2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5d6532ef-05a0-4a1b-a2ee-4c86950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:46:33.000Z",
|
|
|
|
"modified": "2019-08-27T13:46:33.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5d6532ef-05a0-4a1b-a2ee-4c86950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:46:33.000Z",
|
|
|
|
"modified": "2019-08-27T13:46:33.000Z",
|
|
|
|
"name": "OSINT - Mirai - Loligang bot",
|
|
|
|
"published": "2019-08-27T13:57:11Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5d653369-2484-4ccc-a411-4d15950d210f",
|
|
|
|
"indicator--5d653369-4d30-4ed7-9f4d-443c950d210f",
|
|
|
|
"indicator--5d653369-2f5c-4fda-b306-4cba950d210f",
|
|
|
|
"indicator--5d653369-1b00-48fe-b664-45a8950d210f",
|
|
|
|
"indicator--5d653369-842c-4de7-853c-46b9950d210f",
|
|
|
|
"indicator--5d653369-d99c-4174-86ce-4133950d210f",
|
|
|
|
"indicator--5d653369-89e0-4dc7-8017-42bf950d210f",
|
|
|
|
"indicator--5d653369-cb98-4f5c-a3f6-4442950d210f",
|
|
|
|
"indicator--5d653369-7af0-4175-98a3-4910950d210f",
|
|
|
|
"indicator--5d653369-fe40-4c9a-afa6-42ee950d210f",
|
|
|
|
"indicator--5d653369-3ff0-4e98-8d91-4893950d210f",
|
|
|
|
"indicator--5d653369-444c-42f6-bdb6-47bd950d210f",
|
|
|
|
"indicator--5d653369-d6dc-44e8-8212-419b950d210f",
|
|
|
|
"indicator--5d653369-33a4-4992-9f35-4fc0950d210f",
|
|
|
|
"indicator--5d653369-3ea4-4507-95b5-4053950d210f",
|
|
|
|
"indicator--5d653369-8374-4c32-92ed-4778950d210f",
|
|
|
|
"indicator--5d653369-6444-4580-abb1-45eb950d210f",
|
|
|
|
"indicator--5d653369-8e44-449f-8c7d-41d6950d210f",
|
|
|
|
"indicator--5d653369-e2dc-4499-93af-48a9950d210f",
|
|
|
|
"indicator--5d653369-673c-484f-8131-47fd950d210f",
|
|
|
|
"indicator--5d653369-d878-4c31-95fd-4887950d210f",
|
|
|
|
"indicator--5d653369-2754-4c2f-8ce3-409f950d210f",
|
|
|
|
"indicator--5d653369-e660-4365-8bef-4ff8950d210f",
|
|
|
|
"indicator--5d653369-ae30-4d8e-82af-489d950d210f",
|
|
|
|
"indicator--5d653369-3848-4ffa-a320-4c6b950d210f",
|
|
|
|
"indicator--5d653369-4258-4ae6-807b-40bf950d210f",
|
|
|
|
"indicator--5d653369-dc38-429c-9d34-489e950d210f",
|
|
|
|
"indicator--5d653369-07b8-4229-bfaf-417e950d210f",
|
|
|
|
"indicator--5d653369-ecc4-4624-a9e8-4b52950d210f",
|
|
|
|
"indicator--5d653369-979c-467f-8941-46d1950d210f",
|
|
|
|
"indicator--5d653369-e0a8-4747-ac7a-4a03950d210f",
|
|
|
|
"indicator--5d653369-0e5c-4b87-a090-4a72950d210f",
|
|
|
|
"indicator--5d653369-bdc0-4c2b-adbd-452c950d210f",
|
|
|
|
"indicator--5d653369-26dc-4b39-988d-4dc3950d210f",
|
|
|
|
"indicator--5d653369-0f7c-43ef-acc9-42a5950d210f",
|
|
|
|
"indicator--5d653369-a990-4bd8-bc6a-407e950d210f",
|
|
|
|
"indicator--5d653369-6a58-4df5-a91c-4d1d950d210f",
|
|
|
|
"indicator--5d653369-5550-4e1b-9154-4750950d210f",
|
|
|
|
"indicator--5d653369-3340-4137-9cf2-4f77950d210f",
|
|
|
|
"indicator--5d653369-5fc8-4684-a863-420a950d210f",
|
|
|
|
"indicator--5d653369-6a40-4817-9779-489c950d210f",
|
|
|
|
"indicator--5d653369-bf78-4d93-8474-4f5c950d210f",
|
|
|
|
"indicator--5d653369-26c4-43a8-a291-4f8e950d210f",
|
|
|
|
"indicator--5d653369-4310-4699-8e3d-4b4e950d210f",
|
|
|
|
"indicator--5d653369-4a44-4eb2-89f6-4683950d210f",
|
|
|
|
"observed-data--5d65337c-f0f4-4c18-9c06-4235950d210f",
|
|
|
|
"url--5d65337c-f0f4-4c18-9c06-4235950d210f",
|
|
|
|
"indicator--0817c131-b50c-45a1-a1a3-a3072f5e21c6",
|
|
|
|
"x-misp-object--f0889f07-a335-4483-b790-bbd8384cd71c",
|
|
|
|
"indicator--b16a7b3b-2836-4d8f-9b96-53ca98c1d7f0",
|
|
|
|
"x-misp-object--6cb3e0a7-3216-4eb8-98c6-06e79a5f2995",
|
|
|
|
"indicator--79e1f030-379c-4127-aa04-b3603f1a3824",
|
|
|
|
"x-misp-object--254ac2d2-ddbf-46d3-b400-3636b8595f92",
|
|
|
|
"indicator--23c7e1ee-00f6-45ae-a4a9-f08888078fc2",
|
|
|
|
"x-misp-object--af3d2aae-9c33-4cac-8b18-5338ae1450c2",
|
|
|
|
"indicator--e04e0d05-85fc-44a7-87f7-32746aada35a",
|
|
|
|
"x-misp-object--a9480e09-5437-40db-94c9-5dfbe5bc98c9",
|
|
|
|
"indicator--4022a205-9ae8-4e3e-b1f0-5e8e3cbe33f3",
|
|
|
|
"x-misp-object--1c5d190e-a3c9-44e2-9225-7204e2439319",
|
|
|
|
"indicator--70b72a57-ea6e-46e7-83ad-31298af63206",
|
|
|
|
"x-misp-object--9fa18b29-a098-494a-8c9f-aba9ce301f9a",
|
2024-04-05 12:15:17 +00:00
|
|
|
"relationship--55c245c7-5db6-49d4-9e43-33c4c01a7706",
|
|
|
|
"relationship--146ae6f4-bf84-46ea-9384-9322a071c74a",
|
|
|
|
"relationship--495f55c2-7ed3-4377-a2d3-cc8011186f0d",
|
|
|
|
"relationship--64cfc89b-158c-4176-a774-0d3b027e447f",
|
|
|
|
"relationship--ce96917d-ea7b-471d-9219-48e254d1a67e",
|
|
|
|
"relationship--5e67778b-68b5-4f89-afc5-1dd13ea685e9",
|
|
|
|
"relationship--f6645be9-cdf0-443c-9c3f-37bfa10e0930"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
"misp-galaxy:botnet=\"Mirai\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-2484-4ccc-a411-4d15950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:04.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:04.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '93130f4edabb095aaa584dd76c03fcec701e7bf7e9772c1ccfb140f049d6cfff']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-4d30-4ed7-9f4d-443c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fc231bb098cf67c9c56df59ba43e128388cc04e76b72b2d2ee5f1e02a6537699']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-2f5c-4fda-b306-4cba950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'feb98eb9497c1101953d4b24782e8e90b86a9d35a880c1e644c7241ae2fae53c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-1b00-48fe-b664-45a8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '84cb76cd07b62e144c9acb27f1fc2773fd4a9ff19318389ab5ad8b72063673fe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-842c-4de7-853c-46b9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b41756ea36db32de5aef58544c8beffb2e8def785bf80575878e4a9b4a0a6e87']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-d99c-4174-86ce-4133950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'cda6038014ccf05520911decefb880ad439a780904f6fe8b8d85ae35a6660fba']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-89e0-4dc7-8017-42bf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '53a52a566fea292a64f8d10d860c1fca4398498aadb6a69ba815c4c801fd4582']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-cb98-4f5c-a3f6-4442950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2439ffb7966e7d4521ff55f1c7df438a1d51cc21693edf82e46ff39dde2ef7d7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-7af0-4175-98a3-4910950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e1f10b070c575eae46cc89ae9638d58c348d754e24beacb0d1b0a2e613335c60']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-fe40-4c9a-afa6-42ee950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b9959bd676bca236593e08baaedca1b1195cc998195bd7059c039bb5506386d6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-3ff0-4e98-8d91-4893950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7ed5022a3f047ff69b0e0bfa10a248c8752cd9a514d9a0163634e1eb1dc85c3d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-444c-42f6-bdb6-47bd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.mpsl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-d6dc-44e8-8212-419b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.arm7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-33a4-4992-9f35-4fc0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.arm6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-3ea4-4507-95b5-4053950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.arm5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-8374-4c32-92ed-4778950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.spc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-6444-4580-abb1-45eb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.arm']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-8e44-449f-8c7d-41d6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.m68k']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-e2dc-4499-93af-48a9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.mips']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-673c-484f-8131-47fd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.ppc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-d878-4c31-95fd-4887950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.x86']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-2754-4c2f-8ce3-409f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[url:value = 'ftp://165.22.153.245/loligang.sh4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-e660-4365-8bef-4ff8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4d6b2efa2bba2bb86c26aa827f0cc531']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-ae30-4d8e-82af-489d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9e00aa8e675a88db881b1d4909745d2f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-3848-4ffa-a320-4c6b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '657bcdd6be43d48b3a664ae7f8b047a6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-4258-4ae6-807b-40bf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ae006853961580175c88b1b91c126620']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-dc38-429c-9d34-489e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7d2dcfdad728c946d2d97405c618f2c9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-07b8-4229-bfaf-417e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a8672298a8b6ce167d8bebff1252bc6a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-ecc4-4624-a9e8-4b52950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9b66bc34acbf90fa299109dbf2195194']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-979c-467f-8941-46d1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '001c1a6c30eb5a93d0b8dbddeb873b32']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-e0a8-4747-ac7a-4a03950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2afaf4d7344b34d0ba11d61ec6978dcd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-0e5c-4b87-a090-4a72950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0420409b6b89b1eb141192902d7b7704']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-bdc0-4c2b-adbd-452c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8b04de9e996f11bf1e047760cd758ebb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-26dc-4b39-988d-4dc3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ab4b298e59b01cc0a37edd7fa9be7dadb08e35a8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-0f7c-43ef-acc9-42a5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '3b2d1af776ea516411099c20bf02dfa095002dc0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-a990-4bd8-bc6a-407e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '6922753a6c844350e4b2440bc70eb27ef91cdc7c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-6a58-4df5-a91c-4d1d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'b6ab78139561b22c909266e1b906b882255cf4d1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-5550-4e1b-9154-4750950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '3302347dbff47ad6271c8e402f2bce18a0df1983']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-3340-4137-9cf2-4f77950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '4c06370189b9154b44a6a975a05a0a3bbb6c5382']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-5fc8-4684-a863-420a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '3252d21dc0cb2817673f92d1b00e13f6f9542b1e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-6a40-4817-9779-489c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '1893faeab933826ac3a85bab919a9ba0b734d2f1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-bf78-4d93-8474-4f5c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '488734ad3fa96f647ac1f23fb97649c36b1b87a0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-26c4-43a8-a291-4f8e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '6835affc0e893edb626b609198ceb4ba457acdc4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-4310-4699-8e3d-4b4e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '567caadc5b269770a5c401869a18471dfa344d44']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d653369-4a44-4eb2-89f6-4683950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:05.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:05.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '165.22.153.245']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:43:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d65337c-f0f4-4c18-9c06-4235950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:43:24.000Z",
|
|
|
|
"modified": "2019-08-27T13:43:24.000Z",
|
|
|
|
"first_observed": "2019-08-27T13:43:24Z",
|
|
|
|
"last_observed": "2019-08-27T13:43:24Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d65337c-f0f4-4c18-9c06-4235950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d65337c-f0f4-4c18-9c06-4235950d210f",
|
|
|
|
"value": "https://otx.alienvault.com/pulse/5d652c579d3ca47ab1d8aff4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0817c131-b50c-45a1-a1a3-a3072f5e21c6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:27.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '657bcdd6be43d48b3a664ae7f8b047a6' AND file:hashes.SHA1 = 'b6ab78139561b22c909266e1b906b882255cf4d1' AND file:hashes.SHA256 = 'b41756ea36db32de5aef58544c8beffb2e8def785bf80575878e4a9b4a0a6e87']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:45:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f0889f07-a335-4483-b790-bbd8384cd71c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:27.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-08-27T13:10:59",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c0b4c7ef-9a55-45e1-af49-078072c675e8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/b41756ea36db32de5aef58544c8beffb2e8def785bf80575878e4a9b4a0a6e87/analysis/1566911459/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "b9451c41-a02e-4843-be13-99d1d18c757f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "21/57",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "9f7c1fab-cf70-4703-ac64-9c0ef70a5790"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--b16a7b3b-2836-4d8f-9b96-53ca98c1d7f0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:27.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9b66bc34acbf90fa299109dbf2195194' AND file:hashes.SHA1 = '3252d21dc0cb2817673f92d1b00e13f6f9542b1e' AND file:hashes.SHA256 = '84cb76cd07b62e144c9acb27f1fc2773fd4a9ff19318389ab5ad8b72063673fe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:45:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--6cb3e0a7-3216-4eb8-98c6-06e79a5f2995",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:28.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-08-27T13:10:57",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e884b15b-2e8e-449d-9a40-4bb70c26f386"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/84cb76cd07b62e144c9acb27f1fc2773fd4a9ff19318389ab5ad8b72063673fe/analysis/1566911457/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "a28a7598-8070-4145-bb6f-110a3b2268b2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "24/57",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "bd3af045-5bcd-488d-b08b-62c08cad8201"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--79e1f030-379c-4127-aa04-b3603f1a3824",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:28.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:28.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '001c1a6c30eb5a93d0b8dbddeb873b32' AND file:hashes.SHA1 = '6835affc0e893edb626b609198ceb4ba457acdc4' AND file:hashes.SHA256 = 'feb98eb9497c1101953d4b24782e8e90b86a9d35a880c1e644c7241ae2fae53c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:45:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--254ac2d2-ddbf-46d3-b400-3636b8595f92",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:28.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-08-26T13:58:32",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "44eca0fc-84c9-4341-b7cd-bc060f188eb9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/feb98eb9497c1101953d4b24782e8e90b86a9d35a880c1e644c7241ae2fae53c/analysis/1566827912/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "0b7e65b1-e6b0-4103-9bbb-ad81cb091c89"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "24/55",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "fe764259-0dbe-4934-b8a0-8e1a279399f0"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--23c7e1ee-00f6-45ae-a4a9-f08888078fc2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:28.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:28.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0420409b6b89b1eb141192902d7b7704' AND file:hashes.SHA1 = '488734ad3fa96f647ac1f23fb97649c36b1b87a0' AND file:hashes.SHA256 = 'cda6038014ccf05520911decefb880ad439a780904f6fe8b8d85ae35a6660fba']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:45:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--af3d2aae-9c33-4cac-8b18-5338ae1450c2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:28.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-08-26T13:58:32",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "787556d0-4b2f-44e7-aaf9-3075ea47e7da"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/cda6038014ccf05520911decefb880ad439a780904f6fe8b8d85ae35a6660fba/analysis/1566827912/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "76d8279d-e5fe-49c9-a228-e13b2a44dd05"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "24/55",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c0066020-5fc6-4e58-bf3c-77f210d7c98b"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e04e0d05-85fc-44a7-87f7-32746aada35a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:28.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:28.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2afaf4d7344b34d0ba11d61ec6978dcd' AND file:hashes.SHA1 = '1893faeab933826ac3a85bab919a9ba0b734d2f1' AND file:hashes.SHA256 = '53a52a566fea292a64f8d10d860c1fca4398498aadb6a69ba815c4c801fd4582']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:45:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a9480e09-5437-40db-94c9-5dfbe5bc98c9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:28.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-08-27T13:10:57",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7e6cef86-122e-47ce-bfb5-c96dcd8be92c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/53a52a566fea292a64f8d10d860c1fca4398498aadb6a69ba815c4c801fd4582/analysis/1566911457/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "ffb82c5b-f099-4a08-8a75-e90a5c087550"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "34/57",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "458d1e5e-abfe-48db-a852-e8f566228319"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--4022a205-9ae8-4e3e-b1f0-5e8e3cbe33f3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:29.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:29.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7d2dcfdad728c946d2d97405c618f2c9' AND file:hashes.SHA1 = '6922753a6c844350e4b2440bc70eb27ef91cdc7c' AND file:hashes.SHA256 = 'b9959bd676bca236593e08baaedca1b1195cc998195bd7059c039bb5506386d6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:45:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--1c5d190e-a3c9-44e2-9225-7204e2439319",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:29.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:29.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-08-27T09:30:02",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "35a02550-3a30-4aff-ade1-e029f71962de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/b9959bd676bca236593e08baaedca1b1195cc998195bd7059c039bb5506386d6/analysis/1566898202/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "93016d9b-6885-4799-b4f4-3232438c2995"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "28/56",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "27537950-34df-48e2-96fb-5f51e4d1a0b5"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--70b72a57-ea6e-46e7-83ad-31298af63206",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:29.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:29.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ae006853961580175c88b1b91c126620' AND file:hashes.SHA1 = 'ab4b298e59b01cc0a37edd7fa9be7dadb08e35a8' AND file:hashes.SHA256 = '7ed5022a3f047ff69b0e0bfa10a248c8752cd9a514d9a0163634e1eb1dc85c3d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-08-27T13:45:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--9fa18b29-a098-494a-8c9f-aba9ce301f9a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-08-27T13:45:29.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:29.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-08-26T10:57:13",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "674ff6df-7692-41e8-85ce-2dcbc25a9013"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/7ed5022a3f047ff69b0e0bfa10a248c8752cd9a514d9a0163634e1eb1dc85c3d/analysis/1566817033/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "154ee7cb-c514-4b31-8b03-8512a25207a4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "20/57",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "2c118fa2-b70f-4f30-86bf-69013711a34e"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--55c245c7-5db6-49d4-9e43-33c4c01a7706",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-08-27T13:45:29.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:29.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--0817c131-b50c-45a1-a1a3-a3072f5e21c6",
|
|
|
|
"target_ref": "x-misp-object--f0889f07-a335-4483-b790-bbd8384cd71c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--146ae6f4-bf84-46ea-9384-9322a071c74a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-08-27T13:45:29.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:29.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--b16a7b3b-2836-4d8f-9b96-53ca98c1d7f0",
|
|
|
|
"target_ref": "x-misp-object--6cb3e0a7-3216-4eb8-98c6-06e79a5f2995"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--495f55c2-7ed3-4377-a2d3-cc8011186f0d",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-08-27T13:45:29.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:29.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--79e1f030-379c-4127-aa04-b3603f1a3824",
|
|
|
|
"target_ref": "x-misp-object--254ac2d2-ddbf-46d3-b400-3636b8595f92"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--64cfc89b-158c-4176-a774-0d3b027e447f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-08-27T13:45:29.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:29.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--23c7e1ee-00f6-45ae-a4a9-f08888078fc2",
|
|
|
|
"target_ref": "x-misp-object--af3d2aae-9c33-4cac-8b18-5338ae1450c2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--ce96917d-ea7b-471d-9219-48e254d1a67e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-08-27T13:45:30.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:30.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--e04e0d05-85fc-44a7-87f7-32746aada35a",
|
|
|
|
"target_ref": "x-misp-object--a9480e09-5437-40db-94c9-5dfbe5bc98c9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--5e67778b-68b5-4f89-afc5-1dd13ea685e9",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-08-27T13:45:30.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:30.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--4022a205-9ae8-4e3e-b1f0-5e8e3cbe33f3",
|
|
|
|
"target_ref": "x-misp-object--1c5d190e-a3c9-44e2-9225-7204e2439319"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--f6645be9-cdf0-443c-9c3f-37bfa10e0930",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-08-27T13:45:30.000Z",
|
|
|
|
"modified": "2019-08-27T13:45:30.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--70b72a57-ea6e-46e7-83ad-31298af63206",
|
|
|
|
"target_ref": "x-misp-object--9fa18b29-a098-494a-8c9f-aba9ce301f9a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|