misp-circl-feed/feeds/circl/stix-2.1/5dc3249f-6ebc-44fd-b78d-448d02de0b81.json

749 lines
No EOL
33 KiB
JSON

{
"type": "bundle",
"id": "bundle--5dc3249f-6ebc-44fd-b78d-448d02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T20:00:02.000Z",
"modified": "2019-11-06T20:00:02.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5dc3249f-6ebc-44fd-b78d-448d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T20:00:02.000Z",
"modified": "2019-11-06T20:00:02.000Z",
"name": "OSINT - BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0",
"published": "2019-11-06T20:02:52Z",
"object_refs": [
"indicator--5dc324da-8930-4832-84ae-428102de0b81",
"indicator--5dc324da-3aa8-4672-a5c8-461502de0b81",
"indicator--5dc324da-4734-4603-be54-44eb02de0b81",
"indicator--5dc324da-7284-4a03-880f-4c9d02de0b81",
"indicator--5dc324da-eef0-4d5e-bc21-4c5402de0b81",
"indicator--5dc324da-7f9c-4659-abea-402a02de0b81",
"x-misp-attribute--5dc32571-aa74-4179-8f74-42bc02de0b81",
"indicator--5dc325b9-7018-496a-b223-4b7602de0b81",
"indicator--5dc325b9-a748-403f-abcc-428c02de0b81",
"observed-data--5dc325e5-6214-4a8f-bf43-441102de0b81",
"url--5dc325e5-6214-4a8f-bf43-441102de0b81",
"indicator--bca0440a-4555-4587-b5a2-a541bd2a4dc9",
"x-misp-object--b9af0b6b-5e5d-43a1-84c7-21e1357665f1",
"indicator--9ae6b1c8-d364-4e47-acf7-f6730fb4465c",
"x-misp-object--b440661e-36e3-4b91-86ff-fa8760b84317",
"indicator--756d7b88-3347-4a0c-9fef-01dbddfd34bb",
"x-misp-object--6d1c9b11-06c8-4813-9485-89269e343f91",
"indicator--c04e4714-a1ca-4318-98d3-a46cf6d6ad97",
"x-misp-object--e943e2d5-8dec-4e03-8469-ee47c09f2568",
"indicator--2a17501a-3480-46f0-b0bd-5888c2ee8c92",
"x-misp-object--7fb41421-37ea-4910-ac68-319d59bdcbad",
"indicator--25d7c94e-5aad-4634-878d-15010c84f0aa",
"x-misp-object--f10bc385-bc29-4069-8374-abc49782561a",
"relationship--d741a727-322c-4637-930f-80edfb2ad847",
"relationship--22408634-ee41-4ea2-b767-2f2a9879772a",
"relationship--dbe0e066-4162-43e6-a951-89ab2e50892d",
"relationship--c4405d26-6b1e-4c59-826a-7acb5fcf4f77",
"relationship--c64db77e-c64d-4e88-ae51-61eb118343f9",
"relationship--1c9e16db-d688-4121-8a64-7d72594ae13c"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:malpedia=\"Dridex\"",
"misp-galaxy:malpedia=\"FriedEx\"",
"misp-galaxy:ransomware=\"Bitpaymer\"",
"misp-galaxy:threat-actor=\"INDRIK SPIDER\"",
"type:OSINT",
"osint:lifetime=\"perpetual\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-8930-4832-84ae-428102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = '51d8618ec86159327e883615ad8989c7638172cf801f65ab0367e5b2e6af596a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-3aa8-4672-a5c8-461502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = 'd4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-4734-4603-be54-44eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = '0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-7284-4a03-880f-4c9d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = 'bfb7e62ba4ad5975e68a1beefb045cb72e056911fd7a8b070a15029dfcbbefe1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-eef0-4d5e-bc21-4c5402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = 'bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-7f9c-4659-abea-402a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = '70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5dc32571-aa74-4179-8f74-42bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:56:33.000Z",
"modified": "2019-11-06T19:56:33.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "CrowdStrike\u00c2\u00ae Intelligence has identified a new ransomware variant identifying itself as BitPaymer. This new variant was behind a series of ransomware campaigns beginning in June 2019, including attacks against the City of Edcouch, Texas and the Chilean Ministry of Agriculture. \r\n\r\nWe have dubbed this new ransomware DoppelPaymer because it shares most of its code with the BitPaymer ransomware operated by INDRIK SPIDER. However, there are a number of differences between DoppelPaymer and BitPaymer, which may signify that one or more members of INDRIK SPIDER have split from the group and forked the source code of both Dridex and BitPaymer to start their own Big Game Hunting ransomware operation."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc325b9-7018-496a-b223-4b7602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:57:45.000Z",
"modified": "2019-11-06T19:57:45.000Z",
"description": "DoppelPaymer",
"pattern": "[file:hashes.SHA256 = '801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:57:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc325b9-a748-403f-abcc-428c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:57:45.000Z",
"modified": "2019-11-06T19:57:45.000Z",
"description": "Dridex 2.0",
"pattern": "[file:hashes.SHA256 = '813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:57:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5dc325e5-6214-4a8f-bf43-441102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:58:29.000Z",
"modified": "2019-11-06T19:58:29.000Z",
"first_observed": "2019-11-06T19:58:29Z",
"last_observed": "2019-11-06T19:58:29Z",
"number_observed": 1,
"object_refs": [
"url--5dc325e5-6214-4a8f-bf43-441102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5dc325e5-6214-4a8f-bf43-441102de0b81",
"value": "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bca0440a-4555-4587-b5a2-a541bd2a4dc9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:15.000Z",
"modified": "2019-11-06T19:59:15.000Z",
"pattern": "[file:hashes.MD5 = '1b5c3c458e31bede55145d0644e88d75' AND file:hashes.SHA1 = 'a21c84c6bf2e21d69fa06daaf19b4cc34b589347' AND file:hashes.SHA256 = '70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b9af0b6b-5e5d-43a1-84c7-21e1357665f1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:15.000Z",
"modified": "2019-11-06T19:59:15.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-05T13:32:39",
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "590eabf8-daae-48fa-93f7-a6881b74188d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4/analysis/1572960759/",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "7de0a36e-6553-4bca-b8f3-2496fa7c6ae6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "15/71",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "28dc293f-7fb7-49e5-9c3e-8bee49d6f3b2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9ae6b1c8-d364-4e47-acf7-f6730fb4465c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:15.000Z",
"modified": "2019-11-06T19:59:15.000Z",
"pattern": "[file:hashes.MD5 = '68f9b52895f4d34e74112f3129b3b00d' AND file:hashes.SHA1 = 'c5e2018bf7c0f314fed4fd7fe7e69fa2e648359e' AND file:hashes.SHA256 = 'd4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b440661e-36e3-4b91-86ff-fa8760b84317",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:16.000Z",
"modified": "2019-11-06T19:59:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-05T15:07:41",
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "2d422e88-d201-4694-bbd7-866a38115bf8"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f/analysis/1572966461/",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "3e29cdd3-6698-46ac-a2e0-37658066a1a7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "17/71",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "4d55f6ac-dcd5-4ac6-8eca-d33081e4708a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--756d7b88-3347-4a0c-9fef-01dbddfd34bb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:16.000Z",
"modified": "2019-11-06T19:59:16.000Z",
"pattern": "[file:hashes.MD5 = '6365fe1d37545c71cbe2719ac7831bdd' AND file:hashes.SHA1 = '9356d660cebd2604ec4e72967f44678741331d5a' AND file:hashes.SHA256 = '0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6d1c9b11-06c8-4813-9485-89269e343f91",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:17.000Z",
"modified": "2019-11-06T19:59:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-04T12:24:35",
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "2087010a-da8e-4132-b113-308e02d41f06"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc/analysis/1572870275/",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "d1cd1211-5d23-4442-94c1-6973a0b3e6cf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "14/70",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "72338110-8f9a-4c07-ab93-d926bbe4fe0e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c04e4714-a1ca-4318-98d3-a46cf6d6ad97",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:17.000Z",
"modified": "2019-11-06T19:59:17.000Z",
"pattern": "[file:hashes.MD5 = '47bc14f741779c3a7450adeeb66bb7e8' AND file:hashes.SHA1 = '980842b405d6df5385503044e102ad4a5d8b8573' AND file:hashes.SHA256 = '813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e943e2d5-8dec-4e03-8469-ee47c09f2568",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:17.000Z",
"modified": "2019-11-06T19:59:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-04T12:37:45",
"category": "Other",
"comment": "Dridex 2.0",
"uuid": "4bd2567e-f3c3-4af6-8878-5cebbb3ee30f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a/analysis/1572871065/",
"category": "Payload delivery",
"comment": "Dridex 2.0",
"uuid": "f70fc547-6175-4e7d-aa3c-09fdcae120b9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "54/69",
"category": "Payload delivery",
"comment": "Dridex 2.0",
"uuid": "094fb53d-08d6-44e0-9a00-ca0890f5175d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2a17501a-3480-46f0-b0bd-5888c2ee8c92",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:18.000Z",
"modified": "2019-11-06T19:59:18.000Z",
"pattern": "[file:hashes.MD5 = '9141d1d189afc2e300121e71a211c925' AND file:hashes.SHA1 = 'ee5ac27425616878a932516000c04dedbde5b715' AND file:hashes.SHA256 = '801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7fb41421-37ea-4910-ac68-319d59bdcbad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:18.000Z",
"modified": "2019-11-06T19:59:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-04T23:59:41",
"category": "Other",
"comment": "DoppelPaymer",
"uuid": "0bb87c96-21b6-4b12-997c-d8e329e3678d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b/analysis/1572911981/",
"category": "Payload delivery",
"comment": "DoppelPaymer",
"uuid": "556bfa2e-6a6d-405a-a050-051f2ba65972"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "54/68",
"category": "Payload delivery",
"comment": "DoppelPaymer",
"uuid": "26ceb39d-61ca-4f10-a6d9-d565989705e2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--25d7c94e-5aad-4634-878d-15010c84f0aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:18.000Z",
"modified": "2019-11-06T19:59:18.000Z",
"pattern": "[file:hashes.MD5 = 'b365af317ae730a67c936f21432b9c71' AND file:hashes.SHA1 = 'a0bdfac3ce1880b32ff9b696458327ce352e3b1d' AND file:hashes.SHA256 = 'bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f10bc385-bc29-4069-8374-abc49782561a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:18.000Z",
"modified": "2019-11-06T19:59:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-05T08:08:47",
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "35be71bd-7536-4d04-8ef0-608d868fe3ce"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4/analysis/1572941327/",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "5d316b72-97a1-4935-bf13-366b77f8c6fd"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "17/71",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "1d009b4d-d054-4cbe-bef2-6d8b6d5e9112"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d741a727-322c-4637-930f-80edfb2ad847",
"created": "2019-11-06T19:59:18.000Z",
"modified": "2019-11-06T19:59:18.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bca0440a-4555-4587-b5a2-a541bd2a4dc9",
"target_ref": "x-misp-object--b9af0b6b-5e5d-43a1-84c7-21e1357665f1"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--22408634-ee41-4ea2-b767-2f2a9879772a",
"created": "2019-11-06T19:59:19.000Z",
"modified": "2019-11-06T19:59:19.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9ae6b1c8-d364-4e47-acf7-f6730fb4465c",
"target_ref": "x-misp-object--b440661e-36e3-4b91-86ff-fa8760b84317"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dbe0e066-4162-43e6-a951-89ab2e50892d",
"created": "2019-11-06T19:59:19.000Z",
"modified": "2019-11-06T19:59:19.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--756d7b88-3347-4a0c-9fef-01dbddfd34bb",
"target_ref": "x-misp-object--6d1c9b11-06c8-4813-9485-89269e343f91"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c4405d26-6b1e-4c59-826a-7acb5fcf4f77",
"created": "2019-11-06T19:59:19.000Z",
"modified": "2019-11-06T19:59:19.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c04e4714-a1ca-4318-98d3-a46cf6d6ad97",
"target_ref": "x-misp-object--e943e2d5-8dec-4e03-8469-ee47c09f2568"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c64db77e-c64d-4e88-ae51-61eb118343f9",
"created": "2019-11-06T19:59:19.000Z",
"modified": "2019-11-06T19:59:19.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2a17501a-3480-46f0-b0bd-5888c2ee8c92",
"target_ref": "x-misp-object--7fb41421-37ea-4910-ac68-319d59bdcbad"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1c9e16db-d688-4121-8a64-7d72594ae13c",
"created": "2019-11-06T19:59:20.000Z",
"modified": "2019-11-06T19:59:20.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--25d7c94e-5aad-4634-878d-15010c84f0aa",
"target_ref": "x-misp-object--f10bc385-bc29-4069-8374-abc49782561a"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}