2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5c7e29f1-3930-4e14-8f67-4b6f950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-08T07:03:23.000Z",
|
|
|
|
"modified": "2019-03-08T07:03:23.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "grouping",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "grouping--5c7e29f1-3930-4e14-8f67-4b6f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-08T07:03:23.000Z",
|
|
|
|
"modified": "2019-03-08T07:03:23.000Z",
|
|
|
|
"name": "OSINT - Operation Kabar Cobra",
|
|
|
|
"context": "suspicious-activity",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5c7e2abc-d3f8-4127-909f-4f0e950d210f",
|
|
|
|
"url--5c7e2abc-d3f8-4127-909f-4f0e950d210f",
|
|
|
|
"observed-data--5c7e2abc-5794-4d64-9b15-4f0e950d210f",
|
|
|
|
"url--5c7e2abc-5794-4d64-9b15-4f0e950d210f",
|
|
|
|
"indicator--5c7e7813-74e8-49d6-9c2c-45bd950d210f",
|
|
|
|
"indicator--5c7e7813-0ca4-4610-b1ef-42f8950d210f",
|
|
|
|
"indicator--5c7e7813-b568-49f9-9595-4241950d210f",
|
|
|
|
"indicator--5c7e7813-ff70-49ee-9597-44fb950d210f",
|
|
|
|
"indicator--5c7e7813-9b1c-42d8-ac77-4075950d210f",
|
|
|
|
"indicator--5c7e7813-b42c-453c-b45f-434b950d210f",
|
|
|
|
"indicator--5c7e7813-a3b0-44e3-88a8-4f9d950d210f",
|
|
|
|
"indicator--5c7e7813-7418-4a22-9a6a-4bac950d210f",
|
|
|
|
"indicator--5c7e7813-11dc-4e5a-ae98-4514950d210f",
|
|
|
|
"indicator--5c7e7813-f9fc-49e4-8fea-467f950d210f",
|
|
|
|
"indicator--5c7e7813-d40c-4bd1-9544-44cb950d210f",
|
|
|
|
"indicator--5c7e7813-6f38-401a-8c56-4404950d210f",
|
|
|
|
"indicator--5c7e7813-cf04-49f6-bc73-4eed950d210f",
|
|
|
|
"indicator--5c7e7813-1c10-402d-89eb-42c3950d210f",
|
|
|
|
"indicator--5c7e7813-2758-431d-8c04-4446950d210f",
|
|
|
|
"indicator--5c7e7813-4c08-4857-8d6c-47ee950d210f",
|
|
|
|
"indicator--5c7e7813-f028-4adb-8442-4631950d210f",
|
|
|
|
"indicator--5c7e7813-b838-46b5-b0ca-4c91950d210f",
|
|
|
|
"indicator--5c7e7813-b71c-46ce-9a40-41fa950d210f",
|
|
|
|
"indicator--5c7e7813-568c-4419-9b72-45cf950d210f",
|
|
|
|
"indicator--5c7e7813-3864-4e46-b858-4895950d210f",
|
|
|
|
"indicator--5c7e7813-db10-40b6-ac51-455b950d210f",
|
|
|
|
"indicator--5c7e7813-eca0-435a-ae2c-4453950d210f",
|
|
|
|
"indicator--5c7e7813-2e50-44c6-a6ef-4679950d210f",
|
|
|
|
"indicator--5c7e7813-1028-47e2-a423-42ee950d210f",
|
|
|
|
"indicator--5c7e7813-a188-4133-8b14-40ec950d210f",
|
|
|
|
"indicator--5c7e7813-74ac-4e42-b2c7-498c950d210f",
|
|
|
|
"indicator--5c7e7814-c1d4-45f9-8011-46e3950d210f",
|
|
|
|
"indicator--5c7e7814-ba78-477f-83f5-449f950d210f",
|
|
|
|
"indicator--5c7e7814-8ec8-43de-b4f7-47f3950d210f",
|
|
|
|
"indicator--5c7e7814-e0e0-42b8-bdbd-4b19950d210f",
|
|
|
|
"indicator--5c7e7814-6a70-43ef-81a1-4164950d210f",
|
|
|
|
"indicator--5c7e7814-c520-4de0-bf41-436e950d210f",
|
|
|
|
"indicator--5c7e7814-df5c-4420-a125-4df3950d210f",
|
|
|
|
"indicator--5c7e7814-f2f4-4575-8eb7-402e950d210f",
|
|
|
|
"indicator--5c7e7814-1bfc-45b2-a0ac-4870950d210f",
|
|
|
|
"indicator--5c7e7814-1d9c-461a-a836-43b9950d210f",
|
|
|
|
"indicator--5c7e7814-cadc-4705-9650-4c70950d210f",
|
|
|
|
"indicator--5c7e7814-ad7c-4f8f-bb85-4588950d210f",
|
|
|
|
"indicator--5c7e7814-370c-4e7e-90ca-4635950d210f",
|
|
|
|
"indicator--5c7e7814-115c-418c-9c0c-44bd950d210f",
|
|
|
|
"indicator--5c7e7814-1384-4199-a9ba-43c3950d210f",
|
|
|
|
"indicator--5c7e7814-3168-44c2-92a0-49ec950d210f",
|
|
|
|
"indicator--5c7e7814-9d6c-4882-979d-49a6950d210f",
|
|
|
|
"indicator--5c7e2b22-7908-4172-a737-49ad950d210f",
|
|
|
|
"indicator--5c7e2b7b-c49c-4a49-90ee-4927950d210f",
|
|
|
|
"indicator--5c7e2ba9-6c4c-4a31-8d9c-4d1a950d210f",
|
|
|
|
"indicator--5c7e2bce-4910-48fe-aa4e-4927950d210f",
|
|
|
|
"indicator--5c7e2c07-eba0-430f-b440-4931950d210f",
|
|
|
|
"indicator--5c7e2e42-91e8-49ac-a360-c3e6950d210f",
|
|
|
|
"indicator--5c7e2e6e-d32c-4334-b8b7-4f0e950d210f",
|
|
|
|
"indicator--5c7e2e81-8b38-4f9a-ad23-4b59950d210f",
|
|
|
|
"indicator--5c7e46be-947c-48d5-877b-f41b950d210f",
|
|
|
|
"indicator--5c7e4700-9af0-44e7-a36c-f148950d210f",
|
|
|
|
"indicator--5c7e4ad1-d824-4532-95f7-4e6b950d210f",
|
|
|
|
"indicator--5c7e514e-efa8-491c-9c0a-43e3950d210f",
|
|
|
|
"indicator--5c7e542e-485c-45ff-bcd6-f277950d210f",
|
|
|
|
"indicator--5c7e5469-59fc-4c21-a5ce-4c36950d210f",
|
|
|
|
"indicator--5c7e5477-a6dc-4af2-ad88-48b6950d210f",
|
|
|
|
"indicator--5c7e5488-bb10-475f-9f11-40f0950d210f",
|
|
|
|
"indicator--5c7e5498-80f0-4e8f-949e-43ab950d210f",
|
|
|
|
"indicator--5c7e54ad-da34-42f0-b08f-466d950d210f",
|
|
|
|
"indicator--5c7e54c3-8e14-4e41-a2dd-4c10950d210f",
|
|
|
|
"indicator--5c7e54e0-1720-481b-929d-454d950d210f",
|
|
|
|
"indicator--5c7e55b4-f100-4e76-bc1d-f26c950d210f",
|
|
|
|
"indicator--5c7e55c5-54dc-4108-9d87-48be950d210f",
|
|
|
|
"indicator--5c7e55da-5c2c-463a-b42c-f26c950d210f",
|
|
|
|
"indicator--5c7e55f0-2de8-4f66-a93c-430b950d210f",
|
|
|
|
"indicator--5c7e5605-4ad0-42ee-a555-4eb0950d210f",
|
|
|
|
"indicator--5c7e5613-1488-48e3-8453-f2c7950d210f",
|
|
|
|
"indicator--5c7e5621-2a28-4889-a03a-4928950d210f",
|
|
|
|
"indicator--5c7e5633-89d8-49e7-bc35-c3ea950d210f",
|
|
|
|
"indicator--5c7e565f-2878-40b3-8d84-492d950d210f",
|
|
|
|
"indicator--5c7e566f-eff0-424d-a55a-409b950d210f",
|
|
|
|
"indicator--5c7e567e-4720-4fbf-b524-4324950d210f",
|
|
|
|
"indicator--5c7e56a0-c8cc-4d14-88b4-4ddc950d210f",
|
|
|
|
"indicator--5c7e56c3-80c0-4f6a-9601-4caf950d210f",
|
|
|
|
"indicator--5c7e56d5-01b8-4a68-8c44-43ab950d210f",
|
|
|
|
"indicator--5c7e56eb-5344-47b1-aa41-f277950d210f",
|
|
|
|
"indicator--5c7e56fd-99d4-4830-914d-4f38950d210f",
|
|
|
|
"indicator--5c7e579b-edc0-47c2-88e4-424d950d210f",
|
|
|
|
"indicator--5c7e582c-76a8-4a87-936b-46c9950d210f",
|
|
|
|
"indicator--5c7e585e-b924-48a5-a659-490d950d210f",
|
|
|
|
"indicator--5c7e5887-b2b4-4e72-988f-4c83950d210f",
|
|
|
|
"indicator--5c7e63c1-19e8-4619-a253-4730950d210f",
|
|
|
|
"indicator--5c7e6479-92b0-468e-a85c-47aa950d210f",
|
|
|
|
"indicator--5c7e6497-2f04-471f-b48e-401b950d210f",
|
|
|
|
"indicator--5c7e64c2-bc88-401b-bfc6-4504950d210f",
|
|
|
|
"vulnerability--5c7e64dd-0470-4556-9dfa-41fc950d210f",
|
|
|
|
"indicator--5c7e6523-60a0-4a28-adeb-47c4950d210f",
|
|
|
|
"indicator--5c7e653a-edc4-4389-850b-4a91950d210f",
|
|
|
|
"indicator--5c7e6556-1f7c-440e-ad46-43c2950d210f",
|
|
|
|
"indicator--689ecef6-f10d-439a-a27a-95d1d4c95f99",
|
|
|
|
"x-misp-object--63188ca3-d4a3-439d-9b01-b9ec4a029584",
|
|
|
|
"indicator--8f9b8272-3ef4-4ed8-ac44-98a8bd9f8ac9",
|
|
|
|
"x-misp-object--f1e4e0de-7aa4-4d61-bc50-d9850e25c9fd",
|
|
|
|
"indicator--92b9f0a3-acd0-4e49-a789-d100f0e9a3f4",
|
|
|
|
"x-misp-object--cdd4af57-0253-4178-9b16-26b9169ebaaf",
|
|
|
|
"indicator--77fb245c-d880-4b58-a4a1-3c79e3429fd5",
|
|
|
|
"x-misp-object--c5c06cde-e106-4432-a2d5-4d1f4c2d6af3",
|
|
|
|
"indicator--00c34c0b-95aa-4d40-b8f6-462c2a9f4c73",
|
|
|
|
"x-misp-object--2790778c-6796-474b-a65f-c47b1f092552",
|
|
|
|
"indicator--c4234048-c767-46e0-b00b-23d614a98173",
|
|
|
|
"x-misp-object--ef19ab7e-b5d8-412e-92bc-9122218f90e4",
|
|
|
|
"indicator--7dbe5bfc-d541-4179-a365-3f274ec85c97",
|
|
|
|
"x-misp-object--a13db91c-a587-4810-ae35-81ad538a42aa",
|
|
|
|
"indicator--198efd3b-e179-4498-bab8-22187889eeb5",
|
|
|
|
"x-misp-object--1a13e62a-1e04-4b73-af40-e077849ad7fa",
|
|
|
|
"indicator--056a71eb-527f-47c6-bb7c-3e38f615ea86",
|
|
|
|
"x-misp-object--dbef32c7-cd7d-4324-a1ac-22c6838b047e",
|
|
|
|
"indicator--94710f77-734e-4779-a517-39e9ff83c5c3",
|
|
|
|
"x-misp-object--43d64fc5-70dc-4429-8be4-f4d6401bac8f",
|
|
|
|
"indicator--d21b3bc0-51d3-4d83-ab29-eab87f9d72f6",
|
|
|
|
"x-misp-object--7bf89ab8-38dc-4396-9ed7-ab7767e19d08",
|
|
|
|
"indicator--52839704-cde1-423b-b83b-85f3be6c94ff",
|
|
|
|
"x-misp-object--4676a5ec-697d-41af-88f8-1edd0b391a93",
|
|
|
|
"indicator--8aa148ae-97d2-47ff-83d9-7fb3a2d8a4bd",
|
|
|
|
"x-misp-object--87dd8a5a-c52f-416e-885c-020efd23e62e",
|
|
|
|
"indicator--171c1ddf-7a54-489d-9684-92c88617c956",
|
|
|
|
"x-misp-object--5f3792ac-f82d-4592-88c3-ee892c828c41",
|
|
|
|
"indicator--1a5e57b9-36fe-421d-a886-16026857b58f",
|
|
|
|
"x-misp-object--04c722ce-cdee-4769-b6a8-b6f26eb83949",
|
|
|
|
"indicator--b3177b4e-555f-4f20-9a65-a08e1d02f9fd",
|
|
|
|
"x-misp-object--af4721d1-291a-46d2-8eb9-50fc1f8da0cb",
|
|
|
|
"indicator--173a3d42-d718-41eb-ac2a-43d4e432bb46",
|
|
|
|
"x-misp-object--cc17229b-13c4-40e8-887f-1d7cf5abd020",
|
|
|
|
"indicator--ac2931c8-7efd-400e-a3da-9699601420cd",
|
|
|
|
"x-misp-object--526e45f9-c018-4f26-b8ac-42a435da08c9",
|
|
|
|
"indicator--3a427677-7b23-40b7-9d8f-190c766ef8fe",
|
|
|
|
"x-misp-object--e12c9d7a-8312-437d-8b1a-c15e09ef37d6",
|
|
|
|
"indicator--de5147bc-03f2-4d1a-a9c6-80bf8d449e96",
|
|
|
|
"x-misp-object--ecb9a5f0-73c7-4556-a7e3-9e2f4ca35fb5",
|
|
|
|
"indicator--163ddda1-900e-4bff-950b-0d5d1c2029c5",
|
|
|
|
"x-misp-object--05fae74d-fd81-4262-9d67-eed24b685f5d",
|
|
|
|
"indicator--52150aff-7237-412a-a493-1be95ce36e7f",
|
|
|
|
"x-misp-object--2c88a906-411b-4819-a1c3-16907c03e3f9",
|
2023-05-19 09:05:37 +00:00
|
|
|
"relationship--e2c0e432-070e-49d2-90fb-de3acfb2170c",
|
|
|
|
"relationship--40472729-0521-4b27-93f8-b4472423bc45",
|
|
|
|
"relationship--20a8248a-4eed-46d2-aaf8-d28660c1b300",
|
|
|
|
"relationship--ec6465af-a8c3-4d23-bf29-ad97ee0fa822",
|
|
|
|
"relationship--df6737b3-2989-49d9-90a7-6757ad6b58a9",
|
|
|
|
"relationship--ac0a7513-cb22-4e87-8cc6-0551d479bdba",
|
|
|
|
"relationship--52e3b650-e2ee-46ba-a0a8-7d04db0e2bff",
|
|
|
|
"relationship--d43903ca-6745-462e-a30c-bcb764892f41",
|
|
|
|
"relationship--4cce3746-e84f-47c6-a7ee-600d1e99381f",
|
|
|
|
"relationship--5a0b9a0a-521b-4dbf-89a1-0b05cc57ab17",
|
|
|
|
"relationship--b94b7d4c-4c78-4453-8be7-9c0b3ed2cfd4",
|
|
|
|
"relationship--3d38542c-8fb3-495c-b8a5-e6081f2039f7",
|
|
|
|
"relationship--c5b22dc9-340e-413c-b8ea-81cab5bb9b92",
|
|
|
|
"relationship--78a8c78d-a60b-4080-9ef4-81a200a63b95",
|
|
|
|
"relationship--e719f862-9e4f-4f11-931e-9dbe09e30b7b",
|
|
|
|
"relationship--6604c767-0e80-4bd5-99fa-d4be79fbb03e",
|
|
|
|
"relationship--3e6481cb-b540-4668-8c09-1612dc73693f",
|
|
|
|
"relationship--81328212-9e74-4e24-afb0-e791b6cbd39e",
|
|
|
|
"relationship--e7a1ab13-2131-4a69-8382-5568e2b987d9",
|
|
|
|
"relationship--0e17038d-4637-4069-9359-cf8dbfaa1f40",
|
|
|
|
"relationship--6079c9b3-b02d-461b-8973-b6adeb0bdf32",
|
|
|
|
"relationship--404503c7-2906-45a6-a46e-566a49ce0928",
|
|
|
|
"relationship--39489cbc-7082-495c-899a-d8301946ce39"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
"workflow:todo=\"add-context\"",
|
|
|
|
"workflow:todo=\"add-missing-misp-galaxy-cluster-values\"",
|
|
|
|
"workflow:todo=\"create-missing-misp-galaxy\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5c7e2abc-d3f8-4127-909f-4f0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T07:52:28.000Z",
|
|
|
|
"modified": "2019-03-05T07:52:28.000Z",
|
|
|
|
"first_observed": "2019-03-05T07:52:28Z",
|
|
|
|
"last_observed": "2019-03-05T07:52:28Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5c7e2abc-d3f8-4127-909f-4f0e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5c7e2abc-d3f8-4127-909f-4f0e950d210f",
|
|
|
|
"value": "https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?menu_dist=2&curPage=1&seq=28102"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5c7e2abc-5794-4d64-9b15-4f0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T07:52:28.000Z",
|
|
|
|
"modified": "2019-03-05T07:52:28.000Z",
|
|
|
|
"first_observed": "2019-03-05T07:52:28Z",
|
|
|
|
"last_observed": "2019-03-05T07:52:28Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5c7e2abc-5794-4d64-9b15-4f0e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5c7e2abc-5794-4d64-9b15-4f0e950d210f",
|
|
|
|
"value": "http://download.ahnlab.com/kr/site/library/%5bAnalysis_Report%5dOperation_Kabar_Cobra.pdf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-74e8-49d6-9c2c-45bd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.224.138.29']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-0ca4-4610-b1ef-42f8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'navem-rnail.hol.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-b568-49f9-9595-4241950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'navem-rnail.hol.es/est/down/msofficeupdate64']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-ff70-49ee-9597-44fb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'myaccounnts-goggle.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-9b1c-42d8-ac77-4075950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'bmail-or-kr.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-b42c-453c-b45f-434b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'aiyac-updaite.hol.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-a3b0-44e3-88a8-4f9d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rnyacount-jpadmin.hol.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-7418-4a22-9a6a-4bac950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'aiyac-updaite.hol.es/est/down/alyacmonitor64']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-11dc-4e5a-ae98-4514950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'aiyac-updaite.hol.es/est/down/msofficeupdate64']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-f9fc-49e4-8fea-467f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'rnyacount-jpadmin.hol.es/est/down/msofficeupdate64']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-d40c-4bd1-9544-44cb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'rnyacount-jpadmin.hol.es/est/down/fw.a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-6f38-401a-8c56-4404950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'ms-performance.hol.es/mysite/down/msperformancecheck.b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-cf04-49f6-bc73-4eed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ms-performance.hol.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-1c10-402d-89eb-42c3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'ms-performance.hol.es/mysite/down/msperformancecheck64']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-2758-431d-8c04-4446950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'suppcrt-seourity.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-4c08-4857-8d6c-47ee950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ahnniab.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-f028-4adb-8442-4631950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'ahnniab.esy.es/w/down/alyacmonitor.a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-b838-46b5-b0ca-4c91950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'ahnniab.esy.es/w/down/tvEngine.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-b71c-46ce-9a40-41fa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'daum-safety-team.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-568c-4419-9b72-45cf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'myacccounts-goggle.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-3864-4e46-b858-4895950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'myacccount-goggle.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-db10-40b6-ac51-455b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'nav-mail.hol.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-eca0-435a-ae2c-4453950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mail-support.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-2e50-44c6-a6ef-4679950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'my-homework.890m.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-1028-47e2-a423-42ee950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'my-homework.890m.com/gnu/download/tvEngine.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-a188-4133-8b14-40ec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[url:value = 'my-homework.890m.com/gnu/download/list.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7813-74ac-4e42-b2c7-498c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:27.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'nid-mail.hol.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-c1d4-45f9-8011-46e3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[url:value = 'nid-mail.esy.es/gnu//download/tmp.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-ba78-477f-83f5-449f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[url:value = 'nid-mail.esy.es/gnu//download/notepad64.exe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-8ec8-43de-b4f7-47f3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[url:value = 'nid-mail.esy.es/bbs/data/tmp/x64/wall.cab']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-e0e0-42b8-bdbd-4b19950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'nid-mail.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-6a70-43ef-81a1-4164950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[url:value = 'nid-mail.esy.es/bbs/data/tmp/logger/private32']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-c520-4de0-bf41-436e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[url:value = 'nid-mail.esy.es/bbs/data/tmp/logger/private64']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-df5c-4420-a125-4df3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[url:value = 'nid-mail.esy.es/bbs/data/tmp/logger/secu32_init']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-f2f4-4575-8eb7-402e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[url:value = 'nid-mail.esy.es/bbs/data/tmp/logger/secu64_init']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-1bfc-45b2-a0ac-4870950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'nid-mail.pe.hu']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-1d9c-461a-a836-43b9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'newsea36-chol.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-cadc-4705-9650-4c70950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'acount-qooqle.pe.hu']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-ad7c-4f8f-bb85-4588950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'myprofileacc.pe.hu']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-370c-4e7e-90ca-4635950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'customer-center.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-115c-418c-9c0c-44bd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'need-nver.hol.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-1384-4199-a9ba-43c3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'daum-settting.hol.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-3168-44c2-92a0-49ec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'nid-never.pe.hu']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e7814-9d6c-4882-979d-49a6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T13:22:28.000Z",
|
|
|
|
"modified": "2019-03-05T13:22:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'nid-naver.hol.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T13:22:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e2b22-7908-4172-a737-49ad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T07:54:10.000Z",
|
|
|
|
"modified": "2019-03-05T07:54:10.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0eb739c8faf77dae0546ff447ad06038' AND file:name = '2019 \uc0ac\uc5c5\uacc4\ud68d\uc11c.hwp{\uacf5\ubc31}.exe' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T07:54:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e2b7b-c49c-4a49-90ee-4927950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T07:55:39.000Z",
|
|
|
|
"modified": "2019-03-05T07:55:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9c3396aa94083916227201bf1396a2ca' AND file:name = '\ubbf8\ub514\uc5b4\uad8c\ub825\uc774\ub3d9\u2465-\ub137\ud50c\ub809\uc2a4, \uc720\ud29c\ube0c.hwp{\uacf5\ubc31}.exe' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T07:55:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e2ba9-6c4c-4a31-8d9c-4d1a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T07:56:25.000Z",
|
|
|
|
"modified": "2019-03-05T07:56:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '20301fdd013c836039b8cfe0d100a1d7' AND file:name = '\uc911\uad6d-\uc5f0\uad6c\uc790\ub8cc.hwp{\uacf5\ubc31}.scr' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T07:56:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e2bce-4910-48fe-aa4e-4927950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T07:57:02.000Z",
|
|
|
|
"modified": "2019-03-05T07:57:02.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'dc1196876d9a59ab477ebc62d07a255e' AND file:name = 'AR.xls{\uacf5\ubc31}.exe' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T07:57:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e2c07-eba0-430f-b440-4931950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T07:57:59.000Z",
|
|
|
|
"modified": "2019-03-05T07:57:59.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'cd705902ea42d0de2a8456b055c3bb87' AND file:name = '{\ubbf8\uc0c1}.exe' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T07:57:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e2e42-91e8-49ac-a360-c3e6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T08:07:30.000Z",
|
|
|
|
"modified": "2019-03-05T08:07:30.000Z",
|
|
|
|
"pattern": "[file:name = 'Freedom.dll' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T08:07:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e2e6e-d32c-4334-b8b7-4f0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T08:08:14.000Z",
|
|
|
|
"modified": "2019-03-05T08:08:14.000Z",
|
|
|
|
"pattern": "[file:name = 'AhnLabMon.dll' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T08:08:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e2e81-8b38-4f9a-ad23-4b59950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T08:08:33.000Z",
|
|
|
|
"modified": "2019-03-05T08:08:33.000Z",
|
|
|
|
"pattern": "[file:name = 'AlyacMonitor.db' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T08:08:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e46be-947c-48d5-877b-f41b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T09:51:58.000Z",
|
|
|
|
"modified": "2019-03-05T09:51:58.000Z",
|
|
|
|
"pattern": "[file:name = 'Cobra.dll' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T09:51:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e4700-9af0-44e7-a36c-f148950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T09:53:04.000Z",
|
|
|
|
"modified": "2019-03-05T09:53:04.000Z",
|
|
|
|
"pattern": "[file:name = 'secu32_init.inf' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T09:53:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e4ad1-d824-4532-95f7-4e6b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:09:21.000Z",
|
|
|
|
"modified": "2019-03-05T10:09:21.000Z",
|
|
|
|
"pattern": "[file:name = 'private32.db' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:09:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e514e-efa8-491c-9c0a-43e3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:37:02.000Z",
|
|
|
|
"modified": "2019-03-05T10:37:02.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '242c31d0ce2109fdface788663e90f49' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:37:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e542e-485c-45ff-bcd6-f277950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:49:18.000Z",
|
|
|
|
"modified": "2019-03-05T10:49:18.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6106449779d453be4ae28d89f207e921' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:49:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e5469-59fc-4c21-a5ce-4c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:50:17.000Z",
|
|
|
|
"modified": "2019-03-05T10:50:17.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '66b73fba4e47b3184edd75b0ce9cf928' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:50:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e5477-a6dc-4af2-ad88-48b6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:50:31.000Z",
|
|
|
|
"modified": "2019-03-05T10:50:31.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1dfe826f71c20ff04987a9160c177e46' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:50:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e5488-bb10-475f-9f11-40f0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:50:48.000Z",
|
|
|
|
"modified": "2019-03-05T10:50:48.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b994bd755e034d2218f8a3f70e91a165' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:50:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e5498-80f0-4e8f-949e-43ab950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:51:04.000Z",
|
|
|
|
"modified": "2019-03-05T10:51:04.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1a082a388a285e7fc4541124794f3910' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:51:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e54ad-da34-42f0-b08f-466d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:51:25.000Z",
|
|
|
|
"modified": "2019-03-05T10:51:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '71ec829db01818d305552ec4ebb1c258' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:51:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e54c3-8e14-4e41-a2dd-4c10950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:51:47.000Z",
|
|
|
|
"modified": "2019-03-05T10:51:47.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2fdf23367c604511d019a6914c50bc0b' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:51:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e54e0-1720-481b-929d-454d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:52:16.000Z",
|
|
|
|
"modified": "2019-03-05T10:52:16.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '566cc6129dc887629a7131821c7547e5' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:52:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e55b4-f100-4e76-bc1d-f26c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:55:48.000Z",
|
|
|
|
"modified": "2019-03-05T10:55:48.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9d685308d3125e14287ecb7fbe5fcd37' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:55:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e55c5-54dc-4108-9d87-48be950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:56:05.000Z",
|
|
|
|
"modified": "2019-03-05T10:56:05.000Z",
|
|
|
|
"pattern": "[file:name = 'core.dll' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:56:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e55da-5c2c-463a-b42c-f26c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:56:26.000Z",
|
|
|
|
"modified": "2019-03-05T10:56:26.000Z",
|
|
|
|
"pattern": "[file:name = 'tvengine.dll' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:56:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e55f0-2de8-4f66-a93c-430b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:56:48.000Z",
|
|
|
|
"modified": "2019-03-05T10:56:48.000Z",
|
|
|
|
"pattern": "[file:name = 'ariaK.dll' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e5605-4ad0-42ee-a555-4eb0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:57:09.000Z",
|
|
|
|
"modified": "2019-03-05T10:57:09.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'bb42e6649d927899c816cc04c2bffc06' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:57:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e5613-1488-48e3-8453-f2c7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:57:23.000Z",
|
|
|
|
"modified": "2019-03-05T10:57:23.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '95410a32a76aecb099af53255bb90737' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:57:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e5621-2a28-4889-a03a-4928950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:57:37.000Z",
|
|
|
|
"modified": "2019-03-05T10:57:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0a50827a4897a43a882c8d3c691d943d' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:57:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e5633-89d8-49e7-bc35-c3ea950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:57:55.000Z",
|
|
|
|
"modified": "2019-03-05T10:57:55.000Z",
|
|
|
|
"pattern": "[file:name = 'IECheck.dll' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:57:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e565f-2878-40b3-8d84-492d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:58:39.000Z",
|
|
|
|
"modified": "2019-03-05T10:58:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '874c0ec36be15fe3403f3abad6ecea75' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:58:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e566f-eff0-424d-a55a-409b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:58:55.000Z",
|
|
|
|
"modified": "2019-03-05T10:58:55.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4de21c3af64b3b605446278de92dfff4' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:58:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e567e-4720-4fbf-b524-4324950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:59:10.000Z",
|
|
|
|
"modified": "2019-03-05T10:59:10.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a45ba001c3abee03bda49c6816d9a17c' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:59:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e56a0-c8cc-4d14-88b4-4ddc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T10:59:44.000Z",
|
|
|
|
"modified": "2019-03-05T10:59:44.000Z",
|
|
|
|
"pattern": "[file:name = '45D3.tmp' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T10:59:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e56c3-80c0-4f6a-9601-4caf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:00:19.000Z",
|
|
|
|
"modified": "2019-03-05T11:00:19.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '02dae3046d1669a55785ba935b0e3f0b' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:00:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e56d5-01b8-4a68-8c44-43ab950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:00:37.000Z",
|
|
|
|
"modified": "2019-03-05T11:00:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ba89337af43f0b07a35cc892ac95112a' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:00:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e56eb-5344-47b1-aa41-f277950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:00:59.000Z",
|
|
|
|
"modified": "2019-03-05T11:00:59.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '74c3011b6980bea23d119822d979a364' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:00:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e56fd-99d4-4830-914d-4f38950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:01:17.000Z",
|
|
|
|
"modified": "2019-03-05T11:01:17.000Z",
|
|
|
|
"pattern": "[file:name = 'MsMpQhp.exe' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:01:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e579b-edc0-47c2-88e4-424d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:03:55.000Z",
|
|
|
|
"modified": "2019-03-05T11:03:55.000Z",
|
|
|
|
"description": "TeamViewer ",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ab73b1395938c48d62b7eeb5c9f3409d' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:03:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e582c-76a8-4a87-936b-46c9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:06:20.000Z",
|
|
|
|
"modified": "2019-03-05T11:06:20.000Z",
|
|
|
|
"description": "TeamViewer",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b02f3881321f0912b2ae3f27498c448f' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:06:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e585e-b924-48a5-a659-490d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:07:10.000Z",
|
|
|
|
"modified": "2019-03-05T11:07:10.000Z",
|
|
|
|
"description": "TeamViewer",
|
|
|
|
"pattern": "[file:hashes.MD5 = '11fc4829c2fff9fb240acbd71c60fc67' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:07:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e5887-b2b4-4e72-988f-4c83950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:07:51.000Z",
|
|
|
|
"modified": "2019-03-05T11:07:51.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '54783422cfd7029a26a3f3f5e9087d8a' AND file:name = '2014 \ud55c\uc6b81,2 \ud638\uae30\uc124\uacc4\ubcc0\uacbd\uc0ac\ud56d.hwp' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:07:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e63c1-19e8-4619-a253-4730950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:55:45.000Z",
|
|
|
|
"modified": "2019-03-05T11:55:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8332be776617364c16868c1ad6b4efe7' AND file:name = '2018 \uc885\uc804\uc5b8.hwp' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:55:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e6479-92b0-468e-a85c-47aa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:58:49.000Z",
|
|
|
|
"modified": "2019-03-05T11:58:49.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'f22db1e3ea74af791e34ad5aa0297664' AND file:name = 'fontchk.jse' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:58:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e6497-2f04-471f-b48e-401b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T11:59:19.000Z",
|
|
|
|
"modified": "2019-03-05T11:59:19.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '48d9e625ea3efbcbef3963c8714544a7' AND file:name = '2\uc6d41\uc8fc\ucc28\uad6d\uc81c\uc548\ubcf4\uad70\uc0ac\uc815\uc138.hwp' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T11:59:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e64c2-bc88-401b-bfc6-4504950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T12:00:52.000Z",
|
|
|
|
"modified": "2019-03-05T12:00:52.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b49bbc11ed000211a5af7eb35f596886' AND file:name = 'IE \ucde8\uc57d\uc810' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T12:00:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "vulnerability",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "vulnerability--5c7e64dd-0470-4556-9dfa-41fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T12:00:29.000Z",
|
|
|
|
"modified": "2019-03-05T12:00:29.000Z",
|
|
|
|
"name": "CVE-2018-8174",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"vulnerability\"",
|
|
|
|
"misp:meta-category=\"vulnerability\"",
|
|
|
|
"misp:to_ids=\"False\""
|
|
|
|
],
|
|
|
|
"external_references": [
|
|
|
|
{
|
|
|
|
"source_name": "cve",
|
|
|
|
"external_id": "CVE-2018-8174"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_state": "Published"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e6523-60a0-4a28-adeb-47c4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T12:01:39.000Z",
|
|
|
|
"modified": "2019-03-05T12:01:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'aea8d3002132094a58d5189a8e886cf8' AND file:name = '2016\ub144\uc81c46\ucc28\uc6d0\ub0b4\ub300\ucc45\ud68c\uc758\ubaa8\ub450\ubc1c\uc5b8.hwp' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T12:01:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e653a-edc4-4389-850b-4a91950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T12:02:02.000Z",
|
|
|
|
"modified": "2019-03-05T12:02:02.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '08523230e221246bb59cde7c3e8363c7' AND file:name = '0x0ED6D109-0xED81000.mem.pe.exe' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T12:02:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c7e6556-1f7c-440e-ad46-43c2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-05T12:02:30.000Z",
|
|
|
|
"modified": "2019-03-05T12:02:30.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2f26f3a883aeca9a11769664fc7d4750' AND file:name = 'hwpkor.dll' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-05T12:02:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--689ecef6-f10d-439a-a27a-95d1d4c95f99",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:24.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:24.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '874c0ec36be15fe3403f3abad6ecea75' AND file:hashes.SHA1 = '17b4e8bf763a6e5c4f04f5c98eb780894140e7b1' AND file:hashes.SHA256 = '520056eedfaf9d3445ecf8d7aefa0b93d7c35f9a8a2a5da0999530280a9a6438']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--63188ca3-d4a3-439d-9b01-b9ec4a029584",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:25.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:25.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-06 00:08:18",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ea02193f-258f-4063-808b-da8045437f52"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/520056eedfaf9d3445ecf8d7aefa0b93d7c35f9a8a2a5da0999530280a9a6438/analysis/1551830898/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "af3bb3c4-5117-41f6-a400-b1331dba4474"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "6/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "d9947682-2fc1-432f-b192-14b4895af3f8"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--8f9b8272-3ef4-4ed8-ac44-98a8bd9f8ac9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:25.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'cd705902ea42d0de2a8456b055c3bb87' AND file:hashes.SHA1 = 'd945db08bacd1c2e06ad29c207c7da34edacf965' AND file:hashes.SHA256 = '04b28c594e96703ed11481847aab936e5ba06280ce947a436e0b64752c86bd14']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f1e4e0de-7aa4-4d61-bc50-d9850e25c9fd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:25.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:25.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-06 00:08:17",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3679c946-dbf4-446f-845d-278dfbdc0724"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/04b28c594e96703ed11481847aab936e5ba06280ce947a436e0b64752c86bd14/analysis/1551830897/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "7f45ee46-b0ed-4656-b7a0-b09313f1b51f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "32/66",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "9f9a329a-139f-41bf-a10a-27db6d9e7df6"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--92b9f0a3-acd0-4e49-a789-d100f0e9a3f4",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:25.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ba89337af43f0b07a35cc892ac95112a' AND file:hashes.SHA1 = 'f8834840c73a944394c26b3b71b9627a2a0c385a' AND file:hashes.SHA256 = 'cd152e2c4796dd4cf82e2824ad6ca6e64ef42ab2ca79cf3417354d6b2e999fb9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--cdd4af57-0253-4178-9b16-26b9169ebaaf",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:25.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:25.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-06 04:40:29",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "46129aee-9ce2-40e5-8cdd-9855bf6268e6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/cd152e2c4796dd4cf82e2824ad6ca6e64ef42ab2ca79cf3417354d6b2e999fb9/analysis/1551847229/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "9cac1422-04e3-493a-aeac-18a155eabdc4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "18/66",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "a3052011-844c-43e6-9772-08d421387a65"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--77fb245c-d880-4b58-a4a1-3c79e3429fd5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:25.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '74c3011b6980bea23d119822d979a364' AND file:hashes.SHA1 = '447f08c1fd35a517004987dcbae264cf744a5721' AND file:hashes.SHA256 = 'c9507551a16afacdd8a5dda69c2b4b924cebe97c0ebaae955c6f446a7061f744']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c5c06cde-e106-4432-a2d5-4d1f4c2d6af3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-06 00:08:26",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4716d971-3868-4ca4-9a44-6b9017b6be31"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/c9507551a16afacdd8a5dda69c2b4b924cebe97c0ebaae955c6f446a7061f744/analysis/1551830906/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "785c801a-5b42-4ec3-a5c8-4f117de68396"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "30/67",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "f227a142-d12e-435d-a4a2-9013f27d8f9c"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--00c34c0b-95aa-4d40-b8f6-462c2a9f4c73",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '71ec829db01818d305552ec4ebb1c258' AND file:hashes.SHA1 = 'd1a9dad0b7b1face9869216c863b743bc2b1e3a4' AND file:hashes.SHA256 = 'd9746224143010adada9989bf6b1014bb10e8165615e1ef6b58fd429cd2aa20a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2790778c-6796-474b-a65f-c47b1f092552",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-20 00:37:01",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "70fb6240-1fd0-4be8-b94f-ea3f7ae2f14e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/d9746224143010adada9989bf6b1014bb10e8165615e1ef6b58fd429cd2aa20a/analysis/1550623021/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "738fd47a-6aa7-487e-bdbe-24f82b3dafb5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/67",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "aa9fdbe7-b77c-4b57-b90d-b5003630f724"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c4234048-c767-46e0-b00b-23d614a98173",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0eb739c8faf77dae0546ff447ad06038' AND file:hashes.SHA1 = '12262afd366b6d123508ef79d5cfc49251f5e368' AND file:hashes.SHA256 = '9505ee1c9b92390e6f1404648686c524681874e6986bdf6236ca7e0ca5c2693a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ef19ab7e-b5d8-412e-92bc-9122218f90e4",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-06 00:08:22",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d8b0fa1f-c414-4d70-8ff6-a6b37e927e78"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/9505ee1c9b92390e6f1404648686c524681874e6986bdf6236ca7e0ca5c2693a/analysis/1551830902/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "3cb88750-c8d6-49dd-a9e9-9e4f5631836b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/67",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "cd3b7425-7563-4cd3-86a4-ddc0666c7852"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7dbe5bfc-d541-4179-a365-3f274ec85c97",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'aea8d3002132094a58d5189a8e886cf8' AND file:hashes.SHA1 = 'c6b6f203225d102fe8173500dd74ab9b3c4b4a13' AND file:hashes.SHA256 = '8dc6e8eccaaa9ebe77b60ab364e7a56ba81bb00664485d3090b58286df0ca37c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a13db91c-a587-4810-ae35-81ad538a42aa",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-03 05:10:17",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "49179a2f-4b82-4bd0-a84a-b4541c23e2bc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/8dc6e8eccaaa9ebe77b60ab364e7a56ba81bb00664485d3090b58286df0ca37c/analysis/1551589817/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "9692eb2e-5956-4c0a-9fa4-54fe57ba02ca"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "20/52",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "8cddcab6-c166-4b67-936f-a23f10ba57ef"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--198efd3b-e179-4498-bab8-22187889eeb5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9c3396aa94083916227201bf1396a2ca' AND file:hashes.SHA1 = '02133960eeb5dbf136e37d1b1b317306eae85036' AND file:hashes.SHA256 = 'c6c332ae1ccb580ac621d3cf667ce9c017be41f8ad04a94c0c0ea37c4789dd14']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--1a13e62a-1e04-4b73-af40-e077849ad7fa",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-20 00:41:42",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c40a38b6-590e-4041-8d4a-b3a970a97ae0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/c6c332ae1ccb580ac621d3cf667ce9c017be41f8ad04a94c0c0ea37c4789dd14/analysis/1550623302/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "fbbeda9f-8f2a-4afb-9aca-5cda517239f7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/64",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "2aee7374-ecdc-4da4-8929-0a19b36404a7"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--056a71eb-527f-47c6-bb7c-3e38f615ea86",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '11fc4829c2fff9fb240acbd71c60fc67' AND file:hashes.SHA1 = '63282c2399bde7558163421d624f1d5c0f08010e' AND file:hashes.SHA256 = '5d91abb9519b260dfef8328fce1db4ec19db79bbe59c1f512d15f32b35db04be']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--dbef32c7-cd7d-4324-a1ac-22c6838b047e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:26.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-06 00:08:20",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "853c5d4a-614a-4f32-a19a-814f37fed061"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/5d91abb9519b260dfef8328fce1db4ec19db79bbe59c1f512d15f32b35db04be/analysis/1551830900/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "6cb2a159-9bf4-43b2-8662-39d27983aa64"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "450ceaee-6c75-4748-8c80-106523eab7bb"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--94710f77-734e-4779-a517-39e9ff83c5c3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:27.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '54783422cfd7029a26a3f3f5e9087d8a' AND file:hashes.SHA1 = '5d379e533acef24ada64dbaf275650093ec790e7' AND file:hashes.SHA256 = 'ba08b13577eef393db69a20d9b881bfd18e86ec37690c25cc2931a7b26dbdc6f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--43d64fc5-70dc-4429-8be4-f4d6401bac8f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:27.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-01 03:41:39",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b78fd9bb-41b4-4387-999c-90b9f90758bc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/ba08b13577eef393db69a20d9b881bfd18e86ec37690c25cc2931a7b26dbdc6f/analysis/1551411699/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "e30c95bd-5e0b-4e47-bd51-b98558b96b24"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "24/55",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "86e4ed6f-0324-495f-808b-a16ccb2bd67a"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--d21b3bc0-51d3-4d83-ab29-eab87f9d72f6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:27.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '66b73fba4e47b3184edd75b0ce9cf928' AND file:hashes.SHA1 = '340b6b0370730a8344bc880c786a4e10fcd961a7' AND file:hashes.SHA256 = 'd62bf83fb5a7b148f326908051b149b77663149d47426ce749e944f7abf5d304']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--7bf89ab8-38dc-4396-9ed7-ab7767e19d08",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:27.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-20 00:35:43",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b4939e5b-d9f5-41cb-821e-0f8c57185ec2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/d62bf83fb5a7b148f326908051b149b77663149d47426ce749e944f7abf5d304/analysis/1550622943/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "477fd8aa-292f-458e-ba07-99f738ca71e7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "47/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "ae59882b-bc1d-406e-a45c-0cc44b6ca447"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--52839704-cde1-423b-b83b-85f3be6c94ff",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:27.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9d685308d3125e14287ecb7fbe5fcd37' AND file:hashes.SHA1 = 'c6dfbb9ff21830fa48e2a4e831908345cab572ca' AND file:hashes.SHA256 = '71841a1b5ee1b383a9282bf513723b7f1713a0e1ee501db38d64c2db9ba08ec4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--4676a5ec-697d-41af-88f8-1edd0b391a93",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:27.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-26 07:12:06",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c84855e8-06c6-4876-a86c-3308f8c77c45"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/71841a1b5ee1b383a9282bf513723b7f1713a0e1ee501db38d64c2db9ba08ec4/analysis/1551165126/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "4b79e362-ee21-4581-b1b5-717d3e8a4c0c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/67",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "835395bd-c2d5-49ee-84aa-049b4b5ca6aa"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--8aa148ae-97d2-47ff-83d9-7fb3a2d8a4bd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:27.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '20301fdd013c836039b8cfe0d100a1d7' AND file:hashes.SHA1 = 'e8e787b2ab734d07146b48d9bf5263a0e476fb0c' AND file:hashes.SHA256 = '84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--87dd8a5a-c52f-416e-885c-020efd23e62e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:27.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-28 01:30:52",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4f3c774b-504c-433a-8aae-7a5573942f44"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90/analysis/1551317452/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "a63daba5-11a3-4a7f-a1d2-0b6aa7d1adf6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "47/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "94bc79ec-82a0-4d84-bd3c-aa37b85e599a"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--171c1ddf-7a54-489d-9684-92c88617c956",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:27.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b02f3881321f0912b2ae3f27498c448f' AND file:hashes.SHA1 = 'de7212b695000dd10d3694de5a1d94348cbe464b' AND file:hashes.SHA256 = '57224737bfc4514aa90e9ff88626ac112e8c9f80ed54616865a4cc5d7d08f36c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5f3792ac-f82d-4592-88c3-ee892c828c41",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:27.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-06 00:08:19",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "cecc8a3e-4370-4f1d-9b6d-e23907cbfa9f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/57224737bfc4514aa90e9ff88626ac112e8c9f80ed54616865a4cc5d7d08f36c/analysis/1551830899/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "20cf6e1e-2727-4858-8f9d-91d3b475fd00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "50/71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "36c47e15-4958-4078-9661-f8148ab5f515"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--1a5e57b9-36fe-421d-a886-16026857b58f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:28.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:28.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1dfe826f71c20ff04987a9160c177e46' AND file:hashes.SHA1 = '592f882c54bb0038d976d6c88d58757aca10e307' AND file:hashes.SHA256 = '493aadefcf45642c34b4d84a84a41da9ac173b52c3217f62b3e25ece6379bd94']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--04c722ce-cdee-4769-b6a8-b6f26eb83949",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:28.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-01 01:36:06",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "51432af3-3f7c-4772-8140-4afe2967de9d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/493aadefcf45642c34b4d84a84a41da9ac173b52c3217f62b3e25ece6379bd94/analysis/1551404166/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "877b148a-23e7-4d9c-9f85-ed60d2859a22"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/65",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "30b25e71-827d-4470-bd67-714a74a6f96c"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--b3177b4e-555f-4f20-9a65-a08e1d02f9fd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:29.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:29.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6106449779d453be4ae28d89f207e921' AND file:hashes.SHA1 = 'f0e5685c433ddba3a5d7b223cc738d8a7501c977' AND file:hashes.SHA256 = '55e69e1337af0d93b5a3742d999bf805177c404e7e60e48f303509592ecd0e29']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--af4721d1-291a-46d2-8eb9-50fc1f8da0cb",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:29.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:29.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-20 00:34:57",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b4808b84-09c1-4221-88a4-bf3ecfd2bbb0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/55e69e1337af0d93b5a3742d999bf805177c404e7e60e48f303509592ecd0e29/analysis/1550622897/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "d3bfa2d1-5f35-423d-8267-67fcd772da76"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "44/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "351d3c6c-d9f5-47b8-94b2-e958bd45045e"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--173a3d42-d718-41eb-ac2a-43d4e432bb46",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:29.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:29.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '242c31d0ce2109fdface788663e90f49' AND file:hashes.SHA1 = '59c089f8e781f6686dc49776805697f9ad044c15' AND file:hashes.SHA256 = '12ee511259f7f03e8472efa8baf3e250b64f8da65fe71212cedfdac887f503f4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--cc17229b-13c4-40e8-887f-1d7cf5abd020",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:29.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:29.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-01 01:38:24",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "cb4ba500-dfcf-45c0-9b5e-61eb18065266"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/12ee511259f7f03e8472efa8baf3e250b64f8da65fe71212cedfdac887f503f4/analysis/1551404304/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "407af7e6-9b19-4f7a-b680-eb49744683cd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "1a50ab2e-1721-4573-a56b-c3a2c4d70095"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ac2931c8-7efd-400e-a3da-9699601420cd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:29.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:29.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'f22db1e3ea74af791e34ad5aa0297664' AND file:hashes.SHA1 = '16cb3fa3793a57ef54c44b11f94e9b5ba32753bb' AND file:hashes.SHA256 = '95f1a84103f789d1ae749a3f8a384a29b39d6766e8a13d450b6553c39aba4fd7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--526e45f9-c018-4f26-b8ac-42a435da08c9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:29.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:29.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-08 04:38:52",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "111443ae-f660-41eb-b7e2-b9b8b1d70c46"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/95f1a84103f789d1ae749a3f8a384a29b39d6766e8a13d450b6553c39aba4fd7/analysis/1549600732/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "e627347d-3d78-47ee-b1fc-c0186cfc4405"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "27/56",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "1b008812-a0dd-420d-9899-58001cb8625c"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--3a427677-7b23-40b7-9d8f-190c766ef8fe",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:29.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:29.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4de21c3af64b3b605446278de92dfff4' AND file:hashes.SHA1 = '8180c24445b162ce3338ee2ce77053acc08cda88' AND file:hashes.SHA256 = '74d6b81565aeb95ee9df37ef7738d10baa9866261fb894d9ee9d67fc7c66badc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--e12c9d7a-8312-437d-8b1a-c15e09ef37d6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:30.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-27 01:25:09",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f4a0a65a-ee63-40be-bce0-1b438cca0c15"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/74d6b81565aeb95ee9df37ef7738d10baa9866261fb894d9ee9d67fc7c66badc/analysis/1551230709/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "0bbebf58-9abf-437c-9279-1e177cb8b20b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "4d80ad46-5ec8-4662-9430-1d7c8844a77b"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--de5147bc-03f2-4d1a-a9c6-80bf8d449e96",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:30.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:30.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8332be776617364c16868c1ad6b4efe7' AND file:hashes.SHA1 = '618500453c5488e4a2fe43d5647f46eefe01bd56' AND file:hashes.SHA256 = '5f2ac8672e19310bd532c47d209272bd75075696dea6ffcc47d1d37f18aff141']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ecb9a5f0-73c7-4556-a7e3-9e2f4ca35fb5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:30.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-06 04:53:05",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "482d6546-9884-4c44-93de-b53a5ec26091"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/5f2ac8672e19310bd532c47d209272bd75075696dea6ffcc47d1d37f18aff141/analysis/1549428785/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "e68b44fc-6486-4cf1-9634-53c635ca2425"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "20/57",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "cbf3f3c6-224a-477b-9532-b8f774a6d8e8"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--163ddda1-900e-4bff-950b-0d5d1c2029c5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:30.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:30.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ab73b1395938c48d62b7eeb5c9f3409d' AND file:hashes.SHA1 = 'ac5ae9d2cee05c08759ca970399bb8bb54fb99cf' AND file:hashes.SHA256 = '3f30875674917b92584600a47f93a2724f11383fb03efd1ae8c2700dde97f6ac']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--05fae74d-fd81-4262-9d67-eed24b685f5d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:30.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-06 00:08:17",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f84ffdb9-7b31-48e8-9157-b1e89ae14830"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/3f30875674917b92584600a47f93a2724f11383fb03efd1ae8c2700dde97f6ac/analysis/1551830897/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "d517c3e4-660c-4fd8-8882-c613ac07783f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "40/66",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c932aff6-e6ff-4a2a-81a1-d55e0617ae61"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--52150aff-7237-412a-a493-1be95ce36e7f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:30.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:30.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '48d9e625ea3efbcbef3963c8714544a7' AND file:hashes.SHA1 = 'ad6b7c7b61d662ab653c25fe850e2406f283c919' AND file:hashes.SHA256 = 'cd6a12cc693e98e4f47d2161e9fe99d04895472d964575c749bbdd460f0fefdc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-07T22:56:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2c88a906-411b-4819-a1c3-16907c03e3f9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-07T22:56:30.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-05 06:01:28",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7d5d0569-be68-4d21-9791-d4d58c9fc61e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/cd6a12cc693e98e4f47d2161e9fe99d04895472d964575c749bbdd460f0fefdc/analysis/1551765688/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "27d8cffa-c7a4-402e-90d6-4e7dd32a5e6e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "12/57",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "f145872f-1e71-41af-a1ed-b2a828ca7e4f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--e2c0e432-070e-49d2-90fb-de3acfb2170c",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-05T12:00:52.000Z",
|
|
|
|
"modified": "2019-03-05T12:00:52.000Z",
|
|
|
|
"relationship_type": "related-to",
|
|
|
|
"source_ref": "indicator--5c7e64c2-bc88-401b-bfc6-4504950d210f",
|
|
|
|
"target_ref": "vulnerability--5c7e64dd-0470-4556-9dfa-41fc950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--40472729-0521-4b27-93f8-b4472423bc45",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:30.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:30.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--689ecef6-f10d-439a-a27a-95d1d4c95f99",
|
|
|
|
"target_ref": "x-misp-object--63188ca3-d4a3-439d-9b01-b9ec4a029584"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--20a8248a-4eed-46d2-aaf8-d28660c1b300",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--8f9b8272-3ef4-4ed8-ac44-98a8bd9f8ac9",
|
|
|
|
"target_ref": "x-misp-object--f1e4e0de-7aa4-4d61-bc50-d9850e25c9fd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--ec6465af-a8c3-4d23-bf29-ad97ee0fa822",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--92b9f0a3-acd0-4e49-a789-d100f0e9a3f4",
|
|
|
|
"target_ref": "x-misp-object--cdd4af57-0253-4178-9b16-26b9169ebaaf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--df6737b3-2989-49d9-90a7-6757ad6b58a9",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--77fb245c-d880-4b58-a4a1-3c79e3429fd5",
|
|
|
|
"target_ref": "x-misp-object--c5c06cde-e106-4432-a2d5-4d1f4c2d6af3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--ac0a7513-cb22-4e87-8cc6-0551d479bdba",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--00c34c0b-95aa-4d40-b8f6-462c2a9f4c73",
|
|
|
|
"target_ref": "x-misp-object--2790778c-6796-474b-a65f-c47b1f092552"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--52e3b650-e2ee-46ba-a0a8-7d04db0e2bff",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--c4234048-c767-46e0-b00b-23d614a98173",
|
|
|
|
"target_ref": "x-misp-object--ef19ab7e-b5d8-412e-92bc-9122218f90e4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--d43903ca-6745-462e-a30c-bcb764892f41",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--7dbe5bfc-d541-4179-a365-3f274ec85c97",
|
|
|
|
"target_ref": "x-misp-object--a13db91c-a587-4810-ae35-81ad538a42aa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--4cce3746-e84f-47c6-a7ee-600d1e99381f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--198efd3b-e179-4498-bab8-22187889eeb5",
|
|
|
|
"target_ref": "x-misp-object--1a13e62a-1e04-4b73-af40-e077849ad7fa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--5a0b9a0a-521b-4dbf-89a1-0b05cc57ab17",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--056a71eb-527f-47c6-bb7c-3e38f615ea86",
|
|
|
|
"target_ref": "x-misp-object--dbef32c7-cd7d-4324-a1ac-22c6838b047e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--b94b7d4c-4c78-4453-8be7-9c0b3ed2cfd4",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--94710f77-734e-4779-a517-39e9ff83c5c3",
|
|
|
|
"target_ref": "x-misp-object--43d64fc5-70dc-4429-8be4-f4d6401bac8f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--3d38542c-8fb3-495c-b8a5-e6081f2039f7",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--d21b3bc0-51d3-4d83-ab29-eab87f9d72f6",
|
|
|
|
"target_ref": "x-misp-object--7bf89ab8-38dc-4396-9ed7-ab7767e19d08"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--c5b22dc9-340e-413c-b8ea-81cab5bb9b92",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--52839704-cde1-423b-b83b-85f3be6c94ff",
|
|
|
|
"target_ref": "x-misp-object--4676a5ec-697d-41af-88f8-1edd0b391a93"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--78a8c78d-a60b-4080-9ef4-81a200a63b95",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--8aa148ae-97d2-47ff-83d9-7fb3a2d8a4bd",
|
|
|
|
"target_ref": "x-misp-object--87dd8a5a-c52f-416e-885c-020efd23e62e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--e719f862-9e4f-4f11-931e-9dbe09e30b7b",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--171c1ddf-7a54-489d-9684-92c88617c956",
|
|
|
|
"target_ref": "x-misp-object--5f3792ac-f82d-4592-88c3-ee892c828c41"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--6604c767-0e80-4bd5-99fa-d4be79fbb03e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--1a5e57b9-36fe-421d-a886-16026857b58f",
|
|
|
|
"target_ref": "x-misp-object--04c722ce-cdee-4769-b6a8-b6f26eb83949"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--3e6481cb-b540-4668-8c09-1612dc73693f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--b3177b4e-555f-4f20-9a65-a08e1d02f9fd",
|
|
|
|
"target_ref": "x-misp-object--af4721d1-291a-46d2-8eb9-50fc1f8da0cb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--81328212-9e74-4e24-afb0-e791b6cbd39e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--173a3d42-d718-41eb-ac2a-43d4e432bb46",
|
|
|
|
"target_ref": "x-misp-object--cc17229b-13c4-40e8-887f-1d7cf5abd020"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--e7a1ab13-2131-4a69-8382-5568e2b987d9",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--ac2931c8-7efd-400e-a3da-9699601420cd",
|
|
|
|
"target_ref": "x-misp-object--526e45f9-c018-4f26-b8ac-42a435da08c9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--0e17038d-4637-4069-9359-cf8dbfaa1f40",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--3a427677-7b23-40b7-9d8f-190c766ef8fe",
|
|
|
|
"target_ref": "x-misp-object--e12c9d7a-8312-437d-8b1a-c15e09ef37d6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--6079c9b3-b02d-461b-8973-b6adeb0bdf32",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:31.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:31.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--de5147bc-03f2-4d1a-a9c6-80bf8d449e96",
|
|
|
|
"target_ref": "x-misp-object--ecb9a5f0-73c7-4556-a7e3-9e2f4ca35fb5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--404503c7-2906-45a6-a46e-566a49ce0928",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:32.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:32.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--163ddda1-900e-4bff-950b-0d5d1c2029c5",
|
|
|
|
"target_ref": "x-misp-object--05fae74d-fd81-4262-9d67-eed24b685f5d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--39489cbc-7082-495c-899a-d8301946ce39",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-07T22:56:32.000Z",
|
|
|
|
"modified": "2019-03-07T22:56:32.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--52150aff-7237-412a-a493-1be95ce36e7f",
|
|
|
|
"target_ref": "x-misp-object--2c88a906-411b-4819-a1c3-16907c03e3f9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|