misp-circl-feed/feeds/circl/misp/5defbf60-c77c-4611-b627-03e368f8e8cf.json

1137 lines
No EOL
50 KiB
JSON

{
"type": "bundle",
"id": "bundle--5defbf60-c77c-4611-b627-03e368f8e8cf",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"name": "VK_INTEL_EVIL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5defbf60-c77c-4611-b627-03e368f8e8cf",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"name": "2019-12-10: TrickBot Project \u00e2\u20ac\u0153Anchor:\u00e2\u20ac\u009d Window Into Sophisticated Operation",
"published": "2021-05-26T11:42:18Z",
"object_refs": [
"indicator--5defbfce-cb0c-4c33-8b93-74cf68f8e8cf",
"indicator--5defc04d-a59c-47ac-a1a5-03fd19d2faa1",
"indicator--5defc04d-4b78-433d-9f82-03fd19d2faa1",
"indicator--5defc04d-08c0-4909-85e3-03fd19d2faa1",
"indicator--5defc04d-e5c0-4a82-b368-03fd19d2faa1",
"indicator--5defc04d-f520-4bdf-9db1-03fd19d2faa1",
"indicator--5defc04d-d238-48e8-889e-03fd19d2faa1",
"indicator--5defc04d-9ca4-4559-b23a-03fd19d2faa1",
"indicator--5defc04d-2934-4c99-a39f-03fd19d2faa1",
"indicator--5defc0ca-4190-4543-9d3a-040819d2faa1",
"indicator--5defc425-9808-4e88-a170-74d168f8e8cf",
"indicator--5defc425-8690-4042-9e2d-74d168f8e8cf",
"observed-data--5defcbb1-1128-4567-a936-ab51950d210f",
"url--5defcbb1-1128-4567-a936-ab51950d210f",
"indicator--d0cb4e83-d39b-4be9-bf27-865cf449ee58",
"x-misp-object--8d59f261-04a2-4b38-9fe0-a1ed372ae412",
"indicator--59697923-f806-485e-92e4-5c80f254cda0",
"x-misp-object--a52de72c-ff08-4e4b-9557-989baeb96fa2",
"indicator--3c20a8d5-ca69-433e-aef1-2a352ccf3221",
"x-misp-object--d7e9e070-4a02-42c2-b6bc-a91da8b91667",
"indicator--d2357103-d172-43df-9bef-4c018472adca",
"x-misp-object--9fe3729a-9873-4b8c-8e4d-34564bf95f06",
"indicator--f44bb30f-2c90-4d8f-b088-65c56436b223",
"x-misp-object--3abbd5dc-13da-4144-9380-e725ca133b00",
"indicator--325ddfbb-45e8-4357-a973-bb90f7cfb770",
"x-misp-object--ba638838-9beb-4f15-99b9-2c65b2e5ae49",
"indicator--7ac12301-9e22-4429-9236-127671f59fe3",
"x-misp-object--8d2aeb0f-bff6-443e-a008-49d67bae2c25",
"indicator--45d92c99-a5a1-45f2-85d9-01a8c2a0b12a",
"x-misp-object--46194cae-7b60-4c07-8074-213e6dac9195",
"indicator--7d3ddce8-bd13-42f3-b6d6-2698e9abc59d",
"x-misp-object--4e9f91a3-50c9-4881-ae9a-dcc491ad9ac0",
"indicator--c00e9e68-c6f6-4f46-b65d-cf2409b16c92",
"x-misp-object--c261cdfa-356e-4cbb-8b09-fd82a644e2a2",
"relationship--3fb2eeb2-840f-4d40-964e-f58037a9230c",
"relationship--cb39ec80-1240-48af-a052-cc71bfa930f0",
"relationship--2377f3ae-cbf6-42a7-b74d-2efc08412f7b",
"relationship--bbaa27e9-11c5-4e82-a099-01852d9487f0",
"relationship--9c66d72b-2e58-4d7b-bcde-a2800c38654e",
"relationship--a6dfd370-0380-4f7c-879e-f2d083b282f5",
"relationship--aeb59eaf-b6cf-40c0-b02a-a9cdc1a702bc",
"relationship--7fe71141-94eb-428d-9380-033fa739b01b",
"relationship--5bebd52e-5eec-4b8b-8ab8-9614a639554b",
"relationship--9c2af694-9f5b-4cf5-8c99-e28dc574a107"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"Banker: TrickBot",
"Anchor",
"Memory Scraper",
"misp-galaxy:malpedia=\"TrickBot\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defbfce-cb0c-4c33-8b93-74cf68f8e8cf",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T15:54:54.000Z",
"modified": "2019-12-10T15:54:54.000Z",
"description": "Trick Anchor Yara",
"pattern": "[rule crime_win32_anchor_trick_1\r\n{\r\nmeta:\r\n description = \"Detects Anchor malware\"\r\n author = \"Jason Reaves\"\r\n\r\nstrings: \r\n$s1 = \"D:\\\\Win32.ogw0rm\" nocase\r\n$s2 = \"MyProjects\\\\memoryScraper\" nocase\r\n$s3 = \"\\\\MyProjects\\\\secondWork\\\\Anchor\" nocase\r\n$s4 = \"\\\\MyProjects\\\\secondWork\\\\psExecutor\" nocase\r\n$s5 = \"\\\\MyProjects\\\\mailCollection\" nocase\r\n$s6 = \"\\\\MyProjects\\\\spreader\" nocase\r\ncondition:\r\nany of them\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2019-12-10T15:54:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc04d-a59c-47ac-a1a5-03fd19d2faa1",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T15:57:01.000Z",
"modified": "2019-12-10T15:57:01.000Z",
"description": "Memscraper payload",
"pattern": "[file:hashes.SHA256 = 'e54a267e788cc076c870eba0ff16920f9cb49207a034a8b6bfd92abc5a5f7434']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc04d-4b78-433d-9f82-03fd19d2faa1",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T15:57:01.000Z",
"modified": "2019-12-10T15:57:01.000Z",
"description": "Memscraper payload",
"pattern": "[file:hashes.SHA256 = 'd584e868f867c6251e115b7909559da784f25b778192c6a24e49685f80257e4d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc04d-08c0-4909-85e3-03fd19d2faa1",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T15:57:01.000Z",
"modified": "2019-12-10T15:57:01.000Z",
"description": "Memscraper DNS variant",
"pattern": "[file:hashes.SHA256 = '354936f4265a5e870374a3fe9378cf9a3e7dd45ee4626b971d6b7b0837f4f181']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc04d-e5c0-4a82-b368-03fd19d2faa1",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T15:57:01.000Z",
"modified": "2019-12-10T15:57:01.000Z",
"description": "Memscraper DNS variant",
"pattern": "[file:hashes.SHA256 = '54257aa2394ef87dd510da00e0583b670f3eb43e2eef86be4db69c3432e99abd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc04d-f520-4bdf-9db1-03fd19d2faa1",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T15:57:01.000Z",
"modified": "2019-12-10T15:57:01.000Z",
"description": "Anchor Deinstaller",
"pattern": "[file:hashes.SHA256 = 'b288c3b3f5886b1cd7b6600df2b8046f2c0fd17360fb188ecfbcc8f6b7e552a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc04d-d238-48e8-889e-03fd19d2faa1",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T15:57:01.000Z",
"modified": "2019-12-10T15:57:01.000Z",
"description": "Anchor Installer",
"pattern": "[file:hashes.SHA256 = '52a1ca4e65a99f997db0314add8c3b84c6f257844eda73ae6e5debce6abc2bd4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc04d-9ca4-4559-b23a-03fd19d2faa1",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T15:57:01.000Z",
"modified": "2019-12-10T15:57:01.000Z",
"description": "Anchor Bot",
"pattern": "[file:hashes.SHA256 = '6500190bf8253c015700eb071416cbe33a1c8f3b84aeb28b7118a6abe96005e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc04d-2934-4c99-a39f-03fd19d2faa1",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T15:57:01.000Z",
"modified": "2019-12-10T15:57:01.000Z",
"description": "Anchor DNS variant",
"pattern": "[file:hashes.SHA256 = '6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc0ca-4190-4543-9d3a-040819d2faa1",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T15:59:06.000Z",
"modified": "2019-12-10T15:59:06.000Z",
"description": "Anchor DNS variant",
"pattern": "[file:hashes.SHA256 = 'e49e6f0b194ff7c83ec02b3c2efc9e746a4b2ba74607a4aad8fbdcdc66baa8dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T15:59:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc425-9808-4e88-a170-74d168f8e8cf",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:13:25.000Z",
"modified": "2019-12-10T16:13:25.000Z",
"description": "Anchor DNS variant",
"pattern": "[file:hashes.SHA256 = 'b02494ffc1dab60510e6caee3c54695e24408e5bfa6621adcd19301cfc18e329']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:13:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defc425-8690-4042-9e2d-74d168f8e8cf",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:13:25.000Z",
"modified": "2019-12-10T16:13:25.000Z",
"description": "Anchor DNS variant",
"pattern": "[file:hashes.SHA256 = 'c6d466600371ced9d962594474a4b8b0ccff19adc59dbd2027c10d930afbe282']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:13:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5defcbb1-1128-4567-a936-ab51950d210f",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:37.000Z",
"modified": "2019-12-10T16:45:37.000Z",
"first_observed": "2019-12-10T16:45:37Z",
"last_observed": "2019-12-10T16:45:37Z",
"number_observed": 1,
"object_refs": [
"url--5defcbb1-1128-4567-a936-ab51950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5defcbb1-1128-4567-a936-ab51950d210f",
"value": "https://github.com/SentineLabs/TrickBot-Anchor/blob/master/2019-12-10-trickbot-anchor-blog.vk.misp.json"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d0cb4e83-d39b-4be9-bf27-865cf449ee58",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:01.000Z",
"modified": "2019-12-10T16:45:01.000Z",
"pattern": "[file:hashes.MD5 = 'ae48b4d1d0da879512b495ec1f80cf67' AND file:hashes.SHA1 = 'b388243bf5899c99091ac2df13339f141659bbd4' AND file:hashes.SHA256 = 'b02494ffc1dab60510e6caee3c54695e24408e5bfa6621adcd19301cfc18e329']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8d59f261-04a2-4b38-9fe0-a1ed372ae412",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:01.000Z",
"modified": "2019-12-10T16:45:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-10-15T18:47:28",
"category": "Other",
"comment": "Anchor DNS variant",
"uuid": "31d66a22-e70d-43e4-af6f-ac9ca2856207"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b02494ffc1dab60510e6caee3c54695e24408e5bfa6621adcd19301cfc18e329/analysis/1571165248/",
"category": "External analysis",
"comment": "Anchor DNS variant",
"uuid": "81544988-2b02-4a5d-a8be-4519393f64d7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/70",
"category": "Payload installation",
"comment": "Anchor DNS variant",
"uuid": "7b2c1ba8-7583-488b-88e2-b5336e3ea744"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59697923-f806-485e-92e4-5c80f254cda0",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:02.000Z",
"modified": "2019-12-10T16:45:02.000Z",
"pattern": "[file:hashes.MD5 = '8ae6cd70b4acf2b17b3b678eb741344e' AND file:hashes.SHA1 = '299d63fef8274c51325a6f7b3e2bb7578c978d19' AND file:hashes.SHA256 = 'd584e868f867c6251e115b7909559da784f25b778192c6a24e49685f80257e4d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a52de72c-ff08-4e4b-9557-989baeb96fa2",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:02.000Z",
"modified": "2019-12-10T16:45:02.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-13T09:37:29",
"category": "Other",
"comment": "Memscraper payload",
"uuid": "c31388c5-410e-456c-93d8-bd92a56c94a0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d584e868f867c6251e115b7909559da784f25b778192c6a24e49685f80257e4d/analysis/1536831449/",
"category": "Payload delivery",
"comment": "Memscraper payload",
"uuid": "830a634d-51b7-42e1-af5b-6d05b45f13c2"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/68",
"category": "Payload delivery",
"comment": "Memscraper payload",
"uuid": "9ea82fdf-c020-439f-bfc4-78f4222b43d1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3c20a8d5-ca69-433e-aef1-2a352ccf3221",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:02.000Z",
"modified": "2019-12-10T16:45:02.000Z",
"pattern": "[file:hashes.MD5 = '9998b8cf8f204cadb9a855f42af0ddc5' AND file:hashes.SHA1 = '314967cc074e31b448d42ca15ab43fff27d716c7' AND file:hashes.SHA256 = 'e54a267e788cc076c870eba0ff16920f9cb49207a034a8b6bfd92abc5a5f7434']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d7e9e070-4a02-42c2-b6bc-a91da8b91667",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:03.000Z",
"modified": "2019-12-10T16:45:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-15T14:40:18",
"category": "Other",
"comment": "Memscraper payload",
"uuid": "290a435a-597a-493f-8687-33fd7883999d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e54a267e788cc076c870eba0ff16920f9cb49207a034a8b6bfd92abc5a5f7434/analysis/1534344018/",
"category": "Payload delivery",
"comment": "Memscraper payload",
"uuid": "5b3ac3e7-faa0-4a8a-ae01-ecfc3717229a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "4/68",
"category": "Payload delivery",
"comment": "Memscraper payload",
"uuid": "5aba37ab-b2fb-4754-918f-c1039daa36b4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d2357103-d172-43df-9bef-4c018472adca",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:03.000Z",
"modified": "2019-12-10T16:45:03.000Z",
"pattern": "[file:hashes.MD5 = '737346c9511b32f1b6f878667785dc32' AND file:hashes.SHA1 = '945852060bea021b20855f4cd913951f5b1b14c9' AND file:hashes.SHA256 = '354936f4265a5e870374a3fe9378cf9a3e7dd45ee4626b971d6b7b0837f4f181']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9fe3729a-9873-4b8c-8e4d-34564bf95f06",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:03.000Z",
"modified": "2019-12-10T16:45:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-11T09:23:25",
"category": "Other",
"comment": "Memscraper DNS variant",
"uuid": "c414d184-c756-40a7-8525-e99b49a6b3e8"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/354936f4265a5e870374a3fe9378cf9a3e7dd45ee4626b971d6b7b0837f4f181/analysis/1552296205/",
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"uuid": "dc5736ac-4bba-484e-8a61-e0c14ebd6245"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "3/68",
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"uuid": "add6615e-45c7-448d-a62c-ee332c0d374b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f44bb30f-2c90-4d8f-b088-65c56436b223",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:03.000Z",
"modified": "2019-12-10T16:45:03.000Z",
"pattern": "[file:hashes.MD5 = '488ec17aff5f12732fc3a5c7503e26ba' AND file:hashes.SHA1 = 'a96fe2efc6a0b661cf30420d13584b4ffbd654fe' AND file:hashes.SHA256 = '6500190bf8253c015700eb071416cbe33a1c8f3b84aeb28b7118a6abe96005e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3abbd5dc-13da-4144-9380-e725ca133b00",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:03.000Z",
"modified": "2019-12-10T16:45:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-10-24T02:09:12",
"category": "Other",
"comment": "Anchor Bot",
"uuid": "8dbd1370-04fb-4bea-8359-b34a391270cf"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6500190bf8253c015700eb071416cbe33a1c8f3b84aeb28b7118a6abe96005e3/analysis/1571882952/",
"category": "Payload delivery",
"comment": "Anchor Bot",
"uuid": "81502d9d-a6d9-41ce-a263-9f517d5b0e6f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/71",
"category": "Payload delivery",
"comment": "Anchor Bot",
"uuid": "43fcfa2f-ead0-48ce-91d6-e17128f78d0b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--325ddfbb-45e8-4357-a973-bb90f7cfb770",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:03.000Z",
"modified": "2019-12-10T16:45:03.000Z",
"pattern": "[file:hashes.MD5 = 'ad4e7904c241bb64955bd066806b25a8' AND file:hashes.SHA1 = '33c9a73ec1150f0b55903537e79e11413954e58f' AND file:hashes.SHA256 = 'e49e6f0b194ff7c83ec02b3c2efc9e746a4b2ba74607a4aad8fbdcdc66baa8dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ba638838-9beb-4f15-99b9-2c65b2e5ae49",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:03.000Z",
"modified": "2019-12-10T16:45:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-10-15T19:32:52",
"category": "Other",
"comment": "Anchor DNS variant",
"uuid": "db9fe6d4-d514-4964-a57b-b0501ff0a308"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e49e6f0b194ff7c83ec02b3c2efc9e746a4b2ba74607a4aad8fbdcdc66baa8dc/analysis/1571167972/",
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"uuid": "e407382e-ed51-4a60-9be0-319f391d78ae"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/69",
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"uuid": "9adbfe67-fec1-494c-b00c-14dde0e50dd7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7ac12301-9e22-4429-9236-127671f59fe3",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:04.000Z",
"modified": "2019-12-10T16:45:04.000Z",
"pattern": "[file:hashes.MD5 = '7dd84d1e59e01f4409e5239bae78ae23' AND file:hashes.SHA1 = '8b185b88519206b883554613a8660cd73dc8fff5' AND file:hashes.SHA256 = 'c6d466600371ced9d962594474a4b8b0ccff19adc59dbd2027c10d930afbe282']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:45:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8d2aeb0f-bff6-443e-a008-49d67bae2c25",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:04.000Z",
"modified": "2019-12-10T16:45:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-04T19:54:22",
"category": "Other",
"comment": "Anchor DNS variant",
"uuid": "cc973c30-1507-49b1-b692-4296a905d10b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c6d466600371ced9d962594474a4b8b0ccff19adc59dbd2027c10d930afbe282/analysis/1575489262/",
"category": "External analysis",
"comment": "Anchor DNS variant",
"uuid": "29b23c8e-9a19-4020-942f-731201eafaee"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/71",
"category": "Payload installation",
"comment": "Anchor DNS variant",
"uuid": "f2d5079e-02d4-440a-8f87-0712e3788c81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--45d92c99-a5a1-45f2-85d9-01a8c2a0b12a",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:04.000Z",
"modified": "2019-12-10T16:45:04.000Z",
"pattern": "[file:hashes.MD5 = 'b9b5f5039c19f15ca610baa095642f8a' AND file:hashes.SHA1 = '6464f52a47c362195a219bd5cf529338bf29a5c9' AND file:hashes.SHA256 = 'b288c3b3f5886b1cd7b6600df2b8046f2c0fd17360fb188ecfbcc8f6b7e552a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:45:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--46194cae-7b60-4c07-8074-213e6dac9195",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:04.000Z",
"modified": "2019-12-10T16:45:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-08-16T13:42:12",
"category": "Other",
"comment": "Anchor Deinstaller",
"uuid": "83380f01-b9ea-4fa8-8a19-dd471362abbc"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b288c3b3f5886b1cd7b6600df2b8046f2c0fd17360fb188ecfbcc8f6b7e552a5/analysis/1565962932/",
"category": "Payload delivery",
"comment": "Anchor Deinstaller",
"uuid": "74f02707-1c5f-4f1f-88a2-0dc51cf65d12"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/67",
"category": "Payload delivery",
"comment": "Anchor Deinstaller",
"uuid": "69130a7e-3ad9-4d85-9bd2-b37d51016fd4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d3ddce8-bd13-42f3-b6d6-2698e9abc59d",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:04.000Z",
"modified": "2019-12-10T16:45:04.000Z",
"pattern": "[file:hashes.MD5 = 'b21646d0e17312079f3e509d5e5a7830' AND file:hashes.SHA1 = '8beef55eee4608afe013741033f060c8f47804b5' AND file:hashes.SHA256 = '6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:45:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4e9f91a3-50c9-4881-ae9a-dcc491ad9ac0",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:04.000Z",
"modified": "2019-12-10T16:45:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-27T02:02:59",
"category": "Other",
"comment": "Anchor DNS variant",
"uuid": "d6009263-d189-4690-bf00-6a13b5c8bfb9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c/analysis/1574820179/",
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"uuid": "7fe80e07-3bfa-4a4e-8632-51edb7f824af"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/68",
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"uuid": "4b8324b6-c59c-4dd0-9ff8-b119d25bc766"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c00e9e68-c6f6-4f46-b65d-cf2409b16c92",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:05.000Z",
"modified": "2019-12-10T16:45:05.000Z",
"pattern": "[file:hashes.MD5 = '3045fb2685124532f28829e07d2d07fb' AND file:hashes.SHA1 = 'b437667e8f3e6b2676cb4c4d7f05435fbc2ba168' AND file:hashes.SHA256 = '54257aa2394ef87dd510da00e0583b670f3eb43e2eef86be4db69c3432e99abd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T16:45:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c261cdfa-356e-4cbb-8b09-fd82a644e2a2",
"created_by_ref": "identity--5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf",
"created": "2019-12-10T16:45:05.000Z",
"modified": "2019-12-10T16:45:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-09T16:34:27",
"category": "Other",
"comment": "Memscraper DNS variant",
"uuid": "ec9b20a9-4286-4421-91dd-9046797d55af"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/54257aa2394ef87dd510da00e0583b670f3eb43e2eef86be4db69c3432e99abd/analysis/1554827667/",
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"uuid": "c4360cc4-1826-4682-849f-29b193e44d51"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "4/66",
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"uuid": "30f6b412-8f65-4aba-b678-9e7228eaeb2d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3fb2eeb2-840f-4d40-964e-f58037a9230c",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d0cb4e83-d39b-4be9-bf27-865cf449ee58",
"target_ref": "x-misp-object--8d59f261-04a2-4b38-9fe0-a1ed372ae412"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cb39ec80-1240-48af-a052-cc71bfa930f0",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--59697923-f806-485e-92e4-5c80f254cda0",
"target_ref": "x-misp-object--a52de72c-ff08-4e4b-9557-989baeb96fa2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2377f3ae-cbf6-42a7-b74d-2efc08412f7b",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3c20a8d5-ca69-433e-aef1-2a352ccf3221",
"target_ref": "x-misp-object--d7e9e070-4a02-42c2-b6bc-a91da8b91667"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bbaa27e9-11c5-4e82-a099-01852d9487f0",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d2357103-d172-43df-9bef-4c018472adca",
"target_ref": "x-misp-object--9fe3729a-9873-4b8c-8e4d-34564bf95f06"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9c66d72b-2e58-4d7b-bcde-a2800c38654e",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f44bb30f-2c90-4d8f-b088-65c56436b223",
"target_ref": "x-misp-object--3abbd5dc-13da-4144-9380-e725ca133b00"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a6dfd370-0380-4f7c-879e-f2d083b282f5",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--325ddfbb-45e8-4357-a973-bb90f7cfb770",
"target_ref": "x-misp-object--ba638838-9beb-4f15-99b9-2c65b2e5ae49"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aeb59eaf-b6cf-40c0-b02a-a9cdc1a702bc",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7ac12301-9e22-4429-9236-127671f59fe3",
"target_ref": "x-misp-object--8d2aeb0f-bff6-443e-a008-49d67bae2c25"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7fe71141-94eb-428d-9380-033fa739b01b",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--45d92c99-a5a1-45f2-85d9-01a8c2a0b12a",
"target_ref": "x-misp-object--46194cae-7b60-4c07-8074-213e6dac9195"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5bebd52e-5eec-4b8b-8ab8-9614a639554b",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7d3ddce8-bd13-42f3-b6d6-2698e9abc59d",
"target_ref": "x-misp-object--4e9f91a3-50c9-4881-ae9a-dcc491ad9ac0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9c2af694-9f5b-4cf5-8c99-e28dc574a107",
"created": "2021-05-24T10:01:46.000Z",
"modified": "2021-05-24T10:01:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c00e9e68-c6f6-4f46-b65d-cf2409b16c92",
"target_ref": "x-misp-object--c261cdfa-356e-4cbb-8b09-fd82a644e2a2"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}