674 lines
No EOL
29 KiB
JSON
674 lines
No EOL
29 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5ccaeddb-dc84-4cc2-9f73-4a70950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:21:30.000Z",
|
|
"modified": "2019-05-02T13:21:30.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5ccaeddb-dc84-4cc2-9f73-4a70950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:21:30.000Z",
|
|
"modified": "2019-05-02T13:21:30.000Z",
|
|
"name": "OSINT - Goblin Panda continues to target Vietnam",
|
|
"published": "2019-05-02T13:25:38Z",
|
|
"object_refs": [
|
|
"observed-data--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f",
|
|
"url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f",
|
|
"x-misp-attribute--5ccaee07-32d8-4255-9cb5-4686950d210f",
|
|
"indicator--5ccaee32-bb50-4bc4-bdb8-4817950d210f",
|
|
"indicator--5ccaee32-5ce8-48fd-8fb0-4ff8950d210f",
|
|
"indicator--5ccaee32-b744-4e07-bd11-4f6d950d210f",
|
|
"indicator--5ccaee32-4a50-4c78-8d6f-4a8c950d210f",
|
|
"indicator--5ccaee32-db04-4dc2-83d0-47ca950d210f",
|
|
"indicator--5ccaee32-cb00-49b9-b3cc-47bd950d210f",
|
|
"indicator--5ccaee32-0310-4075-8920-4337950d210f",
|
|
"indicator--5ccaee32-1ad0-4b57-98b5-4f6c950d210f",
|
|
"indicator--5ccaee7b-9258-45b6-9420-4bba950d210f",
|
|
"indicator--5ccaee7b-27b0-4803-a8e5-412e950d210f",
|
|
"indicator--5ccaee7b-0eb8-4058-be18-47d6950d210f",
|
|
"vulnerability--5ccaeeca-5668-4e48-9f70-496c950d210f",
|
|
"indicator--6af30035-5440-401a-976b-bc64ed82ad01",
|
|
"x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493",
|
|
"indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f",
|
|
"x-misp-object--61bf2686-6262-435a-9039-372f43219b6e",
|
|
"indicator--f9c0db13-b132-48c2-bf17-631eff339a1f",
|
|
"x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e",
|
|
"indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61",
|
|
"x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723",
|
|
"relationship--2632a054-e12d-4114-b3db-0c9d2a0e7604",
|
|
"relationship--377bba42-b0f6-4cb9-b841-e1434f18c23f",
|
|
"relationship--8ce957b2-28ea-48b7-8d03-e6849f08bb21",
|
|
"relationship--64a2e057-a82a-4464-8037-6f92507426a7"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:threat-actor=\"Hellsing\"",
|
|
"misp-galaxy:malpedia=\"NewCore RAT\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:17:36.000Z",
|
|
"modified": "2019-05-02T13:17:36.000Z",
|
|
"first_observed": "2019-05-02T13:17:36Z",
|
|
"last_observed": "2019-05-02T13:17:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f",
|
|
"value": "https://medium.com/@Sebdraven/goblin-panda-continues-to-target-vietnam-bc2f0f56dcd6"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5ccaee07-32d8-4255-9cb5-4686950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:17:59.000Z",
|
|
"modified": "2019-05-02T13:17:59.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Chinese actors have changed the rtf exploit following my different articles and Anomali article https://www.anomali.com/blog/analyzing-digital-quartermasters-in-asia-do-chinese-and-indian-apts-have-a-shared-supply-chain\r\n\r\nBut In march a researcher of Anomali @aRtAGGI made a link very interesting between Icefog and an article targeting Mongelian speaker https://threatrecon.nshc.net/2019/04/30/sectorb06-using-mongolian-language-in-lure-document/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee32-bb50-4bc4-bdb8-4817950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:18:42.000Z",
|
|
"modified": "2019-05-02T13:18:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:18:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee32-5ce8-48fd-8fb0-4ff8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:18:42.000Z",
|
|
"modified": "2019-05-02T13:18:42.000Z",
|
|
"pattern": "[file:name = 'Shortcuts\\\\QcLite.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:18:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee32-b744-4e07-bd11-4f6d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:18:42.000Z",
|
|
"modified": "2019-05-02T13:18:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:18:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee32-4a50-4c78-8d6f-4a8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:18:42.000Z",
|
|
"modified": "2019-05-02T13:18:42.000Z",
|
|
"pattern": "[file:name = 'Shortcuts\\\\QcConsol.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:18:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee32-db04-4dc2-83d0-47ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:18:42.000Z",
|
|
"modified": "2019-05-02T13:18:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:18:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee32-cb00-49b9-b3cc-47bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:18:42.000Z",
|
|
"modified": "2019-05-02T13:18:42.000Z",
|
|
"pattern": "[domain-name:value = 'web.hcmuafgh.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:18:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee32-0310-4075-8920-4337950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:18:42.000Z",
|
|
"modified": "2019-05-02T13:18:42.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.29.56.62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:18:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee32-1ad0-4b57-98b5-4f6c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:18:42.000Z",
|
|
"modified": "2019-05-02T13:18:42.000Z",
|
|
"pattern": "[url:value = 'http://web.hcmuafgh.com:4357/link?url=maOVmKGmMDU1&enpl=OXcoVQ==&encd=XARIZTE=']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:18:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee7b-9258-45b6-9420-4bba950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:19:55.000Z",
|
|
"modified": "2019-05-02T13:19:55.000Z",
|
|
"description": "The dll is a variant of the newcoreRAT with many similarities with",
|
|
"pattern": "[file:hashes.SHA256 = '05d0ad2bcc1c6e2752a231bc36d07a841f075a0a32a3a62abaafddbdafd72f62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:19:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee7b-27b0-4803-a8e5-412e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:19:55.000Z",
|
|
"modified": "2019-05-02T13:19:55.000Z",
|
|
"description": "The dll is a variant of the newcoreRAT with many similarities with",
|
|
"pattern": "[file:hashes.SHA256 = '5a592b92ffcbea75e458726cecc7f159b8f71c46b80de30bac2a48006ac1e1b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:19:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ccaee7b-0eb8-4058-be18-47d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:19:55.000Z",
|
|
"modified": "2019-05-02T13:19:55.000Z",
|
|
"description": "The dll is a variant of the newcoreRAT with many similarities with",
|
|
"pattern": "[file:hashes.SHA256 = '5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:19:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5ccaeeca-5668-4e48-9f70-496c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:21:14.000Z",
|
|
"modified": "2019-05-02T13:21:14.000Z",
|
|
"name": "CVE-2017\u00e2\u20ac\u201c11882",
|
|
"labels": [
|
|
"misp:type=\"vulnerability\"",
|
|
"misp:category=\"Payload delivery\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2017\u00e2\u20ac\u201c11882"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6af30035-5440-401a-976b-bc64ed82ad01",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:19:21.000Z",
|
|
"modified": "2019-05-02T13:19:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6d2e6a61eede06fa9d633ce151208831' AND file:hashes.SHA1 = 'f764163f3912376ebcabaf1cf3a60b6bc74561be' AND file:hashes.SHA256 = '207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:19:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:19:21.000Z",
|
|
"modified": "2019-05-02T13:19:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-02T11:28:30",
|
|
"category": "Other",
|
|
"uuid": "8a8e9657-f185-4b4a-a864-9dfd038906ce"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3/analysis/1556796510/",
|
|
"category": "Payload delivery",
|
|
"uuid": "a0b8060b-4c47-4415-8ee8-481d250cdbaf"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "15/69",
|
|
"category": "Payload delivery",
|
|
"uuid": "8d0ecb1f-84c3-4e39-85e6-5382f49cc22c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:19:21.000Z",
|
|
"modified": "2019-05-02T13:19:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '109d51899c832287d7ce1f70b5bd885d' AND file:hashes.SHA1 = 'daa69d1b1abc00139b1d73d075921ab93137598d' AND file:hashes.SHA256 = '9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:19:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--61bf2686-6262-435a-9039-372f43219b6e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:19:21.000Z",
|
|
"modified": "2019-05-02T13:19:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-29T23:04:06",
|
|
"category": "Other",
|
|
"uuid": "5e67a2b3-2334-4dd1-b4da-148e54772693"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770/analysis/1556579046/",
|
|
"category": "Payload delivery",
|
|
"uuid": "2861f6a6-f61f-4226-8b1a-5552c3c1fa06"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/70",
|
|
"category": "Payload delivery",
|
|
"uuid": "f186be1f-70d3-4b2d-8f82-32aa84b64c0b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f9c0db13-b132-48c2-bf17-631eff339a1f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:19:21.000Z",
|
|
"modified": "2019-05-02T13:19:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '84fca27bc75f40194c95534b07838d6c' AND file:hashes.SHA1 = '9520a18e9f6d4f6f014aa576b8843cdff176f701' AND file:hashes.SHA256 = '81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:19:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:19:21.000Z",
|
|
"modified": "2019-05-02T13:19:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-01T10:35:55",
|
|
"category": "Other",
|
|
"uuid": "e051a82c-c83e-4283-8de4-161be247465f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6/analysis/1556706955/",
|
|
"category": "Payload delivery",
|
|
"uuid": "8a0a6690-a7e6-449b-9c8d-6afd65d8be44"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/58",
|
|
"category": "Payload delivery",
|
|
"uuid": "bab1b9f2-f67e-493b-912e-525dcaa79d9c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:20:33.000Z",
|
|
"modified": "2019-05-02T13:20:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1b19175c41b9a9881b23b4382cc5935f' AND file:hashes.SHA1 = '3752656c024284ea63421d70235ec48d76a95df3' AND file:hashes.SHA256 = '5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-05-02T13:20:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-05-02T13:20:34.000Z",
|
|
"modified": "2019-05-02T13:20:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-29T23:04:01",
|
|
"category": "Other",
|
|
"comment": "The dll is a variant of the newcoreRAT with many similarities with",
|
|
"uuid": "a6e30d35-1912-4743-86bb-917b906bfc44"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76/analysis/1556579041/",
|
|
"category": "Payload delivery",
|
|
"comment": "The dll is a variant of the newcoreRAT with many similarities with",
|
|
"uuid": "f6aba0fc-493d-46cd-809d-fb34b7ade2cb"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/70",
|
|
"category": "Payload delivery",
|
|
"comment": "The dll is a variant of the newcoreRAT with many similarities with",
|
|
"uuid": "35ac479c-bae6-42e5-a362-b3477657ef04"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2632a054-e12d-4114-b3db-0c9d2a0e7604",
|
|
"created": "2019-05-02T13:19:21.000Z",
|
|
"modified": "2019-05-02T13:19:21.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6af30035-5440-401a-976b-bc64ed82ad01",
|
|
"target_ref": "x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--377bba42-b0f6-4cb9-b841-e1434f18c23f",
|
|
"created": "2019-05-02T13:19:22.000Z",
|
|
"modified": "2019-05-02T13:19:22.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f",
|
|
"target_ref": "x-misp-object--61bf2686-6262-435a-9039-372f43219b6e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8ce957b2-28ea-48b7-8d03-e6849f08bb21",
|
|
"created": "2019-05-02T13:19:22.000Z",
|
|
"modified": "2019-05-02T13:19:22.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f9c0db13-b132-48c2-bf17-631eff339a1f",
|
|
"target_ref": "x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--64a2e057-a82a-4464-8037-6f92507426a7",
|
|
"created": "2019-05-02T13:20:34.000Z",
|
|
"modified": "2019-05-02T13:20:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61",
|
|
"target_ref": "x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |