adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/174f7375-c811-4c4a-81e0-1d41582f340d.json

4446 lines
No EOL
200 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--174f7375-c811-4c4a-81e0-1d41582f340d",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:58:38.000Z",
"modified": "2021-03-26T11:58:38.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--174f7375-c811-4c4a-81e0-1d41582f340d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:58:38.000Z",
"modified": "2021-03-26T11:58:38.000Z",
"name": "OSINT - Analyzing attacks taking advantage of the Exchange Server vulnerabilities",
"published": "2021-03-26T11:59:57Z",
"object_refs": [
"indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3",
"indicator--0507d917-2bfd-418a-9c91-65edfe6df45f",
"indicator--27883473-9495-4bdc-84e1-8898c13d1f52",
"indicator--222418c5-b7f1-494e-9044-bfb11f195703",
"indicator--fb9b415d-0c5f-4bc2-a966-8f2de3e6b5ad",
"indicator--d3418d73-07c0-4c8e-887e-1c0ef132491c",
"indicator--30133a6e-5b42-4d43-b14e-14c0ce5c48fd",
"indicator--1b11e7b2-b5d3-49ce-a2e4-67b4b733805c",
"indicator--09c6e13b-9ee3-4d11-91c7-2934ce6214a5",
"indicator--90d44c63-36d4-4adb-94ae-477475eeba3e",
"indicator--ca05457f-042b-4300-9c5e-52a335f989ef",
"indicator--6a2ad2ef-58be-4303-b7cf-41a1caaab335",
"indicator--6a380c0c-1f8f-4f16-92c7-631f398034e9",
"indicator--e50aa7c3-ae00-4429-91d7-7962db057e92",
"indicator--5ac9bd59-8ee3-44c0-a842-128312afcb41",
"indicator--53c5263a-7e99-412a-83ca-bed51b063a7c",
"indicator--1c8b9c11-d832-4d3a-aa72-6f20a40e9ce6",
"indicator--eb98ccd1-b6c2-459f-877c-6fc9cb5682ed",
"indicator--ec22d510-f3af-4807-b40d-0e9a84073347",
"indicator--5b9913c1-e277-4947-a05d-52a3528c82ad",
"indicator--a1f758e0-7568-4ed1-ab37-a8ee02e22359",
"indicator--a7c061b6-8737-4833-9bfb-7dc7a9877edc",
"indicator--e8ef454d-3103-4a3c-9660-115baf72420d",
"indicator--58eddb96-5c84-408e-9a47-11034fd78da8",
"indicator--2d57e2fe-cd02-4ccf-b1fd-d14398c8cff4",
"indicator--d3143632-5173-4516-9327-8e22f0deb6e6",
"indicator--9eefe9a8-57b4-4af0-9e46-a5ecc756d2a2",
"indicator--1eb9c95a-aca6-4e17-95d8-85eb5580f05b",
"indicator--151610f0-2fb7-46d6-b3e1-b3b627878ada",
"indicator--eecf9939-d3d5-443a-ade5-374142e5bef8",
"indicator--637ef6c0-1d6c-4a0e-97a7-8c29d3a272ec",
"indicator--fecb1042-b6de-46ee-b3b8-e9b2a7d2e30c",
"indicator--e2526249-0422-4096-8b1e-7c189aea6270",
"indicator--7f7b791d-774d-4852-9456-2e5cbb6f47f8",
"indicator--1f505bb0-aa2c-41c5-bce0-b30cc941a94d",
"indicator--741ebe5a-d450-44ba-989d-98b2164a8591",
"indicator--debe77bb-8d18-4911-9726-a46c85d44795",
"indicator--a011b404-9097-48e4-a602-1372b238d3b3",
"indicator--3b0ce211-02ae-466d-9390-cf91f7c73014",
"indicator--493ab996-5d1b-4bcf-932d-2305a6541f26",
"indicator--a7e87b24-f989-402d-8673-d8741bc08184",
"indicator--fd66b672-274f-4bd0-9de6-04b1d46fd965",
"indicator--94aecbb8-5189-4e6e-9356-0172dcc89638",
"indicator--140c1e65-1d74-4e0f-9306-0690d7c91fed",
"indicator--fe58049f-d796-48a7-b572-0256fb1c719f",
"indicator--68db0c1e-4c28-43a4-96db-e85fe0dc2e53",
"indicator--e26ca02c-6819-4602-bbb8-ce6534aed660",
"indicator--411617df-f081-4b02-92fa-6374ee8b0f59",
"x-misp-attribute--9749a54a-4be5-4059-acbf-033d614dee7d",
"x-misp-attribute--a4071d67-2ea4-49d1-9c9b-0ee81234d809",
"x-misp-attribute--0178d543-9d09-4643-b5b6-ef0d2ea32e37",
"x-misp-attribute--3e1c27bd-054d-4e1c-a7f6-b1d0aae91db7",
"x-misp-attribute--77f83632-b74c-4bfd-a23d-c1cf3221bbf4",
"x-misp-attribute--3d8a57d8-98ae-427a-ab43-ff07a8971b36",
"x-misp-attribute--eb8743cd-6e7e-40b3-a6c6-b6270ad1dba0",
"x-misp-attribute--59e6151f-accb-40b8-b1a4-884ec8c14134",
"x-misp-attribute--669a2dc2-269d-4a5d-8025-21151208a7d3",
"x-misp-attribute--b0de41c7-ec23-491d-a31f-3dce62abf9af",
"x-misp-attribute--a09f91d6-2103-422c-bf5b-6451f4a1acdc",
"x-misp-attribute--1315cf20-b279-490f-aded-5ae5c53ba9d3",
"x-misp-attribute--368c532e-2cfb-4946-b88f-8c0fea358d20",
"x-misp-attribute--7a16683b-3e4a-49dc-941f-13299d77d90a",
"x-misp-object--c96a5a0f-a2d4-4072-8eb2-e85fdf0632fb",
"indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac",
"x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8",
"indicator--a195cd72-0b3b-4c16-a185-1dbba192b089",
"x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91",
"indicator--9e5710ce-d800-4726-b66b-0a2f6568a769",
"x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09",
"indicator--98476378-a729-4dc9-8381-460968f44e41",
"x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba",
"indicator--16eab987-8119-482e-81ca-637d7ab2027a",
"x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7",
"indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a",
"x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530",
"indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90",
"x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44",
"indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe",
"x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769",
"indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5",
"x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda",
"indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881",
"x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98",
"indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016",
"x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d",
"indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48",
"x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4",
"indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427",
"x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d",
"indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e",
"x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3",
"indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c",
"x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28",
"indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7",
"x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f",
"indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d",
"x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac",
"indicator--5b361066-2b82-4c80-b4ae-690998433d3c",
"x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996",
"indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67",
"x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5",
"indicator--606c37d3-7072-49e9-ba9a-f091642c58b6",
"x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c",
"indicator--833d3f3f-8273-4951-b714-6706bc1347d0",
"x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8",
"indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e",
"x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930",
"indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de",
"x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66",
"indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3",
"x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d",
"indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8",
"x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777",
"indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04",
"x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9",
"indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230",
"x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59",
"indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643",
"x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532",
"indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461",
"x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd",
"indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247",
"x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d",
"indicator--0737e5f5-f011-41ba-aa2d-17120ee75143",
"x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548",
"indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026",
"x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b",
"indicator--bcb634ef-c629-450c-a194-3197dcac08bf",
"x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7",
"indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6",
"x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c",
"indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd",
"x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a",
"indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5",
"x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078",
"x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325",
"x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67",
"x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95",
"relationship--c57a896b-3a07-4010-9918-6aacb638b4a5",
"relationship--9f1b341b-e9e2-43ec-b156-ca6033a3e48c",
"relationship--66dd1b7a-e1f8-40c6-bf9c-7aa722fcbd00",
"relationship--464bbfb9-f7ff-427f-87bc-89a414c331a1",
"relationship--f87c2168-54ef-4b0d-8da0-000ea8b79982",
"relationship--25034a2a-4640-43d0-9bcc-1e263f1cf8cb",
"relationship--8720d1e3-b1eb-470d-8ffe-4e6ce91d9423",
"relationship--5d9becb1-1930-4ac4-895b-0f2d035394c8",
"relationship--e762cf23-c926-469b-8bd9-2438398098d4",
"relationship--f508f4f3-7513-44c6-ab69-8d551d9fd6c2",
"relationship--5963f6d8-4dca-4c2e-8a2f-25610cda7c26",
"relationship--ebccb8ef-838d-46a5-b1b9-c280b94281f7",
"relationship--777a6cc6-9684-4828-90a0-b15bc0ad8c87",
"relationship--53b6d847-0b1d-4bc0-aaa9-5dc2790bce06",
"relationship--690464e8-3e9c-4c4d-a300-4082c3339733",
"relationship--3205f953-0023-4203-9f60-d721f7f4d392",
"relationship--3115e201-4f5e-4091-bbf5-a6dffa633e75",
"relationship--ce183a66-a2bb-4659-9c45-cf08edcf334e",
"relationship--9ee39f3a-4799-4888-bbff-a6e19f0caa0a",
"relationship--1bbb798d-149f-46de-9b56-d6e09cef227e",
"relationship--ce8e7105-3ca8-40c0-b382-7e13391ae95b",
"relationship--4c2b8358-ce5c-40c9-b600-c8463febabc5",
"relationship--fe293a99-4c5a-477c-9b20-fa2900cad11c",
"relationship--1b3d4516-0e59-444a-87b7-2d37de7fdd5c",
"relationship--fd3fe633-d1ce-4309-8d4a-aff92117b43a",
"relationship--d423cf8a-bb28-4876-a5ad-c4a381370bf7",
"relationship--86491c9c-89d0-48a0-9670-9414bd310989",
"relationship--1af05f5f-7c5c-4bbe-a9b1-d69f5c136d62",
"relationship--4bc4cb10-cc09-4caa-9990-b336e9fc8baa",
"relationship--073587e8-ddfc-4b19-9c1d-4964fee22eab",
"relationship--c89e103b-8cfa-4ba7-9cbc-f9edb62e0577",
"relationship--a307f55b-28c6-442a-8f0f-5d1e1b04514f",
"relationship--984dfadc-5b64-45dd-b55e-7ba7816165f7",
"relationship--daaaf050-550c-48fb-865c-a641e4ebc8f5",
"relationship--2dc5f2b2-9bba-402c-a4f1-a3e1378ee969",
"relationship--4880fc64-0dad-46a7-9a1b-85ab2fd07889",
"relationship--8c83cbf0-31ca-41d1-b1f7-a4b0d8a4fcff",
"relationship--c69d03a1-0da6-4923-9e4a-c759ee8b69e4",
"relationship--ecc08bb6-6a11-422a-b45f-db45fbf7e1e4"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:50:34.000Z",
"modified": "2021-03-26T10:50:34.000Z",
"description": "Domains abused by Lemon Duck:",
"pattern": "[domain-name:value = 'down.sqlnetcat.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:50:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0507d917-2bfd-418a-9c91-65edfe6df45f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:50:34.000Z",
"modified": "2021-03-26T10:50:34.000Z",
"description": "Domains abused by Lemon Duck:",
"pattern": "[domain-name:value = 't.sqlnetcat.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:50:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--27883473-9495-4bdc-84e1-8898c13d1f52",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:50:34.000Z",
"modified": "2021-03-26T10:50:34.000Z",
"description": "Domains abused by Lemon Duck:",
"pattern": "[domain-name:value = 't.netcatkit.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:50:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--222418c5-b7f1-494e-9044-bfb11f195703",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:07.000Z",
"modified": "2021-03-26T10:51:07.000Z",
"description": "Pydomer DGA network indicators:",
"pattern": "[url:value = 'uiiuui.com/search/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fb9b415d-0c5f-4bc2-a966-8f2de3e6b5ad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:07.000Z",
"modified": "2021-03-26T10:51:07.000Z",
"description": "Pydomer DGA network indicators:",
"pattern": "[url:value = 'yuuuuu43.com/vpn-service/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d3418d73-07c0-4c8e-887e-1c0ef132491c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:07.000Z",
"modified": "2021-03-26T10:51:07.000Z",
"description": "Pydomer DGA network indicators:",
"pattern": "[url:value = 'yuuuuu44.com/vpn-service/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--30133a6e-5b42-4d43-b14e-14c0ce5c48fd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:07.000Z",
"modified": "2021-03-26T10:51:07.000Z",
"description": "Pydomer DGA network indicators:",
"pattern": "[url:value = 'yuuuuu46.com/search/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1b11e7b2-b5d3-49ce-a2e4-67b4b733805c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:33.000Z",
"modified": "2021-03-26T10:51:33.000Z",
"description": "Pydomer associated hashes",
"pattern": "[file:hashes.SHA256 = '7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--09c6e13b-9ee3-4d11-91c7-2934ce6214a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:34.000Z",
"modified": "2021-03-26T10:51:34.000Z",
"description": "Pydomer associated hashes",
"pattern": "[file:hashes.SHA256 = '866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--90d44c63-36d4-4adb-94ae-477475eeba3e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:34.000Z",
"modified": "2021-03-26T10:51:34.000Z",
"description": "Pydomer associated hashes",
"pattern": "[file:hashes.SHA256 = '910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ca05457f-042b-4300-9c5e-52a335f989ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:34.000Z",
"modified": "2021-03-26T10:51:34.000Z",
"description": "Pydomer associated hashes",
"pattern": "[file:hashes.SHA256 = 'a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6a2ad2ef-58be-4303-b7cf-41a1caaab335",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:34.000Z",
"modified": "2021-03-26T10:51:34.000Z",
"description": "Pydomer associated hashes",
"pattern": "[file:hashes.SHA256 = 'b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6a380c0c-1f8f-4f16-92c7-631f398034e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:34.000Z",
"modified": "2021-03-26T10:51:34.000Z",
"description": "Pydomer associated hashes",
"pattern": "[file:hashes.SHA256 = 'c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e50aa7c3-ae00-4429-91d7-7962db057e92",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:34.000Z",
"modified": "2021-03-26T10:51:34.000Z",
"description": "Pydomer associated hashes",
"pattern": "[file:hashes.SHA256 = 'c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ac9bd59-8ee3-44c0-a842-128312afcb41",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = '0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--53c5263a-7e99-412a-83ca-bed51b063a7c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = '3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1c8b9c11-d832-4d3a-aa72-6f20a40e9ce6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = '4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb98ccd1-b6c2-459f-877c-6fc9cb5682ed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = '56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ec22d510-f3af-4807-b40d-0e9a84073347",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = '69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b9913c1-e277-4947-a05d-52a3528c82ad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = '737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1f758e0-7568-4ed1-ab37-a8ee02e22359",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = '893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a7c061b6-8737-4833-9bfb-7dc7a9877edc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = '9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e8ef454d-3103-4a3c-9660-115baf72420d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = '9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58eddb96-5c84-408e-9a47-11034fd78da8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = 'a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2d57e2fe-cd02-4ccf-b1fd-d14398c8cff4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = 'd8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d3143632-5173-4516-9327-8e22f0deb6e6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = 'db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9eefe9a8-57b4-4af0-9e46-a5ecc756d2a2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = 'dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1eb9c95a-aca6-4e17-95d8-85eb5580f05b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = 'f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--151610f0-2fb7-46d6-b3e1-b3b627878ada",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = 'f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eecf9939-d3d5-443a-ade5-374142e5bef8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:51:49.000Z",
