2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5dbae98e-7974-4480-86db-44be950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:40.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:40.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5dbae98e-7974-4480-86db-44be950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:40.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:40.000Z",
|
|
|
|
"name": "OSINT - Dans l\u00e2\u20ac\u2122\u00c5\u201cil de notre CyberSOC : la campagne malspam Aggah diversifie ses outils",
|
|
|
|
"published": "2019-12-10T09:25:12Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5dbaeac5-a3c0-48f3-b0c1-46c2950d210f",
|
|
|
|
"url--5dbaeac5-a3c0-48f3-b0c1-46c2950d210f",
|
|
|
|
"indicator--5dc033f3-d78c-4fb5-bae5-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-0808-4286-b34c-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-a64c-4132-9e4a-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-1b0c-4573-99df-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-6624-4d01-ab9b-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-e0e4-404a-bfdd-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-1850-4a19-97a5-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-09b8-4fc8-8f7f-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-85a4-409e-8612-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-30b8-471e-8f71-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-4abc-4c8a-8ac5-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-2ea4-49be-b641-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-209c-430c-a548-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-e3bc-45fa-bc71-e94f950d210f",
|
|
|
|
"indicator--5dc033f3-3e90-4cc0-a319-e94f950d210f",
|
|
|
|
"indicator--5dc04091-77d0-4ff0-ab41-4d09950d210f",
|
|
|
|
"indicator--5dc04372-f128-4cb3-bdc0-46b1950d210f",
|
|
|
|
"indicator--5dc02897-2454-4c3d-a82a-4974950d210f",
|
|
|
|
"indicator--5dc028bf-36e8-4d96-b847-5503950d210f",
|
|
|
|
"indicator--5dc02950-294c-4f7b-83d6-4a0b950d210f",
|
|
|
|
"indicator--5dc0296c-f0a8-4327-9139-405d950d210f",
|
|
|
|
"indicator--5dc0297c-ca38-46f0-b3ab-471c950d210f",
|
|
|
|
"indicator--5dc02d45-2b1c-4958-a52f-4199950d210f",
|
|
|
|
"indicator--5dc02d5b-fafc-430b-9c55-497c950d210f",
|
|
|
|
"indicator--5dc02e92-1c20-4a65-bcdc-4680950d210f",
|
|
|
|
"indicator--5dc02eb6-49b8-43d2-b886-5502950d210f",
|
|
|
|
"indicator--5dc02ecc-fa44-493c-8ef5-5502950d210f",
|
|
|
|
"indicator--5dc02ee8-3470-44aa-83b4-5502950d210f",
|
|
|
|
"indicator--5dc02ef9-f6d8-4cc2-9d29-5502950d210f",
|
|
|
|
"indicator--5dc02f2a-f568-457e-81b5-df66950d210f",
|
|
|
|
"indicator--5dc02f5f-c2ec-401c-9d8c-df66950d210f",
|
|
|
|
"indicator--5dc02f7e-d520-4255-8405-4cfb950d210f",
|
|
|
|
"indicator--5dc02fb0-31f8-4064-aa9b-4574950d210f",
|
|
|
|
"indicator--5dc02fc7-b278-4517-a872-4701950d210f",
|
|
|
|
"indicator--5dc0300a-1c78-4639-8603-df80950d210f",
|
|
|
|
"indicator--5dc030d7-9fe4-4004-849a-df80950d210f",
|
|
|
|
"indicator--5dc030e9-7e6c-4b8b-b31a-5502950d210f",
|
|
|
|
"indicator--5dc03101-76a8-4b60-a427-4f2d950d210f",
|
|
|
|
"indicator--5dc03110-e910-404e-9d81-4e44950d210f",
|
|
|
|
"indicator--5dc03125-2e64-41aa-b7c0-4f13950d210f",
|
|
|
|
"indicator--5dc0313f-4a7c-4305-a77b-44ee950d210f",
|
|
|
|
"indicator--5dc0314f-a250-41f2-bc6c-4fe3950d210f",
|
|
|
|
"indicator--5dc0315d-b42c-4bd7-bf22-4095950d210f",
|
|
|
|
"indicator--5dc0316f-ae4c-49ff-ae8b-4407950d210f",
|
|
|
|
"indicator--5dc0335b-88e8-47b2-b741-df82950d210f",
|
|
|
|
"indicator--5dc03369-ac10-4d04-af2b-df67950d210f",
|
|
|
|
"observed-data--5dc038bd-a88c-46b1-bbef-4394950d210f",
|
|
|
|
"email-message--5dc038bd-a88c-46b1-bbef-4394950d210f",
|
|
|
|
"observed-data--5dc038d1-8a18-428c-9989-e94f950d210f",
|
|
|
|
"email-message--5dc038d1-8a18-428c-9989-e94f950d210f",
|
|
|
|
"indicator--5dc03906-ffc0-44c6-a50a-df81950d210f",
|
|
|
|
"indicator--d670c680-69d6-426d-a298-c0ff391db8e7",
|
|
|
|
"x-misp-object--5a211825-b90f-4f28-8d80-2ccca44fb240",
|
|
|
|
"indicator--4001f135-f142-448f-8f86-90d6ddf6342b",
|
|
|
|
"x-misp-object--fad7d3d0-90ab-430b-840d-7d8a2b18ac51",
|
|
|
|
"indicator--4ebb5413-89fe-40e4-a59f-e5c6a1b7313e",
|
|
|
|
"x-misp-object--693be22d-e312-4294-9171-2d8065cddd54",
|
|
|
|
"indicator--92ae76c5-8973-4515-938d-b878ca91368e",
|
|
|
|
"x-misp-object--dffbc7d4-cd65-4cb2-9090-32a89e4e174f",
|
|
|
|
"indicator--c4cded67-8b32-4ee4-b39f-d17a501a2cf3",
|
|
|
|
"x-misp-object--d5ef38d1-b501-4ae1-9249-6707886ea81b",
|
|
|
|
"indicator--c64bda57-fb58-499b-a870-74140ecb73c3",
|
|
|
|
"x-misp-object--8598f6dc-4d1f-4d2d-b686-cd0c3d66cc5e",
|
|
|
|
"indicator--0ec33fed-1a2a-485e-939f-f40425ebc54c",
|
|
|
|
"x-misp-object--c0bce316-ef56-42c6-811e-7dca12ecf919",
|
|
|
|
"indicator--f1e1d01c-6f5f-4204-9d86-34227fa834ed",
|
|
|
|
"x-misp-object--78cebe26-6eb1-4f08-b500-312923e761c9",
|
2023-12-14 14:30:15 +00:00
|
|
|
"relationship--c52af110-fb7e-4cde-8f17-bef5ef83d63a",
|
|
|
|
"relationship--6f907a08-753d-40c3-b2e7-2ba06a89edea",
|
|
|
|
"relationship--7c5d3ab6-3e36-48fa-919e-9b6c6e52d0f0",
|
|
|
|
"relationship--183e57dc-9947-4cfc-854a-569ca04dd466",
|
|
|
|
"relationship--0c04740d-ec5f-483b-b941-a59489217696",
|
|
|
|
"relationship--0e909083-a2d1-4c89-8c44-b015fc2397af",
|
|
|
|
"relationship--3b7b7bbd-0cce-43d0-9697-0582ea929ab0",
|
|
|
|
"relationship--1e9cd48b-5d88-4f9d-aedb-6a9178309169"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Mshta - T1170\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Credentials in Files - T1081\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5dbaeac5-a3c0-48f3-b0c1-46c2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-10-31T14:08:05.000Z",
|
|
|
|
"modified": "2019-10-31T14:08:05.000Z",
|
|
|
|
"first_observed": "2019-10-31T14:08:05Z",
|
|
|
|
"last_observed": "2019-10-31T14:08:05Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5dbaeac5-a3c0-48f3-b0c1-46c2950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5dbaeac5-a3c0-48f3-b0c1-46c2950d210f",
|
|
|
|
"value": "https://cyberdefense.orange.com/fr/blog/dans-loeil-de-notre-cybersoc-la-campagne-malspam-aggah-diversifie-ses-outils/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-d78c-4fb5-bae5-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[url:value = '88.150.221.123/1/inc/0f176165c9879d.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-0808-4286-b34c-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[url:value = '216.170.126.123/otu/index.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-a64c-4132-9e4a-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[url:value = '185.215.148.217/ghost/index.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-1b0c-4573-99df-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[url:value = '216.170.126.107/done/index.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-6624-4d01-ab9b-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[url:value = '216.170.126.107/xmen/index.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-e0e4-404a-bfdd-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[url:value = '216.170.126.146/ahsan/index.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-1850-4a19-97a5-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[domain-name:value = 'dennisss.duckdns.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-09b8-4fc8-8f7f-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[domain-name:value = 'mozila-system.duckdns.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-85a4-409e-8612-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[domain-name:value = 'hetro.ddns.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-30b8-471e-8f71-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[domain-name:value = 'kimkinzo.duckdns.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-4abc-4c8a-8ac5-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[file:name = '?docora.duckdns.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-2ea4-49be-b641-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[domain-name:value = 'fishwdme.duckdns.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-209c-430c-a548-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[domain-name:value = 'john-osas11.duckdns.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-e3bc-45fa-bc71-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[domain-name:value = 'ccmorgan.duckdns.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc033f3-3e90-4cc0-a319-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:21:39.000Z",
|
|
|
|
"modified": "2019-11-04T14:21:39.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[domain-name:value = 'sukw.duckdns.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:21:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc04091-77d0-4ff0-ab41-4d09950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T15:15:29.000Z",
|
|
|
|
"modified": "2019-11-04T15:15:29.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'newandupdates1234.blogspot.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T15:15:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc04372-f128-4cb3-bdc0-46b1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T15:27:46.000Z",
|
|
|
|
"modified": "2019-11-04T15:27:46.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'asdiamecwecw8cew.blogspot.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T15:27:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02897-2454-4c3d-a82a-4974950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T13:33:11.000Z",
|
|
|
|
"modified": "2019-11-04T13:33:11.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.170.126.107') AND network-traffic:dst_port = '777']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T13:33:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "network"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"ip-port\"",
|
|
|
|
"misp:meta-category=\"network\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc028bf-36e8-4d96-b847-5503950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T13:33:51.000Z",
|
|
|
|
"modified": "2019-11-04T13:33:51.000Z",
|
|
|
|
"description": "NanoCore",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02950-294c-4f7b-83d6-4a0b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T13:36:16.000Z",
|
|
|
|
"modified": "2019-11-04T13:36:16.000Z",
|
|
|
|
"description": "NanoCore",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '35cf9dd2e966cbbf772bc8a8863eca048ce48728ad0fb9bad994b62247291171']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T13:36:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc0296c-f0a8-4327-9139-405d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T13:36:44.000Z",
|
|
|
|
"modified": "2019-11-04T13:36:44.000Z",
|
|
|
|
"description": "NanoCore",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T13:36:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc0297c-ca38-46f0-b3ab-471c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T13:37:00.000Z",
|
|
|
|
"modified": "2019-11-04T13:37:00.000Z",
|
|
|
|
"description": "NanoCore",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a2d86ca90f364341238ad4b6ce42eabad6462ca8b85d2e36d276a5a76a400e93']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T13:37:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02d45-2b1c-4958-a52f-4199950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T13:53:09.000Z",
|
|
|
|
"modified": "2019-11-04T13:53:09.000Z",
|
|
|
|
"description": "NanoCore",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0f0faa6ff820888c44e60adc0b9d0044ae626d3ae5adfca9251db655d360430a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T13:53:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02d5b-fafc-430b-9c55-497c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T13:53:31.000Z",
|
|
|
|
"modified": "2019-11-04T13:53:31.000Z",
|
|
|
|
"description": "ASyncRAT",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T13:53:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02e92-1c20-4a65-bcdc-4680950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T13:58:42.000Z",
|
|
|
|
"modified": "2019-11-04T13:58:42.000Z",
|
|
|
|
"description": "NanoCore",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '732501083e18c0e7843986197a9cc78b4c70844ae2a5260d8e0863b4566840f2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T13:58:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02eb6-49b8-43d2-b886-5502950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T13:59:18.000Z",
|
|
|
|
"modified": "2019-11-04T13:59:18.000Z",
|
|
|
|
"description": "NanoCore",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a37c8ab7a8b6c8686e5d7a911c9f389131eb1da8abab9228f63442f4cc0586b9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T13:59:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02ecc-fa44-493c-8ef5-5502950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T13:59:40.000Z",
|
|
|
|
"modified": "2019-11-04T13:59:40.000Z",
|
|
|
|
"description": "Azorult",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6079cdba30c72c4097545444a61945adb4cf03ebbf531b8efb6c3f29633f01e3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T13:59:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02ee8-3470-44aa-83b4-5502950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:00:08.000Z",
|
|
|
|
"modified": "2019-11-04T14:00:08.000Z",
|
|
|
|
"description": "Azorult",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '970f0dc60fd3a57dc97194313d8455e8e888ed480cadd7548096537c96c6130d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:00:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02ef9-f6d8-4cc2-9d29-5502950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:00:25.000Z",
|
|
|
|
"modified": "2019-11-04T14:00:25.000Z",
|
|
|
|
"description": "Azorult",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '48b730f6fe4a94cfc4af81fdb4420d3a749f7602b4dfd6663e9e5af91cb3f886']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:00:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02f2a-f568-457e-81b5-df66950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:01:14.000Z",
|
|
|
|
"modified": "2019-11-04T14:01:14.000Z",
|
|
|
|
"description": "Azorult",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ba516bfa4d18a3890ae5599973d0583523379eeddce6ba08668f9278453bc9ad']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:01:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02f5f-c2ec-401c-9d8c-df66950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:02:07.000Z",
|
|
|
|
"modified": "2019-11-04T14:02:07.000Z",
|
|
|
|
"description": "Azorult",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fd40f1fafffe22687d820fed80f152bf8e30ce8a4b7d40ff8ff8acaf42c8517b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:02:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02f7e-d520-4255-8405-4cfb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:02:38.000Z",
|
|
|
|
"modified": "2019-11-04T14:02:38.000Z",
|
|
|
|
"description": "Azorult",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6497ff8cb227ecd6a75db4379b8f9d849b542b59fd30dd49c6d9ef0977cacd14']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:02:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02fb0-31f8-4064-aa9b-4574950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:03:28.000Z",
|
|
|
|
"modified": "2019-11-04T14:03:28.000Z",
|
|
|
|
"description": "Azorult",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:03:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc02fc7-b278-4517-a872-4701950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:03:51.000Z",
|
|
|
|
"modified": "2019-11-04T14:03:51.000Z",
|
|
|
|
"description": "AgentTesla",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:03:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc0300a-1c78-4639-8603-df80950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:04:58.000Z",
|
|
|
|
"modified": "2019-11-04T14:04:58.000Z",
|
|
|
|
"description": "AgentTesla",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:04:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc030d7-9fe4-4004-849a-df80950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:08:23.000Z",
|
|
|
|
"modified": "2019-11-04T14:08:23.000Z",
|
|
|
|
"description": "Remcos",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2ed3b831531428a2f172284d9d5a0e91bb1b478a900d74abe7d581c782d7de03']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:08:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc030e9-7e6c-4b8b-b31a-5502950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:08:41.000Z",
|
|
|
|
"modified": "2019-11-04T14:08:41.000Z",
|
|
|
|
"description": "FormBook",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '778715947a04a421044f4903f5b28eb80f67c545c21a515f25535984166bb273']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:08:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc03101-76a8-4b60-a427-4f2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:09:05.000Z",
|
|
|
|
"modified": "2019-11-04T14:09:05.000Z",
|
|
|
|
"description": "RevengeRAT",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9f0f88e296786e48c29d77da3418ef2d148ba19db10dcb59aa5dbff2c65cd505']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:09:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc03110-e910-404e-9d81-4e44950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:09:20.000Z",
|
|
|
|
"modified": "2019-11-04T14:09:20.000Z",
|
|
|
|
"description": "RevengeRAT",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7fbb03fcff280da369566274170df592afc639eb6a1bfd8470dca1cd7254ad46']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:09:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc03125-2e64-41aa-b7c0-4f13950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:09:41.000Z",
|
|
|
|
"modified": "2019-11-04T14:09:41.000Z",
|
|
|
|
"description": "Dll",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5c57e599f74e543bf1cae580ebb42beaa3a5ec01a18c59dfa533fa04fbf33456']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:09:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc0313f-4a7c-4305-a77b-44ee950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:10:07.000Z",
|
|
|
|
"modified": "2019-11-04T14:10:07.000Z",
|
|
|
|
"description": "Dll",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e73adcf6f04ba13e215f240081024bdd0656e661f43bb9f4b96509d59c0b6ce5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:10:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc0314f-a250-41f2-bc6c-4fe3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:10:23.000Z",
|
|
|
|
"modified": "2019-11-04T14:10:23.000Z",
|
|
|
|
"description": "Dll",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:10:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc0315d-b42c-4bd7-bf22-4095950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:10:37.000Z",
|
|
|
|
"modified": "2019-11-04T14:10:37.000Z",
|
|
|
|
"description": "Dll",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:10:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc0316f-ae4c-49ff-ae8b-4407950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:10:55.000Z",
|
|
|
|
"modified": "2019-11-04T14:10:55.000Z",
|
|
|
|
"description": "Dll",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e1598720dbe7fe3595b0c323c5ad4de231744568acc1f9b00a855642ebea9676']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:10:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc0335b-88e8-47b2-b741-df82950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:19:07.000Z",
|
|
|
|
"modified": "2019-11-04T14:19:07.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '35.226.30.217')]",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:19:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "network"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"ip-port\"",
|
|
|
|
"misp:meta-category=\"network\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc03369-ac10-4d04-af2b-df67950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:19:21.000Z",
|
|
|
|
"modified": "2019-11-04T14:19:21.000Z",
|
|
|
|
"description": "C2",
|
|
|
|
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.150.221.123')]",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:19:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "network"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"ip-port\"",
|
|
|
|
"misp:meta-category=\"network\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5dc038bd-a88c-46b1-bbef-4394950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:42:05.000Z",
|
|
|
|
"modified": "2019-11-04T14:42:05.000Z",
|
|
|
|
"first_observed": "2019-11-04T14:42:05Z",
|
|
|
|
"last_observed": "2019-11-04T14:42:05Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"email-message--5dc038bd-a88c-46b1-bbef-4394950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"email\"",
|
|
|
|
"misp:meta-category=\"network\"",
|
|
|
|
"misp:to_ids=\"False\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-message",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-message--5dc038bd-a88c-46b1-bbef-4394950d210f",
|
|
|
|
"is_multipart": false,
|
|
|
|
"subject": "Payment Remittance"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5dc038d1-8a18-428c-9989-e94f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:42:25.000Z",
|
|
|
|
"modified": "2019-11-04T14:42:25.000Z",
|
|
|
|
"first_observed": "2019-11-04T14:42:25Z",
|
|
|
|
"last_observed": "2019-11-04T14:42:25Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"email-message--5dc038d1-8a18-428c-9989-e94f950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"email\"",
|
|
|
|
"misp:meta-category=\"network\"",
|
|
|
|
"misp:to_ids=\"False\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-message",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-message--5dc038d1-8a18-428c-9989-e94f950d210f",
|
|
|
|
"is_multipart": false,
|
|
|
|
"subject": "Price Request"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dc03906-ffc0-44c6-a50a-df81950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-11-04T14:43:18.000Z",
|
|
|
|
"modified": "2019-11-04T14:43:18.000Z",
|
|
|
|
"pattern": "[windows-registry-key:key = 'HKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\' AND windows-registry-key:values[0].name = 'WinUpdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-11-04T14:43:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"registry-key\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--d670c680-69d6-426d-a298-c0ff391db8e7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:36.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:36.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6d4204febbce6bb6802f63a5a823ad67' AND file:hashes.SHA1 = 'b6911feb8a13d2a946a2f74043a624c886af33b1' AND file:hashes.SHA256 = 'db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-10T09:24:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5a211825-b90f-4f28-8d80-2ccca44fb240",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:36.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:36.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-10-28T02:31:00",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Dll",
|
|
|
|
"uuid": "add0b46d-6efc-4253-a2a6-820b0c5a300e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f/analysis/1572229860/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Dll",
|
|
|
|
"uuid": "cac6e1e1-3ab6-4360-9845-421bb3455db6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "14/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Dll",
|
|
|
|
"uuid": "65299516-f9e2-4960-8e56-faf6303d5a32"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--4001f135-f142-448f-8f86-90d6ddf6342b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:37.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '12fef1dbfcd31084bff43508a7669459' AND file:hashes.SHA1 = '78e5dfca951eab2ade99fdebb7de692cdd02c147' AND file:hashes.SHA256 = '92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-10T09:24:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--fad7d3d0-90ab-430b-840d-7d8a2b18ac51",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:37.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-10-09T21:55:56",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Azorult",
|
|
|
|
"uuid": "68b7ac2e-4d1b-4ef7-b6b3-b0209dc787ba"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e/analysis/1570658156/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Azorult",
|
|
|
|
"uuid": "ad11e621-a6c3-4a38-a4f0-b9959975fd56"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "59/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Azorult",
|
|
|
|
"uuid": "6232f040-8fdd-43ce-8658-08cab4bb7c18"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--4ebb5413-89fe-40e4-a59f-e5c6a1b7313e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:38.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:38.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1660ca53c025465e9b0628246b1047f3' AND file:hashes.SHA1 = '8b3b10b3fa61017a02e013dcabb67eb8eeaa7ed9' AND file:hashes.SHA256 = 'd0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-10T09:24:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--693be22d-e312-4294-9171-2d8065cddd54",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:38.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-10-23T12:51:58",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "AgentTesla",
|
|
|
|
"uuid": "f7ef0e54-13ec-41eb-a33e-d72d49258b76"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/d0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1/analysis/1571835118/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "AgentTesla",
|
|
|
|
"uuid": "0feac6f1-cddd-4ef0-9758-0bd0a966fc74"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "41/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "AgentTesla",
|
|
|
|
"uuid": "cc87a812-0dae-441d-8345-630aa04d3708"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--92ae76c5-8973-4515-938d-b878ca91368e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:38.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:38.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '57084aec24c40f6834428b38ef72b967' AND file:hashes.SHA1 = '24dd9c52e1c1ef03cda76c7a9e5887170ada12eb' AND file:hashes.SHA256 = '83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-10T09:24:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--dffbc7d4-cd65-4cb2-9090-32a89e4e174f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:38.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-10-20T11:44:02",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "NanoCore",
|
|
|
|
"uuid": "456dfb89-0a24-4933-9ebd-30ae24723027"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced/analysis/1571571842/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "NanoCore",
|
|
|
|
"uuid": "fc64fe4a-f7db-457e-b67e-f8dd8d93a595"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "57/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "NanoCore",
|
|
|
|
"uuid": "6caa5df3-8e4f-4f70-97bf-0fdf57745619"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c4cded67-8b32-4ee4-b39f-d17a501a2cf3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:39.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '61f6f2296d99b469078db1cb5d36bf65' AND file:hashes.SHA1 = 'f03aa226cc7aeb12a3190b3ccc8a2db68ffd1587' AND file:hashes.SHA256 = 'fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-10T09:24:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d5ef38d1-b501-4ae1-9249-6707886ea81b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:39.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-10-13T12:32:04",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "NanoCore",
|
|
|
|
"uuid": "231d8b6a-d8f5-4f91-8d14-3c13201efae9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33/analysis/1570969924/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "NanoCore",
|
|
|
|
"uuid": "e65af2d7-3fa7-4d88-b92d-074c869b7389"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "60/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "NanoCore",
|
|
|
|
"uuid": "d5dbf1e4-14fb-492e-a36e-5433f7500168"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c64bda57-fb58-499b-a870-74140ecb73c3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:39.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a5de91f73a5e75aa7e33954fd0adda13' AND file:hashes.SHA1 = '07b518b86eca57bc9534c9b955d1809f9f66f080' AND file:hashes.SHA256 = '84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-10T09:24:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--8598f6dc-4d1f-4d2d-b686-cd0c3d66cc5e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:39.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-09-28T03:26:27",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Dll",
|
|
|
|
"uuid": "aea636b1-9152-49df-8c25-55266a813659"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6/analysis/1569641187/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Dll",
|
|
|
|
"uuid": "423be0e6-f07a-44cc-a07c-5d12ebb9bd78"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "44/67",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Dll",
|
|
|
|
"uuid": "73e7f2b3-941d-4727-86bf-ab089e83ff03"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0ec33fed-1a2a-485e-939f-f40425ebc54c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:40.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9257e5b74cf52683b168602036f19d3f' AND file:hashes.SHA1 = 'cdd025adf4d4b616a703378a05915a36dedcbe9a' AND file:hashes.SHA256 = '516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-10T09:24:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c0bce316-ef56-42c6-811e-7dca12ecf919",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:40.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-10-29T15:05:37",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "ASyncRAT",
|
|
|
|
"uuid": "007438bf-4ab7-41b1-8d4c-2569dbb74a59"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3/analysis/1572361537/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "ASyncRAT",
|
|
|
|
"uuid": "4e5958e9-9ee1-4023-833e-d9d30a89393f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "ASyncRAT",
|
|
|
|
"uuid": "771cbfda-bc1e-49a0-82ff-341ab0bb1022"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--f1e1d01c-6f5f-4204-9d86-34227fa834ed",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:40.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0638dff86bcdbebe8dc9c9d0bece613b' AND file:hashes.SHA1 = 'e7ec733b91eece465192ebe2d62bb5fd14a135c3' AND file:hashes.SHA256 = '6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-10T09:24:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--78cebe26-6eb1-4f08-b500-312923e761c9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-10T09:24:40.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-10-25T06:30:50",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "AgentTesla",
|
|
|
|
"uuid": "77b6b35b-d50d-4041-b505-20115a28c312"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5/analysis/1571985050/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "AgentTesla",
|
|
|
|
"uuid": "21a8e5ac-802a-4506-bcdd-6b69d3419a47"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "44/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "AgentTesla",
|
|
|
|
"uuid": "cadc000e-d4db-47db-9bd1-ee1ec522e9d6"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 14:30:15 +00:00
|
|
|
"id": "relationship--c52af110-fb7e-4cde-8f17-bef5ef83d63a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-10T09:24:40.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:40.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--d670c680-69d6-426d-a298-c0ff391db8e7",
|
|
|
|
"target_ref": "x-misp-object--5a211825-b90f-4f28-8d80-2ccca44fb240"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 14:30:15 +00:00
|
|
|
"id": "relationship--6f907a08-753d-40c3-b2e7-2ba06a89edea",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-10T09:24:41.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--4001f135-f142-448f-8f86-90d6ddf6342b",
|
|
|
|
"target_ref": "x-misp-object--fad7d3d0-90ab-430b-840d-7d8a2b18ac51"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 14:30:15 +00:00
|
|
|
"id": "relationship--7c5d3ab6-3e36-48fa-919e-9b6c6e52d0f0",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-10T09:24:41.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--4ebb5413-89fe-40e4-a59f-e5c6a1b7313e",
|
|
|
|
"target_ref": "x-misp-object--693be22d-e312-4294-9171-2d8065cddd54"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 14:30:15 +00:00
|
|
|
"id": "relationship--183e57dc-9947-4cfc-854a-569ca04dd466",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-10T09:24:41.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--92ae76c5-8973-4515-938d-b878ca91368e",
|
|
|
|
"target_ref": "x-misp-object--dffbc7d4-cd65-4cb2-9090-32a89e4e174f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 14:30:15 +00:00
|
|
|
"id": "relationship--0c04740d-ec5f-483b-b941-a59489217696",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-10T09:24:41.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--c4cded67-8b32-4ee4-b39f-d17a501a2cf3",
|
|
|
|
"target_ref": "x-misp-object--d5ef38d1-b501-4ae1-9249-6707886ea81b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 14:30:15 +00:00
|
|
|
"id": "relationship--0e909083-a2d1-4c89-8c44-b015fc2397af",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-10T09:24:41.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--c64bda57-fb58-499b-a870-74140ecb73c3",
|
|
|
|
"target_ref": "x-misp-object--8598f6dc-4d1f-4d2d-b686-cd0c3d66cc5e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 14:30:15 +00:00
|
|
|
"id": "relationship--3b7b7bbd-0cce-43d0-9697-0582ea929ab0",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-10T09:24:41.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--0ec33fed-1a2a-485e-939f-f40425ebc54c",
|
|
|
|
"target_ref": "x-misp-object--c0bce316-ef56-42c6-811e-7dca12ecf919"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 14:30:15 +00:00
|
|
|
"id": "relationship--1e9cd48b-5d88-4f9d-aedb-6a9178309169",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-10T09:24:41.000Z",
|
|
|
|
"modified": "2019-12-10T09:24:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--f1e1d01c-6f5f-4204-9d86-34227fa834ed",
|
|
|
|
"target_ref": "x-misp-object--78cebe26-6eb1-4f08-b500-312923e761c9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|