1215 lines
No EOL
53 KiB
JSON
1215 lines
No EOL
53 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5d47cdea-435c-45aa-8db0-4693950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:43:15.000Z",
|
|
"modified": "2019-08-11T06:43:15.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5d47cdea-435c-45aa-8db0-4693950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:43:15.000Z",
|
|
"modified": "2019-08-11T06:43:15.000Z",
|
|
"name": "OSINT - From Carnaval to Cinco de Mayo \u00e2\u20ac\u201c The journey of Amavaldo",
|
|
"published": "2019-08-11T06:43:34Z",
|
|
"object_refs": [
|
|
"observed-data--5d47cdfa-0d14-464f-8041-4abe950d210f",
|
|
"url--5d47cdfa-0d14-464f-8041-4abe950d210f",
|
|
"indicator--5d482f74-badc-495e-920c-4329950d210f",
|
|
"indicator--5d483181-9e28-42d9-b8a9-460d950d210f",
|
|
"indicator--5d48319b-07ec-4769-9c2f-4fda950d210f",
|
|
"observed-data--5d492766-d074-47b5-9e28-4a78950d210f",
|
|
"mutex--5d492766-d074-47b5-9e28-4a78950d210f",
|
|
"indicator--5d493cd2-4ca4-44a7-a9f0-4b5b950d210f",
|
|
"indicator--5d493cf7-aeac-4fd3-99f3-6ecc950d210f",
|
|
"indicator--5d493d5f-8ba4-4543-bcd8-6752950d210f",
|
|
"indicator--5d493d77-e7e4-4082-82c3-41d0950d210f",
|
|
"indicator--5d493ef5-9554-4e6d-884f-490f950d210f",
|
|
"indicator--5d493f8a-85c0-4389-9644-aca6950d210f",
|
|
"indicator--5d494a11-3c6c-4c89-9d11-daa8950d210f",
|
|
"indicator--5d494a3f-1b3c-4bcc-8b34-4db5950d210f",
|
|
"indicator--5d494a5d-de44-423a-b8d1-daa7950d210f",
|
|
"indicator--5d49553d-701c-4eb3-954a-eaeb950d210f",
|
|
"indicator--5d496104-67d8-48c9-a044-7a57950d210f",
|
|
"indicator--5d4982df-1a94-4914-9cf1-464e950d210f",
|
|
"indicator--5d4982f2-0190-427f-b4c5-4f08950d210f",
|
|
"indicator--e462def8-1643-4d2f-a15a-825ff3fb335e",
|
|
"x-misp-object--6b54feea-5cb0-4c57-b10c-7a1d4a274581",
|
|
"indicator--211c8a88-4c1a-447b-a768-0ab6e30246b8",
|
|
"x-misp-object--e1227ba7-e304-4792-8a0d-039b87b94ec0",
|
|
"indicator--18ccf1e5-236a-4ad0-8556-2d5ff4532a11",
|
|
"x-misp-object--ef63bd95-99e9-4843-9ad6-725ee617c410",
|
|
"indicator--66ffca83-f5bf-46b5-aa17-25a0da26b4a8",
|
|
"x-misp-object--fa950a27-172c-4243-92fe-c54894fe8f03",
|
|
"indicator--168eca3c-6b0c-495b-bc97-76fc044663da",
|
|
"x-misp-object--299f2cd3-4943-45c0-89fd-688831a58235",
|
|
"indicator--0f1baa55-4a99-4cc2-84d1-7032ab3b20a6",
|
|
"x-misp-object--fef464cf-27a2-4bfb-bf12-4adb789baa4e",
|
|
"indicator--a7c89ed2-b308-4953-98a4-8b7b7f74f90e",
|
|
"x-misp-object--76da6429-cbfd-4a4b-83ad-a6511f97a14e",
|
|
"indicator--8ea7872e-f1cb-4652-945b-4f8f9558f662",
|
|
"x-misp-object--569e0439-c30e-444a-8ef9-76c1388c03a6",
|
|
"indicator--71291c97-7e50-4601-8836-d13f6a601564",
|
|
"x-misp-object--29b46ebc-f105-45dd-9b0e-c50ac28523bb",
|
|
"relationship--a0f1fc4e-853a-4327-a9fe-c89c199eb6a7",
|
|
"relationship--f77b4021-771f-4161-a5f2-8b2863ca2a5f",
|
|
"relationship--9a3467f7-6203-4e90-b8b2-512802e05d56",
|
|
"relationship--bc49f3a1-ffb1-4ef3-83b1-033f07652395",
|
|
"relationship--ef5e4716-3711-4915-b370-f6702870dac3",
|
|
"relationship--bcb69657-5194-4835-a86c-bb963d103505",
|
|
"relationship--d688d215-66d7-4f70-b25c-71f83d986c6e",
|
|
"relationship--3a6837e9-77e8-4ef5-94d6-4d4597178d9a",
|
|
"relationship--8ec7a77b-a886-4e9d-b832-17ad4bbd2ce9",
|
|
"relationship--b62088e9-249e-49cb-9e55-71231ddfd5e7",
|
|
"relationship--7ce39b5d-3c48-4e12-ae62-0e60fa56dced",
|
|
"relationship--d1f5e946-f85e-4fb0-98e3-7e664525cad5",
|
|
"relationship--024f9400-4360-427e-9aff-57c54c213c57"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"ecsirt:intrusions=\"backdoor\"",
|
|
"veris:action:malware:variety=\"Backdoor\"",
|
|
"ms-caro-malware:malware-type=\"Backdoor\"",
|
|
"ms-caro-malware-full:malware-type=\"Backdoor\"",
|
|
"misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"",
|
|
"misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1194\"",
|
|
"misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"",
|
|
"misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"",
|
|
"misp-galaxy:mitre-attack-pattern=\"Video Capture - T1125\"",
|
|
"misp-galaxy:mitre-attack-pattern=\"Forced Authentication - T1187\"",
|
|
"misp-galaxy:mitre-attack-pattern=\"Application Deployment Software - T1017\"",
|
|
"veris:action:malware:variety=\"Spyware/Keylogger\"",
|
|
"misp-galaxy:rat=\"Amavaldo Banking Trojan\"",
|
|
"misp-galaxy:tool=\"Amavaldo\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5d47cdfa-0d14-464f-8041-4abe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-05T06:34:34.000Z",
|
|
"modified": "2019-08-05T06:34:34.000Z",
|
|
"first_observed": "2019-08-05T06:34:34Z",
|
|
"last_observed": "2019-08-05T06:34:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5d47cdfa-0d14-464f-8041-4abe950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5d47cdfa-0d14-464f-8041-4abe950d210f",
|
|
"value": "https://www.welivesecurity.com/2019/08/01/banking-trojans-amavaldo/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d482f74-badc-495e-920c-4329950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T11:27:20.000Z",
|
|
"modified": "2019-08-06T11:27:20.000Z",
|
|
"description": "Abused legitimate application",
|
|
"pattern": "[file:hashes.SHA1 = '6c04499f7406e270b590374ef813c4012530273e' AND file:name = 'ctfmon.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T11:27:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d483181-9e28-42d9-b8a9-460d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T11:42:32.000Z",
|
|
"modified": "2019-08-06T11:42:32.000Z",
|
|
"description": "encrypted banking trojan - ESET detection name: Win32/Spy.Amavaldo.N trojan",
|
|
"pattern": "[file:hashes.SHA1 = 'b761d9216c00f5e2871de16ae157de13c6283b5d' AND file:name = 'MsCtfMonitor']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T11:42:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d48319b-07ec-4769-9c2f-4fda950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T11:28:11.000Z",
|
|
"modified": "2019-08-06T11:28:11.000Z",
|
|
"description": "Injector for Amavaldo - ESET detection name: Win32/Spy.Amavaldo.U trojan",
|
|
"pattern": "[file:hashes.SHA1 = '1d56bab28793e3ab96e390f09f02425e52e28ffc' AND file:name = 'MsCtfMonitor.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T11:28:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5d492766-d074-47b5-9e28-4a78950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T07:08:22.000Z",
|
|
"modified": "2019-08-06T07:08:22.000Z",
|
|
"first_observed": "2019-08-06T07:08:22Z",
|
|
"last_observed": "2019-08-06T07:08:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"mutex--5d492766-d074-47b5-9e28-4a78950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:name=\"mutex\"",
|
|
"misp:meta-category=\"misc\"",
|
|
"misp:to_ids=\"False\""
|
|
]
|
|
},
|
|
{
|
|
"type": "mutex",
|
|
"spec_version": "2.1",
|
|
"id": "mutex--5d492766-d074-47b5-9e28-4a78950d210f",
|
|
"name": "D7F8FEDF-D9A0-4335-A619-D3BB3EEAEDDB",
|
|
"x_misp_description": "Additionally, the latest versions of Amavaldo can be identified by a mutex that seems to have the constant name"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d493cd2-4ca4-44a7-a9f0-4b5b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T13:35:56.000Z",
|
|
"modified": "2019-08-06T13:35:56.000Z",
|
|
"description": "a tool for checking internet connectivity",
|
|
"pattern": "[file:hashes.SHA1 = 'b80294261c8a1635e16e14f55a3d76889ff2c857' AND file:name = 'AICustAct.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T13:35:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d493cf7-aeac-4fd3-99f3-6ecc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T13:35:33.000Z",
|
|
"modified": "2019-08-06T13:35:33.000Z",
|
|
"description": "a tool for detecting virtual environment\t",
|
|
"pattern": "[file:hashes.SHA1 = 'b191810094dd2ee6b13c0d33458fafcd459681ae' AND file:name = 'VmDetect.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T13:35:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d493d5f-8ba4-4543-bcd8-6752950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T13:13:20.000Z",
|
|
"modified": "2019-08-06T13:13:20.000Z",
|
|
"description": "Abuse legitimate application",
|
|
"pattern": "[file:hashes.SHA1 = '12c93bb262696314123562f8a4b158074c9f6b95' AND file:name = 'nvsmartmaxapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T13:13:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d493d77-e7e4-4082-82c3-41d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T13:13:57.000Z",
|
|
"modified": "2019-08-06T13:13:57.000Z",
|
|
"description": "Injector for Amavaldo - ESET detection name: Win32/Spy.Amavaldo.P trojan",
|
|
"pattern": "[file:hashes.SHA1 = '6d80a959e7f52150fda2241a4073a29085c9386b' AND file:name = 'NvSmartMax.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T13:13:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d493ef5-9554-4e6d-884f-490f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T13:33:28.000Z",
|
|
"modified": "2019-08-06T13:33:28.000Z",
|
|
"description": "Amavaldo - ESET detection name: Win32/Spy.Amavaldo.N trojan",
|
|
"pattern": "[file:hashes.SHA1 = 'b855d8b1bad07d578013bdb472122e405d49acc1' AND file:name = 'NvSmartMax']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T13:33:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d493f8a-85c0-4389-9644-aca6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T13:35:09.000Z",
|
|
"modified": "2019-08-06T13:35:09.000Z",
|
|
"description": "Abused legitimate application",
|
|
"pattern": "[file:hashes.SHA1 = 'fc37ac7523cf3b4020ec46d6a47bc26957e3c054' AND file:name = 'Gup.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T13:35:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d494a11-3c6c-4c89-9d11-daa8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T11:57:41.000Z",
|
|
"modified": "2019-08-06T11:57:41.000Z",
|
|
"description": "Injector for email tool - ESET detection name: Win32/Spy.Amavaldo.P trojan",
|
|
"pattern": "[file:hashes.SHA1 = '4dba5fe842b01b641a7228a4c8f805e4627c0012' AND file:name = 'libcurl.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T11:57:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d494a3f-1b3c-4bcc-8b34-4db5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T13:37:59.000Z",
|
|
"modified": "2019-08-06T13:37:59.000Z",
|
|
"description": "Email tool - ESET detection name: Win32/Spy.Banker.AEGH trojan",
|
|
"pattern": "[file:hashes.SHA1 = '9a968341c65ab47bf5c7290f3b36fcf70e9c574b' AND file:name = 'Libcurl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T13:37:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d494a5d-de44-423a-b8d1-daa7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T09:40:47.000Z",
|
|
"modified": "2019-08-06T09:40:47.000Z",
|
|
"description": "Configuration file for gup.exe",
|
|
"pattern": "[file:name = 'gup.xml']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T09:40:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d49553d-701c-4eb3-954a-eaeb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T10:23:57.000Z",
|
|
"modified": "2019-08-06T10:23:57.000Z",
|
|
"pattern": "[file:name = 'CurriculumVitae[\u00e2\u20ac\u00a6].msi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T10:23:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d496104-67d8-48c9-a044-7a57950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T11:14:12.000Z",
|
|
"modified": "2019-08-06T11:14:12.000Z",
|
|
"pattern": "[file:name = 'FotosPost[\u00e2\u20ac\u00a6].msi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T11:14:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d4982df-1a94-4914-9cf1-464e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T13:38:39.000Z",
|
|
"modified": "2019-08-06T13:38:39.000Z",
|
|
"description": "Downloader (MSI installer) - ESET detection name: Trojan.VBS/TrojanDownloader.Agent.QSL",
|
|
"pattern": "[file:hashes.SHA1 = 'e0c8e11f8b271c1e40f5c184afa427ffe99444f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T13:38:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d4982f2-0190-427f-b4c5-4f08950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-06T13:38:58.000Z",
|
|
"modified": "2019-08-06T13:38:58.000Z",
|
|
"description": "Downloader (MSI installer) - ESET detection name: Win32/TrojanDownloader.Delf.CSG trojan",
|
|
"pattern": "[file:hashes.SHA1 = 'ad1fce0c62b532d097dacfce149c452154d51eb0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-06T13:38:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e462def8-1643-4d2f-a15a-825ff3fb335e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:54.000Z",
|
|
"modified": "2019-08-11T06:32:54.000Z",
|
|
"pattern": "[file:hashes.MD5 = '45c01734ed56c52797156620a5f8b414' AND file:hashes.SHA1 = 'fc37ac7523cf3b4020ec46d6a47bc26957e3c054' AND file:hashes.SHA256 = '20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-11T06:32:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6b54feea-5cb0-4c57-b10c-7a1d4a274581",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:54.000Z",
|
|
"modified": "2019-08-11T06:32:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-08-08T11:14:28",
|
|
"category": "Other",
|
|
"uuid": "7e4b14b4-0aae-4ef9-a053-82ed74c31fb7"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503/analysis/1565262868/",
|
|
"category": "Payload delivery",
|
|
"uuid": "adeb231a-0e31-41ab-98e6-b1f51bf56107"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "1/66",
|
|
"category": "Payload delivery",
|
|
"uuid": "c8287316-9bfc-4ab0-8fe1-1784b0a875df"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--211c8a88-4c1a-447b-a768-0ab6e30246b8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:55.000Z",
|
|
"modified": "2019-08-11T06:32:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'df3e0e32d1e1fb50cc292aebc5e5b322' AND file:hashes.SHA1 = '12c93bb262696314123562f8a4b158074c9f6b95' AND file:hashes.SHA256 = '6a1f91b94bc6c7167967983a78aa1c8780decad66c278e3d7da5e8d4dbec4412']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-11T06:32:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e1227ba7-e304-4792-8a0d-039b87b94ec0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:55.000Z",
|
|
"modified": "2019-08-11T06:32:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-08-07T07:57:31",
|
|
"category": "Other",
|
|
"uuid": "7e17b294-cd02-4cbf-8360-6b980e944a60"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6a1f91b94bc6c7167967983a78aa1c8780decad66c278e3d7da5e8d4dbec4412/analysis/1565164651/",
|
|
"category": "Payload delivery",
|
|
"uuid": "3004172e-acdc-4959-b3db-66f1c5d0abe0"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/66",
|
|
"category": "Payload delivery",
|
|
"uuid": "d02a7092-c6ff-445e-b8df-fa9ce122458f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--18ccf1e5-236a-4ad0-8556-2d5ff4532a11",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:55.000Z",
|
|
"modified": "2019-08-11T06:32:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e880c09454a68b4714c6f184f7968070' AND file:hashes.SHA1 = '4dba5fe842b01b641a7228a4c8f805e4627c0012' AND file:hashes.SHA256 = 'c9cf8e159809cfa97971a0b84801c6aead32e03a423a2fd0ca1c402032b16a82']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-11T06:32:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ef63bd95-99e9-4843-9ad6-725ee617c410",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:55.000Z",
|
|
"modified": "2019-08-11T06:32:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-08-09T10:12:09",
|
|
"category": "Other",
|
|
"uuid": "73ae0c5f-3822-44a5-8e6a-e0c5cc7ae015"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c9cf8e159809cfa97971a0b84801c6aead32e03a423a2fd0ca1c402032b16a82/analysis/1565345529/",
|
|
"category": "Payload delivery",
|
|
"uuid": "147b157c-4060-4849-8597-6b3cf41e56be"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/62",
|
|
"category": "Payload delivery",
|
|
"uuid": "cab2413e-ee43-4916-8f7f-77eab426ae20"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--66ffca83-f5bf-46b5-aa17-25a0da26b4a8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:55.000Z",
|
|
"modified": "2019-08-11T06:32:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6f2bf181f8b9ca1d28465ed6bab6f3e2' AND file:hashes.SHA1 = 'ad1fce0c62b532d097dacfce149c452154d51eb0' AND file:hashes.SHA256 = '8171cbd7bc06d905a7d77d2d0dd147b0b9305d76f76a176fbda4b78768656a47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-11T06:32:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--fa950a27-172c-4243-92fe-c54894fe8f03",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:55.000Z",
|
|
"modified": "2019-08-11T06:32:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-08-09T10:13:10",
|
|
"category": "Other",
|
|
"uuid": "514b8275-5a02-4fa7-bbf3-44d83f3d4c03"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/8171cbd7bc06d905a7d77d2d0dd147b0b9305d76f76a176fbda4b78768656a47/analysis/1565345590/",
|
|
"category": "Payload delivery",
|
|
"uuid": "18817da9-db4e-468c-81ab-f0fc22af73df"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/53",
|
|
"category": "Payload delivery",
|
|
"uuid": "fe7700b1-4509-452c-83e0-697b67eea1de"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--168eca3c-6b0c-495b-bc97-76fc044663da",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:56.000Z",
|
|
"modified": "2019-08-11T06:32:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9f1e5d66c2889018daef4aef604eebc4' AND file:hashes.SHA1 = 'b80294261c8a1635e16e14f55a3d76889ff2c857' AND file:hashes.SHA256 = '02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-11T06:32:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--299f2cd3-4943-45c0-89fd-688831a58235",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:56.000Z",
|
|
"modified": "2019-08-11T06:32:56.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-08-06T18:49:02",
|
|
"category": "Other",
|
|
"uuid": "0abdb5b6-5361-4012-ba4b-bca90ddac639"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222/analysis/1565117342/",
|
|
"category": "Payload delivery",
|
|
"uuid": "e629edd0-952f-4a57-87c7-3ebfe9e54987"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "1/66",
|
|
"category": "Payload delivery",
|
|
"uuid": "98555b2e-b57c-4506-9068-8f11a7d07ca1"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0f1baa55-4a99-4cc2-84d1-7032ab3b20a6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:56.000Z",
|
|
"modified": "2019-08-11T06:32:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '55ffee241709ae96cf64cb0b9a96f0d7' AND file:hashes.SHA1 = 'b191810094dd2ee6b13c0d33458fafcd459681ae' AND file:hashes.SHA256 = '64bc6cf6b6e9850cea2a36cabc88982b0b936dd7f0bc169a2f6dd2a5d1e86abf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-11T06:32:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--fef464cf-27a2-4bfb-bf12-4adb789baa4e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:56.000Z",
|
|
"modified": "2019-08-11T06:32:56.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-08-09T01:41:32",
|
|
"category": "Other",
|
|
"uuid": "932dfeb4-c96d-4337-b8ac-b19215b28b68"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/64bc6cf6b6e9850cea2a36cabc88982b0b936dd7f0bc169a2f6dd2a5d1e86abf/analysis/1565314892/",
|
|
"category": "Payload delivery",
|
|
"uuid": "2ef12f33-7867-4996-a410-c4022c862b9d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/68",
|
|
"category": "Payload delivery",
|
|
"uuid": "40e4ead5-bde4-4c4e-80ff-95d7236b9f0a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a7c89ed2-b308-4953-98a4-8b7b7f74f90e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:56.000Z",
|
|
"modified": "2019-08-11T06:32:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1091a566e2f44bada1f814998034bd04' AND file:hashes.SHA1 = 'e0c8e11f8b271c1e40f5c184afa427ffe99444f8' AND file:hashes.SHA256 = '1c17cf7af862cdb0af2f5540391ac3d0b427bd6369cf1a5fbb8d82fb80964d1c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-11T06:32:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--76da6429-cbfd-4a4b-83ad-a6511f97a14e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:57.000Z",
|
|
"modified": "2019-08-11T06:32:57.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-08-09T10:12:08",
|
|
"category": "Other",
|
|
"uuid": "753365f1-529c-40e2-80d8-2996a57fb0f6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1c17cf7af862cdb0af2f5540391ac3d0b427bd6369cf1a5fbb8d82fb80964d1c/analysis/1565345528/",
|
|
"category": "Payload delivery",
|
|
"uuid": "b2c2427d-024a-4003-97f2-4c661da00e90"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/52",
|
|
"category": "Payload delivery",
|
|
"uuid": "f6edb2bf-fafc-4ee9-9aae-82b2531b3718"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8ea7872e-f1cb-4652-945b-4f8f9558f662",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:57.000Z",
|
|
"modified": "2019-08-11T06:32:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4a3cdcef8ed41b221f3dbef5792fb52d' AND file:hashes.SHA1 = '6c04499f7406e270b590374ef813c4012530273e' AND file:hashes.SHA256 = '6bb5f3a7147660db416b838893c7d0734872ada9f7db68b1d019043a1cb89397']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-11T06:32:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--569e0439-c30e-444a-8ef9-76c1388c03a6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:57.000Z",
|
|
"modified": "2019-08-11T06:32:57.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-08-09T12:53:04",
|
|
"category": "Other",
|
|
"uuid": "0ccdca69-9f20-42e3-ab13-e2e6b98cc13e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6bb5f3a7147660db416b838893c7d0734872ada9f7db68b1d019043a1cb89397/analysis/1565355184/",
|
|
"category": "Payload delivery",
|
|
"uuid": "8db662d3-7baf-4543-b958-bdebb1bdb185"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/66",
|
|
"category": "Payload delivery",
|
|
"uuid": "8c2c7ee6-599a-4468-bb8f-e90793092ed1"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--71291c97-7e50-4601-8836-d13f6a601564",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:57.000Z",
|
|
"modified": "2019-08-11T06:32:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = '88eca26e7f720a3faa94864359681590' AND file:hashes.SHA1 = '6d80a959e7f52150fda2241a4073a29085c9386b' AND file:hashes.SHA256 = 'b7e72ad59f05b67e7f44f071e7c3e46a490261c653cac66063ceed52c176fae0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-08-11T06:32:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--29b46ebc-f105-45dd-9b0e-c50ac28523bb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-08-11T06:32:58.000Z",
|
|
"modified": "2019-08-11T06:32:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-08-09T10:12:08",
|
|
"category": "Other",
|
|
"uuid": "9d0e29a6-ce2e-4af8-baa0-f1a20ea19ae3"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b7e72ad59f05b67e7f44f071e7c3e46a490261c653cac66063ceed52c176fae0/analysis/1565345528/",
|
|
"category": "Payload delivery",
|
|
"uuid": "9bb01340-6430-43f8-be1d-2c9c37985fcc"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/62",
|
|
"category": "Payload delivery",
|
|
"uuid": "dae0b425-f835-4ad2-87f8-709822134d4b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a0f1fc4e-853a-4327-a9fe-c89c199eb6a7",
|
|
"created": "2019-08-06T06:54:44.000Z",
|
|
"modified": "2019-08-06T06:54:44.000Z",
|
|
"relationship_type": "executed-by",
|
|
"source_ref": "indicator--5d483181-9e28-42d9-b8a9-460d950d210f",
|
|
"target_ref": "indicator--5d48319b-07ec-4769-9c2f-4fda950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f77b4021-771f-4161-a5f2-8b2863ca2a5f",
|
|
"created": "2019-08-06T06:54:27.000Z",
|
|
"modified": "2019-08-06T06:54:27.000Z",
|
|
"relationship_type": "executes",
|
|
"source_ref": "indicator--5d48319b-07ec-4769-9c2f-4fda950d210f",
|
|
"target_ref": "indicator--5d483181-9e28-42d9-b8a9-460d950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9a3467f7-6203-4e90-b8b2-512802e05d56",
|
|
"created": "2019-08-06T09:41:07.000Z",
|
|
"modified": "2019-08-06T09:41:07.000Z",
|
|
"relationship_type": "uses",
|
|
"source_ref": "indicator--5d493f8a-85c0-4389-9644-aca6950d210f",
|
|
"target_ref": "indicator--5d494a5d-de44-423a-b8d1-daa7950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--bc49f3a1-ffb1-4ef3-83b1-033f07652395",
|
|
"created": "2019-08-06T09:40:47.000Z",
|
|
"modified": "2019-08-06T09:40:47.000Z",
|
|
"relationship_type": "used-by",
|
|
"source_ref": "indicator--5d494a5d-de44-423a-b8d1-daa7950d210f",
|
|
"target_ref": "indicator--5d493f8a-85c0-4389-9644-aca6950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ef5e4716-3711-4915-b370-f6702870dac3",
|
|
"created": "2019-08-11T06:32:58.000Z",
|
|
"modified": "2019-08-11T06:32:58.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e462def8-1643-4d2f-a15a-825ff3fb335e",
|
|
"target_ref": "x-misp-object--6b54feea-5cb0-4c57-b10c-7a1d4a274581"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--bcb69657-5194-4835-a86c-bb963d103505",
|
|
"created": "2019-08-11T06:32:59.000Z",
|
|
"modified": "2019-08-11T06:32:59.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--211c8a88-4c1a-447b-a768-0ab6e30246b8",
|
|
"target_ref": "x-misp-object--e1227ba7-e304-4792-8a0d-039b87b94ec0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d688d215-66d7-4f70-b25c-71f83d986c6e",
|
|
"created": "2019-08-11T06:32:59.000Z",
|
|
"modified": "2019-08-11T06:32:59.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--18ccf1e5-236a-4ad0-8556-2d5ff4532a11",
|
|
"target_ref": "x-misp-object--ef63bd95-99e9-4843-9ad6-725ee617c410"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3a6837e9-77e8-4ef5-94d6-4d4597178d9a",
|
|
"created": "2019-08-11T06:32:59.000Z",
|
|
"modified": "2019-08-11T06:32:59.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--66ffca83-f5bf-46b5-aa17-25a0da26b4a8",
|
|
"target_ref": "x-misp-object--fa950a27-172c-4243-92fe-c54894fe8f03"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8ec7a77b-a886-4e9d-b832-17ad4bbd2ce9",
|
|
"created": "2019-08-11T06:32:59.000Z",
|
|
"modified": "2019-08-11T06:32:59.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--168eca3c-6b0c-495b-bc97-76fc044663da",
|
|
"target_ref": "x-misp-object--299f2cd3-4943-45c0-89fd-688831a58235"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b62088e9-249e-49cb-9e55-71231ddfd5e7",
|
|
"created": "2019-08-11T06:32:59.000Z",
|
|
"modified": "2019-08-11T06:32:59.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0f1baa55-4a99-4cc2-84d1-7032ab3b20a6",
|
|
"target_ref": "x-misp-object--fef464cf-27a2-4bfb-bf12-4adb789baa4e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7ce39b5d-3c48-4e12-ae62-0e60fa56dced",
|
|
"created": "2019-08-11T06:32:59.000Z",
|
|
"modified": "2019-08-11T06:32:59.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a7c89ed2-b308-4953-98a4-8b7b7f74f90e",
|
|
"target_ref": "x-misp-object--76da6429-cbfd-4a4b-83ad-a6511f97a14e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d1f5e946-f85e-4fb0-98e3-7e664525cad5",
|
|
"created": "2019-08-11T06:32:59.000Z",
|
|
"modified": "2019-08-11T06:32:59.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8ea7872e-f1cb-4652-945b-4f8f9558f662",
|
|
"target_ref": "x-misp-object--569e0439-c30e-444a-8ef9-76c1388c03a6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--024f9400-4360-427e-9aff-57c54c213c57",
|
|
"created": "2019-08-11T06:32:59.000Z",
|
|
"modified": "2019-08-11T06:32:59.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--71291c97-7e50-4601-8836-d13f6a601564",
|
|
"target_ref": "x-misp-object--29b46ebc-f105-45dd-9b0e-c50ac28523bb"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |