2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--b6a0d910-69ae-463d-80a8-1f84839a2514",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:44:37.000Z",
|
|
|
|
"modified": "2021-08-17T12:44:37.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--b6a0d910-69ae-463d-80a8-1f84839a2514",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:44:37.000Z",
|
|
|
|
"modified": "2021-08-17T12:44:37.000Z",
|
|
|
|
"name": "Nanocore 20210816",
|
|
|
|
"published": "2021-08-17T12:44:49Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5fe0a2c9-529a-463d-bdf1-ce9810a326a1",
|
|
|
|
"indicator--f664f99d-7c72-43f8-978e-b37728009b2e",
|
|
|
|
"indicator--1d6fc8a1-543c-4e88-bdb1-cc881073ef5a",
|
|
|
|
"indicator--b7a87190-e31c-49f4-a48a-17a28d9e387e",
|
|
|
|
"indicator--0204068e-f994-45b0-9ee1-82075c844cfe",
|
|
|
|
"indicator--bceb056d-02a2-4d20-8805-274c2176302e",
|
|
|
|
"indicator--41496714-768e-4cec-8863-ed1478fc5ba6",
|
|
|
|
"indicator--98127c27-a87e-4d7d-97ce-86933ccbe785",
|
|
|
|
"indicator--7b6fbd55-6968-4d0a-97c6-cf59b2793d09",
|
|
|
|
"indicator--2c6ff02d-d040-4b06-906f-9a12052e1e0e",
|
|
|
|
"x-misp-object--691b9653-eeb4-4e37-813c-615d479136f2",
|
|
|
|
"indicator--952d82ff-7ba8-4518-84fb-ca5532b2bf11",
|
|
|
|
"x-misp-object--be08969d-fac1-4f76-b6bc-a1c79350a375",
|
|
|
|
"indicator--6f98c9e8-8a06-417f-af9e-c5e33fda7f1f",
|
|
|
|
"x-misp-object--d05559b0-7b96-4f69-804d-1d31b20faafa",
|
|
|
|
"indicator--7774835c-4f7f-49bd-8bc4-d45323247df8",
|
|
|
|
"x-misp-object--ecaaa472-1599-4a58-b1ef-f5f6b318fb20",
|
|
|
|
"indicator--491b2ed4-78ea-4b29-afad-103e9f3ebf07",
|
|
|
|
"x-misp-object--4af9b009-2178-4c95-aaa7-56f231e4052d",
|
|
|
|
"x-misp-object--2735f53e-0789-4e37-aba1-ec69432d5be7",
|
2024-08-07 08:13:15 +00:00
|
|
|
"relationship--0b29cd46-af0d-440a-99f7-ac3dbfd3640b",
|
|
|
|
"relationship--4ec8bc33-9452-4b84-acec-e7bdaf3f323e",
|
|
|
|
"relationship--60f9b7d3-d224-4d1f-acfa-d8ddc7b9a83a",
|
|
|
|
"relationship--1fb7587b-cb8e-4b76-b050-ccb6ec7352bf",
|
|
|
|
"relationship--048fb6d8-5669-4c6f-8d8f-5929a3f402bc"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
"misp-galaxy:malpedia=\"Nanocore RAT\"",
|
|
|
|
"misp-galaxy:tool=\"NanoCoreRAT\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5fe0a2c9-529a-463d-bdf1-ce9810a326a1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:35:18.000Z",
|
|
|
|
"modified": "2021-08-17T12:35:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'coc88.duckdns.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:35:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--f664f99d-7c72-43f8-978e-b37728009b2e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:35:18.000Z",
|
|
|
|
"modified": "2021-08-17T12:35:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'torok1111112.ddns.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:35:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--1d6fc8a1-543c-4e88-bdb1-cc881073ef5a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:36:13.000Z",
|
|
|
|
"modified": "2021-08-17T12:36:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2a2c0a635beba215a9e3f21c398d684dc1d2ad487356e29140247b14f2c6838f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:36:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--b7a87190-e31c-49f4-a48a-17a28d9e387e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:36:13.000Z",
|
|
|
|
"modified": "2021-08-17T12:36:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '060dc5124e4d0f8869856b52016cbed32339b8ac456b8cb5fea50f628961fc73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:36:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0204068e-f994-45b0-9ee1-82075c844cfe",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:36:13.000Z",
|
|
|
|
"modified": "2021-08-17T12:36:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ec958c2d48c6719238780878d1621b8af18c4b65']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:36:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--bceb056d-02a2-4d20-8805-274c2176302e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:36:13.000Z",
|
|
|
|
"modified": "2021-08-17T12:36:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '716c942e237ebe40e5e0bf443bf2128e5a883197']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:36:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--41496714-768e-4cec-8863-ed1478fc5ba6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:36:13.000Z",
|
|
|
|
"modified": "2021-08-17T12:36:13.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd915f9f8421aa34dfd88d1595249f954']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:36:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--98127c27-a87e-4d7d-97ce-86933ccbe785",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:36:13.000Z",
|
|
|
|
"modified": "2021-08-17T12:36:13.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'cab3529dc19b4c630163a24759125fd7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:36:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7b6fbd55-6968-4d0a-97c6-cf59b2793d09",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:36:13.000Z",
|
|
|
|
"modified": "2021-08-17T12:36:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'afdcfeac16d321fef57c2aae9b001952544a53fc785ba78a6ad794a81bef0c05']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:36:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--2c6ff02d-d040-4b06-906f-9a12052e1e0e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:36:13.000Z",
|
|
|
|
"modified": "2021-08-17T12:36:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '67b695b139106a73c333aa2fdd0f08ae160ff5ee38d843cb9999146ad605da73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:36:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--691b9653-eeb4-4e37-813c-615d479136f2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:36:45.000Z",
|
|
|
|
"modified": "2021-08-17T12:36:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "link",
|
|
|
|
"value": "https://otx.alienvault.com/pulse/611ba6128fe8c7c18b06861f",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "65d659ce-c79b-486f-ac9e-aad1da028ee6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "Report",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4873e17e-8594-4331-94c8-69f04a44bc90"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--952d82ff-7ba8-4518-84fb-ca5532b2bf11",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:38:20.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:20.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd915f9f8421aa34dfd88d1595249f954' AND file:hashes.SHA1 = 'ec958c2d48c6719238780878d1621b8af18c4b65' AND file:hashes.SHA256 = '060dc5124e4d0f8869856b52016cbed32339b8ac456b8cb5fea50f628961fc73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:38:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--be08969d-fac1-4f76-b6bc-a1c79350a375",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:38:20.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:20.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2021-08-14T23:15:37+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d5778aa6-c074-44ec-9ca7-e1a05a3fd2c7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/060dc5124e4d0f8869856b52016cbed32339b8ac456b8cb5fea50f628961fc73/detection/f-060dc5124e4d0f8869856b52016cbed32339b8ac456b8cb5fea50f628961fc73-1628982937",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "873c9e6f-b87d-4f6c-b4fb-b382279e7869"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "56/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c817e8d0-2681-4626-b8a5-26034b3083fe"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--6f98c9e8-8a06-417f-af9e-c5e33fda7f1f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:38:20.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:20.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'cab3529dc19b4c630163a24759125fd7' AND file:hashes.SHA1 = '716c942e237ebe40e5e0bf443bf2128e5a883197' AND file:hashes.SHA256 = '2a2c0a635beba215a9e3f21c398d684dc1d2ad487356e29140247b14f2c6838f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:38:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d05559b0-7b96-4f69-804d-1d31b20faafa",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:38:20.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:20.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2021-08-15T19:04:24+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d8b8fa9c-d29b-43cf-814d-cb35cc093819"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/2a2c0a635beba215a9e3f21c398d684dc1d2ad487356e29140247b14f2c6838f/detection/f-2a2c0a635beba215a9e3f21c398d684dc1d2ad487356e29140247b14f2c6838f-1629054264",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "5d2d3405-9efa-4ddb-93b3-185b2119ffe4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "55/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "75c51767-eda2-48ae-9839-0899f7dd20ab"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7774835c-4f7f-49bd-8bc4-d45323247df8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:38:21.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:21.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0ff932908a4201a1c0a27db317321e1c' AND file:hashes.SHA1 = '511e815032cfeec9706117436c6bfdc9e974e4df' AND file:hashes.SHA256 = '67b695b139106a73c333aa2fdd0f08ae160ff5ee38d843cb9999146ad605da73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:38:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ecaaa472-1599-4a58-b1ef-f5f6b318fb20",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:38:22.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:22.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2021-08-17T01:10:57+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "50179a94-1afe-4b10-94b2-17d4e048a618"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/67b695b139106a73c333aa2fdd0f08ae160ff5ee38d843cb9999146ad605da73/detection/f-67b695b139106a73c333aa2fdd0f08ae160ff5ee38d843cb9999146ad605da73-1629162657",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "7c2c183a-dcaa-4590-9bdb-28d540697bb0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "fc3d84a1-1144-4e3d-bc89-25bd85f87d88"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--491b2ed4-78ea-4b29-afad-103e9f3ebf07",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:38:22.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:22.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9bdfa3add2456a5efccabdad1343fa70' AND file:hashes.SHA1 = '02a34db66b361e9cb326f32d6e8f71f1cd284b68' AND file:hashes.SHA256 = 'afdcfeac16d321fef57c2aae9b001952544a53fc785ba78a6ad794a81bef0c05']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-08-17T12:38:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--4af9b009-2178-4c95-aaa7-56f231e4052d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:38:23.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:23.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2021-08-16T14:55:59+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0c1866c0-8a38-4065-9cbd-6d1911176ce1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/afdcfeac16d321fef57c2aae9b001952544a53fc785ba78a6ad794a81bef0c05/detection/f-afdcfeac16d321fef57c2aae9b001952544a53fc785ba78a6ad794a81bef0c05-1629125759",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "b641bd56-f3f7-437d-825e-0130676151a8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "34/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "17fd4f40-6ac2-416d-91a8-2b10001962da"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2735f53e-0789-4e37-aba1-ec69432d5be7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-08-17T12:40:35.000Z",
|
|
|
|
"modified": "2021-08-17T12:40:35.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"passive-dns\"",
|
|
|
|
"misp:meta-category=\"network\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "rdata",
|
|
|
|
"value": "86.125.138.162",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ce780277-1f91-474f-925d-46ce6d9e5324"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "counter",
|
|
|
|
"object_relation": "count",
|
|
|
|
"value": "1",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
|
|
|
|
"uuid": "3592cfeb-a2d7-409e-9fdc-fe43d259edb7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "time_first",
|
|
|
|
"value": "2021-08-17T04:15:12+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
|
|
|
|
"uuid": "a6c8bc85-7c31-4323-8d3c-dc334af7d25a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "time_last",
|
|
|
|
"value": "2021-08-17T04:15:12+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
|
|
|
|
"uuid": "2ad3f979-e163-4ac7-be91-df63246ffdfa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "rrname",
|
|
|
|
"value": "torok1111112.ddns.net.",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
|
|
|
|
"uuid": "929f0a46-9f0a-43f5-9eed-80309941123c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "rrtype",
|
|
|
|
"value": "A",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
|
|
|
|
"uuid": "b239a327-5646-485a-a586-06fc86a3b49d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain",
|
|
|
|
"object_relation": "bailiwick",
|
|
|
|
"value": "ddns.net",
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
|
|
|
|
"uuid": "cb30f6bb-1a01-4bf4-bee7-fda9eab45ac9"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_comment": "torok1111112.ddns.net: Enriched via the farsight_passivedns module",
|
|
|
|
"x_misp_meta_category": "network",
|
|
|
|
"x_misp_name": "passive-dns"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--0b29cd46-af0d-440a-99f7-ac3dbfd3640b",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2021-08-17T12:38:24.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:24.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--952d82ff-7ba8-4518-84fb-ca5532b2bf11",
|
|
|
|
"target_ref": "x-misp-object--be08969d-fac1-4f76-b6bc-a1c79350a375"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--4ec8bc33-9452-4b84-acec-e7bdaf3f323e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2021-08-17T12:38:24.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:24.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--6f98c9e8-8a06-417f-af9e-c5e33fda7f1f",
|
|
|
|
"target_ref": "x-misp-object--d05559b0-7b96-4f69-804d-1d31b20faafa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--60f9b7d3-d224-4d1f-acfa-d8ddc7b9a83a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2021-08-17T12:38:25.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:25.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--7774835c-4f7f-49bd-8bc4-d45323247df8",
|
|
|
|
"target_ref": "x-misp-object--ecaaa472-1599-4a58-b1ef-f5f6b318fb20"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--1fb7587b-cb8e-4b76-b050-ccb6ec7352bf",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2021-08-17T12:38:25.000Z",
|
|
|
|
"modified": "2021-08-17T12:38:25.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--491b2ed4-78ea-4b29-afad-103e9f3ebf07",
|
|
|
|
"target_ref": "x-misp-object--4af9b009-2178-4c95-aaa7-56f231e4052d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--048fb6d8-5669-4c6f-8d8f-5929a3f402bc",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2021-08-17T12:40:04.000Z",
|
|
|
|
"modified": "2021-08-17T12:40:04.000Z",
|
|
|
|
"relationship_type": "related-to",
|
|
|
|
"source_ref": "x-misp-object--2735f53e-0789-4e37-aba1-ec69432d5be7",
|
|
|
|
"target_ref": "indicator--f664f99d-7c72-43f8-978e-b37728009b2e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|