adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5cf900bc-28e0-4bed-93a9-5225950d210f.json

2337 lines
No EOL
100 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5cf900bc-28e0-4bed-93a9-5225950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:16:16.000Z",
"modified": "2019-06-06T12:16:16.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5cf900bc-28e0-4bed-93a9-5225950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:16:16.000Z",
"modified": "2019-06-06T12:16:16.000Z",
"name": "OSINT - Gaining New Visibility into Financial Threats",
"published": "2019-06-06T12:16:29Z",
"object_refs": [
"indicator--5cf900e7-bcf4-4373-a0ea-7a17950d210f",
"indicator--5cf900e8-2f1c-4894-a23c-7a17950d210f",
"indicator--5cf900e8-6870-498d-84d9-7a17950d210f",
"indicator--5cf900e8-e61c-44fb-ac10-7a17950d210f",
"indicator--5cf900e8-1334-490c-a730-7a17950d210f",
"indicator--5cf900e8-bbe4-4902-af9f-7a17950d210f",
"indicator--5cf900e8-5b20-46d5-a4a2-7a17950d210f",
"indicator--5cf900e8-ddbc-470a-947b-7a17950d210f",
"indicator--5cf900e8-f670-48ab-bb14-7a17950d210f",
"indicator--5cf9023b-6d44-4c14-bcef-c66a950d210f",
"indicator--5cf9023b-81c0-4707-ba3c-c66a950d210f",
"indicator--5cf9023b-0f88-4640-8a7a-c66a950d210f",
"indicator--5cf9023b-9cfc-4ca1-b965-c66a950d210f",
"indicator--5cf9023b-3068-452b-bf0c-c66a950d210f",
"indicator--5cf9023c-9060-4187-820f-c66a950d210f",
"indicator--5cf9023c-40f0-4df2-93c9-c66a950d210f",
"indicator--5cf9023c-12c4-4c92-a77f-c66a950d210f",
"indicator--5cf9023c-1f94-40f5-a8a6-c66a950d210f",
"indicator--5cf9023c-3880-4332-8439-c66a950d210f",
"indicator--5cf9023c-444c-4673-9cb4-c66a950d210f",
"indicator--5cf9023c-f954-4501-a996-c66a950d210f",
"indicator--5cf9023c-4834-4e22-bec8-c66a950d210f",
"indicator--5cf9023c-7518-4541-bb00-c66a950d210f",
"indicator--5cf9023c-4630-43f1-9026-c66a950d210f",
"indicator--5cf9023c-f7b4-4686-9de1-c66a950d210f",
"indicator--5cf9023c-3fa0-4002-b6c1-c66a950d210f",
"indicator--5cf9023c-19bc-4207-81e4-c66a950d210f",
"indicator--5cf9023c-12ec-48c3-8418-c66a950d210f",
"indicator--5cf9023c-a274-460e-921b-c66a950d210f",
"indicator--5cf9023c-5220-44d5-9984-c66a950d210f",
"indicator--5cf9023c-b7c0-4260-987d-c66a950d210f",
"indicator--5cf9023c-f174-48fa-a207-c66a950d210f",
"observed-data--5cf90364-3014-4df3-b302-4a48950d210f",
"url--5cf90364-3014-4df3-b302-4a48950d210f",
"observed-data--5cf903a6-fe08-49aa-8375-77d4950d210f",
"url--5cf903a6-fe08-49aa-8375-77d4950d210f",
"indicator--ea848d2e-65da-4deb-af74-a9d0e3a0ebea",
"x-misp-object--de47fb74-8512-47da-86f7-e8d0cc93cdc7",
"indicator--57e3c16f-67f4-468d-9d9e-b2ee77fce921",
"x-misp-object--3a75d429-6e69-4e61-a8f9-cb53975d839f",
"indicator--2f8c8c8a-924b-4a0e-a78c-eae52f1ba8a7",
"x-misp-object--a575205e-629c-4238-ae69-d22e6a64b163",
"indicator--33492163-b362-476c-9869-f601ff4b0211",
"x-misp-object--cd0334f3-67d3-4324-9b30-28951aabe6c6",
"indicator--11184fc9-fcec-4ee2-8097-94d0024f38fc",
"x-misp-object--7ae2d99e-26b2-4879-a4e2-caec2c6ac680",
"indicator--b62a4ac4-4b20-4eb5-81d5-f9a3fee32519",
"x-misp-object--20f86c50-ab0b-42c5-a22a-4a0b861dd753",
"indicator--8c139391-532c-41a3-a222-634a8c601a87",
"x-misp-object--b6acbebe-39e8-4a6a-8781-7a22d00272b0",
"indicator--c7d41beb-3fba-4a5c-8f1b-1776eac57521",
"x-misp-object--76cd75eb-9363-4a7a-8a23-568bb8cf2bb7",
"indicator--2635adb7-eec5-421d-8084-7b415519ee42",
"x-misp-object--d317b55c-3b25-4466-8fac-5ab9a70a2ef2",
"indicator--c730930e-72e0-45e5-a3cb-e040521971a3",
"x-misp-object--7bc4f11b-34a5-4929-9f93-75081f6a60b4",
"indicator--654cf3c0-e403-415e-8dde-d210c2a32c68",
"x-misp-object--80f85328-d4bb-4113-a164-a4e080ef8d80",
"indicator--978cc9ef-f291-4f48-b98d-7d6ac96c6e00",
"x-misp-object--1e23c045-091f-4acd-a090-9b8d21b602ec",
"indicator--8b5a1799-619f-4570-9aa6-ac54205c81f4",
"x-misp-object--dce4a646-5ab4-4c54-88ea-a2c5a6683155",
"indicator--d92702b0-6916-4c5b-a9d7-e035ed8a604a",
"x-misp-object--9660acc8-ba12-424d-8085-21d4eb1aae63",
"indicator--a0bddce4-2ca6-457b-bce3-61b9599ce66c",
"x-misp-object--76b07ec6-98ae-4501-a62f-d2e22a7d9152",
"indicator--4954412e-840b-4d4f-8489-6cb21726714b",
"x-misp-object--161cae50-743b-45ad-a792-d2570dc1e75f",
"indicator--7e91b7fe-21de-467e-8896-aec026eb81b6",
"x-misp-object--4fe9f431-3164-4395-9430-6836d9203a7a",
"indicator--401965ce-213d-4b3c-8adc-827b3b088b7d",
"x-misp-object--5a645eb9-b060-42a4-9edc-f0dcc184e949",
"indicator--06a3f94e-a2d3-4af6-8942-eec7ad961249",
"x-misp-object--be23a287-3e5a-4a11-9869-f4b80896c730",
"relationship--70a619eb-1cfc-4c4e-bc2f-0cbdf8cb4656",
"relationship--c05c42d1-7366-441b-bf85-faf65589a8fb",
"relationship--c23af317-69ec-4c10-a9e5-39fa69224a77",
"relationship--ad3f1a2a-f9f3-4494-ae62-6e58f0ede830",
"relationship--2275db3d-9ec4-4403-a59a-27b25dd18d65",
"relationship--aad47034-d072-496b-8204-a688c691bc9c",
"relationship--97ade690-ba77-4430-bffb-c1a8822173f9",
"relationship--eaacd2b2-cf9a-411b-a883-a5658eb79570",
"relationship--46ffeab6-9747-4ec3-8810-fd2f00dd63c1",
"relationship--1db97bef-aa98-461f-824a-5b6f5989e6e9",
"relationship--3888bf66-e82f-4ffb-990e-00533f2df6cf",
"relationship--80d9f096-2abc-44cb-8421-690357ec4a70",
"relationship--cf146ef6-8a95-4bb4-a8a5-6a95dc788fb2",
"relationship--43fc53c3-198b-49ce-b5fc-78b183a29e71",
"relationship--3ab89874-f0c8-4197-ae09-2f62dbdd9ce7",
"relationship--78b41e95-42d9-441e-99cf-442328780a0e",
"relationship--32b02edf-36d1-4cf9-8900-bea5dfe35d31",
"relationship--1b04c456-459e-4250-8fa6-a28157f43f72",
"relationship--dda1e969-451a-4472-8b5b-bbd606e35bf4"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:threat-actor=\"Anunak\"",
"circl:topic=\"finance\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf900e7-bcf4-4373-a0ea-7a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:02:47.000Z",
"modified": "2019-06-06T12:02:47.000Z",
"pattern": "[url:value = 'swift-fraud.com/documents/94563784.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf900e8-2f1c-4894-a23c-7a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:02:48.000Z",
"modified": "2019-06-06T12:02:48.000Z",
"pattern": "[url:value = 'cloud.yourdocument.biz/robots.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf900e8-6870-498d-84d9-7a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:02:48.000Z",
"modified": "2019-06-06T12:02:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.140.116.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf900e8-e61c-44fb-ac10-7a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:02:48.000Z",
"modified": "2019-06-06T12:02:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.206.145.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf900e8-1334-490c-a730-7a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:02:48.000Z",
"modified": "2019-06-06T12:02:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.56.162.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf900e8-bbe4-4902-af9f-7a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:02:48.000Z",
"modified": "2019-06-06T12:02:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.156.35.118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf900e8-5b20-46d5-a4a2-7a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:02:48.000Z",
"modified": "2019-06-06T12:02:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.243.115.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf900e8-ddbc-470a-947b-7a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:02:48.000Z",
"modified": "2019-06-06T12:02:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.206.146.226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf900e8-f670-48ab-bb14-7a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:02:48.000Z",
"modified": "2019-06-06T12:02:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.140.116.176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023b-6d44-4c14-bcef-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:27.000Z",
"modified": "2019-06-06T12:08:27.000Z",
"description": "smrs.exe",
"pattern": "[file:hashes.MD5 = 'd68351f754a508a386c06946c8e79088']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023b-81c0-4707-ba3c-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:27.000Z",
"modified": "2019-06-06T12:08:27.000Z",
"description": "smrs.exe",
"pattern": "[file:hashes.MD5 = '341917d17440ee8a334b202eb0378108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023b-0f88-4640-8a7a-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:27.000Z",
"modified": "2019-06-06T12:08:27.000Z",
"description": "java.exe",
"pattern": "[file:hashes.MD5 = 'd90ecd6c825ce236838112898e1c4a2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023b-9cfc-4ca1-b965-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:27.000Z",
"modified": "2019-06-06T12:08:27.000Z",
"description": "94563784.doc",
"pattern": "[file:hashes.MD5 = 'd117c73e353193118a6383c30e42a95f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023b-3068-452b-bf0c-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:27.000Z",
"modified": "2019-06-06T12:08:27.000Z",
"description": "WRF{8F0C5F8E-18A3-48CE-A2F4-2F4DB1B14E94}.tmp",
"pattern": "[file:hashes.MD5 = 'b8fc470b9665b33d2071034fdfd6629c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-9060-4187-820f-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "KbhpQIcahFCuZwq.sct",
"pattern": "[file:hashes.MD5 = 'bb784d55895db10b67b1b4f1f5b0be16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-40f0-4df2-93c9-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "MGsCOxPSNK.txt",
"pattern": "[file:hashes.MD5 = '4bee6ff39103ffe31118260f9b1c4884']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-12c4-4c92-a77f-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "cqHfjCkTtMwG.doc",
"pattern": "[file:hashes.MD5 = 'c2a9443aac258a60d8cace43e839cf9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-1f94-40f5-a8a6-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "tCrrDqBQoCcEkbnK.txt",
"pattern": "[file:hashes.MD5 = '581c2a76b382deedb48d1df077e5bdf1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-3880-4332-8439-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "DLL dropper",
"pattern": "[file:hashes.MD5 = 'f0645bd9367faf4e21a9c5e8c132bed7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-444c-4673-9cb4-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "DLL dropper",
"pattern": "[file:hashes.MD5 = '34a58e62866e5c17db61ee5f95d52c58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-f954-4501-a996-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "DLL dropper",
"pattern": "[file:hashes.MD5 = '38242fb29d7cb82a4ffd651189d9821e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-4834-4e22-bec8-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "DLL dropper",
"pattern": "[file:hashes.MD5 = 'f0e52df398b938bf82d9e71ce754ab34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-7518-4541-bb00-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "303F1428C3F",
"pattern": "[file:hashes.MD5 = 'eb561d46c6283c632df88bd20ade6df4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-4630-43f1-9026-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "9D01CA.txt",
"pattern": "[file:hashes.MD5 = 'bbaee5d936a3809f46fd409b8442f753']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-f7b4-4686-9de1-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "rad353F7.tmp",
"pattern": "[file:hashes.MD5 = '63c98b8c34ee9261c0068c7f0435a9f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-3fa0-4002-b6c1-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "nusb1mon.exe",
"pattern": "[file:hashes.MD5 = 'ddb9553c6e4e4908b5c7fbbdc4795d6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-19bc-4207-81e4-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "netscan.exe",
"pattern": "[file:hashes.MD5 = '1e94f1fdf5ace5e57d8b7832ea2da22e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-12ec-48c3-8418-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "netscan.exe",
"pattern": "[file:hashes.MD5 = 'e7aa5608c81ba4fcd8d166501b90fc06']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-a274-460e-921b-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "psexec.exe",
"pattern": "[file:hashes.MD5 = '27304b246c7d5b4e149124d5f93c5b01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-5220-44d5-9984-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "psexec.exe",
"pattern": "[file:hashes.MD5 = '75b55bb34dac9d02740b9ad6b6820360']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-b7c0-4260-987d-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "psexesvc.exe",
"pattern": "[file:hashes.MD5 = 'a7f7a0f74c8b48f1699858b3b6c11eda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf9023c-f174-48fa-a207-c66a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:08:28.000Z",
"modified": "2019-06-06T12:08:28.000Z",
"description": "psexesvc.exe",
"pattern": "[file:hashes.MD5 = '87dfac39f577e5f52f0724455e8832a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cf90364-3014-4df3-b302-4a48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:13:24.000Z",
"modified": "2019-06-06T12:13:24.000Z",
"first_observed": "2019-06-06T12:13:24Z",
"last_observed": "2019-06-06T12:13:24Z",
"number_observed": 1,
"object_refs": [
"url--5cf90364-3014-4df3-b302-4a48950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5cf90364-3014-4df3-b302-4a48950d210f",
"value": "https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cf903a6-fe08-49aa-8375-77d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:14:30.000Z",
"modified": "2019-06-06T12:14:30.000Z",
"first_observed": "2019-06-06T12:14:30Z",
"last_observed": "2019-06-06T12:14:30Z",
"number_observed": 1,
"object_refs": [
"url--5cf903a6-fe08-49aa-8375-77d4950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5cf903a6-fe08-49aa-8375-77d4950d210f",
"value": "https://pastebin.com/FdNVb77d"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ea848d2e-65da-4deb-af74-a9d0e3a0ebea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:09:59.000Z",
"modified": "2019-06-06T12:09:59.000Z",
"pattern": "[file:hashes.MD5 = '87dfac39f577e5f52f0724455e8832a8' AND file:hashes.SHA1 = '0c5a8a0c11b9fcad622b884d48c5f0f379e054ff' AND file:hashes.SHA256 = '6a6a9aa6ed43eb3f857392459c7b05a5a0df89e00a3214d333949a561bcff368']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:09:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--de47fb74-8512-47da-86f7-e8d0cc93cdc7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:09:59.000Z",
"modified": "2019-06-06T12:09:59.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-06T00:05:45",
"category": "Other",
"comment": "psexesvc.exe",
"uuid": "edb4fa20-2435-47a1-930f-681799b0e215"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6a6a9aa6ed43eb3f857392459c7b05a5a0df89e00a3214d333949a561bcff368/analysis/1559779545/",
"category": "Payload delivery",
"comment": "psexesvc.exe",
"uuid": "a8857c21-1482-43b7-82a6-ddb1e08d56e1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/73",
"category": "Payload delivery",
"comment": "psexesvc.exe",
"uuid": "359d9cd1-3274-43bf-8cb7-342610cdba6f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57e3c16f-67f4-468d-9d9e-b2ee77fce921",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:09:59.000Z",
"modified": "2019-06-06T12:09:59.000Z",
"pattern": "[file:hashes.MD5 = '63c98b8c34ee9261c0068c7f0435a9f9' AND file:hashes.SHA1 = 'c673cdac0a0edb70c7a649f9d7ef08ceaa16bd2d' AND file:hashes.SHA256 = '28dd81de1a5fa5ca2009abb0daa60e7ff3b9ffba4b8a397147d55b543bc20484']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:09:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3a75d429-6e69-4e61-a8f9-cb53975d839f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:00.000Z",
"modified": "2019-06-06T12:10:00.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T16:39:16",
"category": "Other",
"comment": "rad353F7.tmp",
