misp-circl-feed/feeds/circl/stix-2.1/c5077ce0-6f6a-4f1a-b5b8-18c087806d07.json

834 lines
102 KiB
JSON
Raw Permalink Normal View History

2024-08-07 08:13:15 +00:00
{
"type": "bundle",
"id": "bundle--c5077ce0-6f6a-4f1a-b5b8-18c087806d07",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:24.000Z",
"modified": "2024-02-12T10:31:24.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--c5077ce0-6f6a-4f1a-b5b8-18c087806d07",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:24.000Z",
"modified": "2024-02-12T10:31:24.000Z",
"name": "AA22-138B Threat Actors Chaining VMware Vulnerabilities for Full System Control",
"published": "2024-02-12T10:31:40Z",
"object_refs": [
"x-misp-attribute--bbbefef7-ee3b-4816-b07a-9299823310bc",
"indicator--f97b4606-91b2-438f-9b05-f744cf363001",
"indicator--da99266c-8b3d-4a66-b77f-613d1ec1b9f3",
"indicator--979bcd1d-caf7-460a-9c6a-2b058266ee7f",
"indicator--d00fcde4-5803-46d7-a12e-fad4a3cdefa7",
"indicator--5c7c4278-774e-4796-960a-99efe4840eba",
"indicator--89bae0e2-50e0-4b1d-b62c-ee1631806525",
"indicator--c2c2c59b-6442-4539-af8b-5c152620b673",
"indicator--065349b3-f9d2-45b2-bbe1-f6603dc5445a",
"indicator--41ddd191-0acd-43e9-88f9-c89c544c8ca3",
"indicator--c5c4772f-f23c-4239-afb4-6c99fdac51fc",
"indicator--3f5408ea-1bd3-401c-9972-ed4437548db7",
"indicator--24047910-1492-4ea9-9c84-9410584c0797",
"indicator--914bd2c7-a04e-4b90-8583-e5771c9a0eb3",
"indicator--d626a397-2736-4358-bae7-493455435c92",
"indicator--53416e18-cabe-4d0c-83fd-0f7a1e47901c",
"indicator--a413bb65-f6d1-4835-8b48-39ef16dd5261",
"indicator--e6f53336-db24-4fdd-9c32-98c7ded5e088",
"indicator--9131eb01-90f8-41ff-bac3-59b3ff75aaff",
"indicator--889e9911-aa1e-45b1-9b7f-acbc22385b3d",
"indicator--e9a3751c-2add-4808-bf26-d9f388bc382f",
"indicator--8062b05a-242f-4bf6-a10c-5b3348d67726",
"indicator--b3fbff17-a27c-43a4-879f-43cab5024d48",
"indicator--8ceadede-9005-4eac-8d4b-a3b625e823de",
"indicator--54bc18da-0db2-4d73-827c-30200a87f8bd",
"indicator--7dc40daf-cad6-4247-bbaf-96df8dcb58eb",
"indicator--4d559b39-decc-488b-81e4-29026dabc587",
"indicator--eeea4eb7-4ac2-47f2-9bbd-40264f993c69",
"indicator--c05a3d78-a986-4d12-9ef3-58ba99e1a538",
"indicator--c300646b-222b-4457-b109-20b27d3356f1",
"indicator--42c9b596-0f5d-4ae8-8fc3-fbd839a1ac1b",
"x-misp-object--d6ebb59c-1922-4dab-9596-6960b11497e6"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"",
"misp-galaxy:mitre-attack-pattern=\"Linux and Mac File and Directory Permissions Modification - T1222.002\"",
"misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"",
"misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"",
"misp-galaxy:mitre-attack-pattern=\"Malware - T1588.001\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"",
"misp-galaxy:mitre-attack-pattern=\"AppleScript - T1059.002\"",
"misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"",
"misp-galaxy:mitre-attack-pattern=\"Clear Command History - T1070.003\"",
"misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"",
"misp-galaxy:mitre-attack-pattern=\"Connection Proxy - T1090\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Connection Proxy - T1090\"",
"misp-galaxy:mitre-attack-pattern=\"/etc/passwd and /etc/shadow - T1003.008\"",
"misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation for Client Execution - T1203\"",
"misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"",
"misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"tlp:clear"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--bbbefef7-ee3b-4816-b07a-9299823310bc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:01.000Z",
"modified": "2024-02-12T10:31:01.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "Imported from STIX header description",
"x_misp_type": "comment",
"x_misp_value": "This STIX file provides updated list of indicators of compromise (IOCs) associated with malicious activity reported in CISA Cybersecurity Advisory (CSA), AA22-138B, pertaining to Threat Actors Chaining VMware Vulnerabilities for Full System Control. \n\nThe original CSA AA22-138B was published on May 18, 2022. \n\nOn June 2, 2022, CSA AA22-138B has been updated with additional indicators of compromise (IOCs), detection signatures, as well as tactics, techniques, and procedures (TTPs) obtained from trusted third parties.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) is releasing this CSA to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE 2022-22960 separately and in combination. \n\nVMware released updates for both vulnerabilities on April 6, 2022, and, according to a trusted third party, malicious cyber actors were able to reverse engineer the updates to develop an exploit within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices. CISA was made aware of this exploit a week later and added CVE-2022-22954 and CVE-2022-22960 to its catalog of Known Exploited Vulnerabilities on April 14 and April 15, respectively. \n\nBased on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products. \n\nFor more information about this activity, to include detection and mitigation recommendations, please see updated Advisory \"AA22-138B Threat Actors Chaining VMware Vulnerabilities for Full System Control.\""
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f97b4606-91b2-438f-9b05-f744cf363001",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:01.000Z",
"modified": "2024-02-12T10:31:01.000Z",
"pattern": "[domain-name:value = '149.248.35.200.sslip.io']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--da99266c-8b3d-4a66-b77f-613d1ec1b9f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[url:value = 'https://149.248.35.200.sslip.io']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--979bcd1d-caf7-460a-9c6a-2b058266ee7f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[url:value = 'http://84.38.133.149/img/icon.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d00fcde4-5803-46d7-a12e-fad4a3cdefa7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[url:value = 'http://84.38.133.149/img/icon1.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c7c4278-774e-4796-960a-99efe4840eba",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[url:value = 'https://20.232.97.189/up/80b6ae2cea.sh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--89bae0e2-50e0-4b1d-b62c-ee1631806525",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[file:hashes.MD5 = 'f8ff5c72e8ffa2112b01802113148bd1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c2c2c59b-6442-4539-af8b-5c152620b673",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[file:hashes.MD5 = '4cd8366345ad4068feca4d417738b4bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--065349b3-f9d2-45b2-bbe1-f6603dc5445a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[domain-name:value = 'sslip.io']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--41ddd191-0acd-43e9-88f9-c89c544c8ca3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.84.74.155']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c5c4772f-f23c-4239-afb4-6c99fdac51fc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.248.35.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3f5408ea-1bd3-401c-9972-ed4437548db7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.227.198.95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--24047910-1492-4ea9-9c84-9410584c0797",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.203.36.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--914bd2c7-a04e-4b90-8583-e5771c9a0eb3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '8.45.41.114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d626a397-2736-4358-bae7-493455435c92",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.31.98.141']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--53416e18-cabe-4d0c-83fd-0f7a1e47901c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.241.67.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a413bb65-f6d1-4835-8b48-39ef16dd5261",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.72.85.172']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e6f53336-db24-4fdd-9c32-98c7ded5e088",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.127.110.126']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9131eb01-90f8-41ff-bac3-59b3ff75aaff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.102.179.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--889e9911-aa1e-45b1-9b7f-acbc22385b3d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.167.53.141']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e9a3751c-2add-4808-bf26-d9f388bc382f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.72.112.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8062b05a-242f-4bf6-a10c-5b3348d67726",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '100.14.239.83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b3fbff17-a27c-43a4-879f-43cab5024d48",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '172.94.89.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8ceadede-9005-4eac-8d4b-a3b625e823de",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '84.38.133.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54bc18da-0db2-4d73-827c-30200a87f8bd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.79.171.53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7dc40daf-cad6-4247-bbaf-96df8dcb58eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '186.233.187.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4d559b39-decc-488b-81e4-29026dabc587",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '20.232.97.189']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eeea4eb7-4ac2-47f2-9bbd-40264f993c69",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '160.20.145.225']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c05a3d78-a986-4d12-9ef3-58ba99e1a538",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '136.243.75.136']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c300646b-222b-4457-b109-20b27d3356f1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[file:hashes.MD5 = 'dc88c5fe715b5f706f9fb92547da948a' AND file:hashes.SHA1 = '8a85c8f2678b5dff9101f24245d52a30e32ee7c7' AND file:hashes.SHA256 = '114160c8f950ab5c620187d0962b66facdd21156d3161db08164af3d309b4dfe' AND file:name = 'revsocks_linux_amd64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--42c9b596-0f5d-4ae8-8fc3-fbd839a1ac1b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"pattern": "[file:hashes.MD5 = '5b0bfda04a1e0d8dcb02556dc4e56e6a' AND file:hashes.SHA1 = '3e8f0d0faeb4c1aea285263cc7b97a3f926a547f' AND file:hashes.SHA256 = '8e7dee3b3cfdc8fbefb86c70ac6d49f1908cf75cafc772b6adfae69eec1733a3' AND file:name = 'upload.jsp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-12T10:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d6ebb59c-1922-4dab-9596-6960b11497e6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-02-12T10:31:02.000Z",
"modified": "2024-02-12T10:31:02.000Z",
"labels": [
"misp:name=\"original-imported-file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "attachment",
"object_relation": "imported-sample",
"value": "AA22-138B.stix.xml",
"category": "External analysis",
"uuid": "6b7f5b53-f083-4f3c-9662-0f1cb38a6d8b",
"data": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0ZWQgYnkgTVBFIDAuNS4wIG9uIDA2LzAyLzIwMjIgLS0+CjxzdGl4OlNUSVhfUGFja2FnZSB4bWxuczpzdGl4Vm9jYWJzPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMSIgeG1sbnM6QWRkcmVzc09iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FkZHJlc3NPYmplY3QtMiIgeG1sbnM6Y3lib3hWb2NhYnM9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiIgeG1sbnM6RG9tYWluTmFtZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0RvbWFpbk5hbWVPYmplY3QtMSIgeG1sbnM6RmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiIgeG1sbnM6dGxwTWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1RMUC0xIiB4bWxuczpUT1VNYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVGVybXNfT2ZfVXNlLTEiIHhtbG5zOlVSSU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1VSSU9iamVjdC0yIiB4bWxuczpzdGl4Q29tbW9uPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEiIHhtbG5zOmN5Ym94Q29tbW9uPSJodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIiB4bWxuczptYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9NYXJraW5nLTEiIHhtbG5zOnN0aXg9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9zdGl4LTEiIHhtbG5zOnR0cD0iaHR0cDovL3N0aXgubWl0cmUub3JnL1RUUC0xIiB4bWxuczpjeWJveD0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIiB4bWxuczppbmRpY2F0b3I9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9JbmRpY2F0b3ItMiIgeG1sbnM6Q0lTQT0iaHR0cDovL3d3dy51cy1jZXJ0Lmdvdi9uY2NpYyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0aXgubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9kZWZhdWx0X3ZvY2FidWxhcmllcy8xLjEuMS9zdGl4X2RlZmF1bHRfdm9jYWJ1bGFyaWVzLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FkZHJlc3NPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0FkZHJlc3MvMi4xL0FkZHJlc3NfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLzIuMS9jeWJveF9kZWZhdWx0X3ZvY2FidWxhcmllcy54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNEb21haW5OYW1lT2JqZWN0LTEgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9Eb21haW5fTmFtZS8xLjAvRG9tYWluX05hbWVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ZpbGUvMi4xL0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1RMUC0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZXh0ZW5zaW9ucy9tYXJraW5nL3RscC8xLjEuMS90bHBfbWFya2luZy54c2QgIGh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUZXJtc19PZl9Vc2UtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2V4dGVuc2lvbnMvbWFya2luZy90ZXJtc19vZl91c2UvMS4wLjEvdGVybXNfb2ZfdXNlX21hcmtpbmcueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjVVJJT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9VUkkvMi4xL1VSSV9PYmplY3QueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9jb21tb24vMS4xLjEvc3RpeF9jb21tb24ueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvbW1vbi8yLjEvY3lib3hfY29tbW9uLnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGF0YV9tYXJraW5nLzEuMS4xL2RhdGFfbWFya2luZy54c2QgIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9zdGl4LTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9jb3JlLzEuMS4xL3N0aXhfY29yZS54c2QgIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9UVFAtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL3R0cC8xLjEuMS90dHAueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2N5Ym94LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29yZS8yLjEvY3lib3hfY29yZS54c2QgIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9JbmRpY2F0b3ItMiBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2luZGljYXRvci8yLjEuMS9pbmRpY2F0b3IueHNkIiBpZD0iTlBHLTE1NTQ1Njc2IiB2ZXJzaW9uPSIxLjEuMSIgdGltZXN0YW1wPSIyMDIyLTA2LTAyVDIwOjA1OjM2Ij4KICAgIDxzdGl4OlNUSVhfSGVhZGVyPgogICAgICAgID
},
{
"type": "text",
"object_relation": "format",
"value": "STIX 1.1",
"category": "Other",
"uuid": "a1459f7f-6668-4a60-b501-681db3c0874d"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "original-imported-file"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}