8813-37771a5237d4",
|
|
"created": "2019-06-02T07:30:35.000Z",
|
|
"modified": "2019-06-02T07:30:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--518e8321-d45d-47c1-94a5-4ed465d2122f",
|
|
"target_ref": "x-misp-object--2bd8993a-3374-4868-895b-31745d45d556"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c7f7148f-bcd4-488c-ad4b-d7c796a250fe",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a0e70bcc-2c0d-4556-a3e8-4bdd6ce2ab00",
|
|
"target_ref": "x-misp-object--a1aca217-f549-4846-99ad-85432a8ee8fa"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e09fc230-5400-447d-9408-9fa28e8267ec",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--426bf823-1fe0-47a8-8a28-28f1c6c12911",
|
|
"target_ref": "x-misp-object--052c17c1-fc2a-4922-8d1f-c1c4659677c9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d8b33592-d207-4c1c-95bd-8013eb1e6a7d",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--285bf247-3a77-4b6b-b0cf-95f327d8e720",
|
|
"target_ref": "x-misp-object--ee92cc82-3b6b-4b3d-b7b4-62deb508eced"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b8b5bb55-2e89-4be1-9c10-8d6ccafe8382",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3f4eda4d-eadf-47f8-8901-1f598dd74fee",
|
|
"target_ref": "x-misp-object--71681f92-49fb-4c75-8174-fb659cb4d73b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--022207cd-12b6-4bd6-8515-c92ba7e36298",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ca412922-c341-4132-b68c-29881ecfc37c",
|
|
"target_ref": "x-misp-object--b1eff610-3c61-4201-8d01-263133fba839"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--54536e5b-e418-4955-a259-527e077be96a",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bf924e79-ad8a-431e-ba9b-c5492520e160",
|
|
"target_ref": "x-misp-object--cc21c434-9260-41d3-a614-b133375f24ee"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--219b96bd-ff30-4448-9c34-4cd5b9979e43",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1a5bddeb-8677-4a75-ac19-99205239f3b7",
|
|
"target_ref": "x-misp-object--66eed121-39b0-4068-8398-65d6e5555d7c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3f03e127-fe15-4f45-bd90-a9abb79d1626",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--489c0352-e36f-4cb3-874b-7724ebb7b544",
|
|
"target_ref": "x-misp-object--3789a48b-d259-456e-9cb6-4dcd8d8b332a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--91078657-489c-4a12-bcfe-b78197f990b1",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6de5692d-8e5c-460c-a525-2041d7a48c6b",
|
|
"target_ref": "x-misp-object--c579698f-d8ca-4926-a3d1-faee6b1d14fa"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f65aa6c6-9e54-444b-b943-3daea61d41c3",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7e9b9964-9f85-457b-a68e-4d57d216a676",
|
|
"target_ref": "x-misp-object--c65d59bb-2353-4255-a521-00491026938e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--68326778-dbd2-47d0-ac43-8192ed41a4f7",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7701de0b-39e3-4f29-92d3-367acfaf7da4",
|
|
"target_ref": "x-misp-object--5a66509e-55c3-4f73-ba44-ef9d7a670687"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1fd076be-8e1c-474a-acc4-0ef4d889a276",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--64e6740d-db89-4721-b931-cca5f3131f24",
|
|
"target_ref": "x-misp-object--985dd522-fd96-47a8-9271-703843c2e8fa"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--44cfe9ae-f2b1-404b-ab6b-cfa947dae24e",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f67a4b48-4754-4364-ba60-cffdf6098346",
|
|
"target_ref": "x-misp-object--51f62180-23c6-4f50-8b29-60f208683bba"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--167e2364-ce8f-4039-9c6a-f54a487814fd",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--be9ecc17-1c1d-4a40-9401-954926e240c5",
|
|
"target_ref": "x-misp-object--217bba47-5310-4bf5-914b-c0d3015a1b0f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0327a61e-254f-48a3-9364-ac0c2509e23b",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a32b0183-4187-4dd2-a8dd-af1f550a895d",
|
|
"target_ref": "x-misp-object--8edd7b20-8c0d-4ec5-8377-f91b2bc14df9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9c96b387-00dd-49f5-ae7f-28fddd5eaea1",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4e16407e-a152-4a11-a169-e45b71d2f5b9",
|
|
"target_ref": "x-misp-object--f7be55e7-5559-4dc2-a64c-3b399c676e28"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--90b5337c-9f83-4b22-961d-8b9f58eb0dd8",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--47e549fb-5165-4fde-8894-16f554d846b2",
|
|
"target_ref": "x-misp-object--38eb9333-7756-4ef1-84f3-40b11f95c38b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a1bcd2b6-bd74-47a1-9ed2-f78d370f98ab",
|
|
"created": "2019-06-02T07:30:36.000Z",
|
|
"modified": "2019-06-02T07:30:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4323e483-a2d7-4c59-a770-d6f7603eaeda",
|
|
"target_ref": "x-misp-object--cb558419-e9a9-4864-96b4-e0c1a05bf28c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1c5d88f6-0a2b-431a-a469-b70d8a33d998",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c1485cd8-7304-4ab9-867d-657b3b4539eb",
|
|
"target_ref": "x-misp-object--92d58414-05a5-4064-89fa-4064243cd9e0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d1c80ed2-f150-405c-9464-59d54f87c4b9",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--035ba73e-cc14-4912-baf9-e93dd6d802f0",
|
|
"target_ref": "x-misp-object--e3388a02-63e9-47b4-be96-b98ef6445e5d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2bff1e6b-69dd-4727-8857-fbae9e07eb22",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2a858aa7-dba0-494e-b925-3b66b5fc616a",
|
|
"target_ref": "x-misp-object--4abf6300-36e7-4563-a282-6bec690732a6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b81e9ca4-63c4-4778-bc5e-0f91f154b92a",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--442e577a-51c7-479e-a130-2354ce9fa332",
|
|
"target_ref": "x-misp-object--4590636d-859a-4a7e-8de0-1abe61c45dd3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b296da86-c4d4-47c1-b4c1-e2b693852a43",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--82522c87-2116-4ad0-9878-6e93503b2f34",
|
|
"target_ref": "x-misp-object--e9fd0c43-dfc9-4b41-b257-74df3185bee2"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e457acdc-c877-466b-a1e7-0b7df54e5cf9",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2690ba26-376c-4046-9976-b415e1a49af5",
|
|
"target_ref": "x-misp-object--dafea516-a72d-4320-8339-0361507b10a0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8cd03493-3af0-4520-a444-2cb06395a8a0",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9df2dfe6-af34-4439-a39c-99bb002afc9f",
|
|
"target_ref": "x-misp-object--b989eb7e-8f0a-4093-8a1c-3381331b0479"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9d620e93-376a-4bf6-8bc6-201c93000edb",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1acc6608-0f9d-436a-9543-691bda129647",
|
|
"target_ref": "x-misp-object--e79f4594-9967-4fc4-98fb-02be42825e7e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8360d267-8a87-4c20-877d-09cc9907d9c5",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8e8c4134-70b1-427a-8163-af67d04e06f5",
|
|
"target_ref": "x-misp-object--1f00f0b0-4b93-41ac-9296-86159172b56f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ef921df3-c2d4-4153-9646-491f1879644a",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--efbdd787-1c2f-4f98-af94-73bace5b1e7c",
|
|
"target_ref": "x-misp-object--56630769-4583-4a48-8dc7-e9cc3db3fa04"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--405dcd42-72d2-4e4c-bd20-887cf0bef719",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8c0a6865-151d-4949-a7f3-0b55c4c2b816",
|
|
"target_ref": "x-misp-object--decdf69d-655d-4289-9fb8-bcb04b66e6de"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--dc3dfbce-6227-4018-81c3-76fffed0d846",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--fa27fb54-023e-4b33-945f-f261e5d27510",
|
|
"target_ref": "x-misp-object--f7d70b47-467c-4d41-96cd-c3679cd22a38"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1ef224b3-1e6f-4eb2-8a02-e140b1c25ed4",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2d557448-fab3-4cdb-9b5b-93f6fff5dcb3",
|
|
"target_ref": "x-misp-object--024c8a02-43dc-446c-8ea1-070a1a7e6f7d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cb209d1e-dac9-4429-b8d7-68d74f15660b",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--30ca555e-8a3e-4752-b272-9456cdd3e99e",
|
|
"target_ref": "x-misp-object--fe4b52be-56bc-4161-ad46-14bbf2f0b4e4"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9ed749bb-4c27-4a8a-aeca-7e4454ff8a52",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--26300a37-bcc7-42ff-b086-d71cfc768584",
|
|
"target_ref": "x-misp-object--ae2273a7-8af8-401d-8c92-34bdd0b35db2"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--09ed11ea-71d8-43ed-8650-93ff5c24e24b",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--73cbad38-3b4a-4427-9146-ad2e627cf51b",
|
|
"target_ref": "x-misp-object--413bde3c-386d-4b7a-b090-becb555e4c93"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b3c4705f-b1ae-4cc8-84c7-20c01d87f7fb",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5da215ba-d9ed-48bc-b3f2-e04e17764277",
|
|
"target_ref": "x-misp-object--ac1ba177-5e24-475d-b3ca-58ec1fc3a28d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--37ec27e8-029c-4f65-ba6b-f154da23e728",
|
|
"created": "2019-06-02T07:30:37.000Z",
|
|
"modified": "2019-06-02T07:30:37.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--be260f87-96de-48c6-9fee-5d96cbdc5b40",
|
|
"target_ref": "x-misp-object--7de7c441-438b-43cc-9a44-519fdbac2468"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1294ca17-a17f-43b4-8137-8b85cfaf3dc1",
|
|
"created": "2019-06-02T07:30:38.000Z",
|
|
"modified": "2019-06-02T07:30:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e8e28f79-ae78-4ace-8753-952848d0df64",
|
|
"target_ref": "x-misp-object--08764b70-0639-4974-a1d7-464db05a4a01"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d6db8d14-a5d0-41dc-8e5d-a0f682758d66",
|
|
"created": "2019-06-02T07:30:38.000Z",
|
|
"modified": "2019-06-02T07:30:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--75977ea0-6f0b-4d63-a3ad-152ae3c63086",
|
|
"target_ref": "x-misp-object--2836199b-90bb-4f44-9546-81df3c53aaba"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9a2f698e-6958-4036-93e9-7a99c6fd89ab",
|
|
"created": "2019-06-02T07:30:38.000Z",
|
|
"modified": "2019-06-02T07:30:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--349fb1c6-9d44-4be6-a30e-6373fe3973de",
|
|
"target_ref": "x-misp-object--c8cc9792-d686-490a-91d7-d207bc62a3c8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2f042531-3f62-4559-b440-bfa8b4af1728",
|
|
"created": "2019-06-02T07:30:38.000Z",
|
|
"modified": "2019-06-02T07:30:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--dc144da4-b0aa-4d36-a788-453eafbeb938",
|
|
"target_ref": "x-misp-object--3c8cc20e-2fd8-43c4-adb6-72b3caceaa43"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--951a5023-aeef-4c63-b465-9ce7bdf1cc46",
|
|
"created": "2019-06-02T07:30:38.000Z",
|
|
"modified": "2019-06-02T07:30:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--82676173-677a-4196-b3aa-4aca467cb3a2",
|
|
"target_ref": "x-misp-object--66c25aae-8335-4191-b0d4-7a8dac19fa89"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1062fca5-429f-43b4-8b79-0e7c3e8b9864",
|
|
"created": "2019-06-02T07:30:38.000Z",
|
|
"modified": "2019-06-02T07:30:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0341606e-3420-4a27-88a9-da0563f82bdf",
|
|
"target_ref": "x-misp-object--b1dcedec-f5fa-4e0e-a90d-c877950b4c98"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9fa33f46-0c0d-4a60-92eb-6768ddda20d9",
|
|
"created": "2019-06-02T07:30:38.000Z",
|
|
"modified": "2019-06-02T07:30:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f8a6c308-c897-4dac-842c-da63ce7f81f6",
|
|
"target_ref": "x-misp-object--4a6b3dcf-f1df-4fcc-8b84-6b88bde168a0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--14535603-a479-4b58-9cad-6fc797a1b2c9",
|
|
"created": "2019-06-02T07:30:38.000Z",
|
|
"modified": "2019-06-02T07:30:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--db74144a-938d-41c5-b3e0-fea80fd6f893",
|
|
"target_ref": "x-misp-object--7adac80c-5633-46de-8404-4c999375f9e6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a891a5b2-e211-455a-8fc4-74af2aa407a4",
|
|
"created": "2019-06-02T07:30:38.000Z",
|
|
"modified": "2019-06-02T07:30:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d5caf1d8-c7fe-4023-9874-154c2e351c15",
|
|
"target_ref": "x-misp-object--b5ef1fa1-84c0-4899-84b0-b6a8ecc51556"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8fc0b41c-438d-469d-9a47-999716351927",
|
|
"created": "2019-06-02T07:30:40.000Z",
|
|
"modified": "2019-06-02T07:30:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7410379c-c381-45ea-8a33-b4bcc85818b4",
|
|
"target_ref": "x-misp-object--4eb96ae6-5b0a-4ded-bf8c-57cfc03e1d25"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c7866988-fdc8-4d71-b4c4-7c8dc355cbfa",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c54c28e0-f02b-41c6-b8fc-d78dd9b5ef46",
|
|
"target_ref": "x-misp-object--4ab3206c-feda-4db4-adfb-98f2b681c6ed"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1576cfe4-a607-49c9-a328-9b28eb8c9b64",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2b85c45c-2fdb-485c-a342-45cff2444d44",
|
|
"target_ref": "x-misp-object--72c851a8-5a70-487d-b63c-b7df09475ddf"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b67c9e9f-3f30-4f91-b7a4-b8202793c536",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--09548961-d207-4312-a75a-b3cadedf47fa",
|
|
"target_ref": "x-misp-object--57e9b96b-f5eb-4937-8d9e-c7d91a1164ce"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9bb43f1c-84d5-4c11-9e45-bc92bc7c4c69",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--abcd01bc-8233-4915-8bed-8d4922d61868",
|
|
"target_ref": "x-misp-object--669ac948-0bab-45ff-86e0-cc1c8907a62d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f0ede91a-1616-4fa8-b2b3-6341bce4c75d",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3d3585f0-1858-40c6-873c-538edfd12617",
|
|
"target_ref": "x-misp-object--addb0706-ec6b-440c-b41e-94f549ac73d0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0a560841-20d7-4a9c-9f35-6d9234d654c0",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2aa173da-7c89-4432-91ff-f2323a5f9281",
|
|
"target_ref": "x-misp-object--204b34ed-6af4-489d-8b75-f633df8f76e4"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--544556b8-74a7-41b6-84de-c83c278c7a74",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d72f8954-bc2a-4d03-a811-dbbf37f69c3f",
|
|
"target_ref": "x-misp-object--fa1ceeb9-e779-4f3f-beb5-6fef609bd53f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--54a39dfc-6360-44a5-af6d-bc4c9c03ff5b",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--aebf0a64-4feb-4d83-8162-dfb6476c2d56",
|
|
"target_ref": "x-misp-object--45bec62c-cf12-4170-a37b-5cd249f4eb35"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3ff8baff-9939-4c12-9f60-6b4881fac5c8",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--71dcf277-31eb-4415-997b-04ba8c086da4",
|
|
"target_ref": "x-misp-object--ed9c1aa8-0937-4724-8305-a6d19f28b737"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6632a91c-0da0-4827-adc1-38ec19f1dd14",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--87923be3-33e9-4404-875b-624d9b326db0",
|
|
"target_ref": "x-misp-object--4bf3bcb0-91ca-40e3-b2ba-1c9eab452263"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2fe4ee71-adb6-4868-a884-44c85c874dbe",
|
|
"created": "2019-06-02T07:30:41.000Z",
|
|
"modified": "2019-06-02T07:30:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c6a31281-93cb-4294-b30a-0fe43608ae58",
|
|
"target_ref": "x-misp-object--b24fd631-684d-43f3-b8d9-d1965c3ddea0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0603fe99-1b0f-4130-a92b-12bf979c0d9c",
|
|
"created": "2019-06-02T07:30:42.000Z",
|
|
"modified": "2019-06-02T07:30:42.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--73bca111-8ebf-4180-afeb-09889747699d",
|
|
"target_ref": "x-misp-object--bb1ceb2c-04eb-410a-84e1-a53f9ef26ec2"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d3cfd73b-1346-4fc1-a402-3bdd4280d9b9",
|
|
"created": "2019-06-02T07:30:42.000Z",
|
|
"modified": "2019-06-02T07:30:42.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b95b8d4e-c4f2-4c3a-ac56-5985c0f56426",
|
|
"target_ref": "x-misp-object--db749366-5a6a-477f-b812-a468bc49f257"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cc5b2ba6-2b1a-40a4-8233-f202a69f26ec",
|
|
"created": "2019-06-02T07:30:43.000Z",
|
|
"modified": "2019-06-02T07:30:43.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--dedbee2a-96ea-4afa-8c59-69d07be55fa4",
|
|
"target_ref": "x-misp-object--31432274-c4b8-4983-af78-33ce823ffd68"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8b28812d-fcdc-47da-b49c-6cc7a4a32561",
|
|
"created": "2019-06-02T07:30:43.000Z",
|
|
"modified": "2019-06-02T07:30:43.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0b2c0f8e-1af9-4e8e-9f8e-8fb45c401224",
|
|
"target_ref": "x-misp-object--98feb68b-c2ad-4663-87c3-d1b523867d7a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0b3ea5e4-2586-4230-bdea-8c3ac8d96485",
|
|
"created": "2019-06-02T07:30:44.000Z",
|
|
"modified": "2019-06-02T07:30:44.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e33f4932-2a00-4e6a-af61-d2fe8bb882e9",
|
|
"target_ref": "x-misp-object--0657c5d4-40bc-4e82-9166-9e8b5a74e3fc"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |