529 lines
67 KiB
JSON
529 lines
67 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--f66e0cfa-40d1-438c-aa2f-4c95fe4318c5",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:43.000Z",
|
||
|
"modified": "2021-08-25T06:19:43.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--f66e0cfa-40d1-438c-aa2f-4c95fe4318c5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:43.000Z",
|
||
|
"modified": "2021-08-25T06:19:43.000Z",
|
||
|
"name": "AA21-110A Exploitation of Pulse Connect Secure Vulnerabilities",
|
||
|
"published": "2021-08-25T06:19:56Z",
|
||
|
"object_refs": [
|
||
|
"x-misp-attribute--96882b5d-1d78-45e2-a6a3-c09c09bf38c0",
|
||
|
"indicator--f144b7db-d6e3-48d4-a65f-b0c7c084d7a6",
|
||
|
"indicator--7fdd5ed8-5cfa-47e7-8722-bd97234b0003",
|
||
|
"indicator--83791d2b-bec6-4013-b273-83fa0375cb8f",
|
||
|
"indicator--b0ac5c18-3c6c-4cd7-bb79-557051e4fd64",
|
||
|
"indicator--29282a4c-fabd-4a29-88dd-5282a31ac36c",
|
||
|
"indicator--b48f43e8-d2ad-48a2-b7fd-47f4147fece5",
|
||
|
"indicator--49924195-b902-4115-b622-ee8eb7cb8f48",
|
||
|
"indicator--e702bccd-7ed3-4371-af93-cf5ae0d93201",
|
||
|
"indicator--c4141a8d-0b9b-4b86-bc13-3ae15da35afb",
|
||
|
"indicator--02475125-7b46-46bd-b6f4-5816c6a6d00c",
|
||
|
"indicator--47547f5e-6db7-4e51-8a5a-337044d0f46a",
|
||
|
"indicator--29ad8b01-b581-4d86-b1a1-b3524a89d71a",
|
||
|
"indicator--0ddaba82-7a7c-4dae-a1c2-2023698c9392",
|
||
|
"indicator--1349097a-11e1-49ea-89b1-d1768796b153",
|
||
|
"indicator--3db1352e-26f4-4e84-888c-153780e0c04d",
|
||
|
"indicator--bf65bca7-9f39-4b5f-a33c-0a38d3b3103f",
|
||
|
"indicator--f8b489b6-a7e6-4f27-99d6-6acc60aa0d97",
|
||
|
"indicator--0b41896c-371b-4531-8259-3af57cac4902",
|
||
|
"x-misp-object--f42c374b-5837-412e-9531-dcc44fad39b1"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--96882b5d-1d78-45e2-a6a3-c09c09bf38c0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"Other\""
|
||
|
],
|
||
|
"x_misp_category": "Other",
|
||
|
"x_misp_comment": "Imported from STIX header description",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "This STIX file provides indicators of compromise (IOCs) associated with malicious activity reported in CISA Analysis Report, AA21-110A Exploitation of Pulse Connect Secure Vulnerabilities."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f144b7db-d6e3-48d4-a65f-b0c7c084d7a6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'c12f54a3f91dc7bafd92cb59fe009a35']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7fdd5ed8-5cfa-47e7-8722-bd97234b0003",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b592adaa596bb72a5c1ccdbecae52e3f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--83791d2b-bec6-4013-b273-83fa0375cb8f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'af26ba5e85475b634275141e6ed3dc54']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b0ac5c18-3c6c-4cd7-bb79-557051e4fd64",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a29d0d294a6236b5bf0ec2573dd4f02f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--29282a4c-fabd-4a29-88dd-5282a31ac36c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '916e458922ae9a1bab6b1154689c7de7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b48f43e8-d2ad-48a2-b7fd-47f4147fece5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '8f6747b71d1003df1b7e3e8232b1a7e3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--49924195-b902-4115-b622-ee8eb7cb8f48",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '86cb13d6bbb3ac96b78b408bcfc18794']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e702bccd-7ed3-4371-af93-cf5ae0d93201",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '714cdf6e462870e2b85d251a3b22064b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c4141a8d-0b9b-4b86-bc13-3ae15da35afb",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '53829d58e2631a372bb4de1be2cbecca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--02475125-7b46-46bd-b6f4-5816c6a6d00c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3cbc88eabdac9af71445f9040a6cf46c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--47547f5e-6db7-4e51-8a5a-337044d0f46a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '30017f6f809155387cbcf95be6e7225d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--29ad8b01-b581-4d86-b1a1-b3524a89d71a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '227ab2ae6ed6abcc249e8a873a033144']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0ddaba82-7a7c-4dae-a1c2-2023698c9392",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:name = 'Secid_canceltoken.cgi' AND file:hashes.MD5 = 'f2beca612db26d771fe6ed7a87f48a5a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1349097a-11e1-49ea-89b1-d1768796b153",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:name = 'Licenseserverproto.cgi' AND file:hashes.MD5 = '9b526db005ee8075912ca6572d69a5d6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3db1352e-26f4-4e84-888c-153780e0c04d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:name = 'DSUpgrade.pm' AND file:hashes.MD5 = '4d5b410e1756072a701dfd3722951907']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bf65bca7-9f39-4b5f-a33c-0a38d3b3103f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '8c291ad2d50f3845788bc11b2f603b4a' AND file:hashes.SHA1 = '12f6cce33a618b32f4d5a74a93b54176d436ded9' AND file:hashes.SHA256 = 'c445cab266549820d54168cb8e5078811d574682edce7edb973b3d833128f4e3' AND file:hashes.SSDEEP = '192:5zwJNuIYj7rcCOk1QrhMeWyOUV9AWojcZiOQiQsfinnoK9Cih1pa+7yiwChm:5zwJwrXWOUV9AWojoiOucCQ' AND file:name = 'healthcheck.cgi' AND file:size = '9272']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f8b489b6-a7e6-4f27-99d6-6acc60aa0d97",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'ca0175d86049fa7c796ea06b413857a3' AND file:hashes.SHA1 = '9c4c9d951aa235ed640ce711fbf1810eeb160191' AND file:hashes.SHA256 = 'f2b1bd703c3eb05541ff84ec375573cbdc70309ccb82aac04b72db205d718e90' AND file:hashes.SSDEEP = '192:iAamVz3fzvBk5oFblLPBN1iXf2bCRErwyN4aEbwyiNwyiQwNeDAi4XMG:iAamVzfzvBTFblLpN1iXOYpyuapyiWym' AND file:name = 'compcheckresult.cgi' AND file:size = '6515']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0b41896c-371b-4531-8259-3af57cac4902",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '56e2a1566c7989612320f4ef1669e7d5' AND file:hashes.SHA1 = '161ba1ddb8069cf1f0f0a31c81113ca264fae49a' AND file:hashes.SHA256 = 'e9df4e13131c95c75ca41a95e08599b3d480e5e7a7922ff0a3fa00bef3bd6561' AND file:hashes.SSDEEP = '768:ifTsQR8rYZ8HPGK9P9pHfHq/RgktsBOBxrce/6ZRc7egTxR7zx/yQ8AVHj9KqTcE:nzDc6x6/J7/TPhaQ8AVHj9vTcGGP0' AND file:name = 'login.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-08-25T06:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--f42c374b-5837-412e-9531-dcc44fad39b1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-08-25T06:19:16.000Z",
|
||
|
"modified": "2021-08-25T06:19:16.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"original-imported-file\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "attachment",
|
||
|
"object_relation": "imported-sample",
|
||
|
"value": "AA21-110A.xml",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "4c047f8e-a0f5-4a35-a47f-ac2695e257f2",
|
||
|
"data": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjwhLS0gR2VuZXJhdGVkIGJ5IE1QRSAwLjQuN0Egb24gMDQvMjkvMjAyMSAtLT4KPHN0aXg6U1RJWF9QYWNrYWdlIAoJeG1sbnM6c3RpeFZvY2Ficz0iaHR0cDovL3N0aXgubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTEiCgl4bWxuczpGaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjRmlsZU9iamVjdC0yIgoJeG1sbnM6dGxwTWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1RMUC0xIgoJeG1sbnM6Y3lib3hWb2NhYnM9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiIKCXhtbG5zOlRPVU1hcmtpbmc9Imh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUZXJtc19PZl9Vc2UtMSIKCXhtbG5zOnN0aXhDb21tb249Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9jb21tb24tMSIKCXhtbG5zOmN5Ym94PSJodHRwOi8vY3lib3gubWl0cmUub3JnL2N5Ym94LTIiCgl4bWxuczpjeWJveENvbW1vbj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jb21tb24tMiIKCXhtbG5zOnN0aXg9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9zdGl4LTEiCgl4bWxuczptYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9NYXJraW5nLTEiCgl4bWxuczppbmRpY2F0b3I9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9JbmRpY2F0b3ItMiIKCXhtbG5zOkNJU0E9Imh0dHA6Ly93d3cudXMtY2VydC5nb3YvbmNjaWMiCgl4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIKCXhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIgoJeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIgoJeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIKCQoJeHNpOnNjaGVtYUxvY2F0aW9uPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLzEuMS4xL3N0aXhfZGVmYXVsdF92b2NhYnVsYXJpZXMueHNkCglodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjRmlsZU9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvRmlsZS8yLjEvRmlsZV9PYmplY3QueHNkCglodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVExQLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9leHRlbnNpb25zL21hcmtpbmcvdGxwLzEuMS4xL3RscF9tYXJraW5nLnhzZAoJaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLzIuMS9jeWJveF9kZWZhdWx0X3ZvY2FidWxhcmllcy54c2QKCWh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUZXJtc19PZl9Vc2UtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2V4dGVuc2lvbnMvbWFya2luZy90ZXJtc19vZl91c2UvMS4wLjEvdGVybXNfb2ZfdXNlX21hcmtpbmcueHNkCglodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9jb21tb24vMS4xLjEvc3RpeF9jb21tb24ueHNkCglodHRwOi8vY3lib3gubWl0cmUub3JnL2N5Ym94LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29yZS8yLjEvY3lib3hfY29yZS54c2QKCWh0dHA6Ly9jeWJveC5taXRyZS5vcmcvY29tbW9uLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29tbW9uLzIuMS9jeWJveF9jb21tb24ueHNkCglodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29yZS8xLjEuMS9zdGl4X2NvcmUueHNkCglodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9NYXJraW5nLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9kYXRhX21hcmtpbmcvMS4xLjEvZGF0YV9tYXJraW5nLnhzZAoJaHR0cDovL3N0aXgubWl0cmUub3JnL0luZGljYXRvci0yIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvaW5kaWNhdG9yLzIuMS4xL2luZGljYXRvci54c2QiIGlkPSJOUEctMTAxMjYwMTUiIHZlcnNpb249IjEuMS4xIiB0aW1lc3RhbXA9IjIwMjEtMDQtMjlUMTQ6MDQ6MDUiPgogICAgPHN0aXg6U1RJWF9IZWFkZXI+CiAgICAgICAgPHN0aXg6VGl0bGU+QUEyMS0xMTBBIEV4cGxvaXRhdGlvbiBvZiBQdWxzZSBDb25uZWN0IFNlY3VyZSBWdWxuZXJhYmlsaXRpZXM8L3N0aXg6VGl0bGU+CiAgICAgICAgPHN0aXg6UGFja2FnZV9JbnRlbnQgeHNpOnR5cGU9InN0aXhWb2NhYnM6UGFja2FnZUludGVudFZvY2FiLTEuMCI+SW5kaWNhdG9yczwvc3RpeDpQYWNrYWdlX0ludGVudD4KICAgICAgICA8c3RpeDpEZXNjcmlwdGlvbj5UaGlzIFNUSVggZmlsZSBwcm92aWRlcyBpbmRpY2F0b3JzIG9mIGNvbXByb21pc2UgKElPQ3MpIGFzc29jaWF0ZWQgd2l0aCBtYWxpY2lvdXMgYWN0aXZpdHkgcmVwb3J0ZWQgaW4gQ0lTQSBBbmFseXNpcyBSZXBvcnQsIEFBMjEtMTEwQSBFeHBsb2l0YXRpb24gb2YgUHVsc2UgQ29ubmVjdCBTZWN1cmUgVnVsbmVyYWJpbGl0aWVzLjwvc3RpeDpEZXNjcmlwdGlvbj4KICAgICAgICA8c3RpeDpIYW5kbGluZz4KICAgICAgICAgICAgPG1hcmtpbmc6TWFya2luZz4KICAgICAgICAgICAgICAgIDxtYXJraW5nOkNvbnRyb2xsZWRfU3RydWN0dXJlPi8vbm9kZSgpIHwgLy9AKjwvbWFya2luZzpDb250cm9sbGVkX1N0cnVjdHVyZT4KICAgICAgICAgICAgICAgIDxtYXJraW5nOk1hcmtpbmdfU3RydWN0dXJlIHhzaTp0eXBlPSdUT1VNYXJraW5nOlRlcm1zT2ZVc2VNYX
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "format",
|
||
|
"value": "STIX 1.1",
|
||
|
"category": "Other",
|
||
|
"uuid": "1ef6d70d-922e-472d-b045-bc12e04a1911"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "original-imported-file"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|