2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--2ebc21a4-5635-4a7d-9553-ec5f58be0ee6" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--2ebc21a4-5635-4a7d-9553-ec5f58be0ee6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"name" : "OSINT - Kobalos \u2013 A complex Linux threat to high performance computing infrastructure" ,
"published" : "2021-02-02T13:11:55Z" ,
"object_refs" : [
"observed-data--07103d07-aa9a-4694-a89c-5cd4fc94221e" ,
"url--07103d07-aa9a-4694-a89c-5cd4fc94221e" ,
"observed-data--fd42b022-1d71-4dda-ab1f-3f9e4a49e663" ,
"url--fd42b022-1d71-4dda-ab1f-3f9e4a49e663" ,
"x-misp-object--f35188ee-2150-4d49-940a-16d588cf7562" ,
"x-misp-object--026c0bbe-8e18-47ff-9069-0ce387459a39" ,
"indicator--bbc90dca-7637-45a0-a897-e5832580635e" ,
"indicator--59711fce-1669-416e-a863-282972f05a30" ,
"indicator--ce16efd3-b989-4fdb-9cad-3cb622be8c92" ,
"x-misp-object--96edf472-61bf-4f3c-81ce-932eb0329136" ,
"indicator--143c7525-68f6-4367-97a8-4540bdffa019" ,
"indicator--422f962e-0a08-4bf4-9d95-406422b35bcb" ,
"indicator--56810ac9-e525-446d-b903-62fa770ae06a" ,
"indicator--394bf3c8-c3a2-412d-828c-d5e2b0c6811f" ,
"indicator--0fa4cd2e-4304-4657-99ad-962f7eb548f0" ,
"x-misp-object--5564a28d-f2a5-41da-9339-6b72f64c6832" ,
"indicator--683e6644-bb2e-4ae9-b1e4-139453b8402e" ,
"x-misp-object--f10e10ba-0d66-4505-a4d5-1689c9f5e25b" ,
"indicator--84bd6b39-8189-4eee-8fef-6d9ee06306a1" ,
"x-misp-object--b2a8b157-a04f-484f-8d88-549ede5b0068" ,
"indicator--68ac0130-82b6-4709-ae98-cee6fe7fb4ed" ,
"indicator--d4f9f303-b8b7-421a-b1bc-b2ad6f0396c6" ,
"x-misp-object--fe1474ac-d0a1-4792-8936-e25686ad6662" ,
"indicator--1e04dc6e-de14-441d-a7f6-09a5d54f0667" ,
"indicator--137efbb9-75cd-46e9-8dba-7d8e36a983b5" ,
"x-misp-object--6743c14d-5278-41a1-a8d2-678f94f59d6d" ,
"indicator--cd4a56fb-10a5-46f9-868e-2d2d9cee93c5" ,
"x-misp-object--5d93ad07-c377-43cc-b9e4-1b0ab3d0da83" ,
"indicator--bb8fc68e-77a6-4115-abf5-3fc14c1039dd" ,
"x-misp-object--a9cacc5a-a03f-463a-95a1-854718064bb3" ,
"x-misp-object--8dc33498-4ead-4457-a3eb-e85032df1405" ,
"indicator--b4f748c5-41f0-4a59-bf7a-069086896c94" ,
"x-misp-object--5b93ec98-7b27-4038-b9ca-6c8ae8ae44da" ,
"indicator--577cde70-7de9-4776-975b-9c0100ceae5e" ,
"x-misp-object--977fbf1c-4163-45ce-a014-4f58536d3703" ,
"indicator--9a711583-6ce7-4265-aba8-7350383961b6" ,
"x-misp-object--3f558b7a-d342-4090-92a2-82e2210b68e7" ,
2023-12-14 14:30:15 +00:00
"relationship--75a8324c-b344-46f0-a798-23a75f1059ee" ,
"relationship--0c48c5a8-364b-4666-ac35-9a9d4943e0a5" ,
"relationship--ea728033-61bf-47d3-9fb4-64223a9a15c4" ,
"relationship--13931b73-fc63-47a9-a540-6797b735058c" ,
"relationship--6b131841-6042-48c3-ad89-a94f57fb45e6" ,
"relationship--506ea8a5-2225-441e-bc2b-53b51cfef92a" ,
"relationship--7b19573d-e340-4a50-a12b-d76ed4d9d718" ,
"relationship--f9b9a698-c905-47cf-b650-b0b6fa2659be" ,
"relationship--f11c3cc6-cc14-4a58-b123-29c5e72e04f5" ,
"relationship--9bc880a2-6107-4033-a326-da8bb7d28248" ,
"relationship--594bda53-c64f-4399-aeb3-1741c0fc11d3" ,
"relationship--1f33671f-da74-4afe-b6f2-155180307269" ,
"relationship--9ff19382-b084-4893-a910-1e07814721d3" ,
"relationship--f98e709f-bf88-4187-b6c8-e7d6bd26d5a5" ,
"relationship--ac20a18b-4024-4c46-a328-2a31183d0fa4"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"estimative-language:confidence-in-analytic-judgment=\"high\"" ,
"misp-galaxy:mitre-attack-pattern=\"Compromise Client Software Binary - T1554\"" ,
"misp-galaxy:mitre-attack-pattern=\"Traffic Signaling - T1205\"" ,
"misp-galaxy:mitre-attack-pattern=\"Clear Command History - T1070.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"" ,
"misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"" ,
"misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--07103d07-aa9a-4694-a89c-5cd4fc94221e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:02:20.000Z" ,
"modified" : "2021-02-02T13:02:20.000Z" ,
"first_observed" : "2021-02-02T13:02:20Z" ,
"last_observed" : "2021-02-02T13:02:20Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--07103d07-aa9a-4694-a89c-5cd4fc94221e"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--07103d07-aa9a-4694-a89c-5cd4fc94221e" ,
"value" : "https://github.com/eset/malware-ioc/blob/master/kobalos/README.adoc"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--fd42b022-1d71-4dda-ab1f-3f9e4a49e663" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:02:20.000Z" ,
"modified" : "2021-02-02T13:02:20.000Z" ,
"first_observed" : "2021-02-02T13:02:20Z" ,
"last_observed" : "2021-02-02T13:02:20Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--fd42b022-1d71-4dda-ab1f-3f9e4a49e663"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--fd42b022-1d71-4dda-ab1f-3f9e4a49e663" ,
"value" : "https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f35188ee-2150-4d49-940a-16d588cf7562" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T11:07:49.000Z" ,
"modified" : "2021-02-02T11:07:49.000Z" ,
"labels" : [
"misp:name=\"crypto-material\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "RC4" ,
"category" : "Other" ,
"uuid" : "02240c3f-3379-48bc-ac66-849be8ab76ba"
} ,
{
"type" : "text" ,
"object_relation" : "generic-symmetric-key" ,
"value" : "AE0E05090F3AC2B50B1BC6E91D2FE3CE" ,
"category" : "Other" ,
"uuid" : "809ba87e-5329-498a-86ae-66755abaf2e9"
}
] ,
"x_misp_comment" : "Static RC4 key for strings" ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "crypto-material"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--026c0bbe-8e18-47ff-9069-0ce387459a39" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T11:08:40.000Z" ,
"modified" : "2021-02-02T11:08:40.000Z" ,
"labels" : [
"misp:name=\"crypto-material\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "RSA" ,
"category" : "Other" ,
"uuid" : "2b4462a4-6d51-4f69-8e02-6308c444d046"
} ,
{
"type" : "text" ,
"object_relation" : "public" ,
"value" : "-----BEGIN PUBLIC KEY-----\r\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOUgD8sEF1kZ04QxCd60HrB+TxWnLQED\r\nwzb0sZ8vMMD6xnUAJspdYzSVDnRnKYjTOM43qtLNcJOwVj6cuC1uHHMCAwEAAQ==\r\n-----END PUBLIC KEY-----" ,
"category" : "Other" ,
"uuid" : "6030c4fb-79de-4652-9e2c-cda3a0dca7b4"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "crypto-material"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--bbc90dca-7637-45a0-a897-e5832580635e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T11:09:49.000Z" ,
"modified" : "2021-02-02T11:09:49.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.80.57.191') AND network-traffic:dst_port = '7070']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T11:09:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59711fce-1669-416e-a863-282972f05a30" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"description" : "Stand-alone binary - (Debian OS) - Connects to 151.80.57.191:7070" ,
"pattern" : "[file:hashes.SHA1 = '479f470e83f9a5b66363fba5547fdfcf727949da' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T13:09:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ce16efd3-b989-4fdb-9cad-3cb622be8c92" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T11:12:06.000Z" ,
"modified" : "2021-02-02T11:12:06.000Z" ,
"pattern" : "[file:hashes.MD5 = '2c693d26ba9df26edf77557c1a709528' AND file:hashes.SHA1 = '479f470e83f9a5b66363fba5547fdfcf727949da' AND file:hashes.SHA256 = '73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T11:12:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--96edf472-61bf-4f3c-81ce-932eb0329136" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T11:12:07.000Z" ,
"modified" : "2021-02-02T11:12:07.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-01T18:56:46+00:00" ,
"category" : "Other" ,
"uuid" : "35baa849-71a0-4406-a3b8-7135a4442667"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58/detection/f-73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58-1612205806" ,
"category" : "Payload delivery" ,
"uuid" : "b451437f-a3ad-4026-a74f-ed19ae19bce1"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "3/62" ,
"category" : "Payload delivery" ,
"uuid" : "1b93b043-b92b-489d-8372-2c0df9f680f2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--143c7525-68f6-4367-97a8-4540bdffa019" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T11:14:55.000Z" ,
"modified" : "2021-02-02T11:14:55.000Z" ,
"description" : "RHEL\r\n\t\r\n\r\nsshd\r\n\t\r\n\r\nWait for connection from source port 55201" ,
"pattern" : "[file:hashes.SHA1 = 'fbf0a76ced2939d1f7ec5f9ea58c5a294207f7fe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T11:14:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--422f962e-0a08-4bf4-9d95-406422b35bcb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T11:17:54.000Z" ,
"modified" : "2021-02-02T11:17:54.000Z" ,
"description" : "FreeBSD\r\n\t\r\n\r\nsshd Wait for connection from source port 55201" ,
"pattern" : "[file:hashes.SHA1 = 'affa12cc94578d63a8b178ae19f6601d5c8bb224' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T11:17:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56810ac9-e525-446d-b903-62fa770ae06a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T11:18:39.000Z" ,
"modified" : "2021-02-02T11:18:39.000Z" ,
"description" : "Ubuntu\r\n\t\r\n\r\nsshd\r\n\t\r\n\r\nWait for connection from source port 55201" ,
"pattern" : "[file:hashes.SHA1 = '325f24e8f5d56db43d6914d9234c08c888cdae50' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T11:18:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--394bf3c8-c3a2-412d-828c-d5e2b0c6811f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T11:19:54.000Z" ,
"modified" : "2021-02-02T11:19:54.000Z" ,
"description" : "Arch Linux\r\n\t\r\n\r\nsshd\r\n\t\r\n\r\nWait for connection from source port 55201" ,
"pattern" : "[file:hashes.SHA1 = 'a4050a8171b0fa3ae9031e0f8b7272facf04a3aa' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T11:19:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0fa4cd2e-4304-4657-99ad-962f7eb548f0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T12:49:26.000Z" ,
"modified" : "2021-02-02T12:49:26.000Z" ,
"description" : "SSH credential stealer " ,
"pattern" : "[file:hashes.SHA1 = '6616de799b5105ee2eb83bbe25c7f4433420dff7' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T12:49:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5564a28d-f2a5-41da-9339-6b72f64c6832" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T11:22:41.000Z" ,
"modified" : "2021-02-02T11:22:41.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "fullpath" ,
"value" : "/var/run/nscd/ns.pid" ,
"category" : "Other" ,
"uuid" : "ce3d187a-ca3b-4be6-9cc4-74a7169a1868"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--683e6644-bb2e-4ae9-b1e4-139453b8402e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T12:51:48.000Z" ,
"modified" : "2021-02-02T12:51:48.000Z" ,
"description" : "SSH credential stealer " ,
"pattern" : "[file:hashes.SHA1 = 'e094dd02cc954b6104791925e0d1880782b046cf' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T12:51:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f10e10ba-0d66-4505-a4d5-1689c9f5e25b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T12:51:24.000Z" ,
"modified" : "2021-02-02T12:51:24.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "fullpath" ,
"value" : "/var/run/udev/ud.pid" ,
"category" : "Other" ,
"uuid" : "bf6ee019-dcf4-465b-9897-6c9752b717d3"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--84bd6b39-8189-4eee-8fef-6d9ee06306a1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T12:56:24.000Z" ,
"modified" : "2021-02-02T12:56:24.000Z" ,
"description" : "SSH credential stealer FreeBSD" ,
"pattern" : "[file:hashes.SHA1 = '1dd0edc5744d63a731db8c3b42efbd09d91fed78' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T12:56:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b2a8b157-a04f-484f-8d88-549ede5b0068" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T12:55:48.000Z" ,
"modified" : "2021-02-02T12:55:48.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "fullpath" ,
"value" : "/var/run/udevd.pid" ,
"category" : "Other" ,
"uuid" : "364d8668-bf3b-4cf1-8841-e38c9a1c8b15"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--68ac0130-82b6-4709-ae98-cee6fe7fb4ed" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T12:57:50.000Z" ,
"modified" : "2021-02-02T12:57:50.000Z" ,
"description" : "SSH credential stealer " ,
"pattern" : "[file:hashes.SHA1 = 'c1f530d3c189b9a74dbe02cfeb29f38be8ca41ba' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T12:57:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d4f9f303-b8b7-421a-b1bc-b2ad6f0396c6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T12:59:16.000Z" ,
"modified" : "2021-02-02T12:59:16.000Z" ,
"description" : "SSH credential stealer " ,
"pattern" : "[file:hashes.SHA1 = '659cbdf9288137937bb71146b6f722ffcda1c5fe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T12:59:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--fe1474ac-d0a1-4792-8936-e25686ad6662" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T12:58:51.000Z" ,
"modified" : "2021-02-02T12:58:51.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "fullpath" ,
"value" : "/var/run/sshd/sshd.pid" ,
"category" : "Other" ,
"uuid" : "2940c1e1-451c-40a0-ab8b-bf02d05bec56"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1e04dc6e-de14-441d-a7f6-09a5d54f0667" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:00:20.000Z" ,
"modified" : "2021-02-02T13:00:20.000Z" ,
"pattern" : "rule kobalos\r\n{\r\n meta:\r\n description = \\\\\"Kobalos malware\\\\\"\r\n author = \\\\\"Marc-Etienne M.L\u00e9veill\u00e9\\\\\"\r\n date = \\\\\"2020-11-02\\\\\"\r\n reference = \\\\\"http://www.welivesecurity.com\\\\\"\r\n source = \\\\\"https://github.com/eset/malware-ioc/\\\\\"\r\n license = \\\\\"BSD 2-Clause\\\\\"\r\n version = \\\\\"1\\\\\"\r\n\r\n strings:\r\n $encrypted_strings_sizes = {\r\n 05 00 00 00 09 00 00 00 04 00 00 00 06 00 00 00\r\n 08 00 00 00 08 00 00 00 02 00 00 00 02 00 00 00\r\n 01 00 00 00 01 00 00 00 05 00 00 00 07 00 00 00\r\n 05 00 00 00 05 00 00 00 05 00 00 00 0A 00 00 00\r\n }\r\n $password_md5_digest = { 3ADD48192654BD558A4A4CED9C255C4C }\r\n $rsa_512_mod_header = { 10 11 02 00 09 02 00 }\r\n $strings_rc4_key = { AE0E05090F3AC2B50B1BC6E91D2FE3CE }\r\n\r\n condition:\r\n any of them\r\n}" ,
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2021-02-02T13:00:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "misc"
}
] ,
"labels" : [
"misp:name=\"yara\"" ,
"misp:meta-category=\"misc\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_context" : "all"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--137efbb9-75cd-46e9-8dba-7d8e36a983b5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:00:55.000Z" ,
"modified" : "2021-02-02T13:00:55.000Z" ,
"pattern" : "rule kobalos_ssh_credential_stealer {\r\n meta:\r\n description = \\\\\"Kobalos SSH credential stealer seen in OpenSSH client\\\\\"\r\n author = \\\\\"Marc-Etienne M.L\u00e9veill\u00e9\\\\\"\r\n date = \\\\\"2020-11-02\\\\\"\r\n reference = \\\\\"http://www.welivesecurity.com\\\\\"\r\n source = \\\\\"https://github.com/eset/malware-ioc/\\\\\"\r\n license = \\\\\"BSD 2-Clause\\\\\"\r\n version = \\\\\"1\\\\\"\r\n\r\n strings:\r\n $ = \\\\\"user: \\\\%.128s host: \\\\%.128s port \\\\%05d user: \\\\%.128s password: \\\\%.128s\\\\\"\r\n\r\n condition:\r\n any of them\r\n}" ,
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2021-02-02T13:00:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "misc"
}
] ,
"labels" : [
"misp:name=\"yara\"" ,
"misp:meta-category=\"misc\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_context" : "all"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6743c14d-5278-41a1-a8d2-678f94f59d6d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:03:24.000Z" ,
"modified" : "2021-02-02T13:03:24.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "summary" ,
"value" : "ESET researchers have analyzed malware that has been targeting high performance computing (HPC) clusters, among other high-profile targets. We reverse engineered this small, yet complex, malware that is portable to many operating systems including Linux, BSD, Solaris, and possibly AIX and Windows. We have named this malware Kobalos for its tiny code size and many tricks; in Greek mythology, a Kobalos is a small, mischievous creature. Today we publish a paper titled \u201cA wild Kobalos appears: Tricksy Linux malware goes after HPCs\u201d describing the inner working of this threat." ,
"category" : "Other" ,
"uuid" : "de941abb-8360-41fd-88b8-14ab18906b30"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cd4a56fb-10a5-46f9-868e-2d2d9cee93c5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"pattern" : "[file:hashes.MD5 = '4e52980f06f211668df959175d6c3d58' AND file:hashes.SHA1 = 'e094dd02cc954b6104791925e0d1880782b046cf' AND file:hashes.SHA256 = '75edf6662811d001da179b96bd06d675aa2439fd88a981cc84f24b4a5b4f8f45']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T13:09:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5d93ad07-c377-43cc-b9e4-1b0ab3d0da83" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-03-04T18:41:56+00:00" ,
"category" : "Other" ,
"uuid" : "8135e42c-4a36-47da-b8ad-595dcda6a2e6"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/75edf6662811d001da179b96bd06d675aa2439fd88a981cc84f24b4a5b4f8f45/detection/f-75edf6662811d001da179b96bd06d675aa2439fd88a981cc84f24b4a5b4f8f45-1583347316" ,
"category" : "Payload delivery" ,
"uuid" : "e5a8ebcf-af6e-444f-adc6-f8465fae0676"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/61" ,
"category" : "Payload delivery" ,
"uuid" : "4ff0afc9-cac1-44be-b730-67fe00f15bef"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--bb8fc68e-77a6-4115-abf5-3fc14c1039dd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"pattern" : "[file:hashes.MD5 = '87837cc81c346e2a38ab1fe5e4826af2' AND file:hashes.SHA1 = '6616de799b5105ee2eb83bbe25c7f4433420dff7' AND file:hashes.SHA256 = '6c36e0341ea1529665de88b690a19a18ea02d2a2a5bae6d745e01efc194e486a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T13:09:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a9cacc5a-a03f-463a-95a1-854718064bb3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-02T11:56:14+00:00" ,
"category" : "Other" ,
"uuid" : "a1c31bf0-5438-4d5b-b6df-f13319a1cc84"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/6c36e0341ea1529665de88b690a19a18ea02d2a2a5bae6d745e01efc194e486a/detection/f-6c36e0341ea1529665de88b690a19a18ea02d2a2a5bae6d745e01efc194e486a-1612266974" ,
"category" : "Payload delivery" ,
"uuid" : "6299cd4c-b13d-42a4-94b3-6254cfd7fd59"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/62" ,
"category" : "Payload delivery" ,
"uuid" : "2eeeaca5-5c72-4ea2-8c76-591780ddab71"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8dc33498-4ead-4457-a3eb-e85032df1405" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-01T18:56:46+00:00" ,
"category" : "Other" ,
"uuid" : "40f30083-4b87-42ab-b515-9f8e07055145"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58/detection/f-73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58-1612205806" ,
"category" : "Payload delivery" ,
"uuid" : "fc710595-3fb3-4fcf-87b0-daa1a5f69423"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "3/62" ,
"category" : "Payload delivery" ,
"uuid" : "bf6548e5-2428-455c-929d-3a342ec0f4bf"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b4f748c5-41f0-4a59-bf7a-069086896c94" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"pattern" : "[file:hashes.MD5 = '7538d0ec96869fd53d7c613a108846c0' AND file:hashes.SHA1 = 'fbf0a76ced2939d1f7ec5f9ea58c5a294207f7fe' AND file:hashes.SHA256 = 'd51cb52136931af5ebd8628b64d6cd1327a99196b102d246f52d878ffb581983']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T13:09:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5b93ec98-7b27-4038-b9ca-6c8ae8ae44da" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-02T08:05:42+00:00" ,
"category" : "Other" ,
"uuid" : "7f072142-4e7c-490a-9f1d-7c5c3f563499"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/d51cb52136931af5ebd8628b64d6cd1327a99196b102d246f52d878ffb581983/detection/f-d51cb52136931af5ebd8628b64d6cd1327a99196b102d246f52d878ffb581983-1612253142" ,
"category" : "Payload delivery" ,
"uuid" : "88f8d78d-9e9e-4931-a826-85529a90ccfa"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/62" ,
"category" : "Payload delivery" ,
"uuid" : "d11eb3b0-2889-45d8-8f90-f7021df6568c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--577cde70-7de9-4776-975b-9c0100ceae5e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f54ba4ac2eeb5c12a513872acabecbc6' AND file:hashes.SHA1 = 'affa12cc94578d63a8b178ae19f6601d5c8bb224' AND file:hashes.SHA256 = '9ed33b43e679ad98615e1a4e8c46dbeb9b93271625e46f4b4d021099b4b6fb74']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T13:09:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--977fbf1c-4163-45ce-a014-4f58536d3703" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-01T18:58:25+00:00" ,
"category" : "Other" ,
"uuid" : "cae3f6bb-2b69-48eb-9099-658fc16919d7"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/9ed33b43e679ad98615e1a4e8c46dbeb9b93271625e46f4b4d021099b4b6fb74/detection/f-9ed33b43e679ad98615e1a4e8c46dbeb9b93271625e46f4b4d021099b4b6fb74-1612205905" ,
"category" : "Payload delivery" ,
"uuid" : "4bf2aad3-5dc1-4a81-8c15-4f74538f9c8e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/61" ,
"category" : "Payload delivery" ,
"uuid" : "66364ddf-d38e-4d5a-8082-ba0682f6eb3b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9a711583-6ce7-4265-aba8-7350383961b6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"pattern" : "[file:hashes.MD5 = 'bc49dd3da0b2cb1425a466a3d2f0ed41' AND file:hashes.SHA1 = '1dd0edc5744d63a731db8c3b42efbd09d91fed78' AND file:hashes.SHA256 = '13cbde1b79ca195a06697df937580c82c0e1cd90cc91c18ddfe4a7802e8e923a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-02T13:09:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3f558b7a-d342-4090-92a2-82e2210b68e7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-02T13:09:20.000Z" ,
"modified" : "2021-02-02T13:09:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-03-09T08:44:44+00:00" ,
"category" : "Other" ,
"uuid" : "2b6ecaa2-bbe1-4903-b28b-8672896fb4d5"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/13cbde1b79ca195a06697df937580c82c0e1cd90cc91c18ddfe4a7802e8e923a/detection/f-13cbde1b79ca195a06697df937580c82c0e1cd90cc91c18ddfe4a7802e8e923a-1583743484" ,
"category" : "Payload delivery" ,
"uuid" : "99713b59-7b94-4c9f-9223-84190b6f00d3"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/59" ,
"category" : "Payload delivery" ,
"uuid" : "227fe71f-0426-4338-b83e-890fc2a5e5ef"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--75a8324c-b344-46f0-a798-23a75f1059ee" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "connects-to" ,
"source_ref" : "indicator--59711fce-1669-416e-a863-282972f05a30" ,
"target_ref" : "indicator--bbc90dca-7637-45a0-a897-e5832580635e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--0c48c5a8-364b-4666-ac35-9a9d4943e0a5" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--59711fce-1669-416e-a863-282972f05a30" ,
"target_ref" : "x-misp-object--8dc33498-4ead-4457-a3eb-e85032df1405"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--ea728033-61bf-47d3-9fb4-64223a9a15c4" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--ce16efd3-b989-4fdb-9cad-3cb622be8c92" ,
"target_ref" : "x-misp-object--96edf472-61bf-4f3c-81ce-932eb0329136"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--13931b73-fc63-47a9-a540-6797b735058c" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "writes" ,
"source_ref" : "indicator--0fa4cd2e-4304-4657-99ad-962f7eb548f0" ,
"target_ref" : "x-misp-object--5564a28d-f2a5-41da-9339-6b72f64c6832"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--6b131841-6042-48c3-ad89-a94f57fb45e6" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "writes" ,
"source_ref" : "indicator--683e6644-bb2e-4ae9-b1e4-139453b8402e" ,
"target_ref" : "x-misp-object--f10e10ba-0d66-4505-a4d5-1689c9f5e25b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--506ea8a5-2225-441e-bc2b-53b51cfef92a" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "writes" ,
"source_ref" : "indicator--84bd6b39-8189-4eee-8fef-6d9ee06306a1" ,
"target_ref" : "x-misp-object--b2a8b157-a04f-484f-8d88-549ede5b0068"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--7b19573d-e340-4a50-a12b-d76ed4d9d718" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "writes" ,
"source_ref" : "indicator--68ac0130-82b6-4709-ae98-cee6fe7fb4ed" ,
"target_ref" : "x-misp-object--5564a28d-f2a5-41da-9339-6b72f64c6832"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--f9b9a698-c905-47cf-b650-b0b6fa2659be" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "writes" ,
"source_ref" : "indicator--d4f9f303-b8b7-421a-b1bc-b2ad6f0396c6" ,
"target_ref" : "x-misp-object--fe1474ac-d0a1-4792-8936-e25686ad6662"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--f11c3cc6-cc14-4a58-b123-29c5e72e04f5" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "references" ,
"source_ref" : "x-misp-object--6743c14d-5278-41a1-a8d2-678f94f59d6d" ,
"target_ref" : "observed-data--07103d07-aa9a-4694-a89c-5cd4fc94221e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--9bc880a2-6107-4033-a326-da8bb7d28248" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "references" ,
"source_ref" : "x-misp-object--6743c14d-5278-41a1-a8d2-678f94f59d6d" ,
"target_ref" : "observed-data--fd42b022-1d71-4dda-ab1f-3f9e4a49e663"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--594bda53-c64f-4399-aeb3-1741c0fc11d3" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--cd4a56fb-10a5-46f9-868e-2d2d9cee93c5" ,
"target_ref" : "x-misp-object--5d93ad07-c377-43cc-b9e4-1b0ab3d0da83"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--1f33671f-da74-4afe-b6f2-155180307269" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--bb8fc68e-77a6-4115-abf5-3fc14c1039dd" ,
"target_ref" : "x-misp-object--a9cacc5a-a03f-463a-95a1-854718064bb3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--9ff19382-b084-4893-a910-1e07814721d3" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b4f748c5-41f0-4a59-bf7a-069086896c94" ,
"target_ref" : "x-misp-object--5b93ec98-7b27-4038-b9ca-6c8ae8ae44da"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--f98e709f-bf88-4187-b6c8-e7d6bd26d5a5" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--577cde70-7de9-4776-975b-9c0100ceae5e" ,
"target_ref" : "x-misp-object--977fbf1c-4163-45ce-a014-4f58536d3703"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--ac20a18b-4024-4c46-a328-2a31183d0fa4" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9a711583-6ce7-4265-aba8-7350383961b6" ,
"target_ref" : "x-misp-object--3f558b7a-d342-4090-92a2-82e2210b68e7"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}