"uuid": "a8cb3636-92dd-47cc-83d3-25182cdbd9c7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/28dd81de1a5fa5ca2009abb0daa60e7ff3b9ffba4b8a397147d55b543bc20484/analysis/1559752756/",
"category": "Payload delivery",
"comment": "rad353F7.tmp",
"uuid": "010f4707-c282-4a50-b6fe-c198e6abe3b5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/73",
"category": "Payload delivery",
"comment": "rad353F7.tmp",
"uuid": "b223286d-7c10-4ef3-84cc-45af8741323a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2f8c8c8a-924b-4a0e-a78c-eae52f1ba8a7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:00.000Z",
"modified": "2019-06-06T12:10:00.000Z",
"pattern": "[file:hashes.MD5 = '38242fb29d7cb82a4ffd651189d9821e' AND file:hashes.SHA1 = '7ae97baa869d7ed416b773cc72973255a50fa579' AND file:hashes.SHA256 = '0fef1863af0d7da7ddcfd3727f8fa08d66cd2d9ab4d5300dd3c57e908144edb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a575205e-629c-4238-ae69-d22e6a64b163",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:00.000Z",
"modified": "2019-06-06T12:10:00.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-06T09:50:59",
"category": "Other",
"comment": "DLL dropper",
"uuid": "4732126c-2568-42c3-9064-1deb92dc6b18"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0fef1863af0d7da7ddcfd3727f8fa08d66cd2d9ab4d5300dd3c57e908144edb6/analysis/1559814659/",
"category": "Payload delivery",
"comment": "DLL dropper",
"uuid": "ef6ddc96-9d46-404d-b6ba-78e8bc713108"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/68",
"category": "Payload delivery",
"comment": "DLL dropper",
"uuid": "f0fb56ae-dd12-4b0e-8014-18c839783a45"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--33492163-b362-476c-9869-f601ff4b0211",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:00.000Z",
"modified": "2019-06-06T12:10:00.000Z",
"pattern": "[file:hashes.MD5 = '34a58e62866e5c17db61ee5f95d52c58' AND file:hashes.SHA1 = '8c0c273d458a85f38dd35d868cc734119773edbe' AND file:hashes.SHA256 = '74af98fb016bf3adb51f49dff0a88c27bf4437e625a0c7557215a618a7b469a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cd0334f3-67d3-4324-9b30-28951aabe6c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:00.000Z",
"modified": "2019-06-06T12:10:00.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-06T09:59:20",
"category": "Other",
"comment": "DLL dropper",
"uuid": "a5f8849e-c2eb-48e8-9c38-248d2e440c76"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/74af98fb016bf3adb51f49dff0a88c27bf4437e625a0c7557215a618a7b469a1/analysis/1559815160/",
"category": "Payload delivery",
"comment": "DLL dropper",
"uuid": "b58a6671-028a-40fc-9131-40f3cab08675"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/71",
"category": "Payload delivery",
"comment": "DLL dropper",
"uuid": "1ff8f77d-f171-49dc-9428-b80758e28b65"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--11184fc9-fcec-4ee2-8097-94d0024f38fc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:00.000Z",
"modified": "2019-06-06T12:10:00.000Z",
"pattern": "[file:hashes.MD5 = 'bb784d55895db10b67b1b4f1f5b0be16' AND file:hashes.SHA1 = '3d29fac679c5ce41cacd4510b455dbcbfc33a95e' AND file:hashes.SHA256 = '340025fc4a857bad96a037c6acaaa4d61e03b0fd13f56b724cee46dfcf020bd4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7ae2d99e-26b2-4879-a4e2-caec2c6ac680",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:01.000Z",
"modified": "2019-06-06T12:10:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T18:34:57",
"category": "Other",
"comment": "KbhpQIcahFCuZwq.sct",
"uuid": "7e6cf628-7384-4e39-9e01-973a74927d29"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/340025fc4a857bad96a037c6acaaa4d61e03b0fd13f56b724cee46dfcf020bd4/analysis/1559759697/",
"category": "Payload delivery",
"comment": "KbhpQIcahFCuZwq.sct",
"uuid": "db2ad86f-6749-4397-a9a0-2c6635bbe918"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "21/56",
"category": "Payload delivery",
"comment": "KbhpQIcahFCuZwq.sct",
"uuid": "d1214470-81bb-4d00-9d3b-4cf4f6a3644d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b62a4ac4-4b20-4eb5-81d5-f9a3fee32519",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:01.000Z",
"modified": "2019-06-06T12:10:01.000Z",
"pattern": "[file:hashes.MD5 = 'f0645bd9367faf4e21a9c5e8c132bed7' AND file:hashes.SHA1 = '8245fca43d35c309fa64532b03ec20a31014572f' AND file:hashes.SHA256 = 'cc2e9c6d8bce799829351bd25a64c9b332958038365195e054411b136be61a4f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--20f86c50-ab0b-42c5-a22a-4a0b861dd753",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:01.000Z",
"modified": "2019-06-06T12:10:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T18:34:38",
"category": "Other",
"comment": "DLL dropper",
"uuid": "cc6e41d6-0011-4337-9cd1-21936ff90bbf"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/cc2e9c6d8bce799829351bd25a64c9b332958038365195e054411b136be61a4f/analysis/1559759678/",
"category": "Payload delivery",
"comment": "DLL dropper",
"uuid": "f63df462-3a2d-4bf4-be13-d2960864cf7e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/70",
"category": "Payload delivery",
"comment": "DLL dropper",
"uuid": "11d7631b-1d40-42cb-979c-949d49db670d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8c139391-532c-41a3-a222-634a8c601a87",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:01.000Z",
"modified": "2019-06-06T12:10:01.000Z",
"pattern": "[file:hashes.MD5 = '27304b246c7d5b4e149124d5f93c5b01' AND file:hashes.SHA1 = 'e50d9e3bd91908e13a26b3e23edeaf577fb3a095' AND file:hashes.SHA256 = '3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b6acbebe-39e8-4a6a-8781-7a22d00272b0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:01.000Z",
"modified": "2019-06-06T12:10:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T23:56:48",
"category": "Other",
"comment": "psexec.exe",
"uuid": "a54e618c-709f-4c4c-96f8-475a27c9ba36"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef/analysis/1559779008/",
"category": "Payload delivery",
"comment": "psexec.exe",
"uuid": "181a1c58-4800-43e6-a903-009a1f96f197"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/73",
"category": "Payload delivery",
"comment": "psexec.exe",
"uuid": "9e26cdbd-8e6e-4a39-930d-987d58e8e85e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c7d41beb-3fba-4a5c-8f1b-1776eac57521",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:01.000Z",
"modified": "2019-06-06T12:10:01.000Z",
"pattern": "[file:hashes.MD5 = '581c2a76b382deedb48d1df077e5bdf1' AND file:hashes.SHA1 = '8b7b20d1a81af09a42e7dd1b3e02f2fa8038413c' AND file:hashes.SHA256 = 'b6ab9705591e9066df9ce4ab79ff532eff4adff88d899522cddc814158f95663']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--76cd75eb-9363-4a7a-8a23-568bb8cf2bb7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:02.000Z",
"modified": "2019-06-06T12:10:02.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T16:39:41",
"category": "Other",
"comment": "tCrrDqBQoCcEkbnK.txt",
"uuid": "1bcfe86d-7072-4afe-a20f-9f9e11cb6d36"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b6ab9705591e9066df9ce4ab79ff532eff4adff88d899522cddc814158f95663/analysis/1559752781/",
"category": "Payload delivery",
"comment": "tCrrDqBQoCcEkbnK.txt",
"uuid": "e1e7432c-c31a-405a-a881-ec4c7f7c92dd"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/59",
"category": "Payload delivery",
"comment": "tCrrDqBQoCcEkbnK.txt",
"uuid": "c78bfbb2-cfc8-4c52-bfd1-b7a2c97b01ad"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2635adb7-eec5-421d-8084-7b415519ee42",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:02.000Z",
"modified": "2019-06-06T12:10:02.000Z",
"pattern": "[file:hashes.MD5 = 'f0e52df398b938bf82d9e71ce754ab34' AND file:hashes.SHA1 = 'b58b6e2049fbaae7eb0c7aa14564604813c9e06b' AND file:hashes.SHA256 = '69f7822cac20a27c4fe955c0864a9fe9b3798f54f39ac3ebdba12b0ab4a9cdbd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d317b55c-3b25-4466-8fac-5ab9a70a2ef2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:02.000Z",
"modified": "2019-06-06T12:10:02.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T16:39:26",
"category": "Other",
"comment": "DLL dropper",
"uuid": "35f48480-2d3c-4845-9a0b-e4302f6dfd1c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/69f7822cac20a27c4fe955c0864a9fe9b3798f54f39ac3ebdba12b0ab4a9cdbd/analysis/1559752766/",
"category": "Payload delivery",
"comment": "DLL dropper",
"uuid": "b8ddf93c-d397-4187-a061-f2317b8a4aa3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/73",
"category": "Payload delivery",
"comment": "DLL dropper",
"uuid": "787821f0-07d0-49da-a0be-c875035086ca"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c730930e-72e0-45e5-a3cb-e040521971a3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:02.000Z",
"modified": "2019-06-06T12:10:02.000Z",
"pattern": "[file:hashes.MD5 = '4bee6ff39103ffe31118260f9b1c4884' AND file:hashes.SHA1 = 'ae9ee7088142c9c13427f9cac6b604d04dea4db4' AND file:hashes.SHA256 = '127e185dc7308e6a7bfa9c91601c9dfc8b0b2ce410e4e6157992e995169c1699']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7bc4f11b-34a5-4929-9f93-75081f6a60b4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:02.000Z",
"modified": "2019-06-06T12:10:02.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T16:39:11",
"category": "Other",
"comment": "MGsCOxPSNK.txt",
"uuid": "24d4b68b-979f-40a2-8ae3-7fbab006b695"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/127e185dc7308e6a7bfa9c91601c9dfc8b0b2ce410e4e6157992e995169c1699/analysis/1559752751/",
"category": "Payload delivery",
"comment": "MGsCOxPSNK.txt",
"uuid": "7eab0bbb-e934-4101-8725-255aeebcc24c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/60",
"category": "Payload delivery",
"comment": "MGsCOxPSNK.txt",
"uuid": "7a5f5574-3b98-4b2e-9453-13d93cfad79f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--654cf3c0-e403-415e-8dde-d210c2a32c68",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:03.000Z",
"modified": "2019-06-06T12:10:03.000Z",
"pattern": "[file:hashes.MD5 = '75b55bb34dac9d02740b9ad6b6820360' AND file:hashes.SHA1 = 'a17c21b909c56d93d978014e63fb06926eaea8e7' AND file:hashes.SHA256 = '141b2190f51397dbd0dfde0e3904b264c91b6f81febc823ff0c33da980b69944']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--80f85328-d4bb-4113-a164-a4e080ef8d80",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:03.000Z",
"modified": "2019-06-06T12:10:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T18:30:17",
"category": "Other",
"comment": "psexec.exe",
"uuid": "a6d55295-0037-48dd-8cdc-9618997f3d83"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/141b2190f51397dbd0dfde0e3904b264c91b6f81febc823ff0c33da980b69944/analysis/1559759417/",
"category": "Payload delivery",
"comment": "psexec.exe",
"uuid": "8f93c372-fb61-4b5f-b72d-0bb26c38e3a2"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/74",
"category": "Payload delivery",
"comment": "psexec.exe",
"uuid": "9637d4d7-f3dd-43e2-b1e8-cc524e61425b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--978cc9ef-f291-4f48-b98d-7d6ac96c6e00",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:03.000Z",
"modified": "2019-06-06T12:10:03.000Z",
"pattern": "[file:hashes.MD5 = 'd117c73e353193118a6383c30e42a95f' AND file:hashes.SHA1 = 'fa191c27a162589ba54f0e7a30ffb23623f3872c' AND file:hashes.SHA256 = 'bebd4cd9aece49fbe6e7024e239638004358ff87d02f9bd4328993409da9e17c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1e23c045-091f-4acd-a090-9b8d21b602ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:03.000Z",
"modified": "2019-06-06T12:10:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T10:41:17",
"category": "Other",
"comment": "94563784.doc",
"uuid": "740acfa3-9fa9-48c9-8754-14166e8d67ed"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bebd4cd9aece49fbe6e7024e239638004358ff87d02f9bd4328993409da9e17c/analysis/1559731277/",
"category": "Payload delivery",
"comment": "94563784.doc",
"uuid": "77c482d6-0a9c-4f2b-9294-1c3f91493103"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/59",
"category": "Payload delivery",
"comment": "94563784.doc",
"uuid": "7e4241d3-c145-40c1-b7ca-0b512993b4e4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8b5a1799-619f-4570-9aa6-ac54205c81f4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:03.000Z",
"modified": "2019-06-06T12:10:03.000Z",
"pattern": "[file:hashes.MD5 = 'eb561d46c6283c632df88bd20ade6df4' AND file:hashes.SHA1 = '1313dadf5e3a1dc414798dc746e32509766dcd70' AND file:hashes.SHA256 = '2169cc5e019acf1825025603651055481fb0dc82927a371016efc974634b784c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dce4a646-5ab4-4c54-88ea-a2c5a6683155",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:03.000Z",
"modified": "2019-06-06T12:10:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-06T10:01:38",
"category": "Other",
"comment": "303F1428C3F",
"uuid": "6d0b1b34-a70f-4b78-bca5-40357670d29a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2169cc5e019acf1825025603651055481fb0dc82927a371016efc974634b784c/analysis/1559815298/",
"category": "Payload delivery",
"comment": "303F1428C3F",
"uuid": "54560188-5647-47cb-800a-54622b884041"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "22/59",
"category": "Payload delivery",
"comment": "303F1428C3F",
"uuid": "a04712ac-3b5c-4576-ab6d-bfae097f9fc3"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d92702b0-6916-4c5b-a9d7-e035ed8a604a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:04.000Z",
"modified": "2019-06-06T12:10:04.000Z",
"pattern": "[file:hashes.MD5 = 'a7f7a0f74c8b48f1699858b3b6c11eda' AND file:hashes.SHA1 = 'b5c62d79eda4f7e4b60a9caa5736a3fdc2f1b27e' AND file:hashes.SHA256 = '3b08535b4add194f5661e1131c8e81af373ca322cf669674cf1272095e5cab95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9660acc8-ba12-424d-8085-21d4eb1aae63",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:04.000Z",
"modified": "2019-06-06T12:10:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-06T00:08:36",
"category": "Other",
"comment": "psexesvc.exe",
"uuid": "4c862820-246b-42f4-be45-74f6e17253cd"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3b08535b4add194f5661e1131c8e81af373ca322cf669674cf1272095e5cab95/analysis/1559779716/",
"category": "Payload delivery",
"comment": "psexesvc.exe",
"uuid": "983fc4e8-8c61-4b03-b5de-c41a52edc523"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/73",
"category": "Payload delivery",
"comment": "psexesvc.exe",
"uuid": "975d0ecd-96f1-4945-a935-c9cbaf9487ec"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a0bddce4-2ca6-457b-bce3-61b9599ce66c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:04.000Z",
"modified": "2019-06-06T12:10:04.000Z",
"pattern": "[file:hashes.MD5 = '1e94f1fdf5ace5e57d8b7832ea2da22e' AND file:hashes.SHA1 = 'f03ca4748433d0e1067ae05fcd2e1abec5e0c5e0' AND file:hashes.SHA256 = '08ecf6450d83904a15674148b78b531b930b658a401cd193c0fa91f29cde5ca8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--76b07ec6-98ae-4501-a62f-d2e22a7d9152",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:04.000Z",
"modified": "2019-06-06T12:10:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T16:39:07",
"category": "Other",
"comment": "netscan.exe",
"uuid": "a9f7e2da-7733-4985-83a4-3e4b6119061e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/08ecf6450d83904a15674148b78b531b930b658a401cd193c0fa91f29cde5ca8/analysis/1559752747/",
"category": "Payload delivery",
"comment": "netscan.exe",
"uuid": "577a9a9d-aa41-48a8-956b-4ff92654ceb7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/73",
"category": "Payload delivery",
"comment": "netscan.exe",
"uuid": "13c7acd4-b4da-4f21-b684-231919426afd"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4954412e-840b-4d4f-8489-6cb21726714b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:04.000Z",
"modified": "2019-06-06T12:10:04.000Z",
"pattern": "[file:hashes.MD5 = 'd68351f754a508a386c06946c8e79088' AND file:hashes.SHA1 = 'dcb3231b004c2fbfc2a74c4c64b130210ca5103b' AND file:hashes.SHA256 = '6b47df30b5773c35e77204d7a8e49777aea489876d48de455fd533ae27da668b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--161cae50-743b-45ad-a792-d2570dc1e75f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:04.000Z",
"modified": "2019-06-06T12:10:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T16:39:27",
"category": "Other",
"comment": "smrs.exe",
"uuid": "761a3d84-fe38-4cd0-95e2-861dedb0b0b4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6b47df30b5773c35e77204d7a8e49777aea489876d48de455fd533ae27da668b/analysis/1559752767/",
"category": "Payload delivery",
"comment": "smrs.exe",
"uuid": "14ee7223-8496-41eb-886f-c781abc2609e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/74",
"category": "Payload delivery",
"comment": "smrs.exe",
"uuid": "5e9898a2-d06d-47b5-b3b6-7033867044a2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7e91b7fe-21de-467e-8896-aec026eb81b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:04.000Z",
"modified": "2019-06-06T12:10:04.000Z",
"pattern": "[file:hashes.MD5 = 'c2a9443aac258a60d8cace43e839cf9f' AND file:hashes.SHA1 = 'fa1340e1a9aea1fceb4b5c1b015029476c26b985' AND file:hashes.SHA256 = '1c56f98778fb741ef2a8f050070f2d8c33f05ce8e3f069ae131060c70c4e2e3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4fe9f431-3164-4395-9430-6836d9203a7a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:05.000Z",
"modified": "2019-06-06T12:10:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-04T12:12:15",
"category": "Other",
"comment": "cqHfjCkTtMwG.doc",
"uuid": "033b37c1-c433-462b-b3e1-9a6c4c558718"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1c56f98778fb741ef2a8f050070f2d8c33f05ce8e3f069ae131060c70c4e2e3d/analysis/1559650335/",
"category": "Payload delivery",
"comment": "cqHfjCkTtMwG.doc",
"uuid": "df393102-f192-4bc5-b474-8b2882101f43"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/59",
"category": "Payload delivery",
"comment": "cqHfjCkTtMwG.doc",
"uuid": "198ebd11-937c-49ab-bc7b-ddf56fa2ff89"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--401965ce-213d-4b3c-8adc-827b3b088b7d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:05.000Z",
"modified": "2019-06-06T12:10:05.000Z",
"pattern": "[file:hashes.MD5 = 'e7aa5608c81ba4fcd8d166501b90fc06' AND file:hashes.SHA1 = '5c714fda5b78726541301672a44eaf886728f88c' AND file:hashes.SHA256 = '5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a645eb9-b060-42a4-9edc-f0dcc184e949",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:05.000Z",
"modified": "2019-06-06T12:10:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T16:39:24",
"category": "Other",
"comment": "netscan.exe",
"uuid": "5339b7e7-46f7-4c42-9ef6-db60704d36f8"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992/analysis/1559752764/",
"category": "Payload delivery",
"comment": "netscan.exe",
"uuid": "49a26e6b-b3b6-4676-9bb2-be3ada41ef7c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/74",
"category": "Payload delivery",
"comment": "netscan.exe",
"uuid": "101ab576-3119-445d-9166-c808284d63c2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--06a3f94e-a2d3-4af6-8942-eec7ad961249",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:05.000Z",
"modified": "2019-06-06T12:10:05.000Z",
"pattern": "[file:hashes.MD5 = 'bbaee5d936a3809f46fd409b8442f753' AND file:hashes.SHA1 = 'a59d5a1e78b2db7405cd2182aca80d4d932bc792' AND file:hashes.SHA256 = '41978d7c5a1bb909f1f0f4db0c927f98fb67b3dcf61907f0404418510e1eabff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-06T12:10:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--be23a287-3e5a-4a11-9869-f4b80896c730",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-06T12:10:05.000Z",
"modified": "2019-06-06T12:10:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-05T18:36:14",
"category": "Other",
"comment": "9D01CA.txt",
"uuid": "77ec3ffb-528d-44ad-a9d8-f2168c9fd9c6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/41978d7c5a1bb909f1f0f4db0c927f98fb67b3dcf61907f0404418510e1eabff/analysis/1559759774/",
"category": "Payload delivery",
"comment": "9D01CA.txt",
"uuid": "c57d774a-98bc-4946-86ed-67b2a1b85334"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "19/57",
"category": "Payload delivery",
"comment": "9D01CA.txt",
"uuid": "d244f0ab-f2f0-4b6b-88fe-35a4c8dd7b80"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--70a619eb-1cfc-4c4e-bc2f-0cbdf8cb4656",
"created": "2019-06-06T12:10:05.000Z",
"modified": "2019-06-06T12:10:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ea848d2e-65da-4deb-af74-a9d0e3a0ebea",
"target_ref": "x-misp-object--de47fb74-8512-47da-86f7-e8d0cc93cdc7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c05c42d1-7366-441b-bf85-faf65589a8fb",
"created": "2019-06-06T12:10:05.000Z",
"modified": "2019-06-06T12:10:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--57e3c16f-67f4-468d-9d9e-b2ee77fce921",
"target_ref": "x-misp-object--3a75d429-6e69-4e61-a8f9-cb53975d839f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c23af317-69ec-4c10-a9e5-39fa69224a77",
"created": "2019-06-06T12:10:05.000Z",
"modified": "2019-06-06T12:10:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2f8c8c8a-924b-4a0e-a78c-eae52f1ba8a7",
"target_ref": "x-misp-object--a575205e-629c-4238-ae69-d22e6a64b163"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ad3f1a2a-f9f3-4494-ae62-6e58f0ede830",
"created": "2019-06-06T12:10:05.000Z",
"modified": "2019-06-06T12:10:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--33492163-b362-476c-9869-f601ff4b0211",
"target_ref": "x-misp-object--cd0334f3-67d3-4324-9b30-28951aabe6c6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2275db3d-9ec4-4403-a59a-27b25dd18d65",
"created": "2019-06-06T12:10:06.000Z",
"modified": "2019-06-06T12:10:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--11184fc9-fcec-4ee2-8097-94d0024f38fc",
"target_ref": "x-misp-object--7ae2d99e-26b2-4879-a4e2-caec2c6ac680"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aad47034-d072-496b-8204-a688c691bc9c",
"created": "2019-06-06T12:10:06.000Z",
"modified": "2019-06-06T12:10:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b62a4ac4-4b20-4eb5-81d5-f9a3fee32519",
"target_ref": "x-misp-object--20f86c50-ab0b-42c5-a22a-4a0b861dd753"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--97ade690-ba77-4430-bffb-c1a8822173f9",
"created": "2019-06-06T12:10:06.000Z",
"modified": "2019-06-06T12:10:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8c139391-532c-41a3-a222-634a8c601a87",
"target_ref": "x-misp-object--b6acbebe-39e8-4a6a-8781-7a22d00272b0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--eaacd2b2-cf9a-411b-a883-a5658eb79570",
"created": "2019-06-06T12:10:06.000Z",
"modified": "2019-06-06T12:10:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c7d41beb-3fba-4a5c-8f1b-1776eac57521",
"target_ref": "x-misp-object--76cd75eb-9363-4a7a-8a23-568bb8cf2bb7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--46ffeab6-9747-4ec3-8810-fd2f00dd63c1",
"created": "2019-06-06T12:10:06.000Z",
"modified": "2019-06-06T12:10:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2635adb7-eec5-421d-8084-7b415519ee42",
"target_ref": "x-misp-object--d317b55c-3b25-4466-8fac-5ab9a70a2ef2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1db97bef-aa98-461f-824a-5b6f5989e6e9",
"created": "2019-06-06T12:10:06.000Z",
"modified": "2019-06-06T12:10:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c730930e-72e0-45e5-a3cb-e040521971a3",
"target_ref": "x-misp-object--7bc4f11b-34a5-4929-9f93-75081f6a60b4"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3888bf66-e82f-4ffb-990e-00533f2df6cf",
"created": "2019-06-06T12:10:06.000Z",
"modified": "2019-06-06T12:10:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--654cf3c0-e403-415e-8dde-d210c2a32c68",
"target_ref": "x-misp-object--80f85328-d4bb-4113-a164-a4e080ef8d80"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--80d9f096-2abc-44cb-8421-690357ec4a70",
"created": "2019-06-06T12:10:06.000Z",
"modified": "2019-06-06T12:10:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--978cc9ef-f291-4f48-b98d-7d6ac96c6e00",
"target_ref": "x-misp-object--1e23c045-091f-4acd-a090-9b8d21b602ec"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cf146ef6-8a95-4bb4-a8a5-6a95dc788fb2",
"created": "2019-06-06T12:10:06.000Z",
"modified": "2019-06-06T12:10:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8b5a1799-619f-4570-9aa6-ac54205c81f4",
"target_ref": "x-misp-object--dce4a646-5ab4-4c54-88ea-a2c5a6683155"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--43fc53c3-198b-49ce-b5fc-78b183a29e71",
"created": "2019-06-06T12:10:06.000Z",
"modified": "2019-06-06T12:10:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d92702b0-6916-4c5b-a9d7-e035ed8a604a",
"target_ref": "x-misp-object--9660acc8-ba12-424d-8085-21d4eb1aae63"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3ab89874-f0c8-4197-ae09-2f62dbdd9ce7",
"created": "2019-06-06T12:10:07.000Z",
"modified": "2019-06-06T12:10:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a0bddce4-2ca6-457b-bce3-61b9599ce66c",
"target_ref": "x-misp-object--76b07ec6-98ae-4501-a62f-d2e22a7d9152"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--78b41e95-42d9-441e-99cf-442328780a0e",
"created": "2019-06-06T12:10:07.000Z",
"modified": "2019-06-06T12:10:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4954412e-840b-4d4f-8489-6cb21726714b",
"target_ref": "x-misp-object--161cae50-743b-45ad-a792-d2570dc1e75f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--32b02edf-36d1-4cf9-8900-bea5dfe35d31",
"created": "2019-06-06T12:10:07.000Z",
"modified": "2019-06-06T12:10:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7e91b7fe-21de-467e-8896-aec026eb81b6",
"target_ref": "x-misp-object--4fe9f431-3164-4395-9430-6836d9203a7a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1b04c456-459e-4250-8fa6-a28157f43f72",
"created": "2019-06-06T12:10:07.000Z",
"modified": "2019-06-06T12:10:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--401965ce-213d-4b3c-8adc-827b3b088b7d",
"target_ref": "x-misp-object--5a645eb9-b060-42a4-9edc-f0dcc184e949"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dda1e969-451a-4472-8b5b-bbd606e35bf4",
"created": "2019-06-06T12:10:07.000Z",
"modified": "2019-06-06T12:10:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--06a3f94e-a2d3-4af6-8942-eec7ad961249",
"target_ref": "x-misp-object--be23a287-3e5a-4a11-9869-f4b80896c730"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink