2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5a6f379d-3854-4457-949e-41bb950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-30T03:00:38.000Z",
|
|
|
|
"modified": "2018-01-30T03:00:38.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5a6f379d-3854-4457-949e-41bb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-30T03:00:38.000Z",
|
|
|
|
"modified": "2018-01-30T03:00:38.000Z",
|
|
|
|
"name": "OSINT - VERMIN: Quasar RAT and Custom Malware Used In Ukraine",
|
|
|
|
"published": "2018-02-16T08:53:02Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5a6f37fa-a5bc-4e02-bb58-480d950d210f",
|
|
|
|
"indicator--5a6f37fb-b69c-44bd-b2a8-459e950d210f",
|
|
|
|
"indicator--5a6f37fb-850c-456a-8e95-48f2950d210f",
|
|
|
|
"indicator--5a6f37fc-4254-4ad5-ae0c-4f19950d210f",
|
|
|
|
"indicator--5a6f37fc-1188-4b79-a9bb-4ea7950d210f",
|
|
|
|
"indicator--5a6f37fc-134c-483d-a237-4c94950d210f",
|
|
|
|
"indicator--5a6f37fd-dc10-41aa-96f5-4b90950d210f",
|
|
|
|
"indicator--5a6f37fd-7798-4a86-928c-43f1950d210f",
|
|
|
|
"indicator--5a6f37fe-86f0-422b-83c9-45bc950d210f",
|
|
|
|
"indicator--5a6f37fe-f424-4a48-8738-4e6d950d210f",
|
|
|
|
"indicator--5a6f37fe-4e0c-4156-8a1e-40f2950d210f",
|
|
|
|
"indicator--5a6f37ff-251c-453c-81d3-4b8e950d210f",
|
|
|
|
"indicator--5a6f37ff-c250-44f4-ba76-4b3e950d210f",
|
|
|
|
"indicator--5a6f3800-55e0-491f-be92-44c2950d210f",
|
|
|
|
"indicator--5a6f3800-160c-40bc-9935-4fa7950d210f",
|
|
|
|
"indicator--5a6f3801-1808-4faa-8944-4c44950d210f",
|
|
|
|
"indicator--5a6f3801-ff04-4575-9453-431a950d210f",
|
|
|
|
"indicator--5a6f3801-9620-47c0-97ab-411d950d210f",
|
|
|
|
"indicator--5a6f3802-4480-4847-b42f-4db6950d210f",
|
|
|
|
"indicator--5a6f3812-2fdc-4a17-8a08-445f950d210f",
|
|
|
|
"indicator--5a6f3812-6f6c-4a88-b041-4546950d210f",
|
|
|
|
"indicator--5a6f3812-4308-4f43-8701-47e1950d210f",
|
|
|
|
"indicator--5a6f3813-9fa0-4953-b93d-445b950d210f",
|
|
|
|
"indicator--5a6f3813-ee04-44a9-b7fc-4018950d210f",
|
|
|
|
"indicator--5a6f3814-df80-4caa-abf1-4772950d210f",
|
|
|
|
"indicator--5a6f3814-89e4-427b-b691-4d1a950d210f",
|
|
|
|
"indicator--5a6f3815-05ac-490c-b0b8-4875950d210f",
|
|
|
|
"indicator--5a6f3815-b354-43fe-8fc6-4ce5950d210f",
|
|
|
|
"indicator--5a6f3816-8268-467f-92f9-4757950d210f",
|
|
|
|
"indicator--5a6f3816-b928-47f0-95f1-419f950d210f",
|
|
|
|
"indicator--5a6f3816-49a4-4aaf-8ac6-48dc950d210f",
|
|
|
|
"indicator--5a6f3817-a538-4354-8845-4083950d210f",
|
|
|
|
"observed-data--5a6f3881-b480-46d9-a301-4260950d210f",
|
|
|
|
"file--5a6f3881-b480-46d9-a301-4260950d210f",
|
|
|
|
"artifact--5a6f3881-b480-46d9-a301-4260950d210f",
|
|
|
|
"indicator--5a6f38ad-93e4-4b0b-a2c1-47f2950d210f",
|
|
|
|
"indicator--5a6f38ad-41bc-4a25-b32c-45d8950d210f",
|
|
|
|
"indicator--5a6f38ae-5850-40a7-ad87-4475950d210f",
|
|
|
|
"indicator--5a6f38ae-df40-45f5-8499-47d8950d210f",
|
|
|
|
"indicator--5a6f38af-536c-4de4-a1a4-4ac6950d210f",
|
|
|
|
"indicator--5a6f38af-c7ac-4c40-b997-4624950d210f",
|
|
|
|
"indicator--5a6f38af-d484-423b-b7c2-4daa950d210f",
|
|
|
|
"indicator--5a6f38b0-42b0-4be2-aa6e-41e9950d210f",
|
|
|
|
"indicator--5a6f38b0-c490-4fa9-bbe4-44d2950d210f",
|
|
|
|
"indicator--5a6f38b1-ad80-43e8-8a27-4220950d210f",
|
|
|
|
"indicator--5a6f38b2-4a14-40ba-a8d3-43c5950d210f",
|
|
|
|
"indicator--5a6f38b2-0d58-42bc-9edd-46a0950d210f",
|
|
|
|
"indicator--5a6f38b3-accc-46fa-9698-4a48950d210f",
|
|
|
|
"indicator--5a6f38b3-4bc0-4722-8c76-4696950d210f",
|
|
|
|
"indicator--5a6f38b3-eadc-4c21-8240-49c6950d210f",
|
|
|
|
"indicator--5a6f38b4-0c54-44d2-8233-4fbb950d210f",
|
|
|
|
"indicator--5a6f38b4-dcf0-46e0-8098-425f950d210f",
|
|
|
|
"indicator--5a6f38b5-fcf4-4a40-8f34-4e9c950d210f",
|
|
|
|
"indicator--5a6f38b5-e0a8-4166-a7c5-4e35950d210f",
|
|
|
|
"indicator--5a6f38b5-7450-4dbb-af03-4382950d210f",
|
|
|
|
"indicator--5a6f38b6-5254-45b8-bf1b-485d950d210f",
|
|
|
|
"indicator--5a6f38b6-bcdc-4774-bf0d-47c5950d210f",
|
|
|
|
"indicator--5a6f38b7-9f5c-4800-b676-4f92950d210f",
|
|
|
|
"indicator--5a6f38b7-6004-461b-b0fd-4a99950d210f",
|
|
|
|
"indicator--5a6f38b7-b0b0-41e8-867b-470c950d210f",
|
|
|
|
"indicator--5a6f38b8-4604-426a-9216-4db1950d210f",
|
|
|
|
"indicator--5a6f3abd-6410-4428-a09e-4816950d210f",
|
|
|
|
"x-misp-attribute--5a6f3acb-08d4-4861-ae24-43aa950d210f",
|
|
|
|
"observed-data--5a6f3aef-7370-4493-b1ac-4d14950d210f",
|
|
|
|
"url--5a6f3aef-7370-4493-b1ac-4d14950d210f",
|
|
|
|
"indicator--1d9be292-dba6-4626-bdcc-c3cc94cd6427",
|
|
|
|
"x-misp-object--2fe8fec4-eb73-4466-aaff-81baf3f665e8",
|
|
|
|
"indicator--464c0d84-bec5-4624-9226-e83fb79abe65",
|
|
|
|
"x-misp-object--39e7fa59-4876-4433-a546-5ad01dd89d95",
|
|
|
|
"indicator--b9b273dc-465f-4c74-aaf5-c47c4db6ff49",
|
|
|
|
"x-misp-object--7e00522f-7a22-4c38-954c-065f327ae27a",
|
|
|
|
"indicator--03348905-4bbd-4f58-8370-bef8f3a2b7ef",
|
|
|
|
"x-misp-object--908e2c6d-188d-4434-a5f4-e3bf349ff63d",
|
|
|
|
"indicator--0870e838-42ad-470c-a177-d10678e2b685",
|
|
|
|
"x-misp-object--b9407d74-26b8-4e0c-98c9-9d8e75bd96d1",
|
|
|
|
"indicator--baa647b0-1c09-413a-af07-54da786df266",
|
|
|
|
"x-misp-object--6e9a6b22-ccd0-44f4-a7a4-d5c54062e0a5",
|
|
|
|
"indicator--18e8d7ce-a4c8-4f0c-841b-81d4f8cacd1e",
|
|
|
|
"x-misp-object--31b81fca-2950-49d9-b6a2-8ab7b732abf7",
|
|
|
|
"indicator--68e51b07-074d-4889-af2f-0b008a94d048",
|
|
|
|
"x-misp-object--6d24fb20-9e41-440f-8860-992698e1567e",
|
|
|
|
"indicator--0824551a-554e-4119-8e73-938369593536",
|
|
|
|
"x-misp-object--ae2fb6e2-eb53-4135-80aa-c99f699f00d1",
|
|
|
|
"indicator--e183b4ca-ca78-403e-bcb3-d1d29c449eef",
|
|
|
|
"x-misp-object--bf5aaef8-82a3-4e2e-941e-b8c4ffe63414",
|
|
|
|
"indicator--db392010-acf6-4a58-8b99-41ce01c4df3a",
|
|
|
|
"x-misp-object--eec3e342-608c-4964-ae3b-00800c520b8c",
|
|
|
|
"indicator--2d1f5a63-e7b2-4a40-82b2-1b5b504fdeed",
|
|
|
|
"x-misp-object--31ca081a-a527-41f1-a3b3-64001f2951b3",
|
|
|
|
"indicator--bea6a180-0d2b-417c-a99a-4da282536b95",
|
|
|
|
"x-misp-object--8649e8ec-168b-4e02-90b0-3e712cf43bad",
|
|
|
|
"indicator--e85ea249-c648-4fd8-a113-69e50469ebd8",
|
|
|
|
"x-misp-object--8007182f-0cf9-43e4-8744-f382785a66f9",
|
|
|
|
"indicator--64cedeaa-9cfe-4fc6-b3c8-932c9749389c",
|
|
|
|
"x-misp-object--6a90b9ce-29c1-4eb4-b2cb-0e6d9837371a",
|
|
|
|
"indicator--a5ed311b-5e4e-47dd-b6bd-bc811f076f86",
|
|
|
|
"x-misp-object--16899616-c8db-4453-95c7-8e762de660cc",
|
|
|
|
"indicator--fcb27540-c9f1-4750-bfc5-7993b0831741",
|
|
|
|
"x-misp-object--edab7b9b-2c87-47e1-befa-565a3d7c8439",
|
|
|
|
"indicator--b9dd7e05-878a-4429-b680-cf431464a73d",
|
|
|
|
"x-misp-object--c9d2ab7b-0b4c-4e35-a869-99ae3d39410f",
|
|
|
|
"indicator--e26a37d6-f07e-4e6c-af03-f108a1105b25",
|
|
|
|
"x-misp-object--56c1bb1a-f157-4e3b-9dcf-c01a873a722e",
|
|
|
|
"indicator--ede96584-eb72-49a7-9f26-64b016ce5f46",
|
|
|
|
"x-misp-object--994c08ac-acee-400e-bb69-14c42237c1cd",
|
|
|
|
"indicator--d6a26376-374d-4a00-942b-2839e120aa73",
|
|
|
|
"x-misp-object--c34845a5-7c9c-4065-9748-5b13e173b87c",
|
|
|
|
"indicator--2f999597-3850-4594-b271-e8fe0ab5d6e5",
|
|
|
|
"x-misp-object--5d559431-716b-47d2-83df-05fd3810e321",
|
|
|
|
"indicator--588a8a84-a6e4-4f1e-a3b5-f721724a4049",
|
|
|
|
"x-misp-object--79d44c23-7f8f-4c10-958a-c5b4543aa7f9",
|
|
|
|
"indicator--a138407f-4844-4813-be9b-ccbba36de11e",
|
|
|
|
"x-misp-object--76d75400-8a3c-42f2-86c3-a4da8e92c1d1",
|
|
|
|
"indicator--ad32df7d-9acc-4252-b689-4a669a8823fd",
|
|
|
|
"x-misp-object--87098385-cbf7-4885-bcde-f5845d185baf",
|
|
|
|
"indicator--c01c77b8-0ea5-478e-86c5-27cbc6ae2464",
|
|
|
|
"x-misp-object--a22fcdc0-cc48-4364-8cef-6a6928c30423",
|
|
|
|
"indicator--3939e98d-0f06-43f4-a3ee-414d8497bc73",
|
|
|
|
"x-misp-object--80198a2a-38cc-46c2-88d5-42b55674df2b",
|
|
|
|
"indicator--bdaa5408-83ca-4245-8b77-920a710339fc",
|
|
|
|
"x-misp-object--82728331-7584-4cf4-b953-8e966abd4a37",
|
2024-04-05 12:15:17 +00:00
|
|
|
"relationship--e2985f03-94dc-4468-b5b9-f6f84d3e497a",
|
|
|
|
"relationship--aca1b6b3-c7ac-433e-8088-cbe05ae1899c",
|
|
|
|
"relationship--537881d2-57ef-4913-9dda-acaa1ea775f0",
|
|
|
|
"relationship--bc14c216-e973-453a-89ab-42634ab0c15e",
|
|
|
|
"relationship--2744e545-3f6e-49fb-bde9-7120782cc54f",
|
|
|
|
"relationship--7367b533-d25c-4d8e-863e-f155606872ac",
|
|
|
|
"relationship--2f761fc6-ec5f-4af5-abb0-a5cf6f5fba2e",
|
|
|
|
"relationship--e4ac4317-a8d9-49ee-a8c5-e9011e02c55f",
|
|
|
|
"relationship--7dad0b66-a82c-4fe2-8bf6-99bfc9aa8ecd",
|
|
|
|
"relationship--4b3b1dd7-60a0-43ea-a91b-74ca04d5caf1",
|
|
|
|
"relationship--4abeae72-0b98-4fb7-b2b0-a92253e42d1a",
|
|
|
|
"relationship--ed755f6d-d74f-45ce-9608-c53b151457dd",
|
|
|
|
"relationship--7eae5825-4afd-4089-8a1d-cbf93b1bdb4e",
|
|
|
|
"relationship--9813e3c2-2753-4810-be31-347da672f304",
|
|
|
|
"relationship--7a2a67a1-6b83-44f7-8999-06c6ab6adb5f",
|
|
|
|
"relationship--87c0fbac-89c9-4110-875b-7dee4ea295df",
|
|
|
|
"relationship--a89bf28e-c696-4975-a2ac-5cdc31c424a2",
|
|
|
|
"relationship--802789df-8301-4582-9b41-861c4c7bd47e",
|
|
|
|
"relationship--dc6710fe-348c-42ff-896f-a9d0651cda2b",
|
|
|
|
"relationship--74a330d9-2428-4f16-803c-fa5d71dee941",
|
|
|
|
"relationship--e2adf723-51b9-4f8a-8488-08aae589cff1",
|
|
|
|
"relationship--079db8ff-c36a-4d7f-a919-8ea6859c45d8",
|
|
|
|
"relationship--cb39b38b-dee8-4587-b916-59cf835d100d",
|
|
|
|
"relationship--b9067f1e-1faf-4d6f-9082-3adbb4c9361c",
|
|
|
|
"relationship--ca00e79a-450a-4e6f-8f01-53aea883cc9e",
|
|
|
|
"relationship--26775964-861c-4fc7-92ae-0f3ebd287c0a",
|
|
|
|
"relationship--8c1f1e50-0674-4aaf-805c-71095a714b75",
|
|
|
|
"relationship--9977499f-b1f3-4ad8-885f-a8b860b9f155"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:rat=\"Quasar RAT\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fa-a5bc-4e02-bb58-480d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:26.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:26.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fb-b69c-44bd-b2a8-459e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:27.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:27.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '154ef5037e5de49a6e3c48ea7221a02a5df33c34420a586cbff6a46dc5026a91']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fb-850c-456a-8e95-48f2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:27.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:27.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fc-4254-4ad5-ae0c-4f19950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:28.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:28.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '250cf8b44fc3ae86b467dd3a1c261a6c3d1645a8a21addfe7f2e2241ff8b79fc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fc-1188-4b79-a9bb-4ea7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:28.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:28.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fc-134c-483d-a237-4c94950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:28.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:28.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '92295b38daa4e44b9d257e56c5b271bbbf6a620312dc58e48e56473427170aa1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fd-dc10-41aa-96f5-4b90950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:29.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:29.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9ea00514c4ae9519a8938924b02826cfafeb75fc70f16c422aeadb8317a146c1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fd-7798-4a86-928c-43f1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:29.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:29.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a3c84c5f8d981653a2a391d29f32c8127fba8f0ab7da8815330a228205c99ba6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fe-86f0-422b-83c9-45bc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:30.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:30.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7b08b0d4d68ebf5238eaa8a40f815b83de372e345eb22cc3d50a4bb1869db78e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fe-f424-4a48-8738-4e6d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:30.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:30.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f75861216f5716b0227733e6a093776f693361626efebe37618935b9c6e1bdfd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37fe-4e0c-4156-8a1e-40f2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:30.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:30.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '51b0bb172c6e5eaa8e333fbf2451ae27094991b6330025374b9082ae8cd879cf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37ff-251c-453c-81d3-4b8e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:31.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:31.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '46ae101a8dc8bf434d2c599aaabfb72a0843d21e2150a6c745c0c4a771c09da3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f37ff-c250-44f4-ba76-4b3e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:31.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:31.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '488db27f3d619b3067d95515a356997ea8e840c65daa2799bdd473dce93362f2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3800-55e0-491f-be92-44c2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:32.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:32.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5a05d2171e6aeb5edd9d39c7f46cd3bf0e2ee3ee803431a58a9945a56ce935f6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3800-160c-40bc-9935-4fa7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:32.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:32.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6f4e20e421451c3d8490067f8424d7efbcc5edeb82f80bb5562c76d4adfb0181']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3801-1808-4faa-8944-4c44950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:33.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:33.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9a81cffe79057d8d307910143efd1455f956f2de2c7cc8fb07a7c17000913d59']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3801-ff04-4575-9453-431a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:33.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:33.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c84afdd28fa0923a09f6dd3af1e3821cdb07862b2796fa004cd3229bc6129cbe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3801-9620-47c0-97ab-411d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:33.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:33.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6cf63ae829984a47aca93f8a1261afe5a06930f04fab6f86f6f7f9631fde59ec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3802-4480-4847-b42f-4db6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:34.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:34.000Z",
|
|
|
|
"description": "Quasar",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'aa982fe7d28bbf55865047b16334efbe3fcb6bae06e5ed9cab544f1c8d307317']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3812-2fdc-4a17-8a08-445f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:50.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:50.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3812-6f6c-4a88-b041-4546950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:50.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:50.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '677edb1a0a86c8bd0df150f2d9c5c3bc1d20d255b6f7944c4adcff3c45df4851']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3812-4308-4f43-8701-47e1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:50.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:50.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3813-9fa0-4953-b93d-445b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:51.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:51.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3813-ee04-44a9-b7fc-4018950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:51.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:51.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'eb48a31f8f81635d24f343a09247284149884bd713d3bc1c0b9c936bca8bafd7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3814-df80-4caa-abf1-4772950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:52.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:52.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '15c52b01d2b9294e2dd4d9711cde99e10f11cd188e0d1e4fa9db78f9805626c3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3814-89e4-427b-b691-4d1a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:52.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:52.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '31a1419d9121f55859ecf2d01f07da38bd37bb11d0ed9544a35d5d69472c358e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3815-05ac-490c-b0b8-4875950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:53.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:53.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5586fb423aff39a02cddf5e456a83a8301afe9ed78ecbc8de2cd852bc0cd498f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3815-b354-43fe-8fc6-4ce5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:53.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:53.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5ee12dd028f5f8c2c0eb76f28c2ce273423998b36f3fc20c9e291f39825601f9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3816-8268-467f-92f9-4757950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:54.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:54.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '98073a58101dda103ea03bbd4b3554491d227f52ec01c245c3782e63c0fdbc07']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3816-b928-47f0-95f1-419f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:54.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:54.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c5647603337a4e9bfbb2259c0aec7fa9868c87ded2ab74e9d233bdb2a3bb163e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3816-49a4-4aaf-8ac6-48dc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:54.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:54.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'eb46b8978619a72f4b0d3ea8961dde527f8e27e89701ccd6e5643c33b103d901']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3817-a538-4354-8845-4083950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:04:55.000Z",
|
|
|
|
"modified": "2018-01-29T15:04:55.000Z",
|
|
|
|
"description": "VERMIN",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'abd05a20b8aa21d58ee01a02ae804a0546fbf6811d71559423b6b5afdfbe7e64']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:04:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a6f3881-b480-46d9-a301-4260950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:38.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:38.000Z",
|
|
|
|
"first_observed": "2018-01-29T15:13:38Z",
|
|
|
|
"last_observed": "2018-01-29T15:13:38Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5a6f3881-b480-46d9-a301-4260950d210f",
|
|
|
|
"artifact--5a6f3881-b480-46d9-a301-4260950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"attachment\"",
|
|
|
|
"misp:category=\"Support Tool\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5a6f3881-b480-46d9-a301-4260950d210f",
|
|
|
|
"name": "decode.py",
|
|
|
|
"content_ref": "artifact--5a6f3881-b480-46d9-a301-4260950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "artifact",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "artifact--5a6f3881-b480-46d9-a301-4260950d210f",
|
|
|
|
"payload_bin": "IyEvdXNyL2xvY2FsL2Jpbi9weXRob24KCl9fYXV0aG9yX18gPSAiSnVhbiBDIENvcnRlcyIKX192ZXJzaW9uX18gPSAiMS4wIgpfX2VtYWlsX18gPSAiamNvcnRlc0BwYWxvYWx0b25ldHdvcmtzLmNvbSIKCmZyb20gcmFuZG9tIGltcG9ydCByYW5kaW50CmltcG9ydCB6bGliCmltcG9ydCBiaW5hc2NpaQppbXBvcnQgc3lzCmltcG9ydCBsb2dnaW5nCmltcG9ydCBoYXNobGliCmltcG9ydCBhcmdwYXJzZQppbXBvcnQgb3MKaW1wb3J0IHN0cnVjdApmcm9tIHRhYnVsYXRlIGltcG9ydCB0YWJ1bGF0ZQpmcm9tIENyeXB0byBpbXBvcnQgUmFuZG9tCmZyb20gQ3J5cHRvLkNpcGhlciBpbXBvcnQgQUVTCgpkZWYgcGFyc2VfYXJndW1lbnRzKCk6CiAgICAiIiJBcmd1bWVudCBQYXJzZXIiIiIKICAgIHBhcnNlciA9IGFyZ3BhcnNlLkFyZ3VtZW50UGFyc2VyKAogICAgICAgIHVzYWdlPSJEZWNyeXB0IHN0cmluZ3MgZm9yIFZlcm1pblJBVCIpCiAgICBwYXJzZXIuYWRkX2FyZ3VtZW50KAogICAgICAgICItdiIsCiAgICAgICAgIi0tdmVyYm9zaXR5IiwKICAgICAgICBhY3Rpb249InN0b3JlX3RydWUiLAogICAgICAgIGRlc3Q9InZ2ZXJib3NlIiwKICAgICAgICBoZWxwPSJQcmludCBkZWJ1Z2dpbmcgaW5mb3JtYXRpb24iKQogICAgcGFyc2VyLmFkZF9hcmd1bWVudCgKICAgICAgICAiLW8iLAogICAgICAgICItLW91dHB1dCIsCiAgICAgICAgZGVzdD0ib3V0cHV0X2ZpbGUiLAogICAgICAgIHR5cGU9c3RyLAogICAgICAgIGhlbHA9Ik91dHB1dCByZXN1bHRzIGZpbGUiKQogICAgcGFyc2VyLmFkZF9hcmd1bWVudCgKICAgICAgICAiaW5wdXQiLAogICAgICAgIHR5cGU9c3RyLAogICAgICAgIGFjdGlvbj0nc3RvcmUnLAogICAgICAgIGhlbHA9IklucHV0IGZpbGUgb2YgbmV3bGluZSBzZXBhcmF0ZWQgc3RyaW5ncyBvciBzaW5nbGUgc3RyaW5nIikKICAgIHBhcnNlci5hZGRfYXJndW1lbnQoCiAgICAgICAgIi1iIiwKICAgICAgICAiLS1ibG9iIiwKICAgICAgICBhY3Rpb249J3N0b3JlX3RydWUnLAogICAgICAgIGhlbHA9IlBhcmFtIHVzZSBmb3IgZGVjcnlwdGluZyBibG9icyBvZiBkYXRhIGluc3RlYWQgb2Ygc3RyaW5ncy4gQmxvYiBpcyBhdXRvc2F2ZSB0byAnYmxvYi5vdXQnIikKICAgIHJldHVybiBwYXJzZXIKCmRlZiB3cml0ZV9vdXQob3V0cHV0X2xpc3QsIGhlYWRlcnMsIG91dHB1dF9maWxlPUZhbHNlKToKICAgICIiIgogICAgUHJldHR5IG91dHB1dHMgbGlzdAogICAgOnBhcmFtIG91dHB1dF9saXN0OiBMaXN0IHRvIG91dHB1dAogICAgIiIiCiAgICBwcmludCB0YWJ1bGF0ZShvdXRwdXRfbGlzdCwgaGVhZGVycywgdGFibGVmbXQ9InNpbXBsZSIpCiAgICBwcmludCAiIgogICAgaWYgb3V0cHV0X2ZpbGU6CiAgICAgICAgd2l0aCBvcGVuKG91dHB1dF9maWxlLCAiYWIiKSBhcyBmaWxlOgogICAgICAgICAgICBmaWxlLndyaXRlKHRhYnVsYXRlKG91dHB1dF9saXN0LCBoZWFkZXJzLCB0YWJsZWZtdD0ic2ltcGxlIikpCiAgICAgICAgICAgIGZpbGUud3JpdGUoIlxuXG4iKQoKZGVmIGdlbmVyYXRlQXJyYXkoKToKICAgIGFieXRlID0gYnl0ZWFycmF5KDYpCiAgICBmb3IgaSBpbiByYW5nZSgwLDYpOgogICAgICAgYWJ5dGVbaV0gPSByYW5kaW50KDAsIDB4N0ZGRkZGRkYpICUgNwoKICAgIHJldHVybiBhYnl0ZTsKCmRlZiBwYXJzZUVuY3J5cHRlU3RyKGVuY3J5cHRTdHIpOgogICAgdHJ5OgogICAgICAgIGRlY29kZWQgPSBlbmNyeXB0U3RyLmRlY29kZSgnYmFzZTY0JykKICAgICAgICBoYXJkY29kZWRfY3JjMzIgPSBkZWNvZGVkWy00Ol0KICAgICAgICBwYXJzZWRFbmNyeXB0ZWQgPSBkZWNvZGVkWzE2Oi00XQogICAgICAgIGl2ID0gZGVjb2RlZFs6MTZdCiAgICAgICAgcmV0dXJuIGhhcmRjb2RlZF9jcmMzMixwYXJzZWRFbmNyeXB0ZWQsaXYKICAgIGV4Y2VwdCBFeGNlcHRpb24gYXMgZToKICAgICAgICBwcmludCBlCgpkZWYgYnJ1dGVGb3JjZUNSQzMyVmFsdWUodmFsdWVjcmMzMik6CiAgICB3aGlsZSAoVHJ1ZSk6CiAgICAgICAgYXJyeSA9IGdlbmVyYXRlQXJyYXkoKQogICAgICAgIGNyYzMyID0gYmluYXNjaWkuY3JjMzIoYXJyeSkKICAgICAgICBjcmMzMiA9IGNyYzMyICUgKDEgPDwgMzIpCiAgICAgICAgaWYgY3JjMzIgPT0gdmFsdWVjcmMzMjoKICAgICAgICAgICAgcmV0dXJuKGFycnkpCgpkZWYgZGVjcnlwdFN0cihzdHIsa2V5LGl2KToKICAgIGFlcyA9IEFFUy5uZXcoa2V5LCBBRVMuTU9ERV9DQkMsIGl2KQogICAgYmxvYiA9IGFlcy5kZWNyeXB0KHN0cikKICAgIHJldHVybiBibG9iCgpkZWYgcGFyc2VQbGFpblRleHQoc3RyKToKICAgIGNoYXIgPSAiIgogICAgZm9yIGkgaW4gc3RyOgogICAgICAgIGlmIDB4MjAgPD0gb3JkKGkpIDw9IDB4MTI3OgogICAgICAgICAgICBjaGFyICs9IGkKICAgICAgICBlbHNlOgogICAgICAgICAgICBjb250aW51ZQogICAgcmV0dXJuIGNoYXIKCmRlZiBwYXJzZVVuaWNkZShzdHIpOgogICAgdHJ5OgogICAgICAgIHVuaSA9ICIiCiAgICAgICAgZm9yIGkgaW4gcmFuZ2UoMCxsZW4oc3RyKS8yKToKICAgICAgICAgICAgdW5pICs9IHN0cltpXQogICAgICAgIHJldHVybiB1bmkuZGVjb2RlKCd1dGYxNicpCiAgICBleGNlcHQgRXhjZXB0aW9uIGFzIGU6CiAgICAgICAgcHJpbnQgZQoKZGVmIG1haW4oKToKICAgICIiIk1haW4gTWV0aG9kIiIiCiAgICBhcmdzID0gcGFyc2VfYXJndW1lbnRzKCkucGFyc2VfYXJncygpCiAgICBzdHJzID0gW10KCiAgICBpZiBhcmdzLnZ2ZXJib3NlOgogICAgICAgIGxvZ2dpbmcuYmFzaWNDb25maWcoCiAgICAgICAgICAgIGxldmVsPWxvZ2dpbmcuREVCVUcsCiAgICAgICAgICAgIGZvcm1hdD0nICUoYXNjdGltZSlzIC0gJShsZXZlbG5hbWUpcyAtICUobWVzc2FnZSlzJykKCiAgICBpZiBhcmdzLmJsb2IgYW5kIG9zLnBhdGguZXhpc3RzKGFyZ3MuaW5wdXQpICE9IFRydWU6CiAgICAgICAgYiA9IGFyZ3MuaW5wdXQKICAgICAgICBjcmMzMkhhcmRjb2RlLCBlbmNyeXB0ZWRTdHIsIGl2ID0gcGFyc2VFbmNyeXB0ZVN0cihiKQogICAgICAgIGNyYzMySGFyZGNvZGUgPSBieXRlYXJ
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38ad-93e4-4b0b-a2c1-47f2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:38.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:38.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'akamaicdn.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38ad-41bc-4a25-b32c-45d8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:39.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:39.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'cdnakamai.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38ae-5850-40a7-ad87-4475950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:39.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:39.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'www.akamaicdn.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38ae-df40-45f5-8499-47d8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:39.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:39.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'www.akamainet066.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38af-536c-4de4-a1a4-4ac6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:40.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:40.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'www.akamainet023.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38af-c7ac-4c40-b997-4624950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:40.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:40.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'www.akamainet021.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38af-d484-423b-b7c2-4daa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:41.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:41.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'akamainet023.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b0-42b0-4be2-aa6e-41e9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:41.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:41.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'akamainet022.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b0-c490-4fa9-bbe4-44d2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:41.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:41.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'akamainet021.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b1-ad80-43e8-8a27-4220950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:42.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:42.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'www.akamainet022.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b2-4a14-40ba-a8d3-43c5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:42.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:42.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'akamainet066.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b2-0d58-42bc-9edd-46a0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:43.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:43.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'akamainet024.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b3-accc-46fa-9698-4a48950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:43.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:43.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'www.cdnakamai.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b3-4bc0-4722-8c76-4696950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:44.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:44.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'notifymail.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b3-eadc-4c21-8240-49c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:44.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:44.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'www.notifymail.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b4-0c54-44d2-8233-4fbb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:45.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:45.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'mailukr.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b4-dcf0-46e0-8098-425f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:45.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:45.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'tech-adobe.dyndns.biz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b5-fcf4-4a40-8f34-4e9c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:45.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:45.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[domain-name:value = 'www.mailukr.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b5-e0a8-4166-a7c5-4e35950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:46.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:46.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.158.153.222']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b5-7450-4dbb-af03-4382950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:46.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:46.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.158.47.228']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b6-5254-45b8-bf1b-485d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:47.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:47.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.78.105.23']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b6-bcdc-4774-bf0d-47c5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:47.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:47.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.158.46.251']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b7-9f5c-4800-b676-4f92950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:48.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:48.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.227.75.189']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b7-6004-461b-b0fd-4a99950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:48.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:48.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.116.121.46']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b7-b0b0-41e8-867b-470c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:48.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:48.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.125.46.24']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f38b8-4604-426a-9216-4db1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:49.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:49.000Z",
|
|
|
|
"description": "C2 Addresses",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.200.53.181']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a6f3abd-6410-4428-a09e-4816950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:16:13.000Z",
|
|
|
|
"modified": "2018-01-29T15:16:13.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Microsoft\\\\AddIns\\\\settings.dat']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:16:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5a6f3acb-08d4-4861-ae24-43aa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:16:27.000Z",
|
|
|
|
"modified": "2018-01-29T15:16:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"pdb\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Artifacts dropped",
|
|
|
|
"x_misp_type": "pdb",
|
|
|
|
"x_misp_value": "Z:\\Projects\\Vermin\\TaskScheduler\\obj\\Release\\Licenser.pdb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a6f3aef-7370-4493-b1ac-4d14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:17:03.000Z",
|
|
|
|
"modified": "2018-01-29T15:17:03.000Z",
|
|
|
|
"first_observed": "2018-01-29T15:17:03Z",
|
|
|
|
"last_observed": "2018-01-29T15:17:03Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5a6f3aef-7370-4493-b1ac-4d14950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5a6f3aef-7370-4493-b1ac-4d14950d210f",
|
|
|
|
"value": "https://twitter.com/blu3_team/status/917050823724732419"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--1d9be292-dba6-4626-bdcc-c3cc94cd6427",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:52.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:52.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'dc0ab74129a4be18d823b71a54b0cab0' AND file:hashes.SHA1 = '39525cbca591f2a10946ba62a56e4c3382cd4fc0' AND file:hashes.SHA256 = '4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2fe8fec4-eb73-4466-aaff-81baf3f665e8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:51.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:51.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da/analysis/1496635005/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a2f-7ac0-4e75-b028-4c2402de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "40/61",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a2f-c960-492b-9617-421702de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-06-05T03:56:45",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a30-2ab4-469b-83d6-4ae302de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--464c0d84-bec5-4624-9226-e83fb79abe65",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:55.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:55.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '46f09e5230dfced7939131d704bdb592' AND file:hashes.SHA1 = 'a40451a9485f465338d15c4985adc7c798f788d3' AND file:hashes.SHA256 = '5a05d2171e6aeb5edd9d39c7f46cd3bf0e2ee3ee803431a58a9945a56ce935f6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--39e7fa59-4876-4433-a546-5ad01dd89d95",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:54.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:54.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/5a05d2171e6aeb5edd9d39c7f46cd3bf0e2ee3ee803431a58a9945a56ce935f6/analysis/1486445762/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a32-d430-483f-b80a-49dc02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "23/56",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a32-721c-4893-bc16-46ee02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-02-07T05:36:02",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a33-f69c-40a1-aacc-4d7202de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--b9b273dc-465f-4c74-aaf5-c47c4db6ff49",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:58.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:58.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3ddc543facdc43dc5b1bdfa110fcffa3' AND file:hashes.SHA1 = 'cc6ed0e81c5fbaa45e6e491637c6497cedec839c' AND file:hashes.SHA256 = 'a3c84c5f8d981653a2a391d29f32c8127fba8f0ab7da8815330a228205c99ba6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:13:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--7e00522f-7a22-4c38-954c-065f327ae27a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:56.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:56.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/a3c84c5f8d981653a2a391d29f32c8127fba8f0ab7da8815330a228205c99ba6/analysis/1517234967/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a34-11c8-40ec-9843-4d8202de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "32/65",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a35-5bc4-4a30-8017-436102de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:09:27",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a35-7230-4f8c-b3a1-476d02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--03348905-4bbd-4f58-8370-bef8f3a2b7ef",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:01.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:01.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2b044a21687003c78ff8628c3a69b0a0' AND file:hashes.SHA1 = '3cba047ed980a7f25d341bfa05cbc14ec0c26e9c' AND file:hashes.SHA256 = '31a1419d9121f55859ecf2d01f07da38bd37bb11d0ed9544a35d5d69472c358e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--908e2c6d-188d-4434-a5f4-e3bf349ff63d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:13:59.000Z",
|
|
|
|
"modified": "2018-01-29T15:13:59.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/31a1419d9121f55859ecf2d01f07da38bd37bb11d0ed9544a35d5d69472c358e/analysis/1517235863/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a37-6b38-48a2-94c0-4b5602de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "46/65",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a37-5214-4611-af77-411602de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:24:23",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a38-cce8-4193-8483-4b3202de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0870e838-42ad-470c-a177-d10678e2b685",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:03.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:03.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '07633a79d28bb8b4ef8a6283b881be0e' AND file:hashes.SHA1 = 'bdb5e0b6ca0aa03e0beca23b46a8420473091dff' AND file:hashes.SHA256 = '6cf63ae829984a47aca93f8a1261afe5a06930f04fab6f86f6f7f9631fde59ec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--b9407d74-26b8-4e0c-98c9-9d8e75bd96d1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:01.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:01.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/6cf63ae829984a47aca93f8a1261afe5a06930f04fab6f86f6f7f9631fde59ec/analysis/1517235215/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a39-2968-4717-b509-427602de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "22/65",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a3a-7b74-4938-a75f-462902de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:13:35",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a3b-fa00-4d41-bc3e-43f102de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--baa647b0-1c09-413a-af07-54da786df266",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:06.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:06.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3293594b0eb0fada3c0c6f031a361050' AND file:hashes.SHA1 = '3a05b21c7b973cf293a5e07e181bf715a58e4785' AND file:hashes.SHA256 = '46ae101a8dc8bf434d2c599aaabfb72a0843d21e2150a6c745c0c4a771c09da3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--6e9a6b22-ccd0-44f4-a7a4-d5c54062e0a5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:05.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:05.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/46ae101a8dc8bf434d2c599aaabfb72a0843d21e2150a6c745c0c4a771c09da3/analysis/1517235034/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a3d-1224-4d6c-84bb-4f1702de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "44/64",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a3d-422c-4643-9363-410e02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:10:34",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a3d-2b90-49f8-8ab8-46ab02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--18e8d7ce-a4c8-4f0c-841b-81d4f8cacd1e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:09.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:09.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'dca799ab332b1d6b599d909e17d2574c' AND file:hashes.SHA1 = 'a719e91031ed18bb70dd78684b012eb072efdb03' AND file:hashes.SHA256 = '0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--31b81fca-2950-49d9-b6a2-8ab7b732abf7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:07.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:07.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6/analysis/1517235108/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a3f-cce4-4151-8b67-483d02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "44/66",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a40-07c0-4650-9833-44bb02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:11:48",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a40-8e64-437a-bd18-400802de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--68e51b07-074d-4889-af2f-0b008a94d048",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:11.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:11.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9f88187d774cc9eaf89dc65479c4302d' AND file:hashes.SHA1 = '4c1e5e0bb72c78c4ce0d37aed939478aaa35a94f' AND file:hashes.SHA256 = '5ee12dd028f5f8c2c0eb76f28c2ce273423998b36f3fc20c9e291f39825601f9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--6d24fb20-9e41-440f-8860-992698e1567e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:10.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:10.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/5ee12dd028f5f8c2c0eb76f28c2ce273423998b36f3fc20c9e291f39825601f9/analysis/1508335858/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a42-d814-4088-9ff0-455502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "43/66",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a42-0fb0-4203-aed1-453f02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-10-18T14:10:58",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a43-5f24-4dd0-b218-485702de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0824551a-554e-4119-8e73-938369593536",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:14.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:14.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '47161360b84388d1c254eb68ad3d6dfa' AND file:hashes.SHA1 = '4712af28168fd728a13efd520e0665ffd076b6fb' AND file:hashes.SHA256 = '9ea00514c4ae9519a8938924b02826cfafeb75fc70f16c422aeadb8317a146c1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ae2fb6e2-eb53-4135-80aa-c99f699f00d1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:13.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:13.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/9ea00514c4ae9519a8938924b02826cfafeb75fc70f16c422aeadb8317a146c1/analysis/1517235115/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a45-1f00-45f3-810d-4bf602de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/64",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a45-323c-4e64-a563-464902de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:11:55",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a46-c494-4eb0-9953-4a7c02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e183b4ca-ca78-403e-bcb3-d1d29c449eef",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:17.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:17.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '752292c4d4ad51feb489ee1e06498c7f' AND file:hashes.SHA1 = 'a841ff1ee379269f00261337a043448d3d72e6fd' AND file:hashes.SHA256 = '9a81cffe79057d8d307910143efd1455f956f2de2c7cc8fb07a7c17000913d59']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--bf5aaef8-82a3-4e2e-941e-b8c4ffe63414",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:15.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:15.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/9a81cffe79057d8d307910143efd1455f956f2de2c7cc8fb07a7c17000913d59/analysis/1512695747/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a48-9b74-42cc-9ff3-46ab02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/67",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a48-b3b0-48f4-95ae-493e02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-12-08T01:15:47",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a48-66d0-4f45-aed6-49d902de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--db392010-acf6-4a58-8b99-41ce01c4df3a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:20.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:20.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c1b8a7f861a7555a14e1a68067469a20' AND file:hashes.SHA1 = 'b5f81c804e47b76c74c38df03a5cbe8a4fe69a9a' AND file:hashes.SHA256 = '5586fb423aff39a02cddf5e456a83a8301afe9ed78ecbc8de2cd852bc0cd498f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--eec3e342-608c-4964-ae3b-00800c520b8c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:18.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:18.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/5586fb423aff39a02cddf5e456a83a8301afe9ed78ecbc8de2cd852bc0cd498f/analysis/1517177517/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a4a-6bb4-40e5-a89d-430102de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "45/66",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a4b-7dd8-46d5-beac-456c02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-28T22:11:57",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a4b-ddb8-4a19-bdfc-4c6002de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--2d1f5a63-e7b2-4a40-82b2-1b5b504fdeed",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:23.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:23.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5feae6cb9915c6378c4bb68740557d0a' AND file:hashes.SHA1 = '10128ab8770fbdecd81b8894208a760a3c266d78' AND file:hashes.SHA256 = '98073a58101dda103ea03bbd4b3554491d227f52ec01c245c3782e63c0fdbc07']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--31ca081a-a527-41f1-a3b3-64001f2951b3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:22.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:22.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/98073a58101dda103ea03bbd4b3554491d227f52ec01c245c3782e63c0fdbc07/analysis/1508198972/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a4e-560c-42bd-bbd6-4ce502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "46/66",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a4e-533c-4de0-b3cc-412102de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-10-17T00:09:32",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a4f-d810-4bc4-a109-4f3d02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--bea6a180-0d2b-417c-a99a-4da282536b95",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:26.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '71afb620857627400a648f91e6865991' AND file:hashes.SHA1 = '025081a1df7eae50a8404c507409d54a5973a3a1' AND file:hashes.SHA256 = '92295b38daa4e44b9d257e56c5b271bbbf6a620312dc58e48e56473427170aa1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--8649e8ec-168b-4e02-90b0-3e712cf43bad",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:24.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:24.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/92295b38daa4e44b9d257e56c5b271bbbf6a620312dc58e48e56473427170aa1/analysis/1461326472/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a50-e3c0-4731-a4c6-4d7f02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "15/56",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a51-9850-4f08-8694-47ee02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2016-04-22T12:01:12",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a51-df44-4aa2-bdb2-4d6e02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e85ea249-c648-4fd8-a113-69e50469ebd8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:29.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:29.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c189875f8b2bebc9f5a2e2af2f34e647' AND file:hashes.SHA1 = 'c8f7a30f8fd70e8565ed65eadc5b671a5beafb97' AND file:hashes.SHA256 = '51b0bb172c6e5eaa8e333fbf2451ae27094991b6330025374b9082ae8cd879cf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--8007182f-0cf9-43e4-8744-f382785a66f9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:27.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/51b0bb172c6e5eaa8e333fbf2451ae27094991b6330025374b9082ae8cd879cf/analysis/1449835304/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a53-6d4c-47aa-8c52-490c02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "33/54",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a53-a990-44eb-bbfd-42c502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2015-12-11T12:01:44",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a54-f0fc-48f3-9043-433c02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--64cedeaa-9cfe-4fc6-b3c8-932c9749389c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:31.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:31.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '242f0ab53ac5d194af091296517ec10a' AND file:hashes.SHA1 = '3f9e7e6ab64f1f0a105cd42438198a23c3c99de6' AND file:hashes.SHA256 = 'eb46b8978619a72f4b0d3ea8961dde527f8e27e89701ccd6e5643c33b103d901']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--6a90b9ce-29c1-4eb4-b2cb-0e6d9837371a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:30.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/eb46b8978619a72f4b0d3ea8961dde527f8e27e89701ccd6e5643c33b103d901/analysis/1487600035/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a56-89d4-46cf-b7d9-476b02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "21/59",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a56-200c-4dea-b55a-4a2a02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-02-20T14:13:55",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a57-b61c-467c-abfd-4cc002de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--a5ed311b-5e4e-47dd-b6bd-bc811f076f86",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:35.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:35.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd2c6e6b0fbe37685ddb865cf6b523d8c' AND file:hashes.SHA1 = '376d309c999d536c47b8f8f1cecb32e5c74c00ce' AND file:hashes.SHA256 = '154ef5037e5de49a6e3c48ea7221a02a5df33c34420a586cbff6a46dc5026a91']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--16899616-c8db-4453-95c7-8e762de660cc",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:33.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/154ef5037e5de49a6e3c48ea7221a02a5df33c34420a586cbff6a46dc5026a91/analysis/1517234807/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a59-3cf8-4798-98fb-436d02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "32/64",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a5a-1924-430a-8269-45ea02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:06:47",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a5a-a080-4342-8b6f-45b402de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--fcb27540-c9f1-4750-bfc5-7993b0831741",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:38.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:38.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5b5060ebb405140f87a1bb65e06c9e29' AND file:hashes.SHA1 = '3ee410dd50fc64f39dff0c4ee8cc676f0f7d5a74' AND file:hashes.SHA256 = 'f75861216f5716b0227733e6a093776f693361626efebe37618935b9c6e1bdfd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--edab7b9b-2c87-47e1-befa-565a3d7c8439",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:36.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:36.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/f75861216f5716b0227733e6a093776f693361626efebe37618935b9c6e1bdfd/analysis/1507776322/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a5c-9700-4a4b-a67c-437302de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "45/64",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a5d-4884-45da-b1a1-4f3602de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-10-12T02:45:22",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a5d-5c1c-4593-9b4e-4bb102de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--b9dd7e05-878a-4429-b680-cf431464a73d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:40.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '632d08020499a6b5ee4852ecadc79f2e' AND file:hashes.SHA1 = '0735541949585c310f4da1ff515dcc9878df19fb' AND file:hashes.SHA256 = 'c5647603337a4e9bfbb2259c0aec7fa9868c87ded2ab74e9d233bdb2a3bb163e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c9d2ab7b-0b4c-4e35-a869-99ae3d39410f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:39.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/c5647603337a4e9bfbb2259c0aec7fa9868c87ded2ab74e9d233bdb2a3bb163e/analysis/1517235729/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a5f-341c-4ec8-8b96-43d402de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "32/65",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a5f-a170-43b8-b559-439202de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:22:09",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a60-db80-4126-93ad-469602de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e26a37d6-f07e-4e6c-af03-f108a1105b25",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:43.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:43.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '80b3d1c12fb6aaedc59ce4323b0850fe' AND file:hashes.SHA1 = 'bfd7158e1c2f6ba525e24f85ed8ccf8ef40fd370' AND file:hashes.SHA256 = '7b08b0d4d68ebf5238eaa8a40f815b83de372e345eb22cc3d50a4bb1869db78e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--56c1bb1a-f157-4e3b-9dcf-c01a873a722e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:42.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:42.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/7b08b0d4d68ebf5238eaa8a40f815b83de372e345eb22cc3d50a4bb1869db78e/analysis/1517235119/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a62-5ac0-4f37-99c8-43aa02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "42/64",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a62-b570-4c60-a951-4eed02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:11:59",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a63-0efc-49a1-a059-4e5002de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ede96584-eb72-49a7-9f26-64b016ce5f46",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:46.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd6c9f0bd1c0c106b2caaddcdff2b5785' AND file:hashes.SHA1 = '8a5dd45162ff27573095b0048dbbdc86c01dc287' AND file:hashes.SHA256 = 'c84afdd28fa0923a09f6dd3af1e3821cdb07862b2796fa004cd3229bc6129cbe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--994c08ac-acee-400e-bb69-14c42237c1cd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:45.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/c84afdd28fa0923a09f6dd3af1e3821cdb07862b2796fa004cd3229bc6129cbe/analysis/1517235128/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a65-d438-4514-9c70-4a2502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "30/61",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a65-4354-4382-bc4d-491002de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:12:08",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a66-33b8-41cf-b498-41cb02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--d6a26376-374d-4a00-942b-2839e120aa73",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:49.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:49.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fdc16eb59377efecd5411fedd87fb9d2' AND file:hashes.SHA1 = '323160c88a254127d9adb2848ae044afff376a4d' AND file:hashes.SHA256 = '24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c34845a5-7c9c-4065-9748-5b13e173b87c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:47.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:47.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18/analysis/1517235112/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a68-2c3c-4239-ae18-4a3f02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "42/64",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a68-4e64-4f55-aca0-44be02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:11:52",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a68-3a4c-40e7-9cca-4a1702de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--2f999597-3850-4594-b271-e8fe0ab5d6e5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:52.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:52.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7e859fe3d7ae323c8103567a399e87dc' AND file:hashes.SHA1 = '70d97367a3dbd5d45482b6af8c78c58b64d3f3b3' AND file:hashes.SHA256 = '15c52b01d2b9294e2dd4d9711cde99e10f11cd188e0d1e4fa9db78f9805626c3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5d559431-716b-47d2-83df-05fd3810e321",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:50.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:50.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/15c52b01d2b9294e2dd4d9711cde99e10f11cd188e0d1e4fa9db78f9805626c3/analysis/1517235860/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a6a-a8b0-45fe-8acd-4c8002de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "41/65",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a6b-32fc-4b62-b916-444d02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:24:20",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a6c-436c-4cbb-b319-4d9502de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--588a8a84-a6e4-4f1e-a3b5-f721724a4049",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:55.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:55.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0b85887358fb335ad0dd7ccbc2d64bb4' AND file:hashes.SHA1 = '27ac7a29e1fc43b0ac26759857da9cefbba83a21' AND file:hashes.SHA256 = '74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--79d44c23-7f8f-4c10-958a-c5b4543aa7f9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:53.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:53.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d/analysis/1517235491/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a6d-90dc-48b0-a2e4-428c02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "12/66",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a6e-4af8-4c65-b91f-468102de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:18:11",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a6e-2850-4d23-ad53-41d602de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--a138407f-4844-4813-be9b-ccbba36de11e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:58.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:58.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '83d6588446dc3ab7ba38315ecc29fbb5' AND file:hashes.SHA1 = '0b933c3200ac070abe1abbbbf7aeaa262e055cdb' AND file:hashes.SHA256 = '250cf8b44fc3ae86b467dd3a1c261a6c3d1645a8a21addfe7f2e2241ff8b79fc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:14:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--76d75400-8a3c-42f2-86c3-a4da8e92c1d1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:56.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:56.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/250cf8b44fc3ae86b467dd3a1c261a6c3d1645a8a21addfe7f2e2241ff8b79fc/analysis/1517234870/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a70-359c-4436-b14e-4a1f02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/65",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a70-4c00-4bd3-a24a-4fa702de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:07:50",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a71-4c30-4f70-81c7-41c402de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ad32df7d-9acc-4252-b689-4a669a8823fd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:15:00.000Z",
|
|
|
|
"modified": "2018-01-29T15:15:00.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8d8a84790c774adf4c677d2238999eb5' AND file:hashes.SHA1 = '03f08a46aedb3d27cdd5b34b277cb499c827c80a' AND file:hashes.SHA256 = '2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:15:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--87098385-cbf7-4885-bcde-f5845d185baf",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:14:58.000Z",
|
|
|
|
"modified": "2018-01-29T15:14:58.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef/analysis/1517235853/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a73-7dc8-49cc-b0b5-4e2102de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "34/66",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a73-4a6c-4480-b3bd-426302de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:24:13",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a73-0a98-4d0f-9530-4ef102de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c01c77b8-0ea5-478e-86c5-27cbc6ae2464",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:15:03.000Z",
|
|
|
|
"modified": "2018-01-29T15:15:03.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '47cfac75d2158bf513bcd1ed5e3dd58c' AND file:hashes.SHA1 = '346fba4a345b0d2433487efef8eb20b3ae4c6148' AND file:hashes.SHA256 = 'e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:15:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a22fcdc0-cc48-4364-8cef-6a6928c30423",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:15:02.000Z",
|
|
|
|
"modified": "2018-01-29T15:15:02.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7/analysis/1517235858/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a76-c630-4978-9e53-42e802de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "31/66",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a76-2558-4e14-8a7e-445002de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-01-29T14:24:18",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "VERMIN",
|
|
|
|
"uuid": "5a6f3a76-4fec-477e-b965-41f302de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--3939e98d-0f06-43f4-a3ee-414d8497bc73",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:15:06.000Z",
|
|
|
|
"modified": "2018-01-29T15:15:06.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '50b1f0391995a0ce5c2d937e880b93ee' AND file:hashes.SHA1 = '1fbe4989522d57919340b618f4ab37bcb08d1ca7' AND file:hashes.SHA256 = '6f4e20e421451c3d8490067f8424d7efbcc5edeb82f80bb5562c76d4adfb0181']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:15:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--80198a2a-38cc-46c2-88d5-42b55674df2b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:15:04.000Z",
|
|
|
|
"modified": "2018-01-29T15:15:04.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/6f4e20e421451c3d8490067f8424d7efbcc5edeb82f80bb5562c76d4adfb0181/analysis/1478099523/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a78-7f64-4c36-b5c4-4bbc02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "29/57",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a79-c738-4cb3-a44e-4b0a02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2016-11-02T15:12:03",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a79-cee8-4c11-8eb7-476602de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--bdaa5408-83ca-4245-8b77-920a710339fc",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:15:09.000Z",
|
|
|
|
"modified": "2018-01-29T15:15:09.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4373f3cf99a279ac0c3d442f2844a89f' AND file:hashes.SHA1 = 'b77c718b4c7f161edc7a69157f3c73c3d68733ef' AND file:hashes.SHA256 = 'aa982fe7d28bbf55865047b16334efbe3fcb6bae06e5ed9cab544f1c8d307317']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-29T15:15:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--82728331-7584-4cf4-b953-8e966abd4a37",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-29T15:15:07.000Z",
|
|
|
|
"modified": "2018-01-29T15:15:07.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/aa982fe7d28bbf55865047b16334efbe3fcb6bae06e5ed9cab544f1c8d307317/analysis/1446359135/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a7b-3df0-41dc-825d-468d02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "30/56",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a7c-b8ac-4e9b-ae31-486d02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2015-11-01T06:25:35",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Quasar",
|
|
|
|
"uuid": "5a6f3a7c-5b2c-4544-b042-4eac02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--e2985f03-94dc-4468-b5b9-f6f84d3e497a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:58.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:58.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--1d9be292-dba6-4626-bdcc-c3cc94cd6427",
|
|
|
|
"target_ref": "x-misp-object--2fe8fec4-eb73-4466-aaff-81baf3f665e8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--aca1b6b3-c7ac-433e-8088-cbe05ae1899c",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:58.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:58.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--464c0d84-bec5-4624-9226-e83fb79abe65",
|
|
|
|
"target_ref": "x-misp-object--39e7fa59-4876-4433-a546-5ad01dd89d95"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--537881d2-57ef-4913-9dda-acaa1ea775f0",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:58.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:58.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--b9b273dc-465f-4c74-aaf5-c47c4db6ff49",
|
|
|
|
"target_ref": "x-misp-object--7e00522f-7a22-4c38-954c-065f327ae27a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--bc14c216-e973-453a-89ab-42634ab0c15e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:58.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:58.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--03348905-4bbd-4f58-8370-bef8f3a2b7ef",
|
|
|
|
"target_ref": "x-misp-object--908e2c6d-188d-4434-a5f4-e3bf349ff63d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--2744e545-3f6e-49fb-bde9-7120782cc54f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:58.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:58.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--0870e838-42ad-470c-a177-d10678e2b685",
|
|
|
|
"target_ref": "x-misp-object--b9407d74-26b8-4e0c-98c9-9d8e75bd96d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--7367b533-d25c-4d8e-863e-f155606872ac",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:58.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:58.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--baa647b0-1c09-413a-af07-54da786df266",
|
|
|
|
"target_ref": "x-misp-object--6e9a6b22-ccd0-44f4-a7a4-d5c54062e0a5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--2f761fc6-ec5f-4af5-abb0-a5cf6f5fba2e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:59.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:59.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--18e8d7ce-a4c8-4f0c-841b-81d4f8cacd1e",
|
|
|
|
"target_ref": "x-misp-object--31b81fca-2950-49d9-b6a2-8ab7b732abf7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--e4ac4317-a8d9-49ee-a8c5-e9011e02c55f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:59.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:59.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--68e51b07-074d-4889-af2f-0b008a94d048",
|
|
|
|
"target_ref": "x-misp-object--6d24fb20-9e41-440f-8860-992698e1567e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--7dad0b66-a82c-4fe2-8bf6-99bfc9aa8ecd",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:59.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:59.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--0824551a-554e-4119-8e73-938369593536",
|
|
|
|
"target_ref": "x-misp-object--ae2fb6e2-eb53-4135-80aa-c99f699f00d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--4b3b1dd7-60a0-43ea-a91b-74ca04d5caf1",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:59.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:59.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--e183b4ca-ca78-403e-bcb3-d1d29c449eef",
|
|
|
|
"target_ref": "x-misp-object--bf5aaef8-82a3-4e2e-941e-b8c4ffe63414"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--4abeae72-0b98-4fb7-b2b0-a92253e42d1a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:59.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:59.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--db392010-acf6-4a58-8b99-41ce01c4df3a",
|
|
|
|
"target_ref": "x-misp-object--eec3e342-608c-4964-ae3b-00800c520b8c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--ed755f6d-d74f-45ce-9608-c53b151457dd",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:59.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:59.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--2d1f5a63-e7b2-4a40-82b2-1b5b504fdeed",
|
|
|
|
"target_ref": "x-misp-object--31ca081a-a527-41f1-a3b3-64001f2951b3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--7eae5825-4afd-4089-8a1d-cbf93b1bdb4e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:59.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:59.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--bea6a180-0d2b-417c-a99a-4da282536b95",
|
|
|
|
"target_ref": "x-misp-object--8649e8ec-168b-4e02-90b0-3e712cf43bad"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--9813e3c2-2753-4810-be31-347da672f304",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:59.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:59.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--e85ea249-c648-4fd8-a113-69e50469ebd8",
|
|
|
|
"target_ref": "x-misp-object--8007182f-0cf9-43e4-8744-f382785a66f9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--7a2a67a1-6b83-44f7-8999-06c6ab6adb5f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:59.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:59.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--64cedeaa-9cfe-4fc6-b3c8-932c9749389c",
|
|
|
|
"target_ref": "x-misp-object--6a90b9ce-29c1-4eb4-b2cb-0e6d9837371a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--87c0fbac-89c9-4110-875b-7dee4ea295df",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:52:59.000Z",
|
|
|
|
"modified": "2018-02-16T08:52:59.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--a5ed311b-5e4e-47dd-b6bd-bc811f076f86",
|
|
|
|
"target_ref": "x-misp-object--16899616-c8db-4453-95c7-8e762de660cc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--a89bf28e-c696-4975-a2ac-5cdc31c424a2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:00.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:00.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--fcb27540-c9f1-4750-bfc5-7993b0831741",
|
|
|
|
"target_ref": "x-misp-object--edab7b9b-2c87-47e1-befa-565a3d7c8439"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--802789df-8301-4582-9b41-861c4c7bd47e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:00.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:00.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--b9dd7e05-878a-4429-b680-cf431464a73d",
|
|
|
|
"target_ref": "x-misp-object--c9d2ab7b-0b4c-4e35-a869-99ae3d39410f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--dc6710fe-348c-42ff-896f-a9d0651cda2b",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:00.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:00.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--e26a37d6-f07e-4e6c-af03-f108a1105b25",
|
|
|
|
"target_ref": "x-misp-object--56c1bb1a-f157-4e3b-9dcf-c01a873a722e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--74a330d9-2428-4f16-803c-fa5d71dee941",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:00.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:00.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--ede96584-eb72-49a7-9f26-64b016ce5f46",
|
|
|
|
"target_ref": "x-misp-object--994c08ac-acee-400e-bb69-14c42237c1cd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--e2adf723-51b9-4f8a-8488-08aae589cff1",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:00.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:00.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--d6a26376-374d-4a00-942b-2839e120aa73",
|
|
|
|
"target_ref": "x-misp-object--c34845a5-7c9c-4065-9748-5b13e173b87c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--079db8ff-c36a-4d7f-a919-8ea6859c45d8",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:01.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:01.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--2f999597-3850-4594-b271-e8fe0ab5d6e5",
|
|
|
|
"target_ref": "x-misp-object--5d559431-716b-47d2-83df-05fd3810e321"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--cb39b38b-dee8-4587-b916-59cf835d100d",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:01.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:01.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--588a8a84-a6e4-4f1e-a3b5-f721724a4049",
|
|
|
|
"target_ref": "x-misp-object--79d44c23-7f8f-4c10-958a-c5b4543aa7f9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--b9067f1e-1faf-4d6f-9082-3adbb4c9361c",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:01.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:01.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--a138407f-4844-4813-be9b-ccbba36de11e",
|
|
|
|
"target_ref": "x-misp-object--76d75400-8a3c-42f2-86c3-a4da8e92c1d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--ca00e79a-450a-4e6f-8f01-53aea883cc9e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:01.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:01.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--ad32df7d-9acc-4252-b689-4a669a8823fd",
|
|
|
|
"target_ref": "x-misp-object--87098385-cbf7-4885-bcde-f5845d185baf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--26775964-861c-4fc7-92ae-0f3ebd287c0a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:01.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:01.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--c01c77b8-0ea5-478e-86c5-27cbc6ae2464",
|
|
|
|
"target_ref": "x-misp-object--a22fcdc0-cc48-4364-8cef-6a6928c30423"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--8c1f1e50-0674-4aaf-805c-71095a714b75",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:01.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:01.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--3939e98d-0f06-43f4-a3ee-414d8497bc73",
|
|
|
|
"target_ref": "x-misp-object--80198a2a-38cc-46c2-88d5-42b55674df2b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--9977499f-b1f3-4ad8-885f-a8b860b9f155",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-02-16T08:53:02.000Z",
|
|
|
|
"modified": "2018-02-16T08:53:02.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--bdaa5408-83ca-4245-8b77-920a710339fc",
|
|
|
|
"target_ref": "x-misp-object--82728331-7584-4cf4-b953-8e966abd4a37"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|