misp-circl-feed/feeds/circl/misp/5e6f3fa2-ed28-484c-97ad-4b9e02de0b81.json

489 lines
247 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5e6f3fa2-ed28-484c-97ad-4b9e02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-24T14:10:06.000Z",
"modified": "2020-03-24T14:10:06.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5e6f3fa2-ed28-484c-97ad-4b9e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-24T14:10:06.000Z",
"modified": "2020-03-24T14:10:06.000Z",
"name": "OSINT - revengeRAT targeting France",
"published": "2020-03-24T14:40:12Z",
"object_refs": [
"indicator--5e6f3fdf-0130-43b6-a63f-491902de0b81",
"indicator--5e6f3fe1-9fb4-45e2-919a-491d02de0b81",
"indicator--5e6f3fe1-b334-46c0-8ed7-42be02de0b81",
"indicator--5e6f3fe1-1734-453a-8b40-47af02de0b81",
"indicator--5e6f4040-d600-40bf-b082-595602de0b81",
"observed-data--5e6f4117-d750-4136-9ee8-5ba502de0b81",
"file--5e6f4117-d750-4136-9ee8-5ba502de0b81",
"indicator--5e7a0216-a6d0-4181-ae1e-48e0950d210f",
"indicator--5e7a028d-8d90-47c8-bc09-4ed3950d210f",
"observed-data--5e7a041c-7ffc-407f-8723-4eac950d210f",
"url--5e7a041c-7ffc-407f-8723-4eac950d210f",
"observed-data--5e7a0455-3db0-4c1b-b3f1-4377950d210f",
"url--5e7a0455-3db0-4c1b-b3f1-4377950d210f",
"indicator--99971e8c-dd3a-4240-87b8-66e91484b41b",
"x-misp-object--0908af08-9b39-4a3f-96d8-d3418f91eb1a",
"x-misp-object--5e6f42ae-ec38-430a-ae63-5b7c02de0b81",
"indicator--5e7a01e6-6be8-4bfa-ae38-4bb8950d210f",
"indicator--5e7a03f5-818c-4388-934b-4b0d950d210f",
2023-12-14 13:47:04 +00:00
"relationship--0f8d7cf1-3c1a-4e50-8814-b5c56f1e982d",
"relationship--947e8cad-8b77-4f3c-9e2a-63f9e507e283",
"relationship--62e76dc9-116d-40f2-aeb2-2011acb93171"
2023-06-14 17:31:25 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:malpedia=\"Revenge RAT\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"estimative-language:likelihood-probability=\"very-likely\"",
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e6f3fdf-0130-43b6-a63f-491902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-16T08:59:11.000Z",
"modified": "2020-03-16T08:59:11.000Z",
"pattern": "[domain-name:value = 'chezlepepertrtr.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-16T08:59:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e6f3fe1-9fb4-45e2-919a-491d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-16T08:59:13.000Z",
"modified": "2020-03-16T08:59:13.000Z",
"pattern": "[domain-name:value = 'chezlepertrbhyyrevbtt.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-16T08:59:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e6f3fe1-b334-46c0-8ed7-42be02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-16T08:59:13.000Z",
"modified": "2020-03-16T08:59:13.000Z",
"pattern": "[domain-name:value = 'chez-le-pepere.club']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-16T08:59:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e6f3fe1-1734-453a-8b40-47af02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-16T08:59:13.000Z",
"modified": "2020-03-16T08:59:13.000Z",
"pattern": "[domain-name:value = 'chez-le-pepert.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-16T08:59:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e6f4040-d600-40bf-b082-595602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-16T09:00:48.000Z",
"modified": "2020-03-16T09:00:48.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'lerouteurmegoodvvvv.hopto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-16T09:00:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e6f4117-d750-4136-9ee8-5ba502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-16T09:04:23.000Z",
"modified": "2020-03-16T09:04:23.000Z",
"first_observed": "2020-03-16T09:04:23Z",
"last_observed": "2020-03-16T09:04:23Z",
"number_observed": 1,
"object_refs": [
"file--5e6f4117-d750-4136-9ee8-5ba502de0b81"
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5e6f4117-d750-4136-9ee8-5ba502de0b81",
"hashes": {
"SHA-256": "fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9"
}
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e7a0216-a6d0-4181-ae1e-48e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-24T12:50:30.000Z",
"modified": "2020-03-24T12:50:30.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '105.235.129.138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-24T12:50:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e7a028d-8d90-47c8-bc09-4ed3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-24T12:52:29.000Z",
"modified": "2020-03-24T12:52:29.000Z",
"pattern": "[domain-name:value = 'froujholaqszeeddd.hopto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-24T12:52:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e7a041c-7ffc-407f-8723-4eac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-24T12:59:08.000Z",
"modified": "2020-03-24T12:59:08.000Z",
"first_observed": "2020-03-24T12:59:08Z",
"last_observed": "2020-03-24T12:59:08Z",
"number_observed": 1,
"object_refs": [
"url--5e7a041c-7ffc-407f-8723-4eac950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e7a041c-7ffc-407f-8723-4eac950d210f",
"value": "https://any.run/report/44b6bea1d0693d6c08b3a9c10f06c58bafc4bc43460b4416c213844fe287bae8/57650ad5-408d-47cc-943a-5a3a54c62bbe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e7a0455-3db0-4c1b-b3f1-4377950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-24T13:00:05.000Z",
"modified": "2020-03-24T13:00:05.000Z",
"first_observed": "2020-03-24T13:00:05Z",
"last_observed": "2020-03-24T13:00:05Z",
"number_observed": 1,
"object_refs": [
"url--5e7a0455-3db0-4c1b-b3f1-4377950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e7a0455-3db0-4c1b-b3f1-4377950d210f",
"value": "https://www.bleepingcomputer.com/news/security/attackers-target-govt-and-financial-orgs-with-orcus-revenge-rats/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--99971e8c-dd3a-4240-87b8-66e91484b41b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-16T09:05:17.000Z",
"modified": "2020-03-16T09:05:17.000Z",
"pattern": "[file:hashes.MD5 = '7434cdc8b2e9b33d195a38ce795a06e5' AND file:hashes.SHA1 = '2544b6f5ed98151d36d466d2377897703c85a12e' AND file:hashes.SHA256 = 'fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-16T09:05:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0908af08-9b39-4a3f-96d8-d3418f91eb1a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-16T09:05:33.000Z",
"modified": "2020-03-16T09:05:33.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-03-16T04:39:28+00:00",
"category": "Other",
"uuid": "00965ade-8b0b-41e7-a51e-761288895c48"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9/analysis/1584333568/",
"category": "External analysis",
"uuid": "1c8cd1d5-336e-4aea-8647-6f780f834623"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "16/71",
"category": "Payload installation",
"uuid": "8456a355-978c-4973-a375-2c79dc434f61"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5e6f42ae-ec38-430a-ae63-5b7c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-24T14:08:52.000Z",
"modified": "2020-03-24T14:08:52.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5e6f42ae-0d94-4050-80bb-5b7c02de0b81"
},
{
"type": "link",
"object_relation": "link",
"value": "https://twitter.com/H_Miser/status/1239455748121407490",
"category": "External analysis",
"uuid": "5e6f42ae-b850-4fbb-a21f-5b7c02de0b81"
},
{
"type": "text",
"object_relation": "state",
"value": "Informative",
"category": "Other",
"uuid": "5e6f42ae-5124-4435-ae57-5b7c02de0b81"
},
{
"type": "text",
"object_relation": "username",
"value": "H_Miser",
"category": "Other",
"uuid": "5e6f44a6-6a70-4230-9bad-700f02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e7a01e6-6be8-4bfa-ae38-4bb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-24T14:10:06.000Z",
"modified": "2020-03-24T14:10:06.000Z",
"pattern": "[file:hashes.MD5 = '7434cdc8b2e9b33d195a38ce795a06e5' AND file:hashes.SHA1 = '2544b6f5ed98151d36d466d2377897703c85a12e' AND file:hashes.SHA256 = 'fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9' AND file:name = 'fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9' AND file:size = '323072' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIADVmeFCqr/zNc6MCAADuBAAgABwANzQzNGNkYzhiMmU5YjMzZDE5NWEzOGNlNzk1YTA2ZTVVVAkAA+YBel7mAXpedXgLAAEEIQAAAAQhAAAA8EMkx5OSvnK16nEMLmjdcwmA3PZF/7GctkN2kMBDNxH9Z1zI+IAUYkmFgi1uOKoKEhcNfchankx009cAKYykG3xtvroIrQiYZYfM6Bi1UYIE1nDqke9f8YvLlFUFnOIYHICggUHZt1RfZgUJgbD6pKZAIv/Be+oZ30S+fC1t493cIXa5kdm2aX/OgHtjyIxyGBhkm2TUNu4/Pl9tPZZBMbhmLsSxbbGiAjdY0BqKvttFGSd+UPfC+SbKAhmCvrGTOxiWJa2Hop9y4m9WGbIT5vgnWbAELMiIMMKqfdKhzq1uKhMU8T10/+FY0DPsSijy3zXXijbcvbERl97JQoooDkyh0DuYHppLZD4b0UVr6nNrn7o0Hf72S7XWRhFGDN0m9ARdHdVh0zLkyfiGBQUb01FHWajYdwStOVZ/6RGVxu2U100G757JMNxNWQM7q2+GeXXTYTvozdGoPAUocG0SLvjzNgGJ2+OU/V+xmriXhtA+jw3WUGM5IWCpgHX+1C/5wIsZW7/B00sDRFIh3QzGozSUvX4admiqc31x9/cgbAYRjwf1DdGASTCwzi5UrW4PS3d8wefH7VRhfJU5SNNXOEuhiv6p1e5vxfvf+5FF9zkrAEKERPBMKB+tQ4ioEFP4ENO1OehA5bSfvoKXdTQQEDHqnz+7k/BX9jU+qi/Qz7z0KuLGFjnLXMKNLrmnhhLvEiwMdYaJcjQ/YYVvS0X+ub0d2P1iv7hThg4YMiu7ckacxKsjHfFU5V2B51y2kwZxaIljjm+U42N4uso/7BfGr3t9Az9hv+8dxVgYv/4Cj42HZNCzffCAT8wdw552k6SSpABVeawZR3xwkaClkQhunfYTNadvUE+LzrRrrULptWSYlWiqbeZVqh/9EgcWnT6UsQrx30KIvG4jh2DhHJuQSuOZioWQBj1d+j+aQQ+2UGPlJfPLrKofba7j64jPf4kflnocu8IZ0seQ55D/fk//+Hhb+NJrimJAo6EETKbixLZuuV3gQh6YcUu/hPqxvtDA8E8uNA1kAC7mG/Df/7Xq+BlseDIxBxB+PmeHV6mMUa3NtdlyZMNXDrjRwhPB/XO2CTmQfQLMTYk/njt3Rj2/9Vg9N/tq94MiTNGHAofJmtMSFcme/BxYp7sFMChU9ArjY2nKU194bePm1qXj2S6e4YBR+lNLCxFwvJdfa+TiHXOc2lVrLpaK9fRJZRQFqSs+WyfHo42D6ub42UjaR3VFRxSmdIg1six/6ENmmPEiKokupjLpEwZ2xFLtHL6ai4sZ4fe9pmIWghQvwXRmGS5u1lquYspA6NW++VeKpSBNpq+RmCIDtyQVziO3Bd3slaCUKEXEzblCt+Qb7oiVQVdmJe2Vn9tBgLQ370gc2u0l/nB37s/O/kWY8Lx3POZDzfjzjeGpECthwPZ8w46RxFkt/AfDNLiwb8GyOtjo1DT78vx2OxbpAqD1QKd0ecCUKmKwvAXYQcSq7rL8rjFhHHeso4E8JEX65oiSAgp3GCH79ovuniYJnskDyd3+MEBBlXvQfJn+X2OyD8hDJQYWrns6U3WdFxNftSuru2xU9uSjX7GUIqPkQfG3WOEKHDmRsV6KqPofa5AiTGCn+8IP5H17FXFhdM5YH25yYDVvjz4mFun7QbZfLroht9mKCsO9B7vX5XTCNayNr0TPEYmopICCt5DOwoJKOprnsBsPAK9fSX+Ywq1Yxgcl3EySaOTxyUI/owVv5UmMsINSgxz7R7xgoy6cQR6ZA3je9KesxLPI+tIwt4xeKxb97Wb9wgo3FLgPE3moEiYue+ahreW2Kbddic7sJUTm5HNHvBPrrZEE4ekn+VZqmfQcoHTO5U2BIAuTE2ipNCoediU9S5LQa6W9ly5sfmkH59HgprpvP5hxH1QwGLZmHo1aSNykcBIFsX0kHHw6xlPrJEsDaGTaaVMDVpjQ485bVzqPTiWShAE617xIQEu6BeY8q9r/N/ur65kNj1K28OE3B6NhIycjicgHY2lJEKhBNsutd3eMg9XHXuBO/FjoqixdYnfOmR6QSCUJlXP0qyOPX6Wy+xfpezHEoKHFCZs61fbOvFlcKdkGcJjD+L0sx+UVFvdpp9t3CBSKoSVH88ld5dhhJO7HKC0HX5LIa1U8HAwyMJjlZ1P+6UgkoTEsxazw2je6cwNqGHZfhx2/9jdo6AgqlEMfT8P4U+ZJuVPUgUyHnPp4yBlzPKQnydsX/3FMne6xxg0yvDdDNQAeuEI0+3Rx+caDd4eBzYrwSmbOI2qyEjlPhRMPL+mLtxfWuIO177sSN3NmYBIzdBdte0gIn5O0hLsLnMi5Tj0cK6+qjne82bNAuQwhEYH0XNhoPjEedcll9ZnXr+X/WTpPppKr72n3NFPvOU5RTUmAF96eZjiJgdcyP/P/Ypye0WqgKx8lkmK+9MW9huHj1f2/MeTfvXK0y1Rowu1I4KiadqzHx0dul0fVw24jRg0WtlP1w+JoEeFJiP5xYVskgbfOSSGtu4Bz4FtHF1DQqTOs4l4qMl6QA1f3hR6LBtTQGnfTtCaLEPBQprOAyF4sWMgWxp/L3qZwcFYDvAochz5Jq7TVgXyV/cnbRTnlXxUeAzvxiJyccq15kkVVWdE4+WIpCtJB/Lm6ug/MBJSO4AFEsJ6U5d/Gbcspz8C9f9xC9V/7pcGAKmtUCkWWshoAhFNiJYErTwhv/EpvF8+siWKut1lsBqAHh7CrOQO+0qhofq0rDk0ezKxfzsHEd+OQe1TrroQ6xbhj7tOVlY7uAxzIhyL7VN2xJctJFlu9M/qUN7JthIggcU0TILTMQ7aIKIFrDZmuW5TNScVY5pmSoHxCSwzklzE/4yKh8XaRqj4qHPtH8MWs6HMoFMW0TqFhCJydC17Enxzy05Wf19VZhyFqxpSNsFSeHpT6/oRT7AYYl2YtnrUMH4FuKUNXa+7y11bJb/j8dpWqYKJINaxTV4gAVFuTSYXikZEYdbWCM9ZCaEqE8zQEM6/vMkVIUruyfw1V95alSqWmyboieW17Tva4sjAmJVz2/PZUslF1/wu52mmihIteWvbyQ3YEaOpU4txbqKSP6gIXPbcdEVncN1thI8xQsSzgpN/PAgOrEwrXz7SjXWySBhCAsp419HPBEvkvrByXZwsR2uY73XPyMc2bYOLCItspyFL0HAGXRpIKu7gJnocVzKI06Jn5BKapSdEJyHw1My9KN28DV6LkpLLUMIA+4bNsgfA1nIzfXK3YOBg9DgZOq12C65/9k4gfTek0mKlZubOTRNbZptlaq108W5fGX6zoJ7doLokN3yBBR9Uh7nFYoyEpySLt8SY69QpFg+WXkIm7J0vpn1h0OLKtIDZtI0vPIcjdTlOflEZ1hiNo+vLT17OsP9ldknaNtT9E8zNWx5dqiXuzN8WtBXN6VNyCS9O+wUtygoY/9LDvb9p2SmmMyXn8zEIxqqv/sk3Wo1WzlMu93fXkbAdtf5Cbbyaimepyci2Phlo8Q98j80vONAdpTqZWVR17D1ZauSlbdVpqbzb5JHo6I78xy4V2cbfVvF0g8n0cyHkuCFLVdiqAeXu9yrHOosaW+W/6UiNxmZpc5X
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-24T14:10:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e7a03f5-818c-4388-934b-4b0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-03-24T12:58:28.000Z",
"modified": "2020-03-24T12:58:28.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'lerouteurmegoodvvvv.hopto.org') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'froujholaqszeeddd.hopto.org') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'homodwanouli.publicvm.com') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'hamodinougadoo.zapto.org') AND network-traffic:dst_port = '1919']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-24T12:58:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--0f8d7cf1-3c1a-4e50-8814-b5c56f1e982d",
2023-06-14 17:31:25 +00:00
"created": "2020-03-16T09:05:33.000Z",
"modified": "2020-03-16T09:05:33.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--99971e8c-dd3a-4240-87b8-66e91484b41b",
"target_ref": "x-misp-object--0908af08-9b39-4a3f-96d8-d3418f91eb1a"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--947e8cad-8b77-4f3c-9e2a-63f9e507e283",
2023-06-14 17:31:25 +00:00
"created": "2020-03-24T14:08:52.000Z",
"modified": "2020-03-24T14:08:52.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "references",
2023-06-14 17:31:25 +00:00
"source_ref": "x-misp-object--5e6f42ae-ec38-430a-ae63-5b7c02de0b81",
"target_ref": "indicator--99971e8c-dd3a-4240-87b8-66e91484b41b"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--62e76dc9-116d-40f2-aeb2-2011acb93171",
2023-06-14 17:31:25 +00:00
"created": "2020-03-24T14:10:06.000Z",
"modified": "2020-03-24T14:10:06.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "connects-to",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--5e7a01e6-6be8-4bfa-ae38-4bb8950d210f",
"target_ref": "indicator--5e7a03f5-818c-4388-934b-4b0d950d210f"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}