247 lines
5.3 MiB
JSON
247 lines
5.3 MiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--57dbb75c-4ebc-4856-96fc-4095950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-16T09:13:40.000Z",
|
||
|
"modified": "2016-09-16T09:13:40.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--57dbb75c-4ebc-4856-96fc-4095950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-16T09:13:40.000Z",
|
||
|
"modified": "2016-09-16T09:13:40.000Z",
|
||
|
"name": "OSINT - ELF.Rex",
|
||
|
"published": "2018-01-12T10:34:56Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--57dbb770-3714-46ee-80d4-44f7950d210f",
|
||
|
"url--57dbb770-3714-46ee-80d4-44f7950d210f",
|
||
|
"indicator--57dbb7a7-2d74-4f94-9d99-45ac950d210f",
|
||
|
"indicator--57dbb7c4-0b0c-43c2-b639-488302de0b81",
|
||
|
"indicator--57dbb7c4-2bf0-4b57-90d6-4b5d02de0b81",
|
||
|
"observed-data--57dbb7c5-cc2c-4683-b3f8-442302de0b81",
|
||
|
"url--57dbb7c5-cc2c-4683-b3f8-442302de0b81",
|
||
|
"indicator--57dbbb1f-058c-4ca7-8c1b-42c8950d210f",
|
||
|
"indicator--57dbbb20-c468-43b1-a6e2-453d950d210f",
|
||
|
"indicator--57dbbb21-2da0-4b8b-8e30-449d950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"ms-caro-malware:malware-platform=\"Linux\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57dbb770-3714-46ee-80d4-44f7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-16T09:12:16.000Z",
|
||
|
"modified": "2016-09-16T09:12:16.000Z",
|
||
|
"first_observed": "2016-09-16T09:12:16Z",
|
||
|
"last_observed": "2016-09-16T09:12:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57dbb770-3714-46ee-80d4-44f7950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57dbb770-3714-46ee-80d4-44f7950d210f",
|
||
|
"value": "https://twitter.com/benkow_/status/776683844011450368"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57dbb7a7-2d74-4f94-9d99-45ac950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-16T09:13:11.000Z",
|
||
|
"modified": "2016-09-16T09:13:11.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ab2b707d7993aee44ad98bf55fdd9ff02c00fa422abeb8eb10d9f275f5f6e55a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-16T09:13:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57dbb7c4-0b0c-43c2-b639-488302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-16T09:13:40.000Z",
|
||
|
"modified": "2016-09-16T09:13:40.000Z",
|
||
|
"description": "- Xchecked via VT: ab2b707d7993aee44ad98bf55fdd9ff02c00fa422abeb8eb10d9f275f5f6e55a",
|
||
|
"pattern": "[file:hashes.SHA1 = '6fb2c6abe37f7a1fe4683105c3d2490e758e5aa9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-16T09:13:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57dbb7c4-2bf0-4b57-90d6-4b5d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-16T09:13:40.000Z",
|
||
|
"modified": "2016-09-16T09:13:40.000Z",
|
||
|
"description": "- Xchecked via VT: ab2b707d7993aee44ad98bf55fdd9ff02c00fa422abeb8eb10d9f275f5f6e55a",
|
||
|
"pattern": "[file:hashes.MD5 = '864d639dee07f5da2af5dfa375b21d5e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-16T09:13:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57dbb7c5-cc2c-4683-b3f8-442302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-16T09:13:41.000Z",
|
||
|
"modified": "2016-09-16T09:13:41.000Z",
|
||
|
"first_observed": "2016-09-16T09:13:41Z",
|
||
|
"last_observed": "2016-09-16T09:13:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57dbb7c5-cc2c-4683-b3f8-442302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57dbb7c5-cc2c-4683-b3f8-442302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ab2b707d7993aee44ad98bf55fdd9ff02c00fa422abeb8eb10d9f275f5f6e55a/analysis/1474010565/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57dbbb1f-058c-4ca7-8c1b-42c8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-16T09:27:59.000Z",
|
||
|
"modified": "2016-09-16T09:27:59.000Z",
|
||
|
"description": "Unpacked go compiled binaries",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAH1LMEl3cgRp+T8/AED+lQAgABwAMzNlYzE1Mjc2MWQzN2EzNDk0MzM1NzJkZjRiNmRmYzdVVAkAAx6721ceu9tXdXgLAAEEIQAAAAQhAAAAJbXGGB3il//+rRKiGXqi0yUd4rjL6I7x4YFqvq+vAD//9+gOg5mYJRBE7vyFEFbe+VDsJBABMjm1JFO+h9pYL+rTsMeQe+Nd62ISpg+RHlGzmRORhsj6sbE2K0yfF3GodM7hv4BO4wHT3OurC67IX+7DCAOy+Q2eSP845JV1PJsz3BEODsNL9TONT+/qf+DTSKIPV+FWlYbc/HHYYVOKVlwwlfIwwjbjl5dHMZlWl0hbTg7jwOxkqhvo4UwOq+C9/EuglCOyBS8Uko4p+2i1KH6ajeNIzL0Mm7ENFhOl2DXXLRuhTpy4QwMUfcWwvwUSj43aJaZHhclmeMLb/aWOpujPsG0OJcjKh9u+3qBnHpDmJuzdmVvc2tTxpdQFdZVnUaAKnTMwyqkgRIi2dGaaeZgEbiec00OUNwSnT8eEwAyLVXDwTdBjJJZQ7ZHc7EvE9pLru4kFueiaw623Aiz9/Nl9+qGS5eai5v2DJ7Td9a8vjseCwNOjis+0irE6OLUhMrDFNB8WQgfptXj8J0w3hBrJ+ye7N1oFkXhzZ5Yz0EiTE9Yaom2XYkZ1U5YE83jIqS1wxo0yh/GtiZ0NwI2xzFqJZo7RRmsrp7LukECtjUawEy30ZEsanpGP2vByXt3F3fIh3oRvU6wi4pEQ+qGor5OAo6d/dwtz7b9WZd/6whoYQOCuimDtKp2Gzx2e97n4pGSvL31dkKYK2TMGFU6oV7u+k8aFsLc6OELiWadFyAL9C0oOcerLV5rWBrReLp/UIFDZGFc3Ns3XXhYS8fcxVQpGC7KszU3mdFxcy21ltU1md7qL7iYGSWcx9o8XIfFIxBNj6twhrDoS3cEMHFyhX7w2H5XIxVptVleOczxS4MYRT06wO63YuPH8jezl8mF9htIuuXkB2xAxDeqco4BwfznmAQhFHH8mz4MDiwxweawJA6ub6nDQZoOW3nngfKVT4iYPVpQQFwFVJosdcjd/Dv6Ny2qnKzObHFbrIX3s1hdgls9xumqD0m52tfMKLUkeY36L14Pff+1wHL4a+fZV/7U1pVB2LAkB1DNoWEF6ffTGUCYF9gCnDiI13fQjuOOuUgnSCQWodf029YrjW2ziaI0Vu/6Na3UsZKlKL5aqH11aPxIicAHM9MzgVOfZnjrMWMRW/zh209imP2jBorFTklcdunSbIZoFc4ClSqq7Pop83XsitY05ezmh7cSdHue2gbUNVAhVNKe6vjD8bEweKTB9s/mcQRK2CzTHHzkkev9PD79penoMZkcTvVAa2lSepEAq/stOlMy5cqxZKapOVO0od5CRgAFf1Y2OFy/237MJE/z1HvU5DlPwZMOdkukzlTqbfzlv3hx9MNUEvxX53g3v1BFlVgpx3ZBlCp4Ns4xR9qecInt5wEGJ9ULyYt1nRnouQKB9Nqq0HZQrez2c0qDxvPbx8joU2HOf1hdlmj83qb4PcUDJ4o/oL9D3hSiISYAyq0tzz+5HDOXC92oHr2sh8aP2csPxMurzzALyPQt2I9h8M2vREbKisE1OPb3RFHAEcAqqKBVDPdnA3aWSITG4VtAT1XrALszOYT6BpE1r9Wbba1y8gNWyo9CoIJfWTVS7akYIkQT/lsM4L5IHGGCWP1TtSB0Mq+TX8Hhgnm0aozab17qlhnMIOGcu1mzyuT9LIRrbvgsdp1znZBl/ajWzpOa1wv0JcAZN3kwusJ9YTAkaXODGTaV7LVGWkZVTooQRvUJ5TDTJPW4sD1xl61Xrt92qgkjtzE/W2UzMc0hEypvbxe7rnHf9BtueO+QZ/Rt8dOAaqvD/vIvGkJMWpI1hkgg/Kj8PKkScG4TSSWkaQaxUt0XGd+nutG5RirjpTnQbKlUC7RkDzLjmGmdOdHBV7i8bupO6wYxQBFR7XoM6UoYf/ySnfEbWk+mvDyPE9YdhgD1qq4gPwyFukYlc9huUg64yCMIaIsGET8a2wzxcmPgT54gp59xmQNRILHtORvCq1jexW471yIa2jVMSc+3f6IOsNZjTTQqTxen5vo3l8NHNm6TReQAo9GpdHcGHZ11voqiBdLYAo5eMOpXNHXiptjrHpPNjr/smIWq7/oZR5PByxZjhu2/CnpOZ4IMWI72S99Y950uzCk/yEe0SdweoBmJES1Cm2EJknxB1Nvbk5/ucnMIK/XGXoboWsqKdSsBfhoYEj/cghUFUHeOcMJYV8EH9NF+1touIplIo5YacoaggdNcJGq/EdWu6Bw7eMHuQ8iz7kDuws11GFaUsRAdIXr6mCwpCSUusn4MGDlxzCFLxlbra70HO4eBy6y43Q9h7UQuSV2x1y+mgU4FQDQ08NoiCsB2D1TvkmKX/yRoFejzKXrxzP9K0khdS3PTM2Igi7uK4EQ7yMl2vS0rnUYppKYxzWHo9oxIhCTQU3pm/snLXbgEDh0FUucdSPGxzd05PwQCvOs5Cy6vY69YtPFgRQIwp9ssq/hxKPig1AnzG2DRqBVdWpBQ1SeyR33MQ88eNXewkmlxqE4JFS7KfqUu7wkY26N9W6qHfn3E5t74sep5SCQ+rp7tfSRSUI9YDLC6qHsf1+FfUhY+nZJ4Dy0TGIhZcb5xblaYeMt22MNkWQND/KElVAvAwZbVg+LKscxpwqkNxPthYgYX/IDrZlrkFuvp2M+0trfwyGLq6bN8+q8yQRZLaWiH+7CLQh6IUIs4Rm5DOxE+peHaDUcOTebKwr78oNIXbiYhpmECztCFSmUaveCQ1JMC6wtCd6yfYIiVmBH5Xq5hCa7dqQUTLZMK5/rjSbypQcTvAPtnbzLebb0l0O9UURv3bB8MrWsyvbtCLUWNEBD8GodqgtPkNBfOo+lCk1rdkhzQBPBFSw/5eX9IHXM3xXIodyNZIFY7iZfly1T+SbAl7JoSZGE4XM2NXQltT42v1161Rf5sWHNshZaRxSKhBO9tqrp9s9pCcZEOmoHGIGg25GXoDt2xM8k8VUZT7F8pYJRQvzABfa+HozCmPbWn0utb0EqB+DhUeWW3l04Zewizr5wIVefTpjG+WV0BoUKVjvRePwaOmfphfNFtQ0agfC4oDY3pQW77XVfJb4NgC03uy98vxS/joOmzh4cvrdIjlHVdLdT8KgNeRLrwpBwGPibDe0JQBv4xLktpebWbBfiQCxG3LpxqU9qSNsJeJTbKEM2z1eIF3C+uvUEBCzPKgIwOZjFHjHB2ooKRWgr5fscX/m/CMxVZtz6tMO3HfZCTBv4QNUjGMVqWSb6aS8Q/U2gijlD7GlgOjZr0mkcxUSOYW/iG5FpcsKV0JqQftlig3zMI9aFahf8gYcUoRm3RYpAk56eJCcpiAh5g4Zn835vmUHftHeylBKUh8b/LsYt5l+BTRHtu4SauPVt71Fl2F9N9nmTwHRXq080qHw4pWZUIvO9YCCUZKBe2NLRrFTQtANpRsdTh8PF7dzK2wsQK6Zc+wrQsDRLgReqZfkM8mng09/iQl3Shbk1tTb4HKR6QFWH0g9DNNwny2AnU+1iLv8+NV54gj4yU8RCBOu3eQ9afdbGUUFovuk2IAmeoomPUNoSgEf/0r8qHdgt2jSg2tPkr8QPQ2qxAqUOiNPZYgKl6iFpgcApm4CTFUMBQI94UjF4/ZUgWhdMRWVWG8x0dQlydRL/CkYst08dvslBy0/S49ywraUDPtPKZnzR1Ocv5dg65nLhp+7kkHO0+H+7XSXNdJ/ka8v1nJkMS/jHunQjGZp2KkEDOuBzIf2Y/K6osubBB7NgLEazyrWI6hliwWOWSit+6UHa4RkYsWpkbBwhHKSprSMUtRr88aJGXlEUnaxDpV3nLCMjZGTtXIFM2FRPhVrUqlmXhenwCBUN4d3VMSgnMNMV18myK+sQLwjw5HWaAUDV9CzmDbzBCknniY/pZKxL/xZ5eaRvdtV3pbgMslXq
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-16T09:27:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57dbbb20-c468-43b1-a6e2-453d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-16T09:28:00.000Z",
|
||
|
"modified": "2016-09-16T09:28:00.000Z",
|
||
|
"description": "Unpacked go compiled binaries",
|
||
|
"pattern": "[file:name = 'ab2b707d7993aee44ad98bf55fdd9ff02c00fa422abeb8eb10d9f275f5f6e55a' AND file:hashes.SHA1 = '2c514212637e9d8d8861de4efd4a0062831f75d5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-16T09:28:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57dbbb21-2da0-4b8b-8e30-449d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-16T09:28:01.000Z",
|
||
|
"modified": "2016-09-16T09:28:01.000Z",
|
||
|
"description": "Unpacked go compiled binaries",
|
||
|
"pattern": "[file:name = 'ab2b707d7993aee44ad98bf55fdd9ff02c00fa422abeb8eb10d9f275f5f6e55a' AND file:hashes.SHA256 = '8a7c548a47c7cbd120b2f262797834e8aa8d6441082571f5d125c9a0ed4c75d4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-16T09:28:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|