misp-circl-feed/feeds/circl/stix-2.1/5dfce305-c520-4a71-9094-47c702de0b81.json

1197 lines
No EOL
51 KiB
JSON

{
"type": "bundle",
"id": "bundle--5dfce305-c520-4a71-9094-47c702de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:26:15.000Z",
"modified": "2019-12-20T15:26:15.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5dfce305-c520-4a71-9094-47c702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:26:15.000Z",
"modified": "2019-12-20T15:26:15.000Z",
"name": "OSINT - TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking",
"published": "2019-12-20T15:26:26Z",
"object_refs": [
"observed-data--5dfce31d-72a0-4da4-9eb9-9a0402de0b81",
"url--5dfce31d-72a0-4da4-9eb9-9a0402de0b81",
"indicator--5dfce36c-7cbc-46d0-896f-8bb502de0b81",
"indicator--5dfce36c-ba98-465b-84b9-8bb502de0b81",
"indicator--5dfce36c-478c-4cd0-8a28-8bb502de0b81",
"indicator--5dfce36c-2118-4510-90a4-8bb502de0b81",
"indicator--5dfce36c-6728-4ac9-aa75-8bb502de0b81",
"indicator--5dfce36c-80f0-4c21-99d5-8bb502de0b81",
"indicator--5dfce36c-d5f4-42b3-be96-8bb502de0b81",
"indicator--5dfce36c-01b4-46b5-ad90-8bb502de0b81",
"indicator--5dfce36d-f82c-4402-91d8-8bb502de0b81",
"indicator--5dfce36d-a700-44a4-a66e-8bb502de0b81",
"indicator--5dfce5c9-85d4-411c-9374-8ba102de0b81",
"indicator--5dfce5c9-38f8-47e2-a063-8ba102de0b81",
"indicator--5dfce5c9-3ce4-4157-8ab1-8ba102de0b81",
"indicator--5dfce5c9-da10-4a2b-b7f2-8ba102de0b81",
"indicator--5dfce5c9-b084-4b29-8b05-8ba102de0b81",
"indicator--5dfce5c9-9d58-4ccf-90fd-8ba102de0b81",
"indicator--5dfce5c9-6d9c-472f-a1cf-8ba102de0b81",
"indicator--5dfce5c9-e0b4-451b-bb30-8ba102de0b81",
"indicator--5dfce5c9-ce2c-4e36-a19e-8ba102de0b81",
"indicator--7c234dae-875e-49ec-adb2-43a8033db0e0",
"x-misp-object--0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34",
"indicator--69638f44-509c-45ab-80fc-97514283b206",
"x-misp-object--9f3593c3-2cb3-4192-a97e-5722f1e1ae4d",
"indicator--bf7c8c32-31da-4197-998f-95a2eda8b415",
"x-misp-object--c4a78b93-68c9-4dfc-940d-72bcb366da12",
"indicator--94aaa7da-30e3-49e8-93a2-379fea74854b",
"x-misp-object--92edb5af-e2af-4ff2-866d-9a9c87a75b8f",
"indicator--71982da2-49c2-49f4-95eb-e45f05d9f424",
"x-misp-object--b5df2442-478c-4296-b836-bab32bb0fc67",
"indicator--3b6714ab-d534-449f-8eae-856904fe477b",
"x-misp-object--22c0164b-71a4-4a76-b04e-ed9894751cae",
"indicator--09a93a47-f8a4-4c0f-b36b-1f176b4434a8",
"x-misp-object--c9c85791-3555-477e-9b9f-4ac28c080f8b",
"indicator--ea68f105-92dd-4589-ac6b-19c493f351cc",
"x-misp-object--66903195-a97f-4dcd-9282-66d1a8c48d53",
"indicator--f0b007bd-4038-4c0f-bb89-03e6f0e131f7",
"x-misp-object--2ac81cf5-9a0c-4527-955d-02e0bd5eadd1",
"relationship--623289e0-e41f-443b-aa29-3c171ed5c6b0",
"relationship--f7259847-c673-408d-a0ba-d72c310d0403",
"relationship--086ac7c3-8abc-4d5b-881b-949be93a5569",
"relationship--1b8cbb8e-ec1f-438b-a20b-11f33cc6ac70",
"relationship--43573723-0b00-4dc3-bad9-5b9dcc1e30aa",
"relationship--7d321b36-1079-498c-ae37-6c21fd8f8950",
"relationship--41799b08-4471-476a-91db-35d5f2b7c4ce",
"relationship--349242a2-b9fc-4dd7-8f08-e9e1e37cff13",
"relationship--e0ea44a9-bd0f-497e-bbea-6775810e5e59"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"TA505\"",
"type:OSINT",
"osint:lifetime=\"perpetual\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5dfce31d-72a0-4da4-9eb9-9a0402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:05:01.000Z",
"modified": "2019-12-20T15:05:01.000Z",
"first_observed": "2019-12-20T15:05:01Z",
"last_observed": "2019-12-20T15:05:01Z",
"number_observed": 1,
"object_refs": [
"url--5dfce31d-72a0-4da4-9eb9-9a0402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5dfce31d-72a0-4da4-9eb9-9a0402de0b81",
"value": "https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce36c-7cbc-46d0-896f-8bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:06:20.000Z",
"modified": "2019-12-20T15:06:20.000Z",
"description": "WinDef Download URL",
"pattern": "[url:value = 'http://96.9.211.157/sdf4r3r3/WinDef.msi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:06:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce36c-ba98-465b-84b9-8bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:06:20.000Z",
"modified": "2019-12-20T15:06:20.000Z",
"description": "Predator C2",
"pattern": "[url:value = 'https://soul-fly.xyz/api/gate.get']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:06:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce36c-478c-4cd0-8a28-8bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:06:20.000Z",
"modified": "2019-12-20T15:06:20.000Z",
"description": "LDR_5622 URL1",
"pattern": "[url:value = 'https://artrolife.club/fhj37f34fdd/file1.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:06:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce36c-2118-4510-90a4-8bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:06:20.000Z",
"modified": "2019-12-20T15:06:20.000Z",
"description": "LDR_5622 URL2",
"pattern": "[url:value = 'http://supremeconnect.xyz/fdfg83574gd/file2.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:06:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce36c-6728-4ac9-aa75-8bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:06:20.000Z",
"modified": "2019-12-20T15:06:20.000Z",
"description": "Team Viewer Panel",
"pattern": "[url:value = 'http://0926tv.xyz/mystt34834ujf37data/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:06:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce36c-80f0-4c21-99d5-8bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:06:20.000Z",
"modified": "2019-12-20T15:06:20.000Z",
"description": "ServHelper NetSupport",
"pattern": "[url:value = 'http://gabardine.xyz/log.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:06:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce36c-d5f4-42b3-be96-8bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:06:20.000Z",
"modified": "2019-12-20T15:06:20.000Z",
"description": "ServHelper NetSupport",
"pattern": "[url:value = 'http://kuarela.xyz/1.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:06:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce36c-01b4-46b5-ad90-8bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:06:20.000Z",
"modified": "2019-12-20T15:06:20.000Z",
"description": "ServHelper NetSupport",
"pattern": "[url:value = 'http://foxlnklnk.xyz/pf1.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:06:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce36d-f82c-4402-91d8-8bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:06:21.000Z",
"modified": "2019-12-20T15:06:21.000Z",
"description": "ServHelper NetSupport",
"pattern": "[url:value = 'http://cafafafa.xyz/pf1.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:06:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce36d-a700-44a4-a66e-8bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:06:21.000Z",
"modified": "2019-12-20T15:06:21.000Z",
"description": "ServHelper NetSupport",
"pattern": "[url:value = 'http://letitbe.icu/2.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:06:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce5c9-85d4-411c-9374-8ba102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:25.000Z",
"modified": "2019-12-20T15:16:25.000Z",
"pattern": "[file:hashes.MD5 = '9aa1b6bb7d53b008b6529b4a2f6bfada']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce5c9-38f8-47e2-a063-8ba102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:25.000Z",
"modified": "2019-12-20T15:16:25.000Z",
"pattern": "[file:hashes.MD5 = 'a2e77ee41f4d4d3e8814d07d26ec5be3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce5c9-3ce4-4157-8ab1-8ba102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:25.000Z",
"modified": "2019-12-20T15:16:25.000Z",
"pattern": "[file:hashes.MD5 = '77f46b13d858f83c3ce5bdc6ffbc8a95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce5c9-da10-4a2b-b7f2-8ba102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:25.000Z",
"modified": "2019-12-20T15:16:25.000Z",
"pattern": "[file:hashes.MD5 = 'de70f256b9fd194f6844d7aa81b17b4e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce5c9-b084-4b29-8b05-8ba102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:25.000Z",
"modified": "2019-12-20T15:16:25.000Z",
"pattern": "[file:hashes.MD5 = '6954cee9db2533337e4425aceacc547b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce5c9-9d58-4ccf-90fd-8ba102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:25.000Z",
"modified": "2019-12-20T15:16:25.000Z",
"pattern": "[file:hashes.MD5 = 'a606d454b408b99aa9fc7ad774951621']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce5c9-6d9c-472f-a1cf-8ba102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:25.000Z",
"modified": "2019-12-20T15:16:25.000Z",
"pattern": "[file:hashes.MD5 = '92cc85c53e169b330fd8686d35259261']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce5c9-e0b4-451b-bb30-8ba102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:25.000Z",
"modified": "2019-12-20T15:16:25.000Z",
"pattern": "[file:hashes.MD5 = 'a511410d5889fca07a0dd0a8c84d6c8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dfce5c9-ce2c-4e36-a19e-8ba102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:25.000Z",
"modified": "2019-12-20T15:16:25.000Z",
"pattern": "[file:hashes.MD5 = 'c3c226ec03f393103b9df764df50f0bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7c234dae-875e-49ec-adb2-43a8033db0e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:42.000Z",
"modified": "2019-12-20T15:16:42.000Z",
"pattern": "[file:hashes.MD5 = 'de70f256b9fd194f6844d7aa81b17b4e' AND file:hashes.SHA1 = '8c14b7bc7d0f132b4a00062ebc84eca98074eb06' AND file:hashes.SHA256 = 'ea42d2ae3f97bfd117f4d4f268ddcae4b1361becf1463d9003d6d2ad8e67d1a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:42.000Z",
"modified": "2019-12-20T15:16:42.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-10-01T14:13:53",
"category": "Other",
"uuid": "a5271e19-09e7-404f-9171-76cd45767dfc"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ea42d2ae3f97bfd117f4d4f268ddcae4b1361becf1463d9003d6d2ad8e67d1a2/analysis/1569939233/",
"category": "Payload delivery",
"uuid": "61098a77-079f-4c1c-8c07-2e426ff525e8"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/71",
"category": "Payload delivery",
"uuid": "5d708598-582e-4e90-b781-495f5bef2a27"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--69638f44-509c-45ab-80fc-97514283b206",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:42.000Z",
"modified": "2019-12-20T15:16:42.000Z",
"pattern": "[file:hashes.MD5 = 'a511410d5889fca07a0dd0a8c84d6c8a' AND file:hashes.SHA1 = 'c470685e7f2b4c1c1ff5a544824becef1f81c0de' AND file:hashes.SHA256 = '1d0310aa5acb6974afe3c0c4be806500276f86ea0717f2c449ca59eb2756aa5a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9f3593c3-2cb3-4192-a97e-5722f1e1ae4d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:43.000Z",
"modified": "2019-12-20T15:16:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-03T04:36:27",
"category": "Other",
"uuid": "948e4fae-219b-42ce-8ba9-44a92f8a3ae7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1d0310aa5acb6974afe3c0c4be806500276f86ea0717f2c449ca59eb2756aa5a/analysis/1575347787/",
"category": "Payload delivery",
"uuid": "ac8f3242-6e1d-468d-8fc0-a841bdcec64d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/68",
"category": "Payload delivery",
"uuid": "1b012b4e-a10b-4681-9094-735f8272c584"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bf7c8c32-31da-4197-998f-95a2eda8b415",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:43.000Z",
"modified": "2019-12-20T15:16:43.000Z",
"pattern": "[file:hashes.MD5 = '9aa1b6bb7d53b008b6529b4a2f6bfada' AND file:hashes.SHA1 = 'e764a66692df3ecbfae0660a1d1e567be20e034d' AND file:hashes.SHA256 = 'd83063586bbdd28a3936fc508e69c0d880673fb985429ede6d0369c91250cbc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c4a78b93-68c9-4dfc-940d-72bcb366da12",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:43.000Z",
"modified": "2019-12-20T15:16:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-15T10:55:08",
"category": "Other",
"uuid": "dfe11c11-1352-4103-89f1-ecac42bf7a8b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d83063586bbdd28a3936fc508e69c0d880673fb985429ede6d0369c91250cbc2/analysis/1573815308/",
"category": "Payload delivery",
"uuid": "536eee81-3ea3-4fb6-a0db-389783a109f2"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/71",
"category": "Payload delivery",
"uuid": "c3ef49b9-4ed9-43b6-a1cd-cc2163ffd434"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94aaa7da-30e3-49e8-93a2-379fea74854b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:43.000Z",
"modified": "2019-12-20T15:16:43.000Z",
"pattern": "[file:hashes.MD5 = 'c3c226ec03f393103b9df764df50f0bc' AND file:hashes.SHA1 = '177f891063569d82f85fc931a5254f0c5acbee9f' AND file:hashes.SHA256 = 'c6830cfbfc47d8623d4c8ba7121527a0104226037e1acd6d8a4f80e7da9ad2e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--92edb5af-e2af-4ff2-866d-9a9c87a75b8f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:43.000Z",
"modified": "2019-12-20T15:16:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-09-26T19:39:42",
"category": "Other",
"uuid": "e6c3486c-c499-4a99-b7b7-b2f48f92ee34"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c6830cfbfc47d8623d4c8ba7121527a0104226037e1acd6d8a4f80e7da9ad2e0/analysis/1569526782/",
"category": "Payload delivery",
"uuid": "461ef55a-d9a5-4fb0-8e0b-1a04e2903a0f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/70",
"category": "Payload delivery",
"uuid": "671ac72d-aad7-426c-aa5d-0dabfe885696"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--71982da2-49c2-49f4-95eb-e45f05d9f424",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:44.000Z",
"modified": "2019-12-20T15:16:44.000Z",
"pattern": "[file:hashes.MD5 = '6954cee9db2533337e4425aceacc547b' AND file:hashes.SHA1 = 'da3973333643735f740f832ebb914faedc3385fa' AND file:hashes.SHA256 = '70fdeda60efc1265d71ecb6893760aea7404096a1b2c3daf9760c544d9dd8a72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b5df2442-478c-4296-b836-bab32bb0fc67",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:44.000Z",
"modified": "2019-12-20T15:16:44.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-10-03T06:11:45",
"category": "Other",
"uuid": "7d9d833a-6c37-41f1-9a3b-687e60b43784"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/70fdeda60efc1265d71ecb6893760aea7404096a1b2c3daf9760c544d9dd8a72/analysis/1570083105/",
"category": "Payload delivery",
"uuid": "b13d1871-894a-46c6-a401-61de32ac5d85"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/70",
"category": "Payload delivery",
"uuid": "da84ee46-40da-4f54-8200-940c0eb3cde2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3b6714ab-d534-449f-8eae-856904fe477b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:44.000Z",
"modified": "2019-12-20T15:16:44.000Z",
"pattern": "[file:hashes.MD5 = 'a2e77ee41f4d4d3e8814d07d26ec5be3' AND file:hashes.SHA1 = 'e07292223d53785c61e4d4e33126e71d69527cbd' AND file:hashes.SHA256 = '1b94a8fa7d412d6722931d55792b38fc5f4edae99b3e7be98c260ae603f6e6eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--22c0164b-71a4-4a76-b04e-ed9894751cae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:44.000Z",
"modified": "2019-12-20T15:16:44.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-03T04:36:19",
"category": "Other",
"uuid": "2dccaf5f-a350-4c18-94b1-aaf6f4bd97ff"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1b94a8fa7d412d6722931d55792b38fc5f4edae99b3e7be98c260ae603f6e6eb/analysis/1575347779/",
"category": "Payload delivery",
"uuid": "22ba39fc-e09e-4737-9e98-a71026bbbc33"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/63",
"category": "Payload delivery",
"uuid": "7cd33bde-eca9-40b1-a030-151bf7acbab8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--09a93a47-f8a4-4c0f-b36b-1f176b4434a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:44.000Z",
"modified": "2019-12-20T15:16:44.000Z",
"pattern": "[file:hashes.MD5 = '77f46b13d858f83c3ce5bdc6ffbc8a95' AND file:hashes.SHA1 = 'd08b44e8aed3aa013827d5aeef901fed360c57fb' AND file:hashes.SHA256 = '97d68390ccece4c1834e5917ea8f5e50f16ae8166fc29f7ddb8056e48a878fbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c9c85791-3555-477e-9b9f-4ac28c080f8b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:44.000Z",
"modified": "2019-12-20T15:16:44.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-09-27T17:09:02",
"category": "Other",
"uuid": "998f01f8-1c0f-4c68-9923-148dd4525864"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/97d68390ccece4c1834e5917ea8f5e50f16ae8166fc29f7ddb8056e48a878fbf/analysis/1569604142/",
"category": "Payload delivery",
"uuid": "537c2145-8681-4e28-8c31-9ba67d642300"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/59",
"category": "Payload delivery",
"uuid": "e8cb3e8f-e0c7-473f-a527-6e3e712a9a67"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ea68f105-92dd-4589-ac6b-19c493f351cc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:45.000Z",
"modified": "2019-12-20T15:16:45.000Z",
"pattern": "[file:hashes.MD5 = '92cc85c53e169b330fd8686d35259261' AND file:hashes.SHA1 = '4d30c482886f3369731914f6db4100e84fa8cf27' AND file:hashes.SHA256 = 'ec03d56bc3064f38cde8866d08f52aa70b7cd12d8e61c36c0576c45964bef248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--66903195-a97f-4dcd-9282-66d1a8c48d53",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:45.000Z",
"modified": "2019-12-20T15:16:45.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-14T05:52:55",
"category": "Other",
"uuid": "d5d1c38a-ccc9-491d-812e-a5b0f06223ee"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ec03d56bc3064f38cde8866d08f52aa70b7cd12d8e61c36c0576c45964bef248/analysis/1576302775/",
"category": "Payload delivery",
"uuid": "e3f4fa91-809b-4420-8245-bf5f47417265"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/71",
"category": "Payload delivery",
"uuid": "4a882389-39f1-47d2-b8fe-01c261f76fbf"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f0b007bd-4038-4c0f-bb89-03e6f0e131f7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:45.000Z",
"modified": "2019-12-20T15:16:45.000Z",
"pattern": "[file:hashes.MD5 = 'a606d454b408b99aa9fc7ad774951621' AND file:hashes.SHA1 = '5963233ae8e9382178169a2efe236598dfc7466c' AND file:hashes.SHA256 = 'c45a4fea0271bfe8d86468e549bee28575f9d5446d49d4e022e7678aedb72715']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-20T15:16:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2ac81cf5-9a0c-4527-955d-02e0bd5eadd1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-20T15:16:45.000Z",
"modified": "2019-12-20T15:16:45.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-10-07T10:31:06",
"category": "Other",
"uuid": "9d29948f-941b-4229-8319-2e1d7912082f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c45a4fea0271bfe8d86468e549bee28575f9d5446d49d4e022e7678aedb72715/analysis/1570444266/",
"category": "Payload delivery",
"uuid": "57bade74-adee-47a2-acb1-283f69e39be2"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "4/56",
"category": "Payload delivery",
"uuid": "1cfe29e5-5c2b-48e3-b459-750ed560cd08"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--623289e0-e41f-443b-aa29-3c171ed5c6b0",
"created": "2019-12-20T15:16:47.000Z",
"modified": "2019-12-20T15:16:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7c234dae-875e-49ec-adb2-43a8033db0e0",
"target_ref": "x-misp-object--0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f7259847-c673-408d-a0ba-d72c310d0403",
"created": "2019-12-20T15:16:47.000Z",
"modified": "2019-12-20T15:16:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--69638f44-509c-45ab-80fc-97514283b206",
"target_ref": "x-misp-object--9f3593c3-2cb3-4192-a97e-5722f1e1ae4d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--086ac7c3-8abc-4d5b-881b-949be93a5569",
"created": "2019-12-20T15:16:47.000Z",
"modified": "2019-12-20T15:16:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bf7c8c32-31da-4197-998f-95a2eda8b415",
"target_ref": "x-misp-object--c4a78b93-68c9-4dfc-940d-72bcb366da12"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1b8cbb8e-ec1f-438b-a20b-11f33cc6ac70",
"created": "2019-12-20T15:16:47.000Z",
"modified": "2019-12-20T15:16:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--94aaa7da-30e3-49e8-93a2-379fea74854b",
"target_ref": "x-misp-object--92edb5af-e2af-4ff2-866d-9a9c87a75b8f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--43573723-0b00-4dc3-bad9-5b9dcc1e30aa",
"created": "2019-12-20T15:16:47.000Z",
"modified": "2019-12-20T15:16:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--71982da2-49c2-49f4-95eb-e45f05d9f424",
"target_ref": "x-misp-object--b5df2442-478c-4296-b836-bab32bb0fc67"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7d321b36-1079-498c-ae37-6c21fd8f8950",
"created": "2019-12-20T15:16:47.000Z",
"modified": "2019-12-20T15:16:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3b6714ab-d534-449f-8eae-856904fe477b",
"target_ref": "x-misp-object--22c0164b-71a4-4a76-b04e-ed9894751cae"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--41799b08-4471-476a-91db-35d5f2b7c4ce",
"created": "2019-12-20T15:16:47.000Z",
"modified": "2019-12-20T15:16:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--09a93a47-f8a4-4c0f-b36b-1f176b4434a8",
"target_ref": "x-misp-object--c9c85791-3555-477e-9b9f-4ac28c080f8b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--349242a2-b9fc-4dd7-8f08-e9e1e37cff13",
"created": "2019-12-20T15:16:47.000Z",
"modified": "2019-12-20T15:16:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ea68f105-92dd-4589-ac6b-19c493f351cc",
"target_ref": "x-misp-object--66903195-a97f-4dcd-9282-66d1a8c48d53"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e0ea44a9-bd0f-497e-bbea-6775810e5e59",
"created": "2019-12-20T15:16:47.000Z",
"modified": "2019-12-20T15:16:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f0b007bd-4038-4c0f-bb89-03e6f0e131f7",
"target_ref": "x-misp-object--2ac81cf5-9a0c-4527-955d-02e0bd5eadd1"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}