2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5845344a-80bc-4c94-9ea8-4f39950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-13T03:00:43.000Z" ,
"modified" : "2018-01-13T03:00:43.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5845344a-80bc-4c94-9ea8-4f39950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-13T03:00:43.000Z" ,
"modified" : "2018-01-13T03:00:43.000Z" ,
"name" : "OSINT - MMD-0033-2015 - Linux/XorDDoS infection incident report (CNC: HOSTASA.ORG)" ,
"published" : "2018-02-16T08:48:09Z" ,
"object_refs" : [
"observed-data--58453471-130c-4e59-bd91-43e3950d210f" ,
"url--58453471-130c-4e59-bd91-43e3950d210f" ,
"x-misp-attribute--584534e9-6130-4419-8a7e-480e950d210f" ,
"indicator--584535cc-3170-42af-a962-46f0950d210f" ,
"indicator--584535cc-7c64-47d1-bece-41cd950d210f" ,
"indicator--584535cc-55c0-45a4-845f-444f950d210f" ,
"indicator--584535cc-09f8-4ff3-b148-4f0a950d210f" ,
"indicator--584535cd-8664-47ce-ac71-4edb950d210f" ,
"indicator--584535cd-feb0-4d4d-a5df-48df950d210f" ,
"indicator--584535cd-a058-4e65-950c-4b2d950d210f" ,
"indicator--584535cd-7c0c-447d-a65a-4a97950d210f" ,
"indicator--584535cd-df28-43d2-b262-480c950d210f" ,
"indicator--584535ce-b260-4fe1-a494-4ed3950d210f" ,
"indicator--584535ce-d284-492d-ad13-4854950d210f" ,
"indicator--584535ce-dc00-43a9-a9f0-47e0950d210f" ,
"indicator--584535ce-062c-4524-883e-4266950d210f" ,
"indicator--584535cf-641c-411a-b5e6-412f950d210f" ,
"indicator--584535cf-5070-4869-9b6e-43e4950d210f" ,
"indicator--584535d0-0390-464c-ac22-4afd950d210f" ,
"indicator--a2f1551a-ffc6-439a-8ed9-5eb83308cc80" ,
"x-misp-object--8c404d5c-48e0-4cb4-a64d-2b89af2399ee" ,
"indicator--075320ce-9dca-48cd-a4ca-085096e80a7a" ,
"x-misp-object--e865f3a2-beea-4193-a717-991bbb031ae0" ,
"indicator--dcb939f0-8874-48f7-bce3-b8bbad431c41" ,
"x-misp-object--63ddf759-d832-4a3d-a389-1462c56dc4cb" ,
"indicator--4af33ce3-3a10-4c2e-bcb2-67bd4626e18b" ,
"x-misp-object--c976c2d7-cfaf-48b4-bd93-827f80aa378b" ,
"indicator--f3c99c36-0463-4296-80ff-5c8407bd7d95" ,
"x-misp-object--176aed31-3194-43c2-90ce-8711f4450e5d" ,
2023-12-14 13:47:04 +00:00
"relationship--cd7cc9f7-90ab-4528-9be8-57c2c12912f6" ,
"relationship--41a94d1c-fcf8-484a-a2c5-d5c68cc90346" ,
"relationship--3a8fcb60-81f4-4436-9b3c-3ef6714d9e41" ,
"relationship--4220fc1a-2c7c-44df-8c8e-a4d0c5b8c0f1" ,
"relationship--f28c9391-1215-4e87-8311-43db12a3304d"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT"
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58453471-130c-4e59-bd91-43e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"first_observed" : "2018-01-12T09:44:34Z" ,
"last_observed" : "2018-01-12T09:44:34Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58453471-130c-4e59-bd91-43e3950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58453471-130c-4e59-bd91-43e3950d210f" ,
"value" : "http://blog.malwaremustdie.org/2015/06/mmd-0033-2015-linuxxorddos-infection_23.html"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--584534e9-6130-4419-8a7e-480e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Background\r\nThis post is an actual malware infection incident of the\"Linux/XOR.DDoS\" malware (please see previous post as reference-->[LINK]) and malware was in attempt to infect a real Linux server.\r\n\r\nIncident details:\r\n\r\nSource of attack:\r\nAn attack was coming from 107.182.141.40 with the below GeoIP details:\r\nThe attacker was compromising a Linux host via ssh password bruting to then executing a one liner shell (sh) command line and then the malware initiation commands was executed on the compromised system:"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cc-3170-42af-a962-46f0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"description" : "On port 41625" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.182.141.40']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cc-7c64-47d1-bece-41cd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"pattern" : "[domain-name:value = '44ro4.cn']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cc-55c0-45a4-845f-444f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.15.234.66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cc-09f8-4ff3-b148-4f0a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.240.140.152']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cd-8664-47ce-ac71-4edb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.240.141.54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cd-feb0-4d4d-a5df-48df950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.126.126.64']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cd-a058-4e65-950c-4b2d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.234.60.143']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cd-7c0c-447d-a65a-4a97950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"pattern" : "[domain-name:value = 'aa.hostasa.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cd-df28-43d2-b262-480c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"pattern" : "[domain-name:value = 'ns4.hostasa.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535ce-b260-4fe1-a494-4ed3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"pattern" : "[domain-name:value = 'ns3.hostasa.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535ce-d284-492d-ad13-4854950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"pattern" : "[domain-name:value = 'ns2.hostasa.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535ce-dc00-43a9-a9f0-47e0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-12-05T09:39:26.000Z" ,
"modified" : "2016-12-05T09:39:26.000Z" ,
"pattern" : "[file:name = 'a06.zip' AND file:hashes.MD5 = '3c49b5160b981f06bd5242662f8d0a54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-12-05T09:39:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535ce-062c-4524-883e-4266950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-12-05T09:39:26.000Z" ,
"modified" : "2016-12-05T09:39:26.000Z" ,
"pattern" : "[file:name = 'a07.zip' AND file:hashes.MD5 = 'bcb6b83a4e6e20ffe0ce3c750360ddf5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-12-05T09:39:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cf-641c-411a-b5e6-412f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-12-05T09:39:27.000Z" ,
"modified" : "2016-12-05T09:39:27.000Z" ,
"pattern" : "[file:name = 'a08.zip' AND file:hashes.MD5 = 'a99c10cb9713770b9e7dda376cddee3a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-12-05T09:39:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535cf-5070-4869-9b6e-43e4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-12-05T09:39:27.000Z" ,
"modified" : "2016-12-05T09:39:27.000Z" ,
"pattern" : "[file:name = 'a09.zip' AND file:hashes.MD5 = 'd1b5b4b4b5a118e384c7ff487e14ac3f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-12-05T09:39:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--584535d0-0390-464c-ac22-4afd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-12-05T09:39:28.000Z" ,
"modified" : "2016-12-05T09:39:28.000Z" ,
"pattern" : "[file:name = 'a10.zip' AND file:hashes.MD5 = '83eea5625ca2affd3e841d3b374e88eb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-12-05T09:39:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a2f1551a-ffc6-439a-8ed9-5eb83308cc80" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:37.000Z" ,
"modified" : "2018-01-12T09:44:37.000Z" ,
"pattern" : "[file:hashes.MD5 = '3c49b5160b981f06bd5242662f8d0a54' AND file:hashes.SHA1 = 'c50933e1f8a194e608049839707d8d698dd5caa5' AND file:hashes.SHA256 = 'c394440c56fdcda9739fbb966e9ac2eab9e11e2eeff0720eb4c850a05b33eefc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8c404d5c-48e0-4cb4-a64d-2b89af2399ee" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:34.000Z" ,
"modified" : "2018-01-12T09:44:34.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c394440c56fdcda9739fbb966e9ac2eab9e11e2eeff0720eb4c850a05b33eefc/analysis/1495044102/" ,
"category" : "External analysis" ,
"uuid" : "5a588382-5a9c-4f0e-8ee9-4a1e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/55" ,
"category" : "Other" ,
"uuid" : "5a588382-47d4-494f-a42c-484b02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-05-17T18:01:42" ,
"category" : "Other" ,
"uuid" : "5a588382-2fe4-4634-a2d8-4fd302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--075320ce-9dca-48cd-a4ca-085096e80a7a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:37.000Z" ,
"modified" : "2018-01-12T09:44:37.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd1b5b4b4b5a118e384c7ff487e14ac3f' AND file:hashes.SHA1 = '038b7e9406fe5cb0a0be8f95ac935923c6d83c28' AND file:hashes.SHA256 = '0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e865f3a2-beea-4193-a717-991bbb031ae0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:35.000Z" ,
"modified" : "2018-01-12T09:44:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b/analysis/1494973480/" ,
"category" : "External analysis" ,
"uuid" : "5a588383-6004-4f2d-928d-4ffd02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "39/56" ,
"category" : "Other" ,
"uuid" : "5a588383-cc48-4b4e-acfc-458302de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-05-16T22:24:40" ,
"category" : "Other" ,
"uuid" : "5a588383-f040-4fc0-8f07-47e202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dcb939f0-8874-48f7-bce3-b8bbad431c41" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:38.000Z" ,
"modified" : "2018-01-12T09:44:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '83eea5625ca2affd3e841d3b374e88eb' AND file:hashes.SHA1 = 'dca946f677a1be95fb3ef6adc950730b4736a405' AND file:hashes.SHA256 = 'fd6060b963d1b5ca7a07b5a283ad99105298a6708e44d286440a506738a17e34']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--63ddf759-d832-4a3d-a389-1462c56dc4cb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:35.000Z" ,
"modified" : "2018-01-12T09:44:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/fd6060b963d1b5ca7a07b5a283ad99105298a6708e44d286440a506738a17e34/analysis/1495062664/" ,
"category" : "External analysis" ,
"uuid" : "5a588383-b518-43b4-a9c0-461202de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/57" ,
"category" : "Other" ,
"uuid" : "5a588383-8f60-4231-a75c-45bf02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-05-17T23:11:04" ,
"category" : "Other" ,
"uuid" : "5a588383-d874-40f3-aaeb-403602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4af33ce3-3a10-4c2e-bcb2-67bd4626e18b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:38.000Z" ,
"modified" : "2018-01-12T09:44:38.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a99c10cb9713770b9e7dda376cddee3a' AND file:hashes.SHA1 = '1f1dd4d74eba8949fb1d2316c13f77b3ffa96f98' AND file:hashes.SHA256 = '92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c976c2d7-cfaf-48b4-bd93-827f80aa378b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:35.000Z" ,
"modified" : "2018-01-12T09:44:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86/analysis/1495027397/" ,
"category" : "External analysis" ,
"uuid" : "5a588383-0dc8-446d-bf84-405502de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/57" ,
"category" : "Other" ,
"uuid" : "5a588383-7a18-4f91-82a5-4c7202de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-05-17T13:23:17" ,
"category" : "Other" ,
"uuid" : "5a588383-bce4-46b2-a6eb-401f02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f3c99c36-0463-4296-80ff-5c8407bd7d95" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:38.000Z" ,
"modified" : "2018-01-12T09:44:38.000Z" ,
"pattern" : "[file:hashes.MD5 = 'bcb6b83a4e6e20ffe0ce3c750360ddf5' AND file:hashes.SHA1 = 'd88755b78834e87418aa3cb3bfee5de5c378bd2f' AND file:hashes.SHA256 = '61b0107a7a06ecbb8cc1d323967291d15450df7e8bab5d96c822a98c9399a521']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:44:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--176aed31-3194-43c2-90ce-8711f4450e5d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:44:35.000Z" ,
"modified" : "2018-01-12T09:44:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/61b0107a7a06ecbb8cc1d323967291d15450df7e8bab5d96c822a98c9399a521/analysis/1495007597/" ,
"category" : "External analysis" ,
"uuid" : "5a588383-a874-4dbe-9820-466402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/57" ,
"category" : "Other" ,
"uuid" : "5a588383-e9b0-4feb-ab0c-40d802de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-05-17T07:53:17" ,
"category" : "Other" ,
"uuid" : "5a588383-8f98-40a9-a0a8-41e502de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--cd7cc9f7-90ab-4528-9be8-57c2c12912f6" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:48:09.000Z" ,
"modified" : "2018-02-16T08:48:09.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--a2f1551a-ffc6-439a-8ed9-5eb83308cc80" ,
"target_ref" : "x-misp-object--8c404d5c-48e0-4cb4-a64d-2b89af2399ee"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--41a94d1c-fcf8-484a-a2c5-d5c68cc90346" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:48:09.000Z" ,
"modified" : "2018-02-16T08:48:09.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--075320ce-9dca-48cd-a4ca-085096e80a7a" ,
"target_ref" : "x-misp-object--e865f3a2-beea-4193-a717-991bbb031ae0"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--3a8fcb60-81f4-4436-9b3c-3ef6714d9e41" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:48:09.000Z" ,
"modified" : "2018-02-16T08:48:09.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--dcb939f0-8874-48f7-bce3-b8bbad431c41" ,
"target_ref" : "x-misp-object--63ddf759-d832-4a3d-a389-1462c56dc4cb"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--4220fc1a-2c7c-44df-8c8e-a4d0c5b8c0f1" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:48:09.000Z" ,
"modified" : "2018-02-16T08:48:09.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--4af33ce3-3a10-4c2e-bcb2-67bd4626e18b" ,
"target_ref" : "x-misp-object--c976c2d7-cfaf-48b4-bd93-827f80aa378b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--f28c9391-1215-4e87-8311-43db12a3304d" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:48:09.000Z" ,
"modified" : "2018-02-16T08:48:09.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--f3c99c36-0463-4296-80ff-5c8407bd7d95" ,
"target_ref" : "x-misp-object--176aed31-3194-43c2-90ce-8711f4450e5d"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
