2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5eddeee6-22ec-419b-8634-429602de0b81",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:59:41.000Z",
|
|
|
|
"modified": "2020-06-08T07:59:41.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5eddeee6-22ec-419b-8634-429602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:59:41.000Z",
|
|
|
|
"modified": "2020-06-08T07:59:41.000Z",
|
|
|
|
"name": "OSINT - TA505 IoC - 2020-06-06",
|
|
|
|
"published": "2020-06-08T08:00:12Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5eddef05-7d64-4882-a6da-4ec9e387cbd9",
|
|
|
|
"indicator--5eddef05-a724-4102-b43f-4bade387cbd9",
|
|
|
|
"indicator--5eddef05-fa94-4b07-88f4-4bb2e387cbd9",
|
|
|
|
"indicator--5eddef05-d594-4069-a104-4ca4e387cbd9",
|
|
|
|
"indicator--5eddef05-f810-4a19-b4e2-4600e387cbd9",
|
|
|
|
"indicator--5eddef05-7ac4-48d6-b5c7-47efe387cbd9",
|
|
|
|
"indicator--5eddef05-09fc-4f16-ba36-4ee4e387cbd9",
|
|
|
|
"indicator--5eddef06-8da0-4c5b-a82d-40d3e387cbd9",
|
|
|
|
"indicator--5eddef06-9910-47b5-a9f0-43b3e387cbd9",
|
|
|
|
"indicator--5eddef06-8c48-4fc7-a3d3-450ce387cbd9",
|
|
|
|
"indicator--5eddef06-3930-4074-81ff-4306e387cbd9",
|
|
|
|
"indicator--5eddef06-e588-4634-a9bb-42d7e387cbd9",
|
|
|
|
"indicator--5eddef06-d5dc-4336-b683-403de387cbd9",
|
|
|
|
"indicator--5eddef06-6d88-4106-b238-412be387cbd9",
|
|
|
|
"indicator--5eddef06-3158-4a24-8839-41d5e387cbd9",
|
|
|
|
"indicator--5eddef06-fc9c-4ee3-945c-42a3e387cbd9",
|
|
|
|
"indicator--5eddef07-0af4-47d1-92b8-417ce387cbd9",
|
|
|
|
"indicator--5eddef07-ae90-478a-a1fe-4107e387cbd9",
|
|
|
|
"indicator--5eddef07-5ef8-42ee-872b-49b1e387cbd9",
|
|
|
|
"indicator--5eddef07-dff8-43b1-8e0d-4c3ce387cbd9",
|
|
|
|
"indicator--5eddef07-07c8-4e4b-8c1f-433be387cbd9",
|
|
|
|
"indicator--5eddef07-26f0-49d5-b067-46e5e387cbd9",
|
|
|
|
"indicator--5eddef08-7018-4d8f-b2ee-41eae387cbd9",
|
|
|
|
"indicator--5eddef08-c1b4-432b-abee-4e8de387cbd9",
|
|
|
|
"observed-data--5eddef19-98fc-41ba-8c4a-472a02de0b81",
|
|
|
|
"url--5eddef19-98fc-41ba-8c4a-472a02de0b81",
|
|
|
|
"indicator--5eddefd8-45c0-44f9-ada9-466802de0b81",
|
|
|
|
"observed-data--5eddefec-d324-49f1-9b9d-4af302de0b81",
|
|
|
|
"network-traffic--5eddefec-d324-49f1-9b9d-4af302de0b81",
|
|
|
|
"ipv4-addr--5eddefec-d324-49f1-9b9d-4af302de0b81",
|
|
|
|
"indicator--dee9331f-94e5-4b35-a3c8-c7f101c355ea",
|
|
|
|
"x-misp-object--6ce562e6-9c27-4a76-8849-b8eb1aa8f3f8",
|
|
|
|
"indicator--1fe2e4e7-fb84-4231-a075-bf404e6d7a17",
|
|
|
|
"x-misp-object--65ff6606-102a-44c9-b8cc-5d8fb120c488",
|
|
|
|
"indicator--2ea7eb0c-30dc-4563-988e-90411d1b2a9b",
|
|
|
|
"x-misp-object--0f66e100-c09c-4169-9721-dea1e1b88985",
|
|
|
|
"indicator--54543b80-50d7-43ec-8397-a10ac8511d08",
|
|
|
|
"x-misp-object--0ce483d5-1756-4a8e-bcd4-a82ee44c7a9e",
|
|
|
|
"indicator--6dc37399-d3d3-464f-a2c1-8ee320d37e6a",
|
|
|
|
"x-misp-object--9e193b62-9c44-4e8b-9c97-9f408bfb6f0c",
|
|
|
|
"indicator--862a3bc0-848b-45a2-ac9b-3e3e4e3b912b",
|
|
|
|
"x-misp-object--ab56250c-f14d-4617-b00e-139aa46f76f0",
|
|
|
|
"indicator--add66139-1066-43d1-9c3e-e3f604aee8ef",
|
|
|
|
"x-misp-object--8531a9ba-484d-4a6b-acfe-908c8345e3ae",
|
|
|
|
"indicator--13abf8d1-76f3-49cb-8f2f-60b0e36b15bb",
|
|
|
|
"x-misp-object--44854537-aa4d-4f5e-8787-ddd17e735df1",
|
|
|
|
"indicator--1c14d80d-eef5-4b0f-a9b7-c182f7f5efe7",
|
|
|
|
"x-misp-object--d0c82af9-405c-4ee4-a72f-564fb3a00f0b",
|
|
|
|
"indicator--491b64b2-a655-439b-9349-b7918038440c",
|
|
|
|
"x-misp-object--c22bad23-ed8b-4d83-b725-3519dcee10e9",
|
|
|
|
"indicator--9805faa4-9533-433c-a902-6ab3d94b0c61",
|
|
|
|
"x-misp-object--7492e92b-1b44-4581-992f-1f8aae6a883c",
|
|
|
|
"indicator--17527ddf-7bda-4305-9dc1-9a1d6014333c",
|
|
|
|
"x-misp-object--b704d83d-20ec-4a74-ade0-6cb55496a9eb",
|
|
|
|
"indicator--845d1e34-80da-4996-a2c2-53ab6156afeb",
|
|
|
|
"x-misp-object--121e7969-0ade-4d2b-aa20-065e70cad490",
|
|
|
|
"indicator--503b0035-f2c9-4c2e-a76c-99abe658009e",
|
|
|
|
"x-misp-object--82718f7a-fb06-4364-8feb-aff1934fda91",
|
|
|
|
"indicator--f28eb254-2198-44f2-a79b-472d19d978d8",
|
|
|
|
"x-misp-object--3a4c2108-0a5f-4836-9f0d-bb44c228d818",
|
|
|
|
"indicator--0b36973b-ccff-4649-ad19-058d5fd6c82d",
|
|
|
|
"x-misp-object--dbff2910-5abc-4777-a810-a30526aa06d1",
|
|
|
|
"indicator--f25ad18e-4427-4664-b4f4-7420739f3b01",
|
|
|
|
"x-misp-object--a1a0d38e-fbd0-4fbd-9d72-8acb71be2318",
|
|
|
|
"indicator--ff74d4fc-812b-4a6b-b37d-a1970f81236a",
|
|
|
|
"x-misp-object--c4497b36-95d2-4c4c-aea5-8f5e21f9b9a9",
|
|
|
|
"indicator--5c6d098d-9a42-456a-8a8c-3d26c85f6153",
|
|
|
|
"x-misp-object--43c17ad3-51df-44b1-9716-ebeed4fdca80",
|
|
|
|
"indicator--7926acdf-7590-476e-8b14-8ecd14feb445",
|
|
|
|
"x-misp-object--0ec19e42-4e5a-4ca6-886d-dbb5ba8cc309",
|
|
|
|
"indicator--24536190-0343-4ec2-9728-1ff56f1a2c9d",
|
|
|
|
"x-misp-object--1c780620-104e-4a42-ac75-837f0b290646",
|
|
|
|
"indicator--13e37bd1-ffe5-47a1-aa0b-132a24d9f2a2",
|
|
|
|
"x-misp-object--41242f7f-0530-439c-9a3b-619ebf227d4b",
|
|
|
|
"indicator--4da1b519-23b0-402a-8b34-d437762fad79",
|
|
|
|
"x-misp-object--13c32f52-9300-41ee-a3a5-737aadb8b84c",
|
|
|
|
"indicator--98449839-4254-41f0-ba02-1a917d2d76d0",
|
|
|
|
"x-misp-object--f872ca96-df69-4655-8c09-8dd8cc8e0af8",
|
2023-12-14 13:47:04 +00:00
|
|
|
"relationship--3035ca6e-aae5-48f2-8333-372a899abc51",
|
|
|
|
"relationship--7eb8732c-4fc1-4ba6-ae6b-47b7ad28a484",
|
|
|
|
"relationship--d9def7aa-f950-4c89-9bd3-79d8015b027d",
|
|
|
|
"relationship--ed53e3df-f0c9-417c-b6f2-4a63cbea4a68",
|
|
|
|
"relationship--9296bd1e-a82a-4ee3-aa37-1dba0331c38e",
|
|
|
|
"relationship--2bf29498-3b02-414a-a4e5-f9aff11c9542",
|
|
|
|
"relationship--21834f27-e5e2-4540-9739-35c681dc20dc",
|
|
|
|
"relationship--0437dc16-18ee-42ea-9150-3be189400998",
|
|
|
|
"relationship--25cad9e5-2a07-4751-b40a-a1d58547e6ac",
|
|
|
|
"relationship--e703743c-b360-4329-9743-3d71319655e1",
|
|
|
|
"relationship--3f7bf94c-20c5-4ef2-ae7e-4a2ad719b01b",
|
|
|
|
"relationship--406534a0-6d6b-4880-bc04-804e1a0481b0",
|
|
|
|
"relationship--d7bcc826-1b34-4787-9935-ac06ca23b501",
|
|
|
|
"relationship--278077b0-e9d2-4453-80e0-14ab69eee8bc",
|
|
|
|
"relationship--25828bff-8546-4a1c-a75c-2aa75ddac26f",
|
|
|
|
"relationship--d8ab4b58-5408-49e3-9b92-731fa9a38f0a",
|
|
|
|
"relationship--e4d42529-4ba8-4e03-bb66-0ae696d84ad9",
|
|
|
|
"relationship--fa2aeef4-4db6-4bba-97ab-714da5a088cb",
|
|
|
|
"relationship--28619aa1-fde0-4104-8eab-4c57d587ef26",
|
|
|
|
"relationship--d3ef26ec-b8a5-4c01-af09-dbf211de406d",
|
|
|
|
"relationship--cb8e85f1-9531-4f0e-bc39-0ce63cd8d778",
|
|
|
|
"relationship--a9ef1b4e-b102-4e60-8fc1-06146cb88683",
|
|
|
|
"relationship--1070ff6b-b4b6-4a5f-8337-5a30278f31e7",
|
|
|
|
"relationship--fda7d7f9-45ce-44dd-86db-d76cbc28a650"
|
2023-06-14 17:31:25 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:threat-actor=\"TA505\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef05-7d64-4882-a6da-4ec9e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:49.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef05-a724-4102-b43f-4bade387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:49.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef05-fa94-4b07-88f4-4bb2e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:49.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef05-d594-4069-a104-4ca4e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:49.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef05-f810-4a19-b4e2-4600e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:49.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef05-7ac4-48d6-b5c7-47efe387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:49.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef05-09fc-4f16-ba36-4ee4e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:49.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef06-8da0-4c5b-a82d-40d3e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:49.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef06-9910-47b5-a9f0-43b3e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:50.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef06-8c48-4fc7-a3d3-450ce387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:50.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef06-3930-4074-81ff-4306e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:50.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef06-e588-4634-a9bb-42d7e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:50.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef06-d5dc-4336-b683-403de387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:50.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef06-6d88-4106-b238-412be387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:50.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef06-3158-4a24-8839-41d5e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:50.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef06-fc9c-4ee3-945c-42a3e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:50.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef07-0af4-47d1-92b8-417ce387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:51.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:51.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef07-ae90-478a-a1fe-4107e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:51.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:51.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef07-5ef8-42ee-872b-49b1e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:51.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:51.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef07-dff8-43b1-8e0d-4c3ce387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:51.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:51.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef07-07c8-4e4b-8c1f-433be387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:51.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:51.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef07-26f0-49d5-b067-46e5e387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:51.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:51.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef08-7018-4d8f-b2ee-41eae387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:52.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:52.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddef08-c1b4-432b-abee-4e8de387cbd9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:55:52.000Z",
|
|
|
|
"modified": "2020-06-08T07:55:52.000Z",
|
|
|
|
"description": "# get2 c2: shr-links.com",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:55:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5eddef19-98fc-41ba-8c4a-472a02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:56:09.000Z",
|
|
|
|
"modified": "2020-06-08T07:56:09.000Z",
|
|
|
|
"first_observed": "2020-06-08T07:56:09Z",
|
|
|
|
"last_observed": "2020-06-08T07:56:09Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5eddef19-98fc-41ba-8c4a-472a02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5eddef19-98fc-41ba-8c4a-472a02de0b81",
|
|
|
|
"value": "https://github.com/MalwareLab-pl/ioc/blob/master/ta505.txt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5eddefd8-45c0-44f9-ada9-466802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:59:20.000Z",
|
|
|
|
"modified": "2020-06-08T07:59:20.000Z",
|
|
|
|
"pattern": "[url:value = 'https://shr-links.com/syscap/upt64/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:59:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5eddefec-d324-49f1-9b9d-4af302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:59:40.000Z",
|
|
|
|
"modified": "2020-06-08T07:59:40.000Z",
|
|
|
|
"first_observed": "2020-06-08T07:59:40Z",
|
|
|
|
"last_observed": "2020-06-08T07:59:40Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5eddefec-d324-49f1-9b9d-4af302de0b81",
|
|
|
|
"ipv4-addr--5eddefec-d324-49f1-9b9d-4af302de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5eddefec-d324-49f1-9b9d-4af302de0b81",
|
|
|
|
"dst_ref": "ipv4-addr--5eddefec-d324-49f1-9b9d-4af302de0b81",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5eddefec-d324-49f1-9b9d-4af302de0b81",
|
|
|
|
"value": "92.38.163.14"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--dee9331f-94e5-4b35-a3c8-c7f101c355ea",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:45.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '76d4d9710105e77f11023127c4603202' AND file:hashes.SHA1 = '5c9a006de991acb9c1eaa25ccd690a5969103613' AND file:hashes.SHA256 = '11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--6ce562e6-9c27-4a76-8849-b8eb1aa8f3f8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:45.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-05T15:56:50+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "1fdd6331-ff4d-4297-941f-a64a53237e08"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160/detection/f-11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160-1591372610",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "14cdf452-752e-4903-bd8f-801aba33518f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "23/59",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "2d1e2fc7-3336-44ab-afb0-25d26eaef621"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--1fe2e4e7-fb84-4231-a075-bf404e6d7a17",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:45.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7922dd7e868d11720447d92d055b5f41' AND file:hashes.SHA1 = '588fa2d1a8365c6730d5c38e60c031c22c9c7a6d' AND file:hashes.SHA256 = 'c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--65ff6606-102a-44c9-b8cc-5d8fb120c488",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:45.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-05T15:41:00+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "3f2e29b5-230f-4147-bdb1-9061518a1870"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1/detection/f-c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1-1591371660",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "a95580cc-f81c-47c6-af1f-88aa2cbcb411"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "24/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "1e197331-39b3-4198-bcee-2305ce133286"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--2ea7eb0c-30dc-4563-988e-90411d1b2a9b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:45.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'be1c1c8e84f203611ff89262c516d3eb' AND file:hashes.SHA1 = 'b6ade2071fbf76d3813b203d1169298a2affeecc' AND file:hashes.SHA256 = 'ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0f66e100-c09c-4169-9721-dea1e1b88985",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:46.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:46+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "6833f344-e2a7-4280-b198-47a75d199857"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1/detection/f-ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1-1591519666",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "45239fbd-1a86-43df-93a9-db84c1c5e9d0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "d8cf9e2f-4ca1-4f76-b51d-35fafc15fcfb"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54543b80-50d7-43ec-8397-a10ac8511d08",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:46.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '192850f198984a57f3379aca25071fe5' AND file:hashes.SHA1 = 'a43b96ec81b6f59be3c7ea84116150f22522b6a7' AND file:hashes.SHA256 = 'f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0ce483d5-1756-4a8e-bcd4-a82ee44c7a9e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:46.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:19+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "1bfeae79-4f56-4d89-8527-17dd64c8b903"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815/detection/f-f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815-1591519639",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "df0d70e7-7d26-481b-a6c4-6833698f22b7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "33/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "e7f7ce4a-6e98-41c0-b47f-8a4b3895d3ef"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--6dc37399-d3d3-464f-a2c1-8ee320d37e6a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:46.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '72734bd6dae49c29c75c3d620569b240' AND file:hashes.SHA1 = 'ced97bb4810cd20ee8c34d66eabe9ebe198a4fbd' AND file:hashes.SHA256 = '99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--9e193b62-9c44-4e8b-9c97-9f408bfb6f0c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:47.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:47.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-05T16:18:04+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "40c8948d-6614-4976-aa32-a23371194de8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af/detection/f-99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af-1591373884",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "356d5fdf-d9fe-4686-8a3e-a50c7271b51e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "24/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "3771134e-7d5d-43c3-857c-86c5a66e4cc9"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--862a3bc0-848b-45a2-ac9b-3e3e4e3b912b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:47.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:47.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8ba0e2bfcf76a6e29451ef6246f88027' AND file:hashes.SHA1 = 'ca96f20bdfbb5966735b2b2919d05201d8171eff' AND file:hashes.SHA256 = '3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ab56250c-f14d-4617-b00e-139aa46f76f0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:48.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:48.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:36+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "7f2df9c6-80c7-4ff5-8dda-47a8818733d5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb/detection/f-3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb-1591519656",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "ca836505-845e-43d3-921b-c07749c2c3f7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "b278da30-02c7-4f3b-bc21-62d8e66dc3b2"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--add66139-1066-43d1-9c3e-e3f604aee8ef",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:48.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:48.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8e0362dc80fe13c0516269629917a5c6' AND file:hashes.SHA1 = '877efed5d8335226013748d5c2c4bbb1f54c3f4c' AND file:hashes.SHA256 = 'beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--8531a9ba-484d-4a6b-acfe-908c8345e3ae",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:48.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:48.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:37+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "515a5a31-88b5-45ef-9a05-013d31b4ae1f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65/detection/f-beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65-1591519657",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "91601410-732c-47e2-9341-a36ae721a7ae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "b42b001b-2d9f-4762-b043-11202a366225"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--13abf8d1-76f3-49cb-8f2f-60b0e36b15bb",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:49.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0371319d18d95c62224f9f00f0c5f559' AND file:hashes.SHA1 = '61ad9193b0d4d16c819e0c3a910a31503003911b' AND file:hashes.SHA256 = '729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--44854537-aa4d-4f5e-8787-ddd17e735df1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:49.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T14:33:48+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "99dd132e-72ae-4421-acaf-c0c75faa54f6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1/detection/f-729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1-1591540428",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "9e8e65fa-f34a-40df-a77f-65da0c6be470"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "70b96532-6c53-44fc-8946-92662ccf3088"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--1c14d80d-eef5-4b0f-a9b7-c182f7f5efe7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:49.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:49.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a7befa28b5b2677ed603642e68e71f14' AND file:hashes.SHA1 = 'b0e7d5bddc5be96b5d19f37acd6d8b9c0bba98d4' AND file:hashes.SHA256 = '477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d0c82af9-405c-4ee4-a72f-564fb3a00f0b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:50.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:43+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "9419db48-279d-47fd-975c-557af6be78d6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0/detection/f-477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0-1591519663",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "babbf339-5a98-413c-98d3-b6820d4fb03c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "45281b4e-bd25-42bc-8440-26c6161aece7"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--491b64b2-a655-439b-9349-b7918038440c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:50.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0b7efd2e4625db9aa96790b1b1ff0606' AND file:hashes.SHA1 = '665814a856d2cc5bb8c384abe6c8e3e86bbe457a' AND file:hashes.SHA256 = '4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c22bad23-ed8b-4d83-b725-3519dcee10e9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:50.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:17+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "52ee6462-065b-447b-9108-d74c736d22e4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba/detection/f-4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba-1591519637",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "c7707771-aab7-4227-995d-5ffc4a7c1e26"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "085fe616-54fb-456f-8dca-f4beb4209ed1"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--9805faa4-9533-433c-a902-6ab3d94b0c61",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:50.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e42530cdf26863a64cf3e2a36ce453a0' AND file:hashes.SHA1 = '9ac036fce02324247d814248545698728c6801fa' AND file:hashes.SHA256 = '1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--7492e92b-1b44-4581-992f-1f8aae6a883c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:50.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:50.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:53+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "8f74f52a-bfbd-48d5-a552-7016c382f96e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09/detection/f-1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09-1591519673",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "ab991e99-4970-47bc-ab42-a0bdd5541c39"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "854b42cd-7311-4dff-a3e6-75c82784757d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--17527ddf-7bda-4305-9dc1-9a1d6014333c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:51.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:51.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5ef8996aa04140bdb8b2cc06dcf9295b' AND file:hashes.SHA1 = '7c96dd8b7c2db3d73a49cf2f89d2ac2039d4cc13' AND file:hashes.SHA256 = '74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--b704d83d-20ec-4a74-ade0-6cb55496a9eb",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:51.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:51.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:31+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "a896a8ed-3a1c-45fa-808f-8406c7a21237"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db/detection/f-74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db-1591519651",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "cfaba998-2eec-4a08-9e52-308dca8c1592"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "d0145397-3745-4bda-ba5e-188a10a91ed0"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--845d1e34-80da-4996-a2c2-53ab6156afeb",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:51.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:51.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '70bee4614d6feed54067b2326dac0d8c' AND file:hashes.SHA1 = '6226b2ef35896bbab2024a574efd0bbae60a2f95' AND file:hashes.SHA256 = '8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--121e7969-0ade-4d2b-aa20-065e70cad490",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:52.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:52.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-05T17:25:24+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "ca9043e8-3334-4d51-8b43-01f35223d908"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da/detection/f-8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da-1591377924",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "05daf9e6-e7ec-4f99-aa77-bc91adb2f0d3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "27/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "7d18973d-862f-42ca-b60f-f54a2711274d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--503b0035-f2c9-4c2e-a76c-99abe658009e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:52.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:52.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3db430270c732bd63b2fdbe9f261418c' AND file:hashes.SHA1 = '018f669a416c7e70faf667bc00bdbd28589688c4' AND file:hashes.SHA256 = '68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--82718f7a-fb06-4364-8feb-aff1934fda91",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:52.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:52.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:26+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "0357388c-8398-4468-8afe-0e6b8ad4cef7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c/detection/f-68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c-1591519646",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "87c06057-44be-40a4-ad64-3a02a9f9aaf8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "d1d57e65-5449-489f-b35b-8939cbbfb5a8"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--f28eb254-2198-44f2-a79b-472d19d978d8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:52.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:52.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2a00e6a23e50628c3a14bf899cd90fb3' AND file:hashes.SHA1 = '915e6c4ec3a8ba5c5840818c4dfd7264d223af0d' AND file:hashes.SHA256 = 'fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--3a4c2108-0a5f-4836-9f0d-bb44c228d818",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:52.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:52.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-05T15:22:51+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "b0e049e0-3fe2-48da-bbde-76fe8a49f113"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348/detection/f-fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348-1591370571",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "1055b4f0-8f6e-4db8-a050-4806b3610663"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "24/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "5d042d8b-6f50-4e39-9f4d-aab333ac0c02"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0b36973b-ccff-4649-ad19-058d5fd6c82d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:53.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:53.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '03d2595f08bf26294c85ef4a323cce6b' AND file:hashes.SHA1 = '58564d5b674408cd945101fc51016f34f5cdcf0b' AND file:hashes.SHA256 = 'ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--dbff2910-5abc-4777-a810-a30526aa06d1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:53.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:53.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:16+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "33a45a30-5d2f-48c1-9aa8-7cbe12c7e561"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9/detection/f-ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9-1591519636",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "6252048c-cb84-4c47-bb5e-e17e3af8ebc9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "1091ec45-7e5b-4e6c-8352-a27e97d7ed41"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--f25ad18e-4427-4664-b4f4-7420739f3b01",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:53.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:53.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '23d54d1cbcf95f8ced8e0bfc30d297f4' AND file:hashes.SHA1 = '29e23e8490b68c749c302650e9779e54d976ea15' AND file:hashes.SHA256 = '976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a1a0d38e-fbd0-4fbd-9d72-8acb71be2318",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:53.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:53.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-05T13:04:11+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "92458287-b089-4e52-b42e-5115cbfabb46"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec/detection/f-976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec-1591362251",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "c6f39e52-05c1-412d-9f5d-23b6843329c0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "8/60",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "ad786d93-1948-4923-9370-2958f4846a13"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ff74d4fc-812b-4a6b-b37d-a1970f81236a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:53.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:53.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '095b95375b6710664b72eef48d7e3af1' AND file:hashes.SHA1 = '8c0479901702cbab4e90e3c974277a38621e9fe9' AND file:hashes.SHA256 = 'b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c4497b36-95d2-4c4c-aea5-8f5e21f9b9a9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:54.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:54.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:17+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "a535713e-a2d3-4441-be11-fef1b74c90c5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621/detection/f-b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621-1591519637",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "e8849eaa-290c-492d-a2a0-1ed7709b47b8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "56708db8-6296-4092-9485-636bceab85db"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c6d098d-9a42-456a-8a8c-3d26c85f6153",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:54.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:54.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '176b9dcdae46842e45ec7d6498c1e632' AND file:hashes.SHA1 = '857a5b9974c0f14e9e6545fca74ce5752d81b8c5' AND file:hashes.SHA256 = 'd83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--43c17ad3-51df-44b1-9716-ebeed4fdca80",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:54.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:54.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:18+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "47458e2b-088c-480b-8f7b-63f9839ccc29"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a/detection/f-d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a-1591519638",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "4b70e53f-ab09-40c9-93b2-115bc3ba2fd1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "fcf5c120-3a86-4919-90a4-48a0c7dedaa7"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7926acdf-7590-476e-8b14-8ecd14feb445",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:54.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:54.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8e4c6545134b1f950f4994c3117e938a' AND file:hashes.SHA1 = '7d283592694c9cfdb8f4bdde6bfccda74cf576bf' AND file:hashes.SHA256 = '3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0ec19e42-4e5a-4ca6-886d-dbb5ba8cc309",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:54.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:54.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:37+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "598fe168-f012-4539-957d-5cae40b382d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27/detection/f-3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27-1591519657",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "95c84958-d569-4e5d-8eb1-4582e919891c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "46335177-5271-4c06-8aa2-2cca56220291"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--24536190-0343-4ec2-9728-1ff56f1a2c9d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:55.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:55.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5f827d1c77e743a1afc97a5116f6dc8d' AND file:hashes.SHA1 = '472ab52d68e82d8a26ebf2692dd8939b29297097' AND file:hashes.SHA256 = 'da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--1c780620-104e-4a42-ac75-837f0b290646",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:55.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:55.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:31+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "c8cf2c1b-489d-459a-939f-826574315b65"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0/detection/f-da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0-1591519651",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "0a09c9b9-7608-4d51-b6dd-5387eb5be2ad"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "afe1d847-4704-48b7-83d5-672fe4fe8a7d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--13e37bd1-ffe5-47a1-aa0b-132a24d9f2a2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:55.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:55.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '27d945c488031ba6b3fde4969ee497b7' AND file:hashes.SHA1 = 'e44ec2d2ecc92399644f8b2121b5ad0d477be989' AND file:hashes.SHA256 = '57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--41242f7f-0530-439c-9a3b-619ebf227d4b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:55.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:55.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:22+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "08c8d0c5-a165-426e-9d47-115f7ecb509c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c/detection/f-57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c-1591519642",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "516ba4c2-9c7a-425d-b1ed-b5c1e93609f3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "0fb1ef36-db6b-4d1c-a020-72253c2aef7c"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--4da1b519-23b0-402a-8b34-d437762fad79",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:56.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b8e872c70a524be967a7433da70cb290' AND file:hashes.SHA1 = '6fa99b401074456c2c2780031f0f468645049b0e' AND file:hashes.SHA256 = 'fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--13c32f52-9300-41ee-a3a5-737aadb8b84c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:56.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:56.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:46+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "70c5c217-da64-4d8b-ad32-ea765fff96e9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106/detection/f-fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106-1591519666",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "24c19c1f-0394-4edf-bc80-4f6b742913fd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "f2408b91-7234-424a-a2db-41446bc8b8bc"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--98449839-4254-41f0-ba02-1a917d2d76d0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:56.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e249d3d1c0832edf6420f57d74a22a6a' AND file:hashes.SHA1 = '46526876907d34bc399578045e1fbce8d4e90cc3' AND file:hashes.SHA256 = '7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-06-08T07:57:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f872ca96-df69-4655-8c09-8dd8cc8e0af8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-06-08T07:57:58.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:58.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-06-07T08:47:53+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "c24c82a6-0d66-4ac2-b0d5-fc0e8ad59b40"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6/detection/f-7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6-1591519673",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "858539ae-143a-4f38-aba6-735c7e6ce953"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"uuid": "5870e31f-b2b0-49ac-913e-c1ad3bf4e5c2"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--3035ca6e-aae5-48f2-8333-372a899abc51",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:57:58.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:58.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--dee9331f-94e5-4b35-a3c8-c7f101c355ea",
|
|
|
|
"target_ref": "x-misp-object--6ce562e6-9c27-4a76-8849-b8eb1aa8f3f8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--7eb8732c-4fc1-4ba6-ae6b-47b7ad28a484",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:57:58.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:58.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--1fe2e4e7-fb84-4231-a075-bf404e6d7a17",
|
|
|
|
"target_ref": "x-misp-object--65ff6606-102a-44c9-b8cc-5d8fb120c488"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--d9def7aa-f950-4c89-9bd3-79d8015b027d",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:57:58.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:58.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--2ea7eb0c-30dc-4563-988e-90411d1b2a9b",
|
|
|
|
"target_ref": "x-misp-object--0f66e100-c09c-4169-9721-dea1e1b88985"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--ed53e3df-f0c9-417c-b6f2-4a63cbea4a68",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:57:58.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:58.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--54543b80-50d7-43ec-8397-a10ac8511d08",
|
|
|
|
"target_ref": "x-misp-object--0ce483d5-1756-4a8e-bcd4-a82ee44c7a9e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--9296bd1e-a82a-4ee3-aa37-1dba0331c38e",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:57:58.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:58.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--6dc37399-d3d3-464f-a2c1-8ee320d37e6a",
|
|
|
|
"target_ref": "x-misp-object--9e193b62-9c44-4e8b-9c97-9f408bfb6f0c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--2bf29498-3b02-414a-a4e5-f9aff11c9542",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:57:58.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:58.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--862a3bc0-848b-45a2-ac9b-3e3e4e3b912b",
|
|
|
|
"target_ref": "x-misp-object--ab56250c-f14d-4617-b00e-139aa46f76f0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--21834f27-e5e2-4540-9739-35c681dc20dc",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:57:59.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:59.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--add66139-1066-43d1-9c3e-e3f604aee8ef",
|
|
|
|
"target_ref": "x-misp-object--8531a9ba-484d-4a6b-acfe-908c8345e3ae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--0437dc16-18ee-42ea-9150-3be189400998",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:57:59.000Z",
|
|
|
|
"modified": "2020-06-08T07:57:59.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--13abf8d1-76f3-49cb-8f2f-60b0e36b15bb",
|
|
|
|
"target_ref": "x-misp-object--44854537-aa4d-4f5e-8787-ddd17e735df1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--25cad9e5-2a07-4751-b40a-a1d58547e6ac",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--1c14d80d-eef5-4b0f-a9b7-c182f7f5efe7",
|
|
|
|
"target_ref": "x-misp-object--d0c82af9-405c-4ee4-a72f-564fb3a00f0b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--e703743c-b360-4329-9743-3d71319655e1",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--491b64b2-a655-439b-9349-b7918038440c",
|
|
|
|
"target_ref": "x-misp-object--c22bad23-ed8b-4d83-b725-3519dcee10e9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--3f7bf94c-20c5-4ef2-ae7e-4a2ad719b01b",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--9805faa4-9533-433c-a902-6ab3d94b0c61",
|
|
|
|
"target_ref": "x-misp-object--7492e92b-1b44-4581-992f-1f8aae6a883c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--406534a0-6d6b-4880-bc04-804e1a0481b0",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--17527ddf-7bda-4305-9dc1-9a1d6014333c",
|
|
|
|
"target_ref": "x-misp-object--b704d83d-20ec-4a74-ade0-6cb55496a9eb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--d7bcc826-1b34-4787-9935-ac06ca23b501",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--845d1e34-80da-4996-a2c2-53ab6156afeb",
|
|
|
|
"target_ref": "x-misp-object--121e7969-0ade-4d2b-aa20-065e70cad490"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--278077b0-e9d2-4453-80e0-14ab69eee8bc",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--503b0035-f2c9-4c2e-a76c-99abe658009e",
|
|
|
|
"target_ref": "x-misp-object--82718f7a-fb06-4364-8feb-aff1934fda91"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--25828bff-8546-4a1c-a75c-2aa75ddac26f",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--f28eb254-2198-44f2-a79b-472d19d978d8",
|
|
|
|
"target_ref": "x-misp-object--3a4c2108-0a5f-4836-9f0d-bb44c228d818"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--d8ab4b58-5408-49e3-9b92-731fa9a38f0a",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--0b36973b-ccff-4649-ad19-058d5fd6c82d",
|
|
|
|
"target_ref": "x-misp-object--dbff2910-5abc-4777-a810-a30526aa06d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--e4d42529-4ba8-4e03-bb66-0ae696d84ad9",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--f25ad18e-4427-4664-b4f4-7420739f3b01",
|
|
|
|
"target_ref": "x-misp-object--a1a0d38e-fbd0-4fbd-9d72-8acb71be2318"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--fa2aeef4-4db6-4bba-97ab-714da5a088cb",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--ff74d4fc-812b-4a6b-b37d-a1970f81236a",
|
|
|
|
"target_ref": "x-misp-object--c4497b36-95d2-4c4c-aea5-8f5e21f9b9a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--28619aa1-fde0-4104-8eab-4c57d587ef26",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--5c6d098d-9a42-456a-8a8c-3d26c85f6153",
|
|
|
|
"target_ref": "x-misp-object--43c17ad3-51df-44b1-9716-ebeed4fdca80"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--d3ef26ec-b8a5-4c01-af09-dbf211de406d",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--7926acdf-7590-476e-8b14-8ecd14feb445",
|
|
|
|
"target_ref": "x-misp-object--0ec19e42-4e5a-4ca6-886d-dbb5ba8cc309"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--cb8e85f1-9531-4f0e-bc39-0ce63cd8d778",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:00.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--24536190-0343-4ec2-9728-1ff56f1a2c9d",
|
|
|
|
"target_ref": "x-misp-object--1c780620-104e-4a42-ac75-837f0b290646"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--a9ef1b4e-b102-4e60-8fc1-06146cb88683",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:01.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:01.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--13e37bd1-ffe5-47a1-aa0b-132a24d9f2a2",
|
|
|
|
"target_ref": "x-misp-object--41242f7f-0530-439c-9a3b-619ebf227d4b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--1070ff6b-b4b6-4a5f-8337-5a30278f31e7",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:01.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:01.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--4da1b519-23b0-402a-8b34-d437762fad79",
|
|
|
|
"target_ref": "x-misp-object--13c32f52-9300-41ee-a3a5-737aadb8b84c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--fda7d7f9-45ce-44dd-86db-d76cbc28a650",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-06-08T07:58:01.000Z",
|
|
|
|
"modified": "2020-06-08T07:58:01.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--98449839-4254-41f0-ba02-1a917d2d76d0",
|
|
|
|
"target_ref": "x-misp-object--f872ca96-df69-4655-8c09-8dd8cc8e0af8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|