2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5e6f3fa2-ed28-484c-97ad-4b9e02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-24T14:10:06.000Z" ,
"modified" : "2020-03-24T14:10:06.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5e6f3fa2-ed28-484c-97ad-4b9e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-24T14:10:06.000Z" ,
"modified" : "2020-03-24T14:10:06.000Z" ,
"name" : "OSINT - revengeRAT targeting France" ,
"published" : "2020-03-24T14:40:12Z" ,
"object_refs" : [
"indicator--5e6f3fdf-0130-43b6-a63f-491902de0b81" ,
"indicator--5e6f3fe1-9fb4-45e2-919a-491d02de0b81" ,
"indicator--5e6f3fe1-b334-46c0-8ed7-42be02de0b81" ,
"indicator--5e6f3fe1-1734-453a-8b40-47af02de0b81" ,
"indicator--5e6f4040-d600-40bf-b082-595602de0b81" ,
"observed-data--5e6f4117-d750-4136-9ee8-5ba502de0b81" ,
"file--5e6f4117-d750-4136-9ee8-5ba502de0b81" ,
"indicator--5e7a0216-a6d0-4181-ae1e-48e0950d210f" ,
"indicator--5e7a028d-8d90-47c8-bc09-4ed3950d210f" ,
"observed-data--5e7a041c-7ffc-407f-8723-4eac950d210f" ,
"url--5e7a041c-7ffc-407f-8723-4eac950d210f" ,
"observed-data--5e7a0455-3db0-4c1b-b3f1-4377950d210f" ,
"url--5e7a0455-3db0-4c1b-b3f1-4377950d210f" ,
"indicator--99971e8c-dd3a-4240-87b8-66e91484b41b" ,
"x-misp-object--0908af08-9b39-4a3f-96d8-d3418f91eb1a" ,
"x-misp-object--5e6f42ae-ec38-430a-ae63-5b7c02de0b81" ,
"indicator--5e7a01e6-6be8-4bfa-ae38-4bb8950d210f" ,
"indicator--5e7a03f5-818c-4388-934b-4b0d950d210f" ,
2023-12-14 13:47:04 +00:00
"relationship--0f8d7cf1-3c1a-4e50-8814-b5c56f1e982d" ,
"relationship--947e8cad-8b77-4f3c-9e2a-63f9e507e283" ,
"relationship--62e76dc9-116d-40f2-aeb2-2011acb93171"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:malpedia=\"Revenge RAT\"" ,
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"estimative-language:likelihood-probability=\"very-likely\"" ,
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e6f3fdf-0130-43b6-a63f-491902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-16T08:59:11.000Z" ,
"modified" : "2020-03-16T08:59:11.000Z" ,
"pattern" : "[domain-name:value = 'chezlepepertrtr.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-16T08:59:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e6f3fe1-9fb4-45e2-919a-491d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-16T08:59:13.000Z" ,
"modified" : "2020-03-16T08:59:13.000Z" ,
"pattern" : "[domain-name:value = 'chezlepertrbhyyrevbtt.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-16T08:59:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e6f3fe1-b334-46c0-8ed7-42be02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-16T08:59:13.000Z" ,
"modified" : "2020-03-16T08:59:13.000Z" ,
"pattern" : "[domain-name:value = 'chez-le-pepere.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-16T08:59:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e6f3fe1-1734-453a-8b40-47af02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-16T08:59:13.000Z" ,
"modified" : "2020-03-16T08:59:13.000Z" ,
"pattern" : "[domain-name:value = 'chez-le-pepert.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-16T08:59:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e6f4040-d600-40bf-b082-595602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-16T09:00:48.000Z" ,
"modified" : "2020-03-16T09:00:48.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'lerouteurmegoodvvvv.hopto.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-16T09:00:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e6f4117-d750-4136-9ee8-5ba502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-16T09:04:23.000Z" ,
"modified" : "2020-03-16T09:04:23.000Z" ,
"first_observed" : "2020-03-16T09:04:23Z" ,
"last_observed" : "2020-03-16T09:04:23Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5e6f4117-d750-4136-9ee8-5ba502de0b81"
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload installation\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5e6f4117-d750-4136-9ee8-5ba502de0b81" ,
"hashes" : {
"SHA-256" : "fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9"
}
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e7a0216-a6d0-4181-ae1e-48e0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-24T12:50:30.000Z" ,
"modified" : "2020-03-24T12:50:30.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '105.235.129.138']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-24T12:50:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e7a028d-8d90-47c8-bc09-4ed3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-24T12:52:29.000Z" ,
"modified" : "2020-03-24T12:52:29.000Z" ,
"pattern" : "[domain-name:value = 'froujholaqszeeddd.hopto.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-24T12:52:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e7a041c-7ffc-407f-8723-4eac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-24T12:59:08.000Z" ,
"modified" : "2020-03-24T12:59:08.000Z" ,
"first_observed" : "2020-03-24T12:59:08Z" ,
"last_observed" : "2020-03-24T12:59:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5e7a041c-7ffc-407f-8723-4eac950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5e7a041c-7ffc-407f-8723-4eac950d210f" ,
"value" : "https://any.run/report/44b6bea1d0693d6c08b3a9c10f06c58bafc4bc43460b4416c213844fe287bae8/57650ad5-408d-47cc-943a-5a3a54c62bbe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e7a0455-3db0-4c1b-b3f1-4377950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-24T13:00:05.000Z" ,
"modified" : "2020-03-24T13:00:05.000Z" ,
"first_observed" : "2020-03-24T13:00:05Z" ,
"last_observed" : "2020-03-24T13:00:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5e7a0455-3db0-4c1b-b3f1-4377950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5e7a0455-3db0-4c1b-b3f1-4377950d210f" ,
"value" : "https://www.bleepingcomputer.com/news/security/attackers-target-govt-and-financial-orgs-with-orcus-revenge-rats/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--99971e8c-dd3a-4240-87b8-66e91484b41b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-16T09:05:17.000Z" ,
"modified" : "2020-03-16T09:05:17.000Z" ,
"pattern" : "[file:hashes.MD5 = '7434cdc8b2e9b33d195a38ce795a06e5' AND file:hashes.SHA1 = '2544b6f5ed98151d36d466d2377897703c85a12e' AND file:hashes.SHA256 = 'fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-16T09:05:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0908af08-9b39-4a3f-96d8-d3418f91eb1a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-16T09:05:33.000Z" ,
"modified" : "2020-03-16T09:05:33.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-03-16T04:39:28+00:00" ,
"category" : "Other" ,
"uuid" : "00965ade-8b0b-41e7-a51e-761288895c48"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9/analysis/1584333568/" ,
"category" : "External analysis" ,
"uuid" : "1c8cd1d5-336e-4aea-8647-6f780f834623"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "16/71" ,
"category" : "Payload installation" ,
"uuid" : "8456a355-978c-4973-a375-2c79dc434f61"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5e6f42ae-ec38-430a-ae63-5b7c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-24T14:08:52.000Z" ,
"modified" : "2020-03-24T14:08:52.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "5e6f42ae-0d94-4050-80bb-5b7c02de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://twitter.com/H_Miser/status/1239455748121407490" ,
"category" : "External analysis" ,
"uuid" : "5e6f42ae-b850-4fbb-a21f-5b7c02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "state" ,
"value" : "Informative" ,
"category" : "Other" ,
"uuid" : "5e6f42ae-5124-4435-ae57-5b7c02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "username" ,
"value" : "H_Miser" ,
"category" : "Other" ,
"uuid" : "5e6f44a6-6a70-4230-9bad-700f02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e7a01e6-6be8-4bfa-ae38-4bb8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-24T14:10:06.000Z" ,
"modified" : "2020-03-24T14:10:06.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 7434 c d c 8 b 2e9 b 33 d 195 a 38 c e 795 a 0 6e5 ' A N D f i l e : h a s h e s . S H A 1 = ' 2544 b 6 f 5 e d 98151 d 36 d 466 d 2377897703 c 85 a 12 e ' A N D f i l e : h a s h e s . S H A 256 = ' f e 53 c 0 8e692 d 7 e f 6 b f d 379 f 9 f 34 d 48 b d 1 f 4 b 8 c 1 c 72 c 6 d 8 d 33 d 6e9 c a 234414 a a 9 ' A N D f i l e : n a m e = ' f e 53 c 0 8e692 d 7 e f 6 b f d 379 f 9 f 34 d 48 b d 1 f 4 b 8 c 1 c 72 c 6 d 8 d 33 d 6e9 c a 234414 a a 9 ' A N D f i l e : s i z e = ' 323072 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A D V m e F C q r / z N c 6 M C A A D u B A A g A B w A N z Q z N G N k Y z h i M m U 5 Y j M z Z D E 5 N W E z O G N l N z k 1 Y T A 2 Z T V V V A k A A + Y B e l 7 m A X p e d X g L A A E E I Q A A A A Q h A A A A 8 E M k x 5 O S v n K 16 n E M L m j d c w m A 3 P Z F / 7 G c t k N 2 k M B D N x H 9 Z 1 z I + I A U Y k m F g i 1 u O K o K E h c N f c h a n k x 0 0 9 c A K Y y k G 3 x t v r o I r Q i Y Z Y f M 6 B i 1 U Y I E 1 n D q k e 9 f 8 Y v L l F U F n O I Y H I C g g U H Z t 1 R f Z g U J g b D 6 p K Z A I v / B e + o Z 30 S + f C 1 t 493 c I X a 5 k d m 2 a X / O g H t j y I x y G B h k m 2 T U N u 4 / P l 9 t P Z Z B M b h m L s S x b b G i A j d Y 0 B q K v t t F G S d + U P f C + S b K A h m C v r G T O x i W J a 2 H o p 9 y 4 m 9 W G b I T 5 v g n W b A E L M i I M M K q f d K h z q 1 u K h M U 8 T 10 / + F Y 0 D P s S i j y 3 z X X i j b c v b E R l 97 J Q o o o D k y h 0 D u Y H p p L Z D 4 b 0 U V r 6 n N r n 7 o 0 H f 72 S 7 X W R h F G D N 0 m 9 A R d H d V h 0 z L k y f i G B Q U b 0 1 F H W a j Y d w S t O V Z / 6 R G V x u 2 U 100 G 757 J M N x N W Q M 7 q 2 + G e X X T Y T v o z d G o P A U o c G 0 S L v j z N g G J 2 + O U / V + x m r i X h t A + j w 3 W U G M 5 I W C p g H X + 1 C / 5 w I s Z W 7 / B 0 0 s D R F I h 3 Q z G o z S U v X 4 a d m i q c 31 x 9 / c g b A Y R j w f 1 D d G A S T C w z i 5 U r W 4 P S 3 d 8 w e f H 7 V R h f J U 5 S N N X O E u h i v 6 p 1e5 v x f v f + 5 F F 9 z k r A E K E R P B M K B + t Q 4 i o E F P 4 E N O 1 O e h A 5 b S f v o K X d T Q Q E D H q n z + 7 k / B X 9 j U + q i / Q z 7 z 0 K u L G F j n L X M K N L r m n h h L v E i w M d Y a J c j Q / Y Y V v S 0 X + u b 0 d 2 P 1 i v 7 h T h g 4 Y M i u 7 c k a c x K s j H f F U 5 V 2 B 51 y 2 k w Z x a I l j j m + U 42 N 4 u s o / 7 B f G r 3 t 9 A z 9 h v + 8 d x V g Y v / 4 C j 42 H Z N C z f f C A T 8 w d w 552 k 6 S S p A B V e a w Z R 3 x w k a C l k Q h u n f Y T N a d v U E + L z r R r r U L p t W S Y l W i q b e Z V q h / 9 E g c W n T 6 U s Q r x 30 K I v G 4 j h 2 D h H J u Q S u O Z i o W Q B j 1 d + j + a Q Q + 2 U G P l J f P L r K o f b a 7 j 64 j P f 4 k f l n o c u 8 I Z 0 s e Q 55 D / f k //+Hhb+NJrimJAo6EETKbixLZuuV3gQh6YcUu/hPqxvtDA8E8uNA1kAC7mG/Df/7Xq+BlseDIxBxB+PmeHV6mMUa3NtdlyZMNXDrjRwhPB/XO2CTmQfQLMTYk/njt3Rj2/9Vg9N/tq94MiTNGHAofJmtMSFcme/BxYp7sFMChU9ArjY2nKU194bePm1qXj2S6e4YBR+lNLCxFwvJdfa+TiHXOc2lVrLpaK9fRJZRQFqSs+WyfHo42D6ub42UjaR3VFRxSmdIg1six/6ENmmPEiKokupjLpEwZ2xFLtHL6ai4sZ4fe9pmIWghQvwXRmGS5u1lquYspA6NW++VeKpSBNpq+RmCIDtyQVziO3Bd3slaCUKEXEzblCt+Qb7oiVQVdmJe2Vn9tBgLQ370gc2u0l/nB37s/O/kWY8Lx3POZDzfjzjeGpECthwPZ8w46RxFkt/AfDNLiwb8GyOtjo1DT78vx2OxbpAqD1QKd0ecCUKmKwvAXYQcSq7rL8rjFhHHeso4E8JEX65oiSAgp3GCH79ovuniYJnskDyd3+MEBBlXvQfJn+X2OyD8hDJQYWrns6U3WdFxNftSuru2xU9uSjX7GUIqPkQfG3WOEKHDmRsV6KqPofa5AiTGCn+8IP5H17FXFhdM5YH25yYDVvjz4mFun7QbZfLroht9mKCsO9B7vX5XTCNayNr0TPEYmopICCt5DOwoJKOprnsBsPAK9fSX+Ywq1Yxgcl3EySaOTxyUI/owVv5UmMsINSgxz7R7xgoy6cQR6ZA3je9KesxLPI+tIwt4xeKxb97Wb9wgo3FLgPE3moEiYue+ahreW2Kbddic7sJUTm5HNHvBPrrZEE4ekn+VZqmfQcoHTO5U2BIAuTE2ipNCoediU9S5LQa6W9ly5sfmkH59HgprpvP5hxH1QwGLZmHo1aSNykcBIFsX0kHHw6xlPrJEsDaGTaaVMDVpjQ485bVzqPTiWShAE617xIQEu6BeY8q9r/N/ur65kNj1K28OE3B6NhIycjicgHY2lJEKhBNsutd3eMg9XHXuBO/FjoqixdYnfOmR6QSCUJlXP0qyOPX6Wy+xfpezHEoKHFCZs61fbOvFlcKdkGcJjD+L0sx+UVFvdpp9t3CBSKoSVH88ld5dhhJO7HKC0HX5LIa1U8HAwyMJjlZ1P+6UgkoTEsxazw2je6cwNqGHZfhx2/9jdo6AgqlEMfT8P4U+ZJuVPUgUyHnPp4yBlzPKQnydsX/3FMne6xxg0yvDdDNQAeuEI0+3Rx+caDd4eBzYrwSmbOI2qyEjlPhRMPL+mLtxfWuIO177sSN3NmYBIzdBdte0gIn5O0hLsLnMi5Tj0cK6+qjne82bNAuQwhEYH0XNhoPjEedcll9ZnXr+X/WTpPppKr72n3NFPvOU5RTUmAF96eZjiJgdcyP/P/Ypye0WqgKx8lkmK+9MW9huHj1f2/MeTfvXK0y1Rowu1I4KiadqzHx0dul0fVw24jRg0WtlP1w+JoEeFJiP5xYVskgbfOSSGtu4Bz4FtHF1DQqTOs4l4qMl6QA1f3hR6LBtTQGnfTtCaLEPBQprOAyF4sWMgWxp/L3qZwcFYDvAochz5Jq7TVgXyV/cnbRTnlXxUeAzvxiJyccq15kkVVWdE4+WIpCtJB/Lm6ug/MBJSO4AFEsJ6U5d/Gbcspz8C9f9xC9V/7pcGAKmtUCkWWshoAhFNiJYErTwhv/EpvF8+siWKut1lsBqAHh7CrOQO+0qhofq0rDk0ezKxfzsHEd+OQe1TrroQ6xbhj7tOVlY7uAxzIhyL7VN2xJctJFlu9M/qUN7JthIggcU0TILTMQ7aIKIFrDZmuW5TNScVY5pmSoHxCSwzklzE/4yKh8XaRqj4qHPtH8MWs6HMoFMW0TqFhCJydC17Enxzy05Wf19VZhyFqxpSNsFSeHpT6/oRT7AYYl2YtnrUMH4FuKUNXa+7y11bJb/j8dpWqYKJINaxTV4gAVFuTSYXikZEYdbWCM9ZCaEqE8zQEM6/vMkVIUruyfw1V95alSqWmyboieW17Tva4sjAmJVz2/PZUslF1/wu52mmihIteWvbyQ3YEaOpU4txbqKSP6gIXPbcdEVncN1thI8xQsSzgpN/PAgOrEwrXz7SjXWySBhCAsp419HPBEvkvrByXZwsR2uY73XPyMc2bYOLCItspyFL0HAGXRpIKu7gJnocVzKI06Jn5BKapSdEJyHw1My9KN28DV6LkpLLUMIA+4bNsgfA1nIzfXK3YOBg9DgZOq12C65/9k4gfTek0mKlZubOTRNbZptlaq108W5fGX6zoJ7doLokN3yBBR9Uh7nFYoyEpySLt8SY69QpFg+WXkIm7J0vpn1h0OLKtIDZtI0vPIcjdTlOflEZ1hiNo+vLT17OsP9ldknaNtT9E8zNWx5dqiXuzN8WtBXN6VNyCS9O+wUtygoY/9LDvb9p2SmmMyXn8zEIxqqv/sk3Wo1WzlMu93fXkbAdtf5Cbbyaimepyci2Phlo8Q98j80vONAdpTqZWVR17D1ZauSlbdVpqbzb5JHo6I78xy4V2cbfVvF0g8n0cyHkuCFLVdiqAeXu9yrHOosaW+W/6UiNxmZpc5X
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-24T14:10:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e7a03f5-818c-4388-934b-4b0d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-03-24T12:58:28.000Z" ,
"modified" : "2020-03-24T12:58:28.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'lerouteurmegoodvvvv.hopto.org') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'froujholaqszeeddd.hopto.org') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'homodwanouli.publicvm.com') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'hamodinougadoo.zapto.org') AND network-traffic:dst_port = '1919']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-24T12:58:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--0f8d7cf1-3c1a-4e50-8814-b5c56f1e982d" ,
2023-06-14 17:31:25 +00:00
"created" : "2020-03-16T09:05:33.000Z" ,
"modified" : "2020-03-16T09:05:33.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--99971e8c-dd3a-4240-87b8-66e91484b41b" ,
"target_ref" : "x-misp-object--0908af08-9b39-4a3f-96d8-d3418f91eb1a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--947e8cad-8b77-4f3c-9e2a-63f9e507e283" ,
2023-06-14 17:31:25 +00:00
"created" : "2020-03-24T14:08:52.000Z" ,
"modified" : "2020-03-24T14:08:52.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "references" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "x-misp-object--5e6f42ae-ec38-430a-ae63-5b7c02de0b81" ,
"target_ref" : "indicator--99971e8c-dd3a-4240-87b8-66e91484b41b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--62e76dc9-116d-40f2-aeb2-2011acb93171" ,
2023-06-14 17:31:25 +00:00
"created" : "2020-03-24T14:10:06.000Z" ,
"modified" : "2020-03-24T14:10:06.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connects-to" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5e7a01e6-6be8-4bfa-ae38-4bb8950d210f" ,
"target_ref" : "indicator--5e7a03f5-818c-4388-934b-4b0d950d210f"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}