"modified": "2021-03-26T10:51:49.000Z",
"description": "Lemon Duck associated hashes",
"pattern": "[file:hashes.SHA256 = 'fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--637ef6c0-1d6c-4a0e-97a7-8c29d3a272ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:14.000Z",
"modified": "2021-03-26T10:52:14.000Z",
"description": "DoejoCrypt associated hashes",
"pattern": "[file:hashes.SHA256 = '027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fecb1042-b6de-46ee-b3b8-e9b2a7d2e30c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:14.000Z",
"modified": "2021-03-26T10:52:14.000Z",
"description": "DoejoCrypt associated hashes",
"pattern": "[file:hashes.SHA256 = '10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e2526249-0422-4096-8b1e-7c189aea6270",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:14.000Z",
"modified": "2021-03-26T10:52:14.000Z",
"description": "DoejoCrypt associated hashes",
"pattern": "[file:hashes.SHA256 = '2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7f7b791d-774d-4852-9456-2e5cbb6f47f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:14.000Z",
"modified": "2021-03-26T10:52:14.000Z",
"description": "DoejoCrypt associated hashes",
"pattern": "[file:hashes.SHA256 = '904fbea2cd68383f32c5bc630d2227601dc52f94790fe7a6a7b6d44bfd904ff3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1f505bb0-aa2c-41c5-bce0-b30cc941a94d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:14.000Z",
"modified": "2021-03-26T10:52:14.000Z",
"description": "DoejoCrypt associated hashes",
"pattern": "[file:hashes.SHA256 = 'bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--741ebe5a-d450-44ba-989d-98b2164a8591",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:14.000Z",
"modified": "2021-03-26T10:52:14.000Z",
"description": "DoejoCrypt associated hashes",
"pattern": "[file:hashes.SHA256 = 'e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--debe77bb-8d18-4911-9726-a46c85d44795",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:14.000Z",
"modified": "2021-03-26T10:52:14.000Z",
"description": "DoejoCrypt associated hashes",
"pattern": "[file:hashes.SHA256 = 'fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a011b404-9097-48e4-a602-1372b238d3b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:14.000Z",
"modified": "2021-03-26T10:52:14.000Z",
"description": "DoejoCrypt associated hashes",
"pattern": "[file:hashes.SHA256 = 'feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3b0ce211-02ae-466d-9390-cf91f7c73014",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:35.000Z",
"modified": "2021-03-26T10:52:35.000Z",
"description": "file hashes for some of the web shells observed during attacks",
"pattern": "[file:hashes.SHA256 = '201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--493ab996-5d1b-4bcf-932d-2305a6541f26",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:35.000Z",
"modified": "2021-03-26T10:52:35.000Z",
"description": "file hashes for some of the web shells observed during attacks",
"pattern": "[file:hashes.SHA256 = '2f0bc81c2ea269643cae307239124d1b6479847867b1adfe9ae712a1d5ef135e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a7e87b24-f989-402d-8673-d8741bc08184",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:35.000Z",
"modified": "2021-03-26T10:52:35.000Z",
"description": "file hashes for some of the web shells observed during attacks",
"pattern": "[file:hashes.SHA256 = '4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fd66b672-274f-4bd0-9de6-04b1d46fd965",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:35.000Z",
"modified": "2021-03-26T10:52:35.000Z",
"description": "file hashes for some of the web shells observed during attacks",
"pattern": "[file:hashes.SHA256 = '511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94aecbb8-5189-4e6e-9356-0172dcc89638",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:35.000Z",
"modified": "2021-03-26T10:52:35.000Z",
"description": "file hashes for some of the web shells observed during attacks",
"pattern": "[file:hashes.SHA256 = '65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--140c1e65-1d74-4e0f-9306-0690d7c91fed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:35.000Z",
"modified": "2021-03-26T10:52:35.000Z",
"description": "file hashes for some of the web shells observed during attacks",
"pattern": "[file:hashes.SHA256 = '811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fe58049f-d796-48a7-b572-0256fb1c719f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:35.000Z",
"modified": "2021-03-26T10:52:35.000Z",
"description": "file hashes for some of the web shells observed during attacks",
"pattern": "[file:hashes.SHA256 = '8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--68db0c1e-4c28-43a4-96db-e85fe0dc2e53",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:35.000Z",
"modified": "2021-03-26T10:52:35.000Z",
"description": "file hashes for some of the web shells observed during attacks",
"pattern": "[file:hashes.SHA256 = 'a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e26ca02c-6819-4602-bbb8-ce6534aed660",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:35.000Z",
"modified": "2021-03-26T10:52:35.000Z",
"description": "file hashes for some of the web shells observed during attacks",
"pattern": "[file:hashes.SHA256 = 'b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--411617df-f081-4b02-92fa-6374ee8b0f59",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:52:35.000Z",
"modified": "2021-03-26T10:52:35.000Z",
"description": "file hashes for some of the web shells observed during attacks",
"pattern": "[file:hashes.SHA256 = 'dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T10:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--9749a54a-4be5-4059-acbf-033d614dee7d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Behavior:Win32/Exmann"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--a4071d67-2ea4-49d1-9c9b-0ee81234d809",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Behavior:Win32/IISExchgSpawnEMS"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--0178d543-9d09-4643-b5b6-ef0d2ea32e37",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Exploit:ASP/CVE-2021-27065"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--3e1c27bd-054d-4e1c-a7f6-b1d0aae91db7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Exploit:Script/Exmann"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--77f83632-b74c-4bfd-a23d-c1cf3221bbf4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan:Win32/IISExchgSpawnCMD"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--3d8a57d8-98ae-427a-ab43-ff07a8971b36",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Behavior:Win32/IISExchgDropWebshellBackdoor:JS/Webshell"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--eb8743cd-6e7e-40b3-a6c6-b6270ad1dba0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Backdoor:PHP/Chopper"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59e6151f-accb-40b8-b1a4-884ec8c14134",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Backdoor:ASP/Chopper"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--669a2dc2-269d-4a5d-8025-21151208a7d3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Backdoor:MSIL/Chopper"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--b0de41c7-ec23-491d-a31f-3dce62abf9af",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan:JS/Chopper"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--a09f91d6-2103-422c-bf5b-6451f4a1acdc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan:Win32/Chopper"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--1315cf20-b279-490f-aded-5ae5c53ba9d3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Behavior:Win32/WebShellTerminal"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--368c532e-2cfb-4946-b88f-8c0fea358d20",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan:PowerShell/LemonDuck"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--7a16683b-3e4a-49dc-941f-13299d77d90a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:53:22.000Z",
