1674 lines
No EOL
75 KiB
JSON
1674 lines
No EOL
75 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5742ea44-5ff4-4634-99c9-4b32950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-13T03:00:22.000Z",
|
|
"modified": "2018-01-13T03:00:22.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5742ea44-5ff4-4634-99c9-4b32950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-13T03:00:22.000Z",
|
|
"modified": "2018-01-13T03:00:22.000Z",
|
|
"name": "OSINT - Operation Ke3chang Resurfaces With New TidePool Malware",
|
|
"published": "2018-02-16T08:49:19Z",
|
|
"object_refs": [
|
|
"observed-data--5742ea80-3774-4bab-bcd8-4e5d950d210f",
|
|
"url--5742ea80-3774-4bab-bcd8-4e5d950d210f",
|
|
"x-misp-attribute--5742ea8c-70f4-42b1-8703-4f17950d210f",
|
|
"vulnerability--5742eaa5-cfec-4091-aaea-4f08950d210f",
|
|
"observed-data--5742eac0-8830-4aa2-bd48-4aac950d210f",
|
|
"file--5742eac0-8830-4aa2-bd48-4aac950d210f",
|
|
"indicator--5742ecbb-498c-480b-88ba-47f3950d210f",
|
|
"indicator--5742ecd7-1e84-4225-b43b-4e9a950d210f",
|
|
"indicator--5742ecd7-794c-4a74-9aa4-45b6950d210f",
|
|
"indicator--5742ecd7-0b4c-477d-b70d-4795950d210f",
|
|
"indicator--5742ece8-e8dc-40e1-99db-4251950d210f",
|
|
"indicator--5742ecf9-31f0-4440-92ce-4d63950d210f",
|
|
"indicator--5742ecf9-67a8-426a-a268-4549950d210f",
|
|
"indicator--5742ed69-d374-40b6-8f10-48ff950d210f",
|
|
"indicator--5742ed6a-5da4-4e7b-948e-4fd9950d210f",
|
|
"indicator--5742ed6a-5254-4448-b588-4908950d210f",
|
|
"indicator--5742edc0-5d9c-41a9-9a47-41d1950d210f",
|
|
"indicator--5742eddf-627c-4ff7-9423-4efd950d210f",
|
|
"indicator--5742ee7d-d4dc-43df-b653-4408950d210f",
|
|
"indicator--5742eeb4-4b48-4312-9290-4c47950d210f",
|
|
"indicator--5742eeb4-6690-48fc-b6d1-4a7d950d210f",
|
|
"indicator--5742eeb4-f0cc-48f9-b670-4a21950d210f",
|
|
"indicator--d36aca31-f8d7-4ac8-bf33-30fd88480de8",
|
|
"x-misp-object--4c3e5932-e6a1-4554-9610-4cc1725c0b76",
|
|
"indicator--29317953-8a0f-4c20-9835-6cf7c4bdab52",
|
|
"x-misp-object--abfa1b03-38a3-4cf7-9d5d-9bf1948898f4",
|
|
"indicator--33819efb-eb82-4a95-b1bf-1f78fe34b6fa",
|
|
"x-misp-object--72f41d65-1c52-4c37-a1d6-e5d684df9bd8",
|
|
"indicator--f1715b9e-1213-45d0-b05e-89b657a557a9",
|
|
"x-misp-object--670070b9-6439-402d-b6ea-1224c3b9fea8",
|
|
"indicator--38b19130-caab-4039-85c5-064242831cd4",
|
|
"x-misp-object--b7768dd0-8628-45a0-a1c0-30ff2c345300",
|
|
"indicator--1acad919-6ce1-465a-9c60-a3ac588a180d",
|
|
"x-misp-object--7cdf00e3-c53f-40b4-b7cd-514c78f9c864",
|
|
"indicator--64cf2807-9421-4a99-bcdd-e82af40c7346",
|
|
"x-misp-object--0b830feb-b802-42b3-9c13-f90d67dc3095",
|
|
"indicator--96db58ab-0377-4a31-871b-c96f4652500e",
|
|
"x-misp-object--ea777cda-e274-445b-9504-912fdaf5ec18",
|
|
"indicator--ab660ec7-d756-4009-91c7-ef5ac5f7afcf",
|
|
"x-misp-object--c4c4e9f6-4680-4789-b6a4-ec623a695c71",
|
|
"indicator--faaab687-1aa7-4f25-aab1-e4c6800a80ab",
|
|
"x-misp-object--b2e9a6ec-2c61-459b-9c48-a6d5b09d7fd6",
|
|
"indicator--8ec4d47a-540f-4bbb-bac4-083f4f481aab",
|
|
"x-misp-object--3cd6bcdd-bbcf-45e1-9950-90c48d7756db",
|
|
"indicator--29618e84-7d70-49ea-8c5e-d888d51f24ab",
|
|
"x-misp-object--88f47bd4-e874-45e1-9c95-941a7cb0f52f",
|
|
"indicator--0756b913-74c9-432d-819b-a421d08d375d",
|
|
"x-misp-object--ecd39cdd-ca7c-48fd-b0e5-ad1d6abbce67",
|
|
"indicator--2404272c-a873-48c4-bc1f-2af5dde7d96e",
|
|
"x-misp-object--6a5caeb6-3bcf-454d-85ea-96e9e13142d9",
|
|
"indicator--1bed7c4f-08df-4dce-8a44-b45a17fac214",
|
|
"x-misp-object--2cc94589-3349-4fad-b8a0-f90063b03212",
|
|
"relationship--3dff5f41-4080-4b3e-b10b-39cc25bd0edf",
|
|
"relationship--1ab6601c-0ae2-4b14-af34-6c03b7fead5b",
|
|
"relationship--7d8a718f-b7d9-4d45-9032-23d14773f8cd",
|
|
"relationship--55a4c4c5-aa07-4721-9978-387934f8a928",
|
|
"relationship--27d7145d-75ee-4ebc-973a-740e7d7b6b22",
|
|
"relationship--45ab25c2-7383-4719-ad06-2eb4e936cb70",
|
|
"relationship--712ea87b-b142-43bb-9ad7-17e5715a87cf",
|
|
"relationship--8e362a94-a2d7-4e2f-8f62-aad7826e6436",
|
|
"relationship--a419f45e-96f8-4745-b3d8-ca8d6cbdae78",
|
|
"relationship--518519ac-784d-4354-8cfc-4c8476c61d17",
|
|
"relationship--fe59c1b0-c7c3-4f7c-91e6-749f373a67ec",
|
|
"relationship--171728fe-8161-414a-aa6b-afa9e0331dde",
|
|
"relationship--6b7408eb-d67d-4dc9-bada-abdee2e06b24",
|
|
"relationship--c5de0d1a-4fad-4b1f-82a8-6d4e1967c416",
|
|
"relationship--f6c36929-826d-49e2-94c0-da0b66e514b0"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5742ea80-3774-4bab-bcd8-4e5d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:28.000Z",
|
|
"modified": "2018-01-12T09:48:28.000Z",
|
|
"first_observed": "2018-01-12T09:48:28Z",
|
|
"last_observed": "2018-01-12T09:48:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5742ea80-3774-4bab-bcd8-4e5d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5742ea80-3774-4bab-bcd8-4e5d950d210f",
|
|
"value": "http://researchcenter.paloaltonetworks.com/2016/05/operation-ke3chang-resurfaces-with-new-tidepool-malware/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5742ea8c-70f4-42b1-8703-4f17950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:29.000Z",
|
|
"modified": "2018-01-12T09:48:29.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We\u00e2\u20ac\u2122ve discovered a new malware family we\u00e2\u20ac\u2122ve named TidePool. It has strong behavioral ties to Ke3chang and is being used in an ongoing attack campaign against Indian embassy personnel worldwide. This targeting is also consistent with previous attacker TTPs; Ke3chang historically targeted the Ministry of Affairs, and also conducted several prior campaigns against India.\r\nThough we don\u00e2\u20ac\u2122t have comprehensive targeting information, the spear phishing emails we found targeted several Indian embassies in different countries. One decoy references an annual report filed by over 30 Indian embassies across the globe. The sender addresses of the phishing emails spoof real people with ties to Indian embassies, adding legitimacy to the emails to prompt the recipients to open the attached file. Also noteworthy, the actors are exploiting a relatively new vulnerability in their attacks with TidePool, which is detailed below.\r\nIn this report we will highlight the reuse of the code responsible for a variety of registry changes and command and control traffic over time as the Ke3chang actor has evolved their codebase to TidePool since the 2013 report."
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5742eaa5-cfec-4091-aaea-4f08950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:29.000Z",
|
|
"modified": "2018-01-12T09:48:29.000Z",
|
|
"name": "CVE-2015-2545",
|
|
"labels": [
|
|
"misp:type=\"vulnerability\"",
|
|
"misp:category=\"Payload delivery\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2015-2545"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5742eac0-8830-4aa2-bd48-4aac950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:29.000Z",
|
|
"modified": "2018-01-12T09:48:29.000Z",
|
|
"first_observed": "2018-01-12T09:48:29Z",
|
|
"last_observed": "2018-01-12T09:48:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5742eac0-8830-4aa2-bd48-4aac950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5742eac0-8830-4aa2-bd48-4aac950d210f",
|
|
"name": "%USERPROFILE%\\IEHelper\\mshtml.dll"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ecbb-498c-480b-88ba-47f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:29.000Z",
|
|
"modified": "2018-01-12T09:48:29.000Z",
|
|
"description": "TidePool",
|
|
"pattern": "[domain-name:value = 'goback.strangled.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ecd7-1e84-4225-b43b-4e9a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:43:19.000Z",
|
|
"modified": "2016-05-23T11:43:19.000Z",
|
|
"description": "TidePool DLL",
|
|
"pattern": "[file:hashes.SHA256 = '67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:43:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ecd7-794c-4a74-9aa4-45b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:43:19.000Z",
|
|
"modified": "2016-05-23T11:43:19.000Z",
|
|
"description": "TidePool DLL",
|
|
"pattern": "[file:hashes.SHA256 = '2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:43:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ecd7-0b4c-477d-b70d-4795950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:43:19.000Z",
|
|
"modified": "2016-05-23T11:43:19.000Z",
|
|
"description": "TidePool DLL",
|
|
"pattern": "[file:hashes.SHA256 = '9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:43:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ece8-e8dc-40e1-99db-4251950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:43:36.000Z",
|
|
"modified": "2016-05-23T11:43:36.000Z",
|
|
"description": "TidePool Dropper",
|
|
"pattern": "[file:hashes.SHA256 = '38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:43:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ecf9-31f0-4440-92ce-4d63950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:43:53.000Z",
|
|
"modified": "2016-05-23T11:43:53.000Z",
|
|
"description": "Weaponized document attachment",
|
|
"pattern": "[file:hashes.SHA256 = '785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:43:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ecf9-67a8-426a-a268-4549950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:43:53.000Z",
|
|
"modified": "2016-05-23T11:43:53.000Z",
|
|
"description": "Weaponized document attachment",
|
|
"pattern": "[file:hashes.SHA256 = 'eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:43:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ed69-d374-40b6-8f10-48ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:45:45.000Z",
|
|
"modified": "2016-05-23T11:45:45.000Z",
|
|
"description": "Phishing email",
|
|
"pattern": "[file:hashes.SHA256 = '4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:45:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ed6a-5da4-4e7b-948e-4fd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:45:46.000Z",
|
|
"modified": "2016-05-23T11:45:46.000Z",
|
|
"description": "Phishing email",
|
|
"pattern": "[file:hashes.SHA256 = '1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:45:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ed6a-5254-4448-b588-4908950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:45:46.000Z",
|
|
"modified": "2016-05-23T11:45:46.000Z",
|
|
"description": "Phishing email",
|
|
"pattern": "[file:hashes.SHA256 = 'de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:45:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742edc0-5d9c-41a9-9a47-41d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:47:12.000Z",
|
|
"modified": "2016-05-23T11:47:12.000Z",
|
|
"description": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)",
|
|
"pattern": "[file:hashes.SHA256 = '71b548e09fd51250356111f394e5fc64ac54d5a07d9bc57852315484c2046093']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:47:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742eddf-627c-4ff7-9423-4efd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:47:43.000Z",
|
|
"modified": "2016-05-23T11:47:43.000Z",
|
|
"description": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)",
|
|
"pattern": "[file:hashes.SHA256 = '39fdcdf019c0fca350ec5bd3de31b6649456993b3f9642f966d610e0190f9297']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:47:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742ee7d-d4dc-43df-b653-4408950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:50:21.000Z",
|
|
"modified": "2016-05-23T11:50:21.000Z",
|
|
"description": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012",
|
|
"pattern": "[file:hashes.SHA256 = '25a3b374894cacd922e7ff870bb19c84a9abfd69405dded13c3a6ceb5abe4d27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:50:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742eeb4-4b48-4312-9290-4c47950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:51:16.000Z",
|
|
"modified": "2016-05-23T11:51:16.000Z",
|
|
"description": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005",
|
|
"pattern": "[file:hashes.SHA256 = '12cc0fdc4f80942f0ba9039a22e701838332435883fa62d0cefd3992867a9e88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742eeb4-6690-48fc-b6d1-4a7d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:51:16.000Z",
|
|
"modified": "2016-05-23T11:51:16.000Z",
|
|
"description": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005",
|
|
"pattern": "[file:hashes.SHA256 = 'a4fae981b687fe230364508a3324cf6e6daa45ecddd6b7c7b532cdc980679076']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5742eeb4-f0cc-48f9-b670-4a21950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-23T11:51:16.000Z",
|
|
"modified": "2016-05-23T11:51:16.000Z",
|
|
"description": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012",
|
|
"pattern": "[file:hashes.SHA256 = 'c1a83a9600d69c91c19207a8ee16347202d50873b6dc4613ba4d6a6059610fa1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-23T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d36aca31-f8d7-4ac8-bf33-30fd88480de8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:32.000Z",
|
|
"modified": "2018-01-12T09:48:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5ee64f9e44cddaa7ed11d752a149484d' AND file:hashes.SHA1 = '8e633f9ddb7902c1945f04203ed09e30838e1e74' AND file:hashes.SHA256 = '71b548e09fd51250356111f394e5fc64ac54d5a07d9bc57852315484c2046093']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4c3e5932-e6a1-4554-9610-4cc1725c0b76",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:29.000Z",
|
|
"modified": "2018-01-12T09:48:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/71b548e09fd51250356111f394e5fc64ac54d5a07d9bc57852315484c2046093/analysis/1464602237/",
|
|
"category": "External analysis",
|
|
"comment": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)",
|
|
"uuid": "5a58846d-41c0-45db-940a-4c7302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/57",
|
|
"category": "Other",
|
|
"comment": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)",
|
|
"uuid": "5a58846d-595c-43da-80b0-496902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2016-05-30T09:57:17",
|
|
"category": "Other",
|
|
"comment": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)",
|
|
"uuid": "5a58846d-05a0-469d-b6f7-40f502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--29317953-8a0f-4c20-9835-6cf7c4bdab52",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:32.000Z",
|
|
"modified": "2018-01-12T09:48:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aebf03ceaef042a833ee5459016f5bde' AND file:hashes.SHA1 = '31b92f816c9f3f45aeb435d47b654cd02c07a633' AND file:hashes.SHA256 = '785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--abfa1b03-38a3-4cf7-9d5d-9bf1948898f4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:29.000Z",
|
|
"modified": "2018-01-12T09:48:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db/analysis/1505182043/",
|
|
"category": "External analysis",
|
|
"comment": "Weaponized document attachment",
|
|
"uuid": "5a58846d-eb44-4ec5-9e87-4c8e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/58",
|
|
"category": "Other",
|
|
"comment": "Weaponized document attachment",
|
|
"uuid": "5a58846d-0504-4231-b21f-4ac402de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-09-12T02:07:23",
|
|
"category": "Other",
|
|
"comment": "Weaponized document attachment",
|
|
"uuid": "5a58846d-a1cc-4a40-a5cf-4a6002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--33819efb-eb82-4a95-b1bf-1f78fe34b6fa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:32.000Z",
|
|
"modified": "2018-01-12T09:48:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = '026936afbbbdd9034f0a24b4032bd2f8' AND file:hashes.SHA1 = '4ec47f819c72a4618ef6426839709d9a2e060919' AND file:hashes.SHA256 = '39fdcdf019c0fca350ec5bd3de31b6649456993b3f9642f966d610e0190f9297']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--72f41d65-1c52-4c37-a1d6-e5d684df9bd8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:29.000Z",
|
|
"modified": "2018-01-12T09:48:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/39fdcdf019c0fca350ec5bd3de31b6649456993b3f9642f966d610e0190f9297/analysis/1501706637/",
|
|
"category": "External analysis",
|
|
"comment": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)",
|
|
"uuid": "5a58846e-358c-4ff5-8734-494902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/65",
|
|
"category": "Other",
|
|
"comment": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)",
|
|
"uuid": "5a58846e-7b70-413d-9396-4f1202de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-08-02T20:43:57",
|
|
"category": "Other",
|
|
"comment": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)",
|
|
"uuid": "5a58846e-445c-427f-bb00-45cf02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f1715b9e-1213-45d0-b05e-89b657a557a9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:33.000Z",
|
|
"modified": "2018-01-12T09:48:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c591263d56b57dfadd06a68dd9657343' AND file:hashes.SHA1 = '8c248daec675cb873a9ee850336e871dd4642c5b' AND file:hashes.SHA256 = 'eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--670070b9-6439-402d-b6ea-1224c3b9fea8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:30.000Z",
|
|
"modified": "2018-01-12T09:48:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc/analysis/1464690554/",
|
|
"category": "External analysis",
|
|
"comment": "Weaponized document attachment",
|
|
"uuid": "5a58846e-51bc-42f7-9846-4fa902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/56",
|
|
"category": "Other",
|
|
"comment": "Weaponized document attachment",
|
|
"uuid": "5a58846e-a788-4d48-9cfe-411b02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2016-05-31T10:29:14",
|
|
"category": "Other",
|
|
"comment": "Weaponized document attachment",
|
|
"uuid": "5a58846e-7f4c-43ae-aa0a-4da402de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--38b19130-caab-4039-85c5-064242831cd4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:33.000Z",
|
|
"modified": "2018-01-12T09:48:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = '98f58f61f4510be9c531feb5f000172f' AND file:hashes.SHA1 = '24cf8ab0b6999ab88c234b16c211e9c296131dbd' AND file:hashes.SHA256 = '12cc0fdc4f80942f0ba9039a22e701838332435883fa62d0cefd3992867a9e88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b7768dd0-8628-45a0-a1c0-30ff2c345300",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:30.000Z",
|
|
"modified": "2018-01-12T09:48:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/12cc0fdc4f80942f0ba9039a22e701838332435883fa62d0cefd3992867a9e88/analysis/1480255582/",
|
|
"category": "External analysis",
|
|
"comment": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005",
|
|
"uuid": "5a58846e-b074-40aa-a94e-4ffb02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/56",
|
|
"category": "Other",
|
|
"comment": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005",
|
|
"uuid": "5a58846e-cafc-4abd-948f-4cc502de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2016-11-27T14:06:22",
|
|
"category": "Other",
|
|
"comment": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005",
|
|
"uuid": "5a58846e-4330-4878-b3c4-4aa502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1acad919-6ce1-465a-9c60-a3ac588a180d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:33.000Z",
|
|
"modified": "2018-01-12T09:48:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8ad9cb6b948bcf7f9211887e0cf6f02a' AND file:hashes.SHA1 = '0246a237b281162059b84f1bc013d90bbb4104f7' AND file:hashes.SHA256 = '38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7cdf00e3-c53f-40b4-b7cd-514c78f9c864",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:30.000Z",
|
|
"modified": "2018-01-12T09:48:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f/analysis/1513864598/",
|
|
"category": "External analysis",
|
|
"comment": "TidePool Dropper",
|
|
"uuid": "5a58846e-aed0-459e-b461-422402de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/68",
|
|
"category": "Other",
|
|
"comment": "TidePool Dropper",
|
|
"uuid": "5a58846e-31ec-46e9-9a74-4c8b02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-21T13:56:38",
|
|
"category": "Other",
|
|
"comment": "TidePool Dropper",
|
|
"uuid": "5a58846e-d154-44e8-bfb4-48f602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--64cf2807-9421-4a99-bcdd-e82af40c7346",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:33.000Z",
|
|
"modified": "2018-01-12T09:48:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9469dd12136b6514d82c3b01d6082f59' AND file:hashes.SHA1 = '47a963e7588e9af060dfac62b94076f270d4008e' AND file:hashes.SHA256 = '2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0b830feb-b802-42b3-9c13-f90d67dc3095",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:30.000Z",
|
|
"modified": "2018-01-12T09:48:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18/analysis/1512091554/",
|
|
"category": "External analysis",
|
|
"comment": "TidePool DLL",
|
|
"uuid": "5a58846e-b3b4-44c8-8ba9-462402de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/67",
|
|
"category": "Other",
|
|
"comment": "TidePool DLL",
|
|
"uuid": "5a58846e-1ab8-41e1-a712-4e3702de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-01T01:25:54",
|
|
"category": "Other",
|
|
"comment": "TidePool DLL",
|
|
"uuid": "5a58846f-1e7c-4eed-b934-4db002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--96db58ab-0377-4a31-871b-c96f4652500e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:34.000Z",
|
|
"modified": "2018-01-12T09:48:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1aefd1c30d1710f901c70be7f1366cae' AND file:hashes.SHA1 = '6793228ee3b6bd1a4bc91f17460b89d12d347fc9' AND file:hashes.SHA256 = '1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ea777cda-e274-445b-9504-912fdaf5ec18",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:31.000Z",
|
|
"modified": "2018-01-12T09:48:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51/analysis/1474270852/",
|
|
"category": "External analysis",
|
|
"comment": "Phishing email",
|
|
"uuid": "5a58846f-8bb8-4de7-82fd-450e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "20/55",
|
|
"category": "Other",
|
|
"comment": "Phishing email",
|
|
"uuid": "5a58846f-9d80-48cd-8e1f-42fd02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2016-09-19T07:40:52",
|
|
"category": "Other",
|
|
"comment": "Phishing email",
|
|
"uuid": "5a58846f-eca0-41fa-88c7-463502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ab660ec7-d756-4009-91c7-ef5ac5f7afcf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:34.000Z",
|
|
"modified": "2018-01-12T09:48:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3ed40dec891fd48c7ec6fa49b1058d24' AND file:hashes.SHA1 = '0e2c603e23219598dc3432d94df6dfae147cceab' AND file:hashes.SHA256 = 'de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c4c4e9f6-4680-4789-b6a4-ec623a695c71",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:31.000Z",
|
|
"modified": "2018-01-12T09:48:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649/analysis/1464236275/",
|
|
"category": "External analysis",
|
|
"comment": "Phishing email",
|
|
"uuid": "5a58846f-cddc-4ff7-9b1d-421302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "20/56",
|
|
"category": "Other",
|
|
"comment": "Phishing email",
|
|
"uuid": "5a58846f-b4b4-42f1-8f52-4a1502de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2016-05-26T04:17:55",
|
|
"category": "Other",
|
|
"comment": "Phishing email",
|
|
"uuid": "5a58846f-582c-4af6-b645-436b02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--faaab687-1aa7-4f25-aab1-e4c6800a80ab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:34.000Z",
|
|
"modified": "2018-01-12T09:48:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8c7cf7baaf20fe9bec63eb8928afdb41' AND file:hashes.SHA1 = '614ccb872e8feeab608a69d79c91bfeeb360ca9d' AND file:hashes.SHA256 = 'a4fae981b687fe230364508a3324cf6e6daa45ecddd6b7c7b532cdc980679076']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b2e9a6ec-2c61-459b-9c48-a6d5b09d7fd6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:31.000Z",
|
|
"modified": "2018-01-12T09:48:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a4fae981b687fe230364508a3324cf6e6daa45ecddd6b7c7b532cdc980679076/analysis/1502697388/",
|
|
"category": "External analysis",
|
|
"comment": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005",
|
|
"uuid": "5a58846f-1d68-41fa-a7b5-490b02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/64",
|
|
"category": "Other",
|
|
"comment": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005",
|
|
"uuid": "5a58846f-ce24-4e5d-9c03-47b402de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-08-14T07:56:28",
|
|
"category": "Other",
|
|
"comment": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005",
|
|
"uuid": "5a58846f-9260-43c4-adae-4c1702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8ec4d47a-540f-4bbb-bac4-083f4f481aab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:34.000Z",
|
|
"modified": "2018-01-12T09:48:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aae962611da956a26a76d185455f1d44' AND file:hashes.SHA1 = '8bed9000c2f6347e683beadb1a5d4dedaccbd21f' AND file:hashes.SHA256 = '4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3cd6bcdd-bbcf-45e1-9950-90c48d7756db",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:31.000Z",
|
|
"modified": "2018-01-12T09:48:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5/analysis/1474272871/",
|
|
"category": "External analysis",
|
|
"comment": "Phishing email",
|
|
"uuid": "5a58846f-7198-409e-929f-429e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "18/55",
|
|
"category": "Other",
|
|
"comment": "Phishing email",
|
|
"uuid": "5a58846f-8398-4582-8767-42cc02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2016-09-19T08:14:31",
|
|
"category": "Other",
|
|
"comment": "Phishing email",
|
|
"uuid": "5a58846f-6240-47e0-98b2-4ceb02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--29618e84-7d70-49ea-8c5e-d888d51f24ab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:34.000Z",
|
|
"modified": "2018-01-12T09:48:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6bd64b291f2855bbdb011a0af1fab2fc' AND file:hashes.SHA1 = 'a8fa7f331329bb6b0018b5663961f50f60372dfc' AND file:hashes.SHA256 = 'c1a83a9600d69c91c19207a8ee16347202d50873b6dc4613ba4d6a6059610fa1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--88f47bd4-e874-45e1-9c95-941a7cb0f52f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:31.000Z",
|
|
"modified": "2018-01-12T09:48:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c1a83a9600d69c91c19207a8ee16347202d50873b6dc4613ba4d6a6059610fa1/analysis/1477459761/",
|
|
"category": "External analysis",
|
|
"comment": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012",
|
|
"uuid": "5a58846f-fdb4-4ae5-ae96-481202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "39/56",
|
|
"category": "Other",
|
|
"comment": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012",
|
|
"uuid": "5a588470-026c-4325-bca5-415202de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2016-10-26T05:29:21",
|
|
"category": "Other",
|
|
"comment": "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012",
|
|
"uuid": "5a588470-5850-4dc3-bc6a-453d02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0756b913-74c9-432d-819b-a421d08d375d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:35.000Z",
|
|
"modified": "2018-01-12T09:48:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'be0cc8411c066eac246097045b73c282' AND file:hashes.SHA1 = '1a14cfdf652bcd1df572e47ed261abe453a41399' AND file:hashes.SHA256 = '9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ecd39cdd-ca7c-48fd-b0e5-ad1d6abbce67",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:32.000Z",
|
|
"modified": "2018-01-12T09:48:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba/analysis/1512091725/",
|
|
"category": "External analysis",
|
|
"comment": "TidePool DLL",
|
|
"uuid": "5a588470-c0e4-4c3b-8361-437102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/67",
|
|
"category": "Other",
|
|
"comment": "TidePool DLL",
|
|
"uuid": "5a588470-29dc-4540-804f-48f002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-01T01:28:45",
|
|
"category": "Other",
|
|
"comment": "TidePool DLL",
|
|
"uuid": "5a588470-c608-4829-a0d1-477202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2404272c-a873-48c4-bc1f-2af5dde7d96e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:35.000Z",
|
|
"modified": "2018-01-12T09:48:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bae673964e9bc2a45ebcc667895104ef' AND file:hashes.SHA1 = 'f1f895aa6bdb7369525abfb86b4475241e9dbfbb' AND file:hashes.SHA256 = '67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6a5caeb6-3bcf-454d-85ea-96e9e13142d9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:32.000Z",
|
|
"modified": "2018-01-12T09:48:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed/analysis/1512091712/",
|
|
"category": "External analysis",
|
|
"comment": "TidePool DLL",
|
|
"uuid": "5a588470-d520-4bdf-a8cd-4b5002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/66",
|
|
"category": "Other",
|
|
"comment": "TidePool DLL",
|
|
"uuid": "5a588470-5f84-413e-992a-4b8202de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-01T01:28:32",
|
|
"category": "Other",
|
|
"comment": "TidePool DLL",
|
|
"uuid": "5a588470-eaf8-4911-8673-4ac302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1bed7c4f-08df-4dce-8a44-b45a17fac214",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:35.000Z",
|
|
"modified": "2018-01-12T09:48:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '50611814ad2a843a8f998c57786abad7' AND file:hashes.SHA1 = '1178ddd92e0121e2ede7e1091661a324d31f0de0' AND file:hashes.SHA256 = '25a3b374894cacd922e7ff870bb19c84a9abfd69405dded13c3a6ceb5abe4d27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:48:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2cc94589-3349-4fad-b8a0-f90063b03212",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:48:32.000Z",
|
|
"modified": "2018-01-12T09:48:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/25a3b374894cacd922e7ff870bb19c84a9abfd69405dded13c3a6ceb5abe4d27/analysis/1464323932/",
|
|
"category": "External analysis",
|
|
"comment": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012",
|
|
"uuid": "5a588471-14f8-4028-b391-41de02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/57",
|
|
"category": "Other",
|
|
"comment": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012",
|
|
"uuid": "5a588471-59e0-419e-854d-43bf02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2016-05-27T04:38:52",
|
|
"category": "Other",
|
|
"comment": "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012",
|
|
"uuid": "5a588471-c3b4-4b8c-8e72-40e002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3dff5f41-4080-4b3e-b10b-39cc25bd0edf",
|
|
"created": "2018-02-16T08:49:18.000Z",
|
|
"modified": "2018-02-16T08:49:18.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d36aca31-f8d7-4ac8-bf33-30fd88480de8",
|
|
"target_ref": "x-misp-object--4c3e5932-e6a1-4554-9610-4cc1725c0b76"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1ab6601c-0ae2-4b14-af34-6c03b7fead5b",
|
|
"created": "2018-02-16T08:49:18.000Z",
|
|
"modified": "2018-02-16T08:49:18.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--29317953-8a0f-4c20-9835-6cf7c4bdab52",
|
|
"target_ref": "x-misp-object--abfa1b03-38a3-4cf7-9d5d-9bf1948898f4"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7d8a718f-b7d9-4d45-9032-23d14773f8cd",
|
|
"created": "2018-02-16T08:49:18.000Z",
|
|
"modified": "2018-02-16T08:49:18.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--33819efb-eb82-4a95-b1bf-1f78fe34b6fa",
|
|
"target_ref": "x-misp-object--72f41d65-1c52-4c37-a1d6-e5d684df9bd8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--55a4c4c5-aa07-4721-9978-387934f8a928",
|
|
"created": "2018-02-16T08:49:18.000Z",
|
|
"modified": "2018-02-16T08:49:18.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f1715b9e-1213-45d0-b05e-89b657a557a9",
|
|
"target_ref": "x-misp-object--670070b9-6439-402d-b6ea-1224c3b9fea8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--27d7145d-75ee-4ebc-973a-740e7d7b6b22",
|
|
"created": "2018-02-16T08:49:18.000Z",
|
|
"modified": "2018-02-16T08:49:18.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--38b19130-caab-4039-85c5-064242831cd4",
|
|
"target_ref": "x-misp-object--b7768dd0-8628-45a0-a1c0-30ff2c345300"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--45ab25c2-7383-4719-ad06-2eb4e936cb70",
|
|
"created": "2018-02-16T08:49:19.000Z",
|
|
"modified": "2018-02-16T08:49:19.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1acad919-6ce1-465a-9c60-a3ac588a180d",
|
|
"target_ref": "x-misp-object--7cdf00e3-c53f-40b4-b7cd-514c78f9c864"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--712ea87b-b142-43bb-9ad7-17e5715a87cf",
|
|
"created": "2018-02-16T08:49:19.000Z",
|
|
"modified": "2018-02-16T08:49:19.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--64cf2807-9421-4a99-bcdd-e82af40c7346",
|
|
"target_ref": "x-misp-object--0b830feb-b802-42b3-9c13-f90d67dc3095"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8e362a94-a2d7-4e2f-8f62-aad7826e6436",
|
|
"created": "2018-02-16T08:49:19.000Z",
|
|
"modified": "2018-02-16T08:49:19.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--96db58ab-0377-4a31-871b-c96f4652500e",
|
|
"target_ref": "x-misp-object--ea777cda-e274-445b-9504-912fdaf5ec18"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a419f45e-96f8-4745-b3d8-ca8d6cbdae78",
|
|
"created": "2018-02-16T08:49:19.000Z",
|
|
"modified": "2018-02-16T08:49:19.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ab660ec7-d756-4009-91c7-ef5ac5f7afcf",
|
|
"target_ref": "x-misp-object--c4c4e9f6-4680-4789-b6a4-ec623a695c71"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--518519ac-784d-4354-8cfc-4c8476c61d17",
|
|
"created": "2018-02-16T08:49:19.000Z",
|
|
"modified": "2018-02-16T08:49:19.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--faaab687-1aa7-4f25-aab1-e4c6800a80ab",
|
|
"target_ref": "x-misp-object--b2e9a6ec-2c61-459b-9c48-a6d5b09d7fd6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fe59c1b0-c7c3-4f7c-91e6-749f373a67ec",
|
|
"created": "2018-02-16T08:49:19.000Z",
|
|
"modified": "2018-02-16T08:49:19.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8ec4d47a-540f-4bbb-bac4-083f4f481aab",
|
|
"target_ref": "x-misp-object--3cd6bcdd-bbcf-45e1-9950-90c48d7756db"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--171728fe-8161-414a-aa6b-afa9e0331dde",
|
|
"created": "2018-02-16T08:49:19.000Z",
|
|
"modified": "2018-02-16T08:49:19.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--29618e84-7d70-49ea-8c5e-d888d51f24ab",
|
|
"target_ref": "x-misp-object--88f47bd4-e874-45e1-9c95-941a7cb0f52f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6b7408eb-d67d-4dc9-bada-abdee2e06b24",
|
|
"created": "2018-02-16T08:49:19.000Z",
|
|
"modified": "2018-02-16T08:49:19.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0756b913-74c9-432d-819b-a421d08d375d",
|
|
"target_ref": "x-misp-object--ecd39cdd-ca7c-48fd-b0e5-ad1d6abbce67"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c5de0d1a-4fad-4b1f-82a8-6d4e1967c416",
|
|
"created": "2018-02-16T08:49:19.000Z",
|
|
"modified": "2018-02-16T08:49:19.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2404272c-a873-48c4-bc1f-2af5dde7d96e",
|
|
"target_ref": "x-misp-object--6a5caeb6-3bcf-454d-85ea-96e9e13142d9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f6c36929-826d-49e2-94c0-da0b66e514b0",
|
|
"created": "2018-02-16T08:49:19.000Z",
|
|
"modified": "2018-02-16T08:49:19.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1bed7c4f-08df-4dce-8a44-b45a17fac214",
|
|
"target_ref": "x-misp-object--2cc94589-3349-4fad-b8a0-f90063b03212"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |