2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5ca71f6e-3ee8-4013-8a5f-4171950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:35:09.000Z",
|
|
|
|
"modified": "2019-04-05T09:35:09.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5ca71f6e-3ee8-4013-8a5f-4171950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:35:09.000Z",
|
|
|
|
"modified": "2019-04-05T09:35:09.000Z",
|
|
|
|
"name": "OSINT - Hancitor domains",
|
|
|
|
"published": "2019-04-05T09:35:35Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5ca71f7e-9ee8-46d7-876c-43f8950d210f",
|
|
|
|
"indicator--5ca71f7e-49f8-436e-94ea-4271950d210f",
|
|
|
|
"indicator--5ca71f7e-8424-41b8-b3f0-4fc3950d210f",
|
|
|
|
"indicator--5ca71f7e-8610-4d25-aedf-470c950d210f",
|
|
|
|
"indicator--5ca71f7e-6ab0-4eaa-8394-4143950d210f",
|
|
|
|
"indicator--5ca71f7e-5b08-4b83-a414-4857950d210f",
|
|
|
|
"indicator--5ca71f7e-60dc-43e6-ae2c-40e3950d210f",
|
|
|
|
"indicator--5ca71f7e-6ee4-4114-aa73-405d950d210f",
|
|
|
|
"indicator--5ca71f7e-819c-4fcd-bafb-4e48950d210f",
|
|
|
|
"observed-data--5ca71f8f-756c-4a81-b8bb-4cd7950d210f",
|
|
|
|
"url--5ca71f8f-756c-4a81-b8bb-4cd7950d210f",
|
|
|
|
"indicator--5ca71fc6-31a8-47dd-9438-4eca950d210f",
|
|
|
|
"observed-data--5ca71fd4-6f4c-4308-b155-43ad950d210f",
|
|
|
|
"url--5ca71fd4-6f4c-4308-b155-43ad950d210f",
|
|
|
|
"indicator--5ca71ff4-3d48-45c7-a8b8-4fb4950d210f",
|
|
|
|
"indicator--5ca71ff4-6f28-42e2-93a5-42e2950d210f",
|
|
|
|
"indicator--5ca71ff4-3cf8-47c8-a0ae-42e3950d210f",
|
|
|
|
"indicator--5ca71ff4-897c-4fec-a67a-4995950d210f",
|
|
|
|
"indicator--5ca71ff4-6c24-4b82-b3a4-4fb3950d210f",
|
|
|
|
"indicator--5ca71ff4-c398-428a-832a-40ee950d210f",
|
|
|
|
"indicator--5ca71ff4-a468-4343-955f-43a8950d210f",
|
|
|
|
"indicator--5ca71ff4-c24c-4980-b531-4d60950d210f",
|
|
|
|
"indicator--5ca71ff4-a408-4d73-881c-49b0950d210f",
|
|
|
|
"indicator--5ca71ff4-5eb4-449d-9dc5-47c0950d210f",
|
|
|
|
"indicator--5ca71ff4-0ce0-46a9-9c91-4418950d210f",
|
|
|
|
"indicator--5ca71ff4-dd08-4b6d-b87b-41b8950d210f",
|
|
|
|
"indicator--5ca71ff4-50dc-4492-9c0b-4bea950d210f",
|
|
|
|
"indicator--5ca71ff4-fa34-41ff-8589-4498950d210f",
|
|
|
|
"indicator--5ca71ff4-12d0-45ae-ad8a-475e950d210f",
|
|
|
|
"indicator--5ca71ff4-7aa4-4a5e-9624-41f4950d210f",
|
|
|
|
"indicator--5ca71ff4-7a90-41df-851d-4fcc950d210f",
|
|
|
|
"indicator--5ca71ff4-d3f0-423b-8f17-46b7950d210f",
|
|
|
|
"indicator--5ca71ff4-3c28-4e02-8f66-4924950d210f",
|
|
|
|
"indicator--5ca7202f-dbd8-4688-aaf0-4b5b950d210f",
|
|
|
|
"indicator--5ca7202f-8998-40c2-bffe-4fc1950d210f",
|
|
|
|
"indicator--5ca7202f-abc8-4d0d-83f3-4e48950d210f",
|
|
|
|
"indicator--5ca7202f-36cc-48d7-842b-4110950d210f",
|
|
|
|
"indicator--5ca7202f-6028-4be3-8860-4c1b950d210f",
|
|
|
|
"indicator--5ca72044-a8e4-4826-911b-4db4950d210f",
|
|
|
|
"indicator--5ca72044-f204-4bbd-bf2d-44f0950d210f",
|
|
|
|
"indicator--5ca72044-b694-4954-8f8f-440d950d210f",
|
|
|
|
"indicator--5ca7205d-36c8-4e0e-b9a4-4e58950d210f",
|
|
|
|
"indicator--5ca7205d-3048-48d0-b84c-4a1f950d210f",
|
|
|
|
"indicator--5ca7205e-02a4-48e7-adc1-41e2950d210f",
|
|
|
|
"indicator--5ca72077-9948-4c74-925f-41b4950d210f",
|
|
|
|
"indicator--5ca72077-fa84-4f4b-a2fc-45f5950d210f",
|
|
|
|
"indicator--5ca72077-4e6c-4ce6-b099-42c8950d210f",
|
|
|
|
"indicator--5ca720b7-3efc-4aa3-a353-469e950d210f",
|
|
|
|
"indicator--5ca720b7-da8c-4f34-a17a-42b7950d210f",
|
|
|
|
"indicator--5ca720b7-59d0-40df-a12b-43bc950d210f",
|
|
|
|
"indicator--57006ea3-e098-42f6-bc80-d8dc9f528163",
|
|
|
|
"x-misp-object--5b58b896-f411-4245-bbf9-f4167ef0b196",
|
|
|
|
"indicator--c2f1de55-f845-4031-9db5-cba3044f0629",
|
|
|
|
"x-misp-object--0fd7fa03-ad1b-4bc8-95fb-d4e24353b5e9",
|
|
|
|
"indicator--4c230799-c01d-4d15-a8d2-81341766f9f3",
|
|
|
|
"x-misp-object--b65c2419-c4c9-4768-8909-471c0999ae7a",
|
|
|
|
"x-misp-object--5ca720f9-ac20-44b5-a4b9-4f71950d210f",
|
2024-04-05 12:15:17 +00:00
|
|
|
"relationship--b17151b3-696f-4d8d-be3a-b50b270565ea",
|
|
|
|
"relationship--d8c00aa1-284d-4e55-9ac5-0b2e1cdd8ac4",
|
|
|
|
"relationship--09dff95b-8bed-4af3-8d02-0bcf884f06e6"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:malpedia=\"Hancitor\"",
|
|
|
|
"misp-galaxy:tool=\"Hancitor\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
"estimative-language:likelihood-probability=\"very-likely\"",
|
|
|
|
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71f7e-9ee8-46d7-876c-43f8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:27:26.000Z",
|
|
|
|
"modified": "2019-04-05T09:27:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'alldogspoop.co']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:27:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71f7e-49f8-436e-94ea-4271950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:27:26.000Z",
|
|
|
|
"modified": "2019-04-05T09:27:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'alldogspoop.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:27:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71f7e-8424-41b8-b3f0-4fc3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:27:26.000Z",
|
|
|
|
"modified": "2019-04-05T09:27:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'alldogspoop.biz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:27:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71f7e-8610-4d25-aedf-470c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:27:26.000Z",
|
|
|
|
"modified": "2019-04-05T09:27:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'alldogspoop.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:27:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71f7e-6ab0-4eaa-8394-4143950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:27:26.000Z",
|
|
|
|
"modified": "2019-04-05T09:27:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'alldogspoop.mobi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:27:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71f7e-5b08-4b83-a414-4857950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:27:26.000Z",
|
|
|
|
"modified": "2019-04-05T09:27:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'alldogspoop.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:27:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71f7e-60dc-43e6-ae2c-40e3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:27:26.000Z",
|
|
|
|
"modified": "2019-04-05T09:27:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'cherryhillpooperscoopers.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:27:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71f7e-6ee4-4114-aa73-405d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:27:26.000Z",
|
|
|
|
"modified": "2019-04-05T09:27:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'pooperscooperfranchise.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:27:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71f7e-819c-4fcd-bafb-4e48950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:27:26.000Z",
|
|
|
|
"modified": "2019-04-05T09:27:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'shopalldogspoop.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:27:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ca71f8f-756c-4a81-b8bb-4cd7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:27:43.000Z",
|
|
|
|
"modified": "2019-04-05T09:27:43.000Z",
|
|
|
|
"first_observed": "2019-04-05T09:27:43Z",
|
|
|
|
"last_observed": "2019-04-05T09:27:43Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5ca71f8f-756c-4a81-b8bb-4cd7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5ca71f8f-756c-4a81-b8bb-4cd7950d210f",
|
|
|
|
"value": "https://ghostbin.com/paste/27b9a/raw"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71fc6-31a8-47dd-9438-4eca950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:28:38.000Z",
|
|
|
|
"modified": "2019-04-05T09:28:38.000Z",
|
|
|
|
"pattern": "[email-message:from_ref.value = 'docusign@buyapetfranchise.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:28:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"email-src\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ca71fd4-6f4c-4308-b155-43ad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:28:52.000Z",
|
|
|
|
"modified": "2019-04-05T09:28:52.000Z",
|
|
|
|
"first_observed": "2019-04-05T09:28:52Z",
|
|
|
|
"last_observed": "2019-04-05T09:28:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5ca71fd4-6f4c-4308-b155-43ad950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5ca71fd4-6f4c-4308-b155-43ad950d210f",
|
|
|
|
"value": "https://pastebin.com/PV2uGMye"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-3d48-45c7-a8b8-4fb4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://automotivedreamteam.com/v.exe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-6f28-42e2-93a5-42e2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://ecsn.biz/includes/domit/1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-3cf8-47c8-a0ae-42e3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://ecsn.biz/includes/domit/2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-897c-4fec-a67a-4995950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://ecsn.biz/includes/domit/3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-6c24-4b82-b3a4-4fb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://inazel.es/modules/1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-c398-428a-832a-40ee950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://inazel.es/modules/2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-a468-4343-955f-43a8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://inazel.es/modules/3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-c24c-4980-b531-4d60950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://nal.com.ua/components/com_registration/1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-a408-4d73-881c-49b0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://nal.com.ua/components/com_registration/2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-5eb4-449d-9dc5-47c0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://nal.com.ua/components/com_registration/3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-0ce0-46a9-9c91-4418950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://orik.hu/mambots/editors/1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-dd08-4b6d-b87b-41b8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://orik.hu/mambots/editors/2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-50dc-4492-9c0b-4bea950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://orik.hu/mambots/editors/3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-fa34-41ff-8589-4498950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://scanelectric.ro/wp-content/plugins/thememove-core/1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-12d0-45ae-ad8a-475e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://scanelectric.ro/wp-content/plugins/thememove-core/2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-7aa4-4a5e-9624-41f4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://scanelectric.ro/wp-content/plugins/thememove-core/3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-7a90-41df-851d-4fcc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://syrtaki-santorini.gr/modules/1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-d3f0-423b-8f17-46b7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://syrtaki-santorini.gr/modules/2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca71ff4-3c28-4e02-8f66-4924950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:29:24.000Z",
|
|
|
|
"modified": "2019-04-05T09:29:24.000Z",
|
|
|
|
"description": "additional dl",
|
|
|
|
"pattern": "[url:value = 'http://syrtaki-santorini.gr/modules/3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca7202f-dbd8-4688-aaf0-4b5b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:30:23.000Z",
|
|
|
|
"modified": "2019-04-05T09:30:23.000Z",
|
|
|
|
"description": "1.dll",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '671b416bfb21522d6ba30b05d8fc04732c8737a5ca35fa531563175fb0815395']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:30:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca7202f-8998-40c2-bffe-4fc1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:30:23.000Z",
|
|
|
|
"modified": "2019-04-05T09:30:23.000Z",
|
|
|
|
"description": "2.exe",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8189564580b804ed65d51990a109ac59bc88fd77518ab415363b5bbd8adc3aa2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:30:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca7202f-abc8-4d0d-83f3-4e48950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:30:23.000Z",
|
|
|
|
"modified": "2019-04-05T09:30:23.000Z",
|
|
|
|
"description": "3.exe",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '06fcfb449aa241fdd05cf0e1b04d0c111005cabf53e0ac40cf04dcb9a7d71c94']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:30:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca7202f-36cc-48d7-842b-4110950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:30:23.000Z",
|
|
|
|
"modified": "2019-04-05T09:30:23.000Z",
|
|
|
|
"description": "invoice_653780.doc",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ec3bee6428b6fa258a8c8bdf5c76a8a47662e8373d43b20870282e1df8423a7e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:30:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca7202f-6028-4be3-8860-4c1b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:30:23.000Z",
|
|
|
|
"modified": "2019-04-05T09:30:23.000Z",
|
|
|
|
"description": "v.exe",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd3fad6911b80be1d64eb88ba23fecbcddc2faa73017b6dbcf78578eff47552ed']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:30:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca72044-a8e4-4826-911b-4db4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:30:44.000Z",
|
|
|
|
"modified": "2019-04-05T09:30:44.000Z",
|
|
|
|
"description": "hancitor c2",
|
|
|
|
"pattern": "[url:value = 'http://duloperes.com/4/forum.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:30:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca72044-f204-4bbd-bf2d-44f0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:30:44.000Z",
|
|
|
|
"modified": "2019-04-05T09:30:44.000Z",
|
|
|
|
"description": "hancitor c2",
|
|
|
|
"pattern": "[url:value = 'http://reflyhepone.ru/4/forum.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:30:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca72044-b694-4954-8f8f-440d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:30:44.000Z",
|
|
|
|
"modified": "2019-04-05T09:30:44.000Z",
|
|
|
|
"description": "hancitor c2",
|
|
|
|
"pattern": "[url:value = 'http://gogotwitof.ru/4/forum.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:30:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca7205d-36c8-4e0e-b9a4-4e58950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:31:09.000Z",
|
|
|
|
"modified": "2019-04-05T09:31:09.000Z",
|
|
|
|
"description": "pony c2",
|
|
|
|
"pattern": "[url:value = 'http://duloperes.com/mlu/forum.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:31:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca7205d-3048-48d0-b84c-4a1f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:31:09.000Z",
|
|
|
|
"modified": "2019-04-05T09:31:09.000Z",
|
|
|
|
"description": "pony c2",
|
|
|
|
"pattern": "[url:value = 'http://reflyhepone.ru/mlu/forum.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:31:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca7205e-02a4-48e7-adc1-41e2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:31:10.000Z",
|
|
|
|
"modified": "2019-04-05T09:31:10.000Z",
|
|
|
|
"description": "pony c2",
|
|
|
|
"pattern": "[url:value = 'http://gogotwitof.ru/mlu/forum.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:31:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca72077-9948-4c74-925f-41b4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:31:35.000Z",
|
|
|
|
"modified": "2019-04-05T09:31:35.000Z",
|
|
|
|
"description": "evilpony",
|
|
|
|
"pattern": "[url:value = 'http://duloperes.com/d2/about.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:31:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca72077-fa84-4f4b-a2fc-45f5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:31:35.000Z",
|
|
|
|
"modified": "2019-04-05T09:31:35.000Z",
|
|
|
|
"description": "evilpony",
|
|
|
|
"pattern": "[url:value = 'http://reflyhepone.ru/d2/about.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:31:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca72077-4e6c-4ce6-b099-42c8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:31:35.000Z",
|
|
|
|
"modified": "2019-04-05T09:31:35.000Z",
|
|
|
|
"description": "evilpony",
|
|
|
|
"pattern": "[url:value = 'http://gogotwitof.ru/d2/about.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:31:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca720b7-3efc-4aa3-a353-469e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:32:39.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[url:value = 'beetfeetlife.bit/webstore']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:32:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca720b7-da8c-4f34-a17a-42b7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:32:39.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[url:value = 'api.sorna.at/webstore']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:32:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ca720b7-59d0-40df-a12b-43bc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:32:39.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[url:value = 'supp.rivier.at/webstore']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:32:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57006ea3-e098-42f6-bc80-d8dc9f528163",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:32:04.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:04.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'f2b701d43a43315105d649612b27a2ea' AND file:hashes.SHA1 = '9166f0899cdcf7480b1ec5fb925da7641f3c300d' AND file:hashes.SHA256 = 'd3fad6911b80be1d64eb88ba23fecbcddc2faa73017b6dbcf78578eff47552ed']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:32:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5b58b896-f411-4245-bbf9-f4167ef0b196",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:32:05.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:05.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-05T00:20:54",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "v.exe",
|
|
|
|
"uuid": "250e1e72-6769-4161-8f73-85fd3ed3b50a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/d3fad6911b80be1d64eb88ba23fecbcddc2faa73017b6dbcf78578eff47552ed/analysis/1554423654/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "v.exe",
|
|
|
|
"uuid": "f0953128-f125-4295-818d-aada175e115d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "17/72",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "v.exe",
|
|
|
|
"uuid": "36c6e6cb-f39c-4eef-a7c4-c5416ba9b23a"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c2f1de55-f845-4031-9db5-cba3044f0629",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:32:05.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'f38c97514e2baafc41081d5f22024fef' AND file:hashes.SHA1 = 'fa741dca980f1b073baf52be08dadb1c996503ea' AND file:hashes.SHA256 = 'ec3bee6428b6fa258a8c8bdf5c76a8a47662e8373d43b20870282e1df8423a7e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:32:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0fd7fa03-ad1b-4bc8-95fb-d4e24353b5e9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:32:05.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:05.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-04T17:22:55",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "invoice_653780.doc",
|
|
|
|
"uuid": "25244f20-40eb-490f-a2f3-24cecb60cbb5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/ec3bee6428b6fa258a8c8bdf5c76a8a47662e8373d43b20870282e1df8423a7e/analysis/1554398575/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "invoice_653780.doc",
|
|
|
|
"uuid": "50c7cb21-e7a5-4fd9-832f-e95a94f9a442"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "16/58",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "invoice_653780.doc",
|
|
|
|
"uuid": "e70d2e54-672a-478b-9d8a-4f8938664484"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--4c230799-c01d-4d15-a8d2-81341766f9f3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:32:05.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '32ea156c017d71b87cd00718cdae0eda' AND file:hashes.SHA1 = 'fd9c5ed4f1e0224d864d28f2061c1e0a817a5feb' AND file:hashes.SHA256 = '06fcfb449aa241fdd05cf0e1b04d0c111005cabf53e0ac40cf04dcb9a7d71c94']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-05T09:32:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--b65c2419-c4c9-4768-8909-471c0999ae7a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:32:05.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:05.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-04T23:40:59",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "3.exe",
|
|
|
|
"uuid": "43eabc0f-d9e1-4f86-bdef-c88350fa2462"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/06fcfb449aa241fdd05cf0e1b04d0c111005cabf53e0ac40cf04dcb9a7d71c94/analysis/1554421259/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "3.exe",
|
|
|
|
"uuid": "2cb647c1-3f38-4f11-81cd-70bc19a49cdc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "18/67",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "3.exe",
|
|
|
|
"uuid": "6b6bae47-34ac-4d01-a63e-ed24557188c7"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5ca720f9-ac20-44b5-a4b9-4f71950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-05T09:33:45.000Z",
|
|
|
|
"modified": "2019-04-05T09:33:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"microblog\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "post",
|
|
|
|
"value": "Hancitor campaign started a bit ago. Using these crappy domains for delivery links:\r\nhttps://ghostbin.com/paste/27b9a/raw",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5ca720f9-f634-4c04-bd1c-42ee950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "Twitter",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5ca720f9-29cc-4c05-b28f-4356950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"object_relation": "url",
|
|
|
|
"value": "https://twitter.com/mesa_matt/status/1113866153108148224",
|
|
|
|
"category": "Network activity",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "5ca720f9-c600-4ee1-abcd-4ae0950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "username",
|
|
|
|
"value": "mesa_matt",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5ca720f9-2f10-4658-9bbc-4392950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "microblog"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--b17151b3-696f-4d8d-be3a-b50b270565ea",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-05T09:32:05.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:05.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--57006ea3-e098-42f6-bc80-d8dc9f528163",
|
|
|
|
"target_ref": "x-misp-object--5b58b896-f411-4245-bbf9-f4167ef0b196"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--d8c00aa1-284d-4e55-9ac5-0b2e1cdd8ac4",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-05T09:32:05.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:05.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--c2f1de55-f845-4031-9db5-cba3044f0629",
|
|
|
|
"target_ref": "x-misp-object--0fd7fa03-ad1b-4bc8-95fb-d4e24353b5e9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--09dff95b-8bed-4af3-8d02-0bcf884f06e6",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-05T09:32:05.000Z",
|
|
|
|
"modified": "2019-04-05T09:32:05.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--4c230799-c01d-4d15-a8d2-81341766f9f3",
|
|
|
|
"target_ref": "x-misp-object--b65c2419-c4c9-4768-8909-471c0999ae7a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|