"modified": "2021-03-26T10:53:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan:Win32/LemonDuck"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c96a5a0f-a2d4-4072-8eb2-e85fdf0632fb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T10:50:13.000Z",
"modified": "2021-03-26T10:50:13.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/",
"category": "External analysis",
"uuid": "a0b6693c-59ff-4826-bb18-bf10284c3ac8"
},
{
"type": "text",
"object_relation": "summary",
"value": "The first known attacks leveraging the Exchange Server vulnerabilities were by the nation-state actor HAFNIUM, which we detailed in this blog. In the three weeks after the Exchange server vulnerabilities were disclosed and the security updates were released, Microsoft saw numerous other attackers adopting the exploit into their toolkits. Attackers are known to rapidly work to reverse engineer patches and develop exploits. In the case of a remote code execution (RCE) vulnerability, the rewards are high for attackers who can gain access before an organization patches, as patching a system does not necessarily remove the access of the attacker.",
"category": "Other",
"uuid": "9d33109c-e0e3-480d-9e5d-451d5200837b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"pattern": "[file:hashes.MD5 = '1e746f685711c3595bee0585c12f0527' AND file:hashes.SHA1 = '16154da1fa113cd1db105900fcc07b427002ffc3' AND file:hashes.SHA256 = '737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-23T04:27:01+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "2c14bc86-d2e7-421f-97fd-0111b11444ca"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4/detection/f-737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4-1616473621",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "16ade091-6021-4ba4-8743-5cb033d138d2"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/60",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "4be959d2-a3b2-423d-8071-9e27a3c5051c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a195cd72-0b3b-4c16-a185-1dbba192b089",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"pattern": "[file:hashes.MD5 = 'c6eeb14485d93f4e30fb79f3a57518fc' AND file:hashes.SHA1 = 'b7d99521348d319f57d2b2ba7045295fc99cf6a7' AND file:hashes.SHA256 = 'feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-22T07:29:43+00:00",
"category": "Other",
"comment": "DoejoCrypt associated hashes",
"uuid": "869695b6-6123-41ec-b764-34b73b34cd86"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede/detection/f-feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede-1616398183",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "fe0b5dbb-63a9-42e7-9492-c8c45a3a86fd"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "54/69",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "f3726946-77f5-4753-a2cf-839b5a52ff81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e5710ce-d800-4726-b66b-0a2f6568a769",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"pattern": "[file:hashes.MD5 = '0e55ead3b8fd305d9a54f78c7b56741a' AND file:hashes.SHA1 = 'f7b084e581a8dcea450c2652f8058d93797413c3' AND file:hashes.SHA256 = '2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-25T17:09:24+00:00",
"category": "Other",
"comment": "DoejoCrypt associated hashes",
"uuid": "e07381f9-9bee-4e66-894f-f2bbc781f4e8"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff/detection/f-2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff-1616692164",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "12e6d6a8-5382-49d6-a882-1c49a4fef03d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/69",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "3c8c05fb-53d5-4c0b-b55c-15c4b5e6867f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--98476378-a729-4dc9-8381-460968f44e41",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"pattern": "[file:hashes.MD5 = 'b2511bc215734adbdc43af963bdedb2c' AND file:hashes.SHA1 = 'b50cea98ed2a0704d076eaa4b6f1f2195ee86f5d' AND file:hashes.SHA256 = 'a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-18T08:41:32+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "d22cd8fe-d76c-48a3-9887-b9d52c902884"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85/detection/f-a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85-1613637692",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "c4d928fd-0a39-4333-a5c1-c949bed6ea2a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/60",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "d065c60f-6b99-488a-82c9-5283e1929633"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--16eab987-8119-482e-81ca-637d7ab2027a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"pattern": "[file:hashes.MD5 = 'a7e571312e05d547936aab18f0b30fbf' AND file:hashes.SHA1 = 'e0d643e759b2adf736b451aff9afa92811ab8a99' AND file:hashes.SHA256 = '027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-22T04:07:46+00:00",
"category": "Other",
"comment": "DoejoCrypt associated hashes",
"uuid": "6c62d0c4-7948-4777-b360-0e0ca1f00c15"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27/detection/f-027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27-1616386066",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "c37add88-56ce-4830-b5b2-6e4956834b7b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/69",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "d37f4ba9-848b-4f9c-8aa7-a859dbddf418"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"pattern": "[file:hashes.MD5 = 'faa5f4def7e037324f5f87239ddead2d' AND file:hashes.SHA1 = '00eb93b35a629ecbefca468fa5614c159b3becb9' AND file:hashes.SHA256 = '910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-26T06:32:11+00:00",
"category": "Other",
"comment": "Pydomer associated hashes",
"uuid": "779a7676-e85a-4eb5-b611-cf5015c61f2d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db/detection/f-910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db-1616740331",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "950b8e9d-341b-4f62-a28a-8f494f11e2e9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/71",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "1281a4ee-9000-485e-849a-eccb2e395abf"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"pattern": "[file:hashes.MD5 = 'c914cd653e0e3dedc050e182b04d0877' AND file:hashes.SHA1 = 'dcb9118569388375b855e965a587440f069e68c9' AND file:hashes.SHA256 = 'dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-23T04:27:02+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "ca8b61d9-7a2a-4f5e-ae87-83791af7778d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd/detection/f-dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd-1616473622",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "079d2673-59d0-4e8f-8fd8-a4551bf99f39"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/60",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "c9c9fe50-c187-4197-8af0-2caa64bf3880"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"pattern": "[file:hashes.MD5 = 'e294d6f427c64f77b5b61bb7b17dd12c' AND file:hashes.SHA1 = 'ccdae3ada854cc441106ec52c12823439bab6cba' AND file:hashes.SHA256 = '9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-09T04:36:07+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "fd566086-2351-4fcb-bb21-66e09063e930"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719/detection/f-9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719-1615264567",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "3038f774-92f5-4d00-8ce4-d0052950c231"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/60",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "7238d3f9-a1aa-4050-916a-faef0506f0c7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:35.000Z",
"modified": "2021-03-26T11:04:35.000Z",
"pattern": "[file:hashes.MD5 = '7778e6a03a9bee17640353d3a11bb0b7' AND file:hashes.SHA1 = '119e1bca56f4d920ef6e2aa54c6f34534aba1182' AND file:hashes.SHA256 = '69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-15T04:27:09+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "ffde5223-08ca-47d2-85f6-90f96f98f06d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e/detection/f-69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e-1615782429",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "97356146-dfa8-4890-873a-55fa6db1a654"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/58",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "4d39fabd-788a-412c-ad6b-cdbe0c6a5e8b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"pattern": "[file:hashes.MD5 = '9f05994819a3d8c1a3769352c7c39d1d' AND file:hashes.SHA1 = 'eb2457196e04dfdd54f70bd32ed02ae854d45bc0' AND file:hashes.SHA256 = '10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-17T12:54:53+00:00",
"category": "Other",
"comment": "DoejoCrypt associated hashes",
"uuid": "4fcee4c5-8cc1-46bb-a02a-8aa51d1d80fa"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da/detection/f-10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da-1615985693",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "e04b13ea-7938-4f04-a85b-33cb3b46d734"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/68",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "d60fa16f-0465-4515-8225-9dfded930054"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"pattern": "[file:hashes.MD5 = '96c2f4acef5807b54ded4e0dae6ed79d' AND file:hashes.SHA1 = '3e93999954ce080a4dc2875638745a92c539bd50' AND file:hashes.SHA256 = 'c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-26T10:43:42+00:00",
"category": "Other",
"comment": "Pydomer associated hashes",
"uuid": "bf40e2d4-3f17-4de7-ba22-f2b175920607"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908/detection/f-c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908-1616755422",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "05e6b33a-5599-4596-a3e3-0ba912d7e913"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/71",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "45af6b9a-9266-4a2d-bcd7-2482ed300deb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"pattern": "[file:hashes.MD5 = 'fe15fc6341baad2a111462854f96a2bc' AND file:hashes.SHA1 = '90cd4f920d48c05fd3cad8275223f596c6388cbd' AND file:hashes.SHA256 = 'a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-18T12:35:49+00:00",
"category": "Other",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "3e9b9f18-cf79-4cba-bf36-dd3aca92a364"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a/detection/f-a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a-1616070949",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "ce113efe-ce5c-4923-96f1-4af810a2ee65"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/59",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "ef51397f-7aea-4f59-ba77-0ad6496a261a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"pattern": "[file:hashes.MD5 = 'aef2ae9b36989bab8818696de5ccd5e7' AND file:hashes.SHA1 = 'f985022d7705d1ec575a1eef4ee32506d8b82871' AND file:hashes.SHA256 = '201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-26T03:50:32+00:00",
"category": "Other",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "12757096-d165-4389-af0f-6d799d73e476"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41/detection/f-201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41-1616730632",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "51934ad8-7c30-46c7-97a0-81f699bb9b23"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "21/58",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "13724e64-8624-4872-a693-ca8ecd923611"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"pattern": "[file:hashes.MD5 = 'a5f6b6e95ef8a26081259813ca18e17b' AND file:hashes.SHA1 = '242bc043057bb12e27a9fe4db20d6bdb953cbc11' AND file:hashes.SHA256 = '866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-25T06:49:59+00:00",
"category": "Other",
"comment": "Pydomer associated hashes",
"uuid": "e9085519-41c1-4fa7-8276-2e2cbb45ca85"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc/detection/f-866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc-1616654999",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "117b374e-1ab8-43b8-ade5-3bf3c701b3b1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/70",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "4266730a-eb89-4cad-9fa8-c5848d9bc3b9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"pattern": "[file:hashes.MD5 = 'aa2efe290df3c38c26c70b1f40f69812' AND file:hashes.SHA1 = 'f6013bcaaa4f2df7c05ed2777bf845e844666297' AND file:hashes.SHA256 = 'a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-25T09:30:16+00:00",
"category": "Other",
"comment": "Pydomer associated hashes",
"uuid": "10c72310-3b26-4d22-9637-4f083d7abcbd"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287/detection/f-a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287-1616664616",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "33363245-a8b5-454e-a858-568492e1a9be"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/69",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "9588211c-a3d0-4083-967b-115f56cd2415"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"pattern": "[file:hashes.MD5 = 'aaed26520f0d31b13e8adf80a4e9effd' AND file:hashes.SHA1 = '2c5a683e8119345faf98fb0bb5f31a8cbfe0537e' AND file:hashes.SHA256 = '56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-12-03T14:02:35+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "3691a68a-97e7-40d1-96d5-279bdbb823fe"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c/detection/f-56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c-1607004155",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "db2973a4-4243-4bfb-a292-dc59b7d221a6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/59",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "ee1570f1-abde-4958-ade7-c8937a7d2524"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"pattern": "[file:hashes.MD5 = 'efcab2b28307300ee2c918b41f32cf91' AND file:hashes.SHA1 = 'bba0ad4f924e240f60e9a4a57e0d63c948023a6d' AND file:hashes.SHA256 = '9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-12-06T08:14:53+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "50c88681-8d74-4a69-b928-5795c7d17555"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd/detection/f-9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd-1607242493",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "69adb5ac-d9c3-448e-b037-855ef18f6276"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/60",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "442afd97-0df6-4e62-9930-0590d97ff0a3"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b361066-2b82-4c80-b4ae-690998433d3c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"pattern": "[file:hashes.MD5 = 'db49b6f1f379122685be9553c5cc0f37' AND file:hashes.SHA1 = '45788a5c0c0d97d9bed9c0e6115eca1edbad8ba6' AND file:hashes.SHA256 = 'd8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-01-07T03:05:17+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "3de97867-9c81-4932-bf7a-a014dd32cb61"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09/detection/f-d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09-1609988717",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "6cee7b26-43d0-4d2c-b152-8cba5b80813a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/61",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "463b5e6d-e62f-45eb-a630-83e80c2e3c51"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"pattern": "[file:hashes.MD5 = 'b4b1c0f3183e3c3982f66d31690facaf' AND file:hashes.SHA1 = '0e0d4c62550e0cd384e29699e708ea23faa45306' AND file:hashes.SHA256 = 'fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:36.000Z",
"modified": "2021-03-26T11:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-15T04:27:09+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "7127659c-1f05-4542-9463-c60b3caa7361"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0/detection/f-fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0-1615782429",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "4fcd49cf-96d4-49de-b561-ba64e807bd8d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/59",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "fa4661b2-e1d8-4463-ba67-240b1caec5b5"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--606c37d3-7072-49e9-ba9a-f091642c58b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"pattern": "[file:hashes.MD5 = '4271c75235072f7ee56f4ce16bd4d853' AND file:hashes.SHA1 = 'd184b29929d7f1aafba350d2782ec9dd87d1237d' AND file:hashes.SHA256 = 'bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-23T17:43:54+00:00",
"category": "Other",
"comment": "DoejoCrypt associated hashes",
"uuid": "c311092c-9fd7-4b98-9331-5b30137dfefe"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748/detection/f-bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748-1616521434",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "e2500eff-8ca7-43e8-8204-7fe8ac52b6a1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/63",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "fe2dafe7-37c1-47ae-8f67-04193fd9e19c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--833d3f3f-8273-4951-b714-6706bc1347d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"pattern": "[file:hashes.MD5 = '6be28a4523984698e7154671f73361bf' AND file:hashes.SHA1 = 'b974375ef0f6dcb6ce30558df2ed8570bf1ad642' AND file:hashes.SHA256 = 'fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-25T17:11:43+00:00",
"category": "Other",
"comment": "DoejoCrypt associated hashes",
"uuid": "a3e60ca7-e125-48d8-8980-e78a84afffc6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65/detection/f-fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65-1616692303",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "6e9e247d-ebe2-4145-a351-ab4d0d4700ff"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/69",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "d97605b6-c63f-49f0-8adf-68ec73a1f598"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"pattern": "[file:hashes.MD5 = '5544ba9ad1b56101b5d52b5270421d4a' AND file:hashes.SHA1 = 'fc6f5ce56166d9b4516ba207f3a653b722e1a8df' AND file:hashes.SHA256 = '511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-25T17:44:24+00:00",
"category": "Other",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "8b7429ee-e68e-4bdf-8f49-639d1eb15d28"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1/detection/f-511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1-1616694264",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "0626fc1d-da91-4406-9f0d-e47bb57f4380"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/58",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "a92b2542-caa5-45b9-b6a9-bb2ee1daf6e7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"pattern": "[file:hashes.MD5 = '4b3039cf227c611c45d2242d1228a121' AND file:hashes.SHA1 = '0ba9a76f55aaa495670d74d21850d0155ff5d6a5' AND file:hashes.SHA256 = 'b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-25T09:08:41+00:00",
"category": "Other",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "0c197ea2-c1df-4351-a387-bd4be90f2662"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0/detection/f-b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0-1616663321",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "182062ff-0869-47fb-ab25-9a1ab1e4757a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/59",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "b8a7520c-49cf-4bea-a8ed-d8418350286d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"pattern": "[file:hashes.MD5 = 'f8b604ca7aa304a479f2461d1b74e795' AND file:hashes.SHA1 = '0539c6df68e9ef15cbfa1f07daca8fd759fef874' AND file:hashes.SHA256 = 'b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-25T09:28:40+00:00",
"category": "Other",
"comment": "Pydomer associated hashes",
"uuid": "3415562e-3531-4526-ab5a-18e148b88458"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f/detection/f-b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f-1616664520",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "be3f7eea-6ce4-4649-a2cf-04a4e6dc38cf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/68",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "a472f375-7e35-41c7-a008-50bf3c58b73b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"pattern": "[file:hashes.MD5 = '20e8e55625f68ed42a793d76d359a858' AND file:hashes.SHA1 = '7b7a1653030fd3ad4464b7f09d9ac401a5f691c9' AND file:hashes.SHA256 = 'c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-25T07:25:00+00:00",
"category": "Other",
"comment": "Pydomer associated hashes",
"uuid": "5fe7cddd-dc1e-49bd-b2a6-7863f6e2b18c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a/detection/f-c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a-1616657100",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "f0850dc7-1cfe-46ae-9180-7b25675af3cb"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/70",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "6c4d92c4-d849-4e24-849c-59d7ff0c9958"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"pattern": "[file:hashes.MD5 = '36d1edc364161e1446e015a8feec84c8' AND file:hashes.SHA1 = '995d12119b2ef37bcbbe097d0e520853ef1eb599' AND file:hashes.SHA256 = '3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-23T04:30:17+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "87f05b33-46ac-40a5-92ee-1b1de0a3bea9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec/detection/f-3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec-1616473817",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "24684a9d-9f35-4c32-b640-31095c647fbf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/60",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "ca52efdb-5859-45cf-bc11-070769185f0c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"pattern": "[file:hashes.MD5 = '8ccd905c0bbf09e76d19ea5de1455cb3' AND file:hashes.SHA1 = '9129fa215f3a35daa0179681c4c0177c5ff731ce' AND file:hashes.SHA256 = '7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-25T12:22:04+00:00",
"category": "Other",
"comment": "Pydomer associated hashes",
"uuid": "969ff01a-1fce-44e1-bcc1-9606b11364ef"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382/detection/f-7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382-1616674924",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "afea2cd9-f8e1-407b-8673-320db908bf88"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "22/68",
"category": "Payload delivery",
"comment": "Pydomer associated hashes",
"uuid": "1e6bf9ec-f1e3-48d0-bc25-33ac307ed723"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"pattern": "[file:hashes.MD5 = 'f2e22df5e284587dc36f8041129af391' AND file:hashes.SHA1 = '6c9ec01e105f92727d6acee24a0db0f3ee54b02c' AND file:hashes.SHA256 = 'dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:37.000Z",
"modified": "2021-03-26T11:04:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-18T14:34:53+00:00",
"category": "Other",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "501b4cb9-9c77-42cf-bc67-a853dd21d69c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d/detection/f-dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d-1616078093",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "e50b4719-fbbe-4a2a-bf98-bede02cd0947"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "8/56",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "b5eabe27-cb81-4090-ae50-2548281d3124"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"pattern": "[file:hashes.MD5 = '321df9000c3de177ad6b5544c621c73c' AND file:hashes.SHA1 = 'e273fdfe22553b5ab45c4775e66ae685ad9d9421' AND file:hashes.SHA256 = 'f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-23T04:33:43+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "5a7f6b6e-5620-42bc-8093-23ae31786bb5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f/detection/f-f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f-1616474023",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "337fcab4-164c-4aa3-b464-50c420934d87"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/60",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "eebcb1d2-65a5-460c-be66-42b15829d872"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"pattern": "[file:hashes.MD5 = '8a047f4917d75bb0bb6659e41569a9b7' AND file:hashes.SHA1 = '388ac00a76db82a0ac2434d1b4fb7420bab1a403' AND file:hashes.SHA256 = 'f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-01-13T04:56:42+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "7796fe41-cc68-488c-866a-72803ef21625"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501/detection/f-f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501-1610513802",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "29441525-7fa9-4f94-90b5-65ec62e47f84"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/60",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "8691f11a-d438-464a-a9c5-c28d06e4cc91"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0737e5f5-f011-41ba-aa2d-17120ee75143",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"pattern": "[file:hashes.MD5 = '4ef04cba6bec2c3a164b9b755efbeb1c' AND file:hashes.SHA1 = '49644cbbb9d234bd4f7a47ed596c8bbfefd39065' AND file:hashes.SHA256 = '8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-23T11:33:56+00:00",
"category": "Other",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "02d6ff72-f9d1-4dda-b6b2-22b21f911cf1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc/detection/f-8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc-1616499236",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "33a391d1-534c-43d3-8b89-440a8966be9c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/59",
"category": "Payload delivery",
"comment": "file hashes for some of the web shells observed during attacks",
"uuid": "b412fd3b-24c9-407c-8550-b7a8c4ab8e66"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"pattern": "[file:hashes.MD5 = '9e1545e5fe21f6d11c7151b7625b4dc2' AND file:hashes.SHA1 = 'b5c4b59a8073730e4001154f104c6e58fa0d69da' AND file:hashes.SHA256 = 'db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-01-15T23:37:13+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "1cedb96f-3b85-4286-abb6-bc4bd0135f90"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd/detection/f-db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd-1610753833",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "d5654fb2-f319-4492-b673-b2a46bf4e397"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/60",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "0b9df251-54d1-4c39-81c0-d1ae7dfc74b6"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bcb634ef-c629-450c-a194-3197dcac08bf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"pattern": "[file:hashes.MD5 = '3a9ff0529a0d9f0ddb3567d5e1faf1a0' AND file:hashes.SHA1 = '113ea510f7bda4da632e44f53743a158eae9d4f5' AND file:hashes.SHA256 = '893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-15T04:23:56+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "cc1a7dae-41f5-44c2-8276-80e1ae5c6a55"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e/detection/f-893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e-1615782236",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "06399175-7fa7-4c9e-80e9-659eda1fdeb0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/58",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "c0d6686a-49c6-41f8-b9c6-b8682d1d7820"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"pattern": "[file:hashes.MD5 = 'cdda3913408c4c46a6c575421485fa5b' AND file:hashes.SHA1 = '56eec7392297e7301159094d7e461a696fe5b90f' AND file:hashes.SHA256 = 'e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-25T17:09:58+00:00",
"category": "Other",
"comment": "DoejoCrypt associated hashes",
"uuid": "31a7ec95-06dd-45f2-b5c5-f697e268ff8d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6/detection/f-e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6-1616692198",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "70e4338c-3c35-46e4-89d0-31adb709c954"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "56/69",
"category": "Payload delivery",
"comment": "DoejoCrypt associated hashes",
"uuid": "622b1cbc-1cfa-45e4-876b-54850e42821c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"pattern": "[file:hashes.MD5 = '0fa1e6af698aa1bac8a404bc39073165' AND file:hashes.SHA1 = '183d1c960d56b6b2c8d0e7a8d1133b2c1a68ab4f' AND file:hashes.SHA256 = '4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-03-17T06:38:46+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "77367d54-61d6-4838-8653-c88b6742386d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9/detection/f-4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9-1615963126",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "018861d0-77ec-4363-a736-166eb6cbfd14"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/60",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "66b6fa85-808c-4517-b5a2-0eebea469065"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:38.000Z",
"modified": "2021-03-26T11:04:38.000Z",
"pattern": "[file:hashes.MD5 = 'a54b9ccaaf2f66bc9492e2c574fe9be4' AND file:hashes.SHA1 = '60ef117443b1c8a07fd83ed9c44912a24b07539e' AND file:hashes.SHA256 = '0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-03-26T11:04:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-12-04T10:59:17+00:00",
"category": "Other",
"comment": "Lemon Duck associated hashes",
"uuid": "e3e47dbc-e35d-4bb4-865a-da00c5ce450b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc/detection/f-0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc-1607079557",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "df30a638-4dc5-4215-ae5c-bca49563c24f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/59",
"category": "Payload delivery",
"comment": "Lemon Duck associated hashes",
"uuid": "edd55caf-4550-435b-b94f-3b3c858ade5d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:57:05.000Z",
"modified": "2021-03-26T11:57:05.000Z",
"labels": [
"misp:name=\"passive-dns\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "rdata",
"value": "down.eatuo.com.",
"category": "Other",
"comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com",
"uuid": "0bddeafa-7a6c-400d-9d17-c7aa61e801e8"
},
{
"type": "counter",
"object_relation": "count",
"value": "6928",
"category": "Other",
"comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com",
"uuid": "d3a9ba89-5715-47c2-aaf3-112bd25dfdea"
},
{
"type": "text",
"object_relation": "rrname",
"value": "down.sqlnetcat.com.",
"category": "Network activity",
"comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com",
"uuid": "b9a5a870-8263-458d-a835-e59abaf32391"
},
{
"type": "text",
"object_relation": "rrtype",
"value": "CNAME",
"category": "Network activity",
"comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com",
"uuid": "743087e5-0cea-4a21-9235-1ddca94dcd29"
},
{
"type": "text",
"object_relation": "bailiwick",
"value": "sqlnetcat.com.",
"category": "Other",
"comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com",
"uuid": "f04a1396-21bb-4c5d-8d34-ad6dd4238355"
}
],
"x_misp_comment": "down.sqlnetcat.com: enriched via the farsight_passivedns module.",
"x_misp_meta_category": "network",
"x_misp_name": "passive-dns"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:57:11.000Z",
"modified": "2021-03-26T11:57:11.000Z",
"labels": [
"misp:name=\"passive-dns\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "rdata",
"value": "cvc.7766.org.",
"category": "Other",
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com",
"uuid": "2571e00a-31e2-44ab-bbf1-fb729c1bd1d9"
},
{
"type": "counter",
"object_relation": "count",
"value": "5851",
"category": "Other",
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com",
"uuid": "459889b7-6a66-4e7f-81f8-b61a79b90bb9"
},
{
"type": "text",
"object_relation": "rrname",
"value": "t.sqlnetcat.com.",
"category": "Network activity",
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com",
"uuid": "4eaea8f2-4d8d-466b-83ac-129b7bde1e93"
},
{
"type": "text",
"object_relation": "rrtype",
"value": "CNAME",
"category": "Network activity",
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com",
"uuid": "88047db8-d719-43a1-ab87-1f975c0d78ec"
},
{
"type": "text",
"object_relation": "bailiwick",
"value": "sqlnetcat.com.",
"category": "Other",
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com",
"uuid": "2b366322-44f6-456e-8e5c-b74974416de2"
}
],
"x_misp_comment": "t.sqlnetcat.com: enriched via the farsight_passivedns module.",
"x_misp_meta_category": "network",
"x_misp_name": "passive-dns"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-03-26T11:57:13.000Z",
"modified": "2021-03-26T11:57:13.000Z",
"labels": [
"misp:name=\"passive-dns\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "rdata",
"value": "cvc.7766.org.",
"category": "Other",
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com",
"uuid": "ca77ccb5-20fe-4fd7-9fe3-af3a7808a75e"
},
{
"type": "counter",
"object_relation": "count",
"value": "8442",
"category": "Other",
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com",
"uuid": "73584055-6503-49ff-b62b-4d9fb61c4bfa"
},
{
"type": "text",
"object_relation": "rrname",
"value": "t.netcatkit.com.",
"category": "Network activity",
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com",
"uuid": "0c57824d-8a0a-4bb7-b2bc-baccdb26f000"
},
{
"type": "text",
"object_relation": "rrtype",
"value": "CNAME",
"category": "Network activity",
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com",
"uuid": "ce08cee5-ee8f-4c0e-aae6-1dfca662707b"
},
{
"type": "text",
"object_relation": "bailiwick",
"value": "netcatkit.com.",
"category": "Other",
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com",
"uuid": "d2ec7460-18fc-49f2-b6f9-5be19664dcdd"
}
],
"x_misp_comment": "t.netcatkit.com: enriched via the farsight_passivedns module.",
"x_misp_meta_category": "network",
"x_misp_name": "passive-dns"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c57a896b-3a07-4010-9918-6aacb638b4a5",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac",
"target_ref": "x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9f1b341b-e9e2-43ec-b156-ca6033a3e48c",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a195cd72-0b3b-4c16-a185-1dbba192b089",
"target_ref": "x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--66dd1b7a-e1f8-40c6-bf9c-7aa722fcbd00",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9e5710ce-d800-4726-b66b-0a2f6568a769",
"target_ref": "x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--464bbfb9-f7ff-427f-87bc-89a414c331a1",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--98476378-a729-4dc9-8381-460968f44e41",
"target_ref": "x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f87c2168-54ef-4b0d-8da0-000ea8b79982",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--16eab987-8119-482e-81ca-637d7ab2027a",
"target_ref": "x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--25034a2a-4640-43d0-9bcc-1e263f1cf8cb",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a",
"target_ref": "x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8720d1e3-b1eb-470d-8ffe-4e6ce91d9423",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90",
"target_ref": "x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5d9becb1-1930-4ac4-895b-0f2d035394c8",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe",
"target_ref": "x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e762cf23-c926-469b-8bd9-2438398098d4",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5",
"target_ref": "x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f508f4f3-7513-44c6-ab69-8d551d9fd6c2",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881",
"target_ref": "x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5963f6d8-4dca-4c2e-8a2f-25610cda7c26",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016",
"target_ref": "x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ebccb8ef-838d-46a5-b1b9-c280b94281f7",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48",
"target_ref": "x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--777a6cc6-9684-4828-90a0-b15bc0ad8c87",
"created": "2021-03-26T11:04:39.000Z",
"modified": "2021-03-26T11:04:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427",
"target_ref": "x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--53b6d847-0b1d-4bc0-aaa9-5dc2790bce06",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e",
"target_ref": "x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--690464e8-3e9c-4c4d-a300-4082c3339733",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c",
"target_ref": "x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3205f953-0023-4203-9f60-d721f7f4d392",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7",
"target_ref": "x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3115e201-4f5e-4091-bbf5-a6dffa633e75",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d",
"target_ref": "x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ce183a66-a2bb-4659-9c45-cf08edcf334e",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b361066-2b82-4c80-b4ae-690998433d3c",
"target_ref": "x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9ee39f3a-4799-4888-bbff-a6e19f0caa0a",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67",
"target_ref": "x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1bbb798d-149f-46de-9b56-d6e09cef227e",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--606c37d3-7072-49e9-ba9a-f091642c58b6",
"target_ref": "x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ce8e7105-3ca8-40c0-b382-7e13391ae95b",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--833d3f3f-8273-4951-b714-6706bc1347d0",
"target_ref": "x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4c2b8358-ce5c-40c9-b600-c8463febabc5",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e",
"target_ref": "x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fe293a99-4c5a-477c-9b20-fa2900cad11c",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de",
"target_ref": "x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1b3d4516-0e59-444a-87b7-2d37de7fdd5c",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3",
"target_ref": "x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fd3fe633-d1ce-4309-8d4a-aff92117b43a",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8",
"target_ref": "x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d423cf8a-bb28-4876-a5ad-c4a381370bf7",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04",
"target_ref": "x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--86491c9c-89d0-48a0-9670-9414bd310989",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230",
"target_ref": "x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1af05f5f-7c5c-4bbe-a9b1-d69f5c136d62",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643",
"target_ref": "x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4bc4cb10-cc09-4caa-9990-b336e9fc8baa",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461",
"target_ref": "x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--073587e8-ddfc-4b19-9c1d-4964fee22eab",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247",
"target_ref": "x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c89e103b-8cfa-4ba7-9cbc-f9edb62e0577",
"created": "2021-03-26T11:04:40.000Z",
"modified": "2021-03-26T11:04:40.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0737e5f5-f011-41ba-aa2d-17120ee75143",
"target_ref": "x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a307f55b-28c6-442a-8f0f-5d1e1b04514f",
"created": "2021-03-26T11:04:41.000Z",
"modified": "2021-03-26T11:04:41.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026",
"target_ref": "x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--984dfadc-5b64-45dd-b55e-7ba7816165f7",
"created": "2021-03-26T11:04:41.000Z",
"modified": "2021-03-26T11:04:41.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bcb634ef-c629-450c-a194-3197dcac08bf",
"target_ref": "x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--daaaf050-550c-48fb-865c-a641e4ebc8f5",
"created": "2021-03-26T11:04:41.000Z",
"modified": "2021-03-26T11:04:41.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6",
"target_ref": "x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2dc5f2b2-9bba-402c-a4f1-a3e1378ee969",
"created": "2021-03-26T11:04:41.000Z",
"modified": "2021-03-26T11:04:41.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd",
"target_ref": "x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4880fc64-0dad-46a7-9a1b-85ab2fd07889",
"created": "2021-03-26T11:04:41.000Z",
"modified": "2021-03-26T11:04:41.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5",
"target_ref": "x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8c83cbf0-31ca-41d1-b1f7-a4b0d8a4fcff",
"created": "2021-03-26T11:57:10.000Z",
"modified": "2021-03-26T11:57:10.000Z",
"relationship_type": "related-to",
"source_ref": "x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325",
"target_ref": "indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c69d03a1-0da6-4923-9e4a-c759ee8b69e4",
"created": "2021-03-26T11:57:11.000Z",
"modified": "2021-03-26T11:57:11.000Z",
"relationship_type": "related-to",
"source_ref": "x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67",
"target_ref": "indicator--0507d917-2bfd-418a-9c91-65edfe6df45f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ecc08bb6-6a11-422a-b45f-db45fbf7e1e4",
"created": "2021-03-26T11:57:13.000Z",
"modified": "2021-03-26T11:57:13.000Z",
"relationship_type": "related-to",
"source_ref": "x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95",
"target_ref": "indicator--27883473-9495-4bdc-84e1-8898c13d1f52"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink