misp-circl-feed/feeds/circl/misp/5c463bd0-63bc-41f1-91dc-622168f8e8cf.json

991 lines
No EOL
42 KiB
JSON

{
"type": "bundle",
"id": "bundle--5c463bd0-63bc-41f1-91dc-622168f8e8cf",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2021-05-24T09:53:13.000Z",
"modified": "2021-05-24T09:53:13.000Z",
"name": "VK-Intel",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c463bd0-63bc-41f1-91dc-622168f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2021-05-24T09:53:13.000Z",
"modified": "2021-05-24T09:53:13.000Z",
"name": "2019-01-21: APT28 Autoit Zebrocy Progression",
"published": "2021-05-26T09:07:29Z",
"object_refs": [
"indicator--5c463bd0-a7c8-4670-8a27-622168f8e8cf",
"indicator--5c463bd0-2174-48b9-bfe3-622168f8e8cf",
"indicator--5c463c0a-0f30-4502-9cf3-79aa68f8e8cf",
"indicator--5c463c0a-de14-441b-8ec9-79aa68f8e8cf",
"indicator--5c463c0a-eb38-4d29-9bf5-79aa68f8e8cf",
"indicator--5c463c55-d144-426e-a69c-622168f8e8cf",
"indicator--5c463c55-ee08-441f-bd1a-622168f8e8cf",
"indicator--5c463c55-d868-4e4b-9235-622168f8e8cf",
"x-misp-attribute--5c47f9d7-5f30-4893-a12d-1cfe68f8e8cf",
"indicator--5c49639e-7110-4d64-8050-631968f8e8cf",
"indicator--5c4963d0-3650-436c-b82e-631868f8e8cf",
"x-misp-attribute--5c5c8b3e-49cc-4e88-9a48-0ff9354b4518",
"x-misp-attribute--5c5c8b3e-fcc8-4845-8bcd-0ff9354b4518",
"x-misp-attribute--5c5c8b3e-b370-4841-863a-0ff9354b4518",
"x-misp-attribute--5c5c8b3e-807c-4433-93b2-0ff9354b4518",
"x-misp-attribute--5c5c8b3f-6948-461b-bd88-0ff9354b4518",
"x-misp-attribute--5c5c8b3f-f40c-409c-bb03-0ff9354b4518",
"x-misp-attribute--5c5c8b3f-3110-4eed-af28-0ff9354b4518",
"observed-data--5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518",
"file--5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518",
"x-misp-attribute--5c5c8b40-e5a0-453c-80a6-0ff9354b4518",
"observed-data--5c5c8b40-94cc-4c28-ad64-0ff9354b4518",
"file--5c5c8b40-94cc-4c28-ad64-0ff9354b4518",
"x-misp-attribute--5c5c8b40-4604-4e08-a5b0-0ff9354b4518",
"observed-data--5c5c8b40-0508-4724-9882-0ff9354b4518",
"file--5c5c8b40-0508-4724-9882-0ff9354b4518",
"x-misp-attribute--5c5c8b40-d5bc-4e51-8a0f-0ff9354b4518",
"x-misp-attribute--5c5c8b41-8ee0-4dd4-af84-0ff9354b4518",
"observed-data--5c5c8b41-ff7c-4eef-82f2-0ff9354b4518",
"file--5c5c8b41-ff7c-4eef-82f2-0ff9354b4518",
"indicator--b800728f-5a34-4730-a91b-f138e14c98c7",
"x-misp-object--99c1af3e-6e2a-4e7e-ae0d-785719b629de",
"indicator--d89b9e2c-fbdb-4504-858e-2cac4f989268",
"x-misp-object--4b15b1fa-1951-422f-8212-1f96c5f99af3",
"indicator--14b16764-ddf9-4007-b47e-3aef5cc6f36a",
"x-misp-object--587de82f-4aae-4200-b88f-a8d0fcfc24ed",
"indicator--63b96bc9-33bc-4ac2-b26b-077bf4180ab3",
"x-misp-object--80a7973b-8573-413c-a2be-73b4062f2654",
"indicator--18ba115d-3fa8-4ea6-b0aa-b84d71f314c5",
"x-misp-object--ad488ad1-01c8-4a0e-80ee-a7f7257b1f13",
"relationship--227db519-c983-46a5-b812-f02869339c03",
"relationship--742beecd-6436-45b0-b12b-25de18079c2a",
"relationship--41bda8ab-8cc7-4ca7-a0d0-98c956c73750",
"relationship--7a0caef8-7d8e-46ad-af75-1201343ab912",
"relationship--2666b8c9-201e-451e-8bf8-30c584ea5045"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"Actor: APT28",
"Autoit",
"Actor: Sofacy",
"Downloader",
"Malware: Zebrocy",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Command-Line Interface - T1059\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Registry Run Keys / Start Folder - T1060\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Management Instrumentation - T1047\"",
"misp-galaxy:threat-actor=\"Sofacy\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c463bd0-a7c8-4670-8a27-622168f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-21T21:39:41.000Z",
"modified": "2019-01-21T21:39:41.000Z",
"description": "APT28 Zebrocy Autoit Samples",
"pattern": "[file:hashes.MD5 = 'd6751b148461e0f863548be84020b879']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-21T21:39:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c463bd0-2174-48b9-bfe3-622168f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-22T04:49:50.000Z",
"modified": "2019-01-22T04:49:50.000Z",
"description": "APT28 Zebrocy Autoit C2 AS9009 M247, GB @m247.com",
"pattern": "[url:value = 'http://194.187.249.126']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-22T04:49:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c463c0a-0f30-4502-9cf3-79aa68f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-21T21:39:22.000Z",
"modified": "2019-01-21T21:39:22.000Z",
"description": "APT28 Zebrocy Autoit Samples",
"pattern": "[file:hashes.MD5 = '311f24eb2dda26c26f572c727a25503b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-21T21:39:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c463c0a-de14-441b-8ec9-79aa68f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-21T21:39:22.000Z",
"modified": "2019-01-21T21:39:22.000Z",
"description": "APT28 Zebrocy Autoit Samples",
"pattern": "[file:hashes.MD5 = '7b1974e61795e84b6aacf33571320c2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-21T21:39:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c463c0a-eb38-4d29-9bf5-79aa68f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-21T21:39:22.000Z",
"modified": "2019-01-21T21:39:22.000Z",
"description": "APT28 Zebrocy Autoit Samples",
"pattern": "[file:hashes.MD5 = 'c2e1f2cf18ca987ebb3e8f4c09a4ef7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-21T21:39:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c463c55-d144-426e-a69c-622168f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-22T04:47:32.000Z",
"modified": "2019-01-22T04:47:32.000Z",
"description": "APT28 Zebrocy C2 AS201011 NETZBETRIEB-GMBH, DE @core-backbone.com",
"pattern": "[url:value = 'http://80.255.6.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-22T04:47:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c463c55-ee08-441f-bd1a-622168f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-22T04:47:55.000Z",
"modified": "2019-01-22T04:47:55.000Z",
"description": "APT28 Zebrocy C2 AS49544 I3DNET, NL Qhoster",
"pattern": "[url:value = 'http://220.158.216.127']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-22T04:47:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c463c55-d868-4e4b-9235-622168f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-22T04:46:58.000Z",
"modified": "2019-01-22T04:46:58.000Z",
"description": "APT28 Zebrocy C2 AS29073 QUASINETWORKS, NL @libertyvps.net",
"pattern": "[url:value = 'https://145.249.106.198/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-22T04:46:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c47f9d7-5f30-4893-a12d-1cfe68f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-23T05:21:27.000Z",
"modified": "2019-01-23T05:21:27.000Z",
"labels": [
"misp:type=\"threat-actor\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "threat-actor",
"x_misp_value": "APT28"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c49639e-7110-4d64-8050-631968f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T07:05:02.000Z",
"modified": "2019-01-24T07:05:02.000Z",
"description": "Zebrocy AutoIt Jan 16, 2019",
"pattern": "[file:hashes.MD5 = 'ec57bb4980ea0190f4ad05d0ea9c9447']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T07:05:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4963d0-3650-436c-b82e-631868f8e8cf",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T07:05:52.000Z",
"modified": "2019-01-24T07:05:52.000Z",
"description": "Zebrocy January 16, 2019 URL",
"pattern": "[url:value = 'http://185.236.203.53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T07:05:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b3e-49cc-4e88-9a48-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:51:47.000Z",
"modified": "2019-02-07T19:51:47.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "text",
"x_misp_value": "virus (suspicious);AVG;"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b3e-fcc8-4845-8bcd-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:53:10.000Z",
"modified": "2019-02-07T19:53:10.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "text",
"x_misp_value": "PUA.Win.Packer.AcprotectUltraprotect-1;ClamAV;"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b3e-b370-4841-863a-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:51:40.000Z",
"modified": "2019-02-07T19:51:40.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "text",
"x_misp_value": "Win32/Spy.Autoit.EK trojan;ESETnod32;"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b3e-807c-4433-93b2-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:53:20.000Z",
"modified": "2019-02-07T19:53:20.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "text",
"x_misp_value": "W32/Autoit.EK!tr.spy;Fortinet;"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b3f-6948-461b-bd88-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:49:55.000Z",
"modified": "2019-02-07T19:49:55.000Z",
"labels": [
"misp:type=\"size-in-bytes\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "size-in-bytes",
"x_misp_value": "1150976"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b3f-f40c-409c-bb03-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:52:23.000Z",
"modified": "2019-02-07T19:52:23.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Payload type\""
],
"x_misp_category": "Payload type",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "text",
"x_misp_value": "9ea0c70001000000f1c6cd0033000000f1c6ce00ae000000f1c6cf003200000009788300090000000978930025000000000001001402000066eed8004d00000066eecd000200000066eec90001000000000097000100000066eecc0001000000;0;"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b3f-3110-4eed-af28-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:53:05.000Z",
"modified": "2019-02-07T19:53:05.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Payload type\""
],
"x_misp_category": "Payload type",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "text",
"x_misp_value": "VC8 -> Microsoft Corporation"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:49:34.000Z",
"modified": "2019-02-07T19:49:34.000Z",
"first_observed": "2019-02-07T19:49:34Z",
"last_observed": "2019-02-07T19:49:34Z",
"number_observed": 1,
"object_refs": [
"file--5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518"
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518",
"hashes": {
"SHA-256": "121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999"
}
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b40-e5a0-453c-80a6-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:49:29.000Z",
"modified": "2019-02-07T19:49:29.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Payload delivery\""
],
"x_misp_category": "Payload delivery",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "text",
"x_misp_value": "MS certificate checker 3.3.12.0 12.5.34.0 Certificate verify checker Certificate verify checker"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c5c8b40-94cc-4c28-ad64-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:48:51.000Z",
"modified": "2019-02-07T19:48:51.000Z",
"first_observed": "2019-02-07T19:48:51Z",
"last_observed": "2019-02-07T19:48:51Z",
"number_observed": 1,
"object_refs": [
"file--5c5c8b40-94cc-4c28-ad64-0ff9354b4518"
],
"labels": [
"misp:type=\"imphash\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c5c8b40-94cc-4c28-ad64-0ff9354b4518",
"hashes": {
"IMPHASH": "c1d258acab237961164a925272293413"
}
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b40-4604-4e08-a5b0-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:49:21.000Z",
"modified": "2019-02-07T19:49:21.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "text",
"x_misp_value": "%WINDIR%\\temp\\Invoice-59947267.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c5c8b40-0508-4724-9882-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:49:13.000Z",
"modified": "2019-02-07T19:49:13.000Z",
"first_observed": "2019-02-07T19:49:13Z",
"last_observed": "2019-02-07T19:49:13Z",
"number_observed": 1,
"object_refs": [
"file--5c5c8b40-0508-4724-9882-0ff9354b4518"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c5c8b40-0508-4724-9882-0ff9354b4518",
"hashes": {
"SHA-1": "ce3b60fbad031c9bd5a10779cc8beb185035d407"
}
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b40-d5bc-4e51-8a0f-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:48:58.000Z",
"modified": "2019-02-07T19:48:58.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "text",
"x_misp_value": "LANG_ENGLISH/SUBLANG_ENGLISH_UK"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c5c8b41-8ee0-4dd4-af84-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:48:42.000Z",
"modified": "2019-02-07T19:48:42.000Z",
"labels": [
"misp:type=\"datetime\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"x_misp_type": "datetime",
"x_misp_value": "2018-03-02T01:31:48"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c5c8b41-ff7c-4eef-82f2-0ff9354b4518",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-02-07T19:48:31.000Z",
"modified": "2019-02-07T19:48:31.000Z",
"first_observed": "2019-02-07T19:48:31Z",
"last_observed": "2019-02-07T19:48:31Z",
"number_observed": 1,
"object_refs": [
"file--5c5c8b41-ff7c-4eef-82f2-0ff9354b4518"
],
"labels": [
"misp:type=\"pehash\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c5c8b41-ff7c-4eef-82f2-0ff9354b4518",
"hashes": {
"PEHASH": "791574aad9b238c5093e3c83a5db553ef45b01f1"
}
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b800728f-5a34-4730-a91b-f138e14c98c7",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T21:38:08.000Z",
"modified": "2019-01-24T21:38:08.000Z",
"pattern": "[file:hashes.MD5 = 'd6751b148461e0f863548be84020b879' AND file:hashes.SHA1 = 'bab1d2c668e597d19f9ee9395944c1ce0f34f279' AND file:hashes.SHA256 = '1aa4ad5a3f8929d61f559df656c84326d1fe0ca82a4be299fa758a26e14b1b27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:38:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--99c1af3e-6e2a-4e7e-ae0d-785719b629de",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T21:38:09.000Z",
"modified": "2019-01-24T21:38:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-24T11:36:53",
"category": "Other",
"uuid": "2fe07c1b-96ab-4f81-987a-8db6f28c9942"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1aa4ad5a3f8929d61f559df656c84326d1fe0ca82a4be299fa758a26e14b1b27/analysis/1548329813/",
"category": "External analysis",
"uuid": "5b56cfbc-246d-4782-b0bf-8fe1c528f788"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/69",
"category": "Other",
"uuid": "792b941e-1e36-488a-bc89-bfd79ada3391"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d89b9e2c-fbdb-4504-858e-2cac4f989268",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T21:38:09.000Z",
"modified": "2019-01-24T21:38:09.000Z",
"pattern": "[file:hashes.MD5 = 'c2e1f2cf18ca987ebb3e8f4c09a4ef7e' AND file:hashes.SHA1 = 'e757ea599a1d6f1d06d90589d7f19dd1c1bf8b7b' AND file:hashes.SHA256 = '5b52bc196bfc207d43eedfe585df96fcfabbdead087ff79fcdcdd4d08c7806db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4b15b1fa-1951-422f-8212-1f96c5f99af3",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T21:38:09.000Z",
"modified": "2019-01-24T21:38:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-25T17:04:30",
"category": "Other",
"uuid": "6da72563-3cc7-4780-a07e-55ff265b9308"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5b52bc196bfc207d43eedfe585df96fcfabbdead087ff79fcdcdd4d08c7806db/analysis/1540487070/",
"category": "External analysis",
"uuid": "71f1982a-d31f-42ea-8e9f-ef485841b836"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/65",
"category": "Other",
"uuid": "3ec5fc33-7d0b-4ae9-a429-670577bea696"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--14b16764-ddf9-4007-b47e-3aef5cc6f36a",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T21:38:09.000Z",
"modified": "2019-01-24T21:38:09.000Z",
"pattern": "[file:hashes.MD5 = 'ec57bb4980ea0190f4ad05d0ea9c9447' AND file:hashes.SHA1 = '6b300486d17d07a02365d32b673cd6638bd384f3' AND file:hashes.SHA256 = 'e6e93c7744d20e2cac2c2b257868686c861d43c6cf3de146b8812778c8283f7d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--587de82f-4aae-4200-b88f-a8d0fcfc24ed",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T21:38:10.000Z",
"modified": "2019-01-24T21:38:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-23T17:12:32",
"category": "Other",
"uuid": "5a292dc8-ad4d-40ac-8462-bc25b6767fb9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e6e93c7744d20e2cac2c2b257868686c861d43c6cf3de146b8812778c8283f7d/analysis/1548263552/",
"category": "External analysis",
"uuid": "8c6e54b1-8393-4723-9851-47466fe07a81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/70",
"category": "Other",
"uuid": "0028b781-c4c6-4957-846f-b9a97cd4afe9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--63b96bc9-33bc-4ac2-b26b-077bf4180ab3",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T21:38:10.000Z",
"modified": "2019-01-24T21:38:10.000Z",
"pattern": "[file:hashes.MD5 = '311f24eb2dda26c26f572c727a25503b' AND file:hashes.SHA1 = '74e12fbcac14b2f1b2d83cabb057f8e059c95d68' AND file:hashes.SHA256 = '01bca6481a3a55dc5de5bfa4124bba47d37018d8ee93e5dbb80a60a14f243889']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--80a7973b-8573-413c-a2be-73b4062f2654",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T21:38:10.000Z",
"modified": "2019-01-24T21:38:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-11-06T17:34:50",
"category": "Other",
"uuid": "fc0041a5-dc4f-4fcf-a5b6-6a9fcb978a7f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/01bca6481a3a55dc5de5bfa4124bba47d37018d8ee93e5dbb80a60a14f243889/analysis/1541525690/",
"category": "External analysis",
"uuid": "3640584d-273d-4d8f-8976-37156c0a0593"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/67",
"category": "Other",
"uuid": "89221de2-e8a5-433e-93aa-ee73006ae663"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--18ba115d-3fa8-4ea6-b0aa-b84d71f314c5",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T21:38:10.000Z",
"modified": "2019-01-24T21:38:10.000Z",
"pattern": "[file:hashes.MD5 = '7b1974e61795e84b6aacf33571320c2a' AND file:hashes.SHA1 = 'ce3b60fbad031c9bd5a10779cc8beb185035d407' AND file:hashes.SHA256 = '121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ad488ad1-01c8-4a0e-80ee-a7f7257b1f13",
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
"created": "2019-01-24T21:38:10.000Z",
"modified": "2019-01-24T21:38:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-12T06:28:05",
"category": "Other",
"uuid": "ea4f7140-d3c9-46cb-8d71-627dc47ee8e1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999/analysis/1547274485/",
"category": "External analysis",
"uuid": "3897fb76-7663-4961-8bc6-27bd0f697402"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/69",
"category": "Other",
"uuid": "d7b594d5-8ae7-4c4e-bb62-9d0a9f402523"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--227db519-c983-46a5-b812-f02869339c03",
"created": "2021-05-24T09:53:13.000Z",
"modified": "2021-05-24T09:53:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b800728f-5a34-4730-a91b-f138e14c98c7",
"target_ref": "x-misp-object--99c1af3e-6e2a-4e7e-ae0d-785719b629de"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--742beecd-6436-45b0-b12b-25de18079c2a",
"created": "2021-05-24T09:53:13.000Z",
"modified": "2021-05-24T09:53:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d89b9e2c-fbdb-4504-858e-2cac4f989268",
"target_ref": "x-misp-object--4b15b1fa-1951-422f-8212-1f96c5f99af3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--41bda8ab-8cc7-4ca7-a0d0-98c956c73750",
"created": "2021-05-24T09:53:13.000Z",
"modified": "2021-05-24T09:53:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--14b16764-ddf9-4007-b47e-3aef5cc6f36a",
"target_ref": "x-misp-object--587de82f-4aae-4200-b88f-a8d0fcfc24ed"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7a0caef8-7d8e-46ad-af75-1201343ab912",
"created": "2021-05-24T09:53:13.000Z",
"modified": "2021-05-24T09:53:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--63b96bc9-33bc-4ac2-b26b-077bf4180ab3",
"target_ref": "x-misp-object--80a7973b-8573-413c-a2be-73b4062f2654"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2666b8c9-201e-451e-8bf8-30c584ea5045",
"created": "2021-05-24T09:53:13.000Z",
"modified": "2021-05-24T09:53:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--18ba115d-3fa8-4ea6-b0aa-b84d71f314c5",
"target_ref": "x-misp-object--ad488ad1-01c8-4a0e-80ee-a7f7257b1f13"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}