3888 lines
167 KiB
JSON
3888 lines
167 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--ea593018-b2e9-4e7e-8da9-cc20a751e3f6",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-08-10T19:44:03.000Z",
|
||
|
"modified": "2023-08-10T19:44:03.000Z",
|
||
|
"name": "ESET",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--ea593018-b2e9-4e7e-8da9-cc20a751e3f6",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-08-10T19:44:03.000Z",
|
||
|
"modified": "2023-08-10T19:44:03.000Z",
|
||
|
"name": "MoustachedBouncer: Espionage against foreign diplomats in Belarus",
|
||
|
"published": "2023-08-10T19:47:25Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--6135dc84-9e57-4a3c-8406-7338cf1c742f",
|
||
|
"email-message--6135dc84-9e57-4a3c-8406-7338cf1c742f",
|
||
|
"email-addr--6135dc84-9e57-4a3c-8406-7338cf1c742f",
|
||
|
"observed-data--2efaebfc-00e9-468b-a5af-c3f320ed2e30",
|
||
|
"email-message--2efaebfc-00e9-468b-a5af-c3f320ed2e30",
|
||
|
"email-addr--2efaebfc-00e9-468b-a5af-c3f320ed2e30",
|
||
|
"observed-data--9bce6827-ba66-443b-98b2-2e9cf741add2",
|
||
|
"email-message--9bce6827-ba66-443b-98b2-2e9cf741add2",
|
||
|
"email-addr--9bce6827-ba66-443b-98b2-2e9cf741add2",
|
||
|
"observed-data--e4e35985-a451-4725-a8c1-403499277264",
|
||
|
"email-message--e4e35985-a451-4725-a8c1-403499277264",
|
||
|
"email-addr--e4e35985-a451-4725-a8c1-403499277264",
|
||
|
"x-misp-object--33a36cb8-e7ec-4a16-a737-67bc4d3882cc",
|
||
|
"x-misp-object--f1e2370c-0cb8-424b-ab63-2f165161e29b",
|
||
|
"observed-data--11fe4f04-22b9-43e1-a0e0-ab1cbede8509",
|
||
|
"domain-name--ae13d755-f844-4203-9888-d081d62d94b7",
|
||
|
"indicator--68673e6b-f462-42b1-96c4-71b9cc0687b2",
|
||
|
"indicator--5ce832e8-cbee-4eda-a2e4-278006d1f10d",
|
||
|
"indicator--ba525ea8-9e77-40dd-a06e-167099c0d338",
|
||
|
"indicator--9178f8b0-99a7-4cfd-9273-b83b5e871630",
|
||
|
"x-misp-object--8555643c-fc32-4c47-aecf-00ad3e0b6d48",
|
||
|
"indicator--697d3e35-143a-43c0-9ab9-6766488e069d",
|
||
|
"indicator--6918d59c-5802-4ec0-b720-53efb2b33ba1",
|
||
|
"x-misp-object--c28c3bbd-4d77-4ff1-80fe-04ef2e7dff06",
|
||
|
"indicator--cced97f0-086a-4a31-b902-952a7a2d3aa0",
|
||
|
"x-misp-object--b8e8926b-f611-4d76-a56a-5b61d8b4167d",
|
||
|
"x-misp-object--65405377-76ee-4c40-ab8f-db7f8204428c",
|
||
|
"indicator--a179fa6a-7dae-43b3-a0da-0100a562d440",
|
||
|
"indicator--5f677eb8-5b42-49b4-84a1-9a8f7143a6a2",
|
||
|
"x-misp-object--6d176998-9af8-4733-936d-bd29d6a19973",
|
||
|
"observed-data--dfd3f545-7c14-4041-b14e-781dc3dd0828",
|
||
|
"file--dfd3f545-7c14-4041-b14e-781dc3dd0828",
|
||
|
"x-misp-object--64d9ba53-9e9e-475f-92ea-592ed9d0ad25",
|
||
|
"indicator--ab4d0f8a-ad97-4164-ad21-0c00225d1f2d",
|
||
|
"x-misp-object--32734d0e-bfcc-44d7-96a3-d1e272ec5d44",
|
||
|
"x-misp-object--c4d10ea4-e0a6-4689-bd55-e052e8263355",
|
||
|
"indicator--548f46db-2410-4a8a-9c86-cff918474455",
|
||
|
"indicator--933e9ea5-4cc8-40b0-82ad-303ee1fcc3f7",
|
||
|
"x-misp-object--a6c9e653-caaa-497e-9f55-40cb5df88c72",
|
||
|
"indicator--8f92e3b4-2a26-4733-a153-fcfdbe095edf",
|
||
|
"indicator--3c3efb45-ae68-4077-bc7c-799a40c414c8",
|
||
|
"x-misp-object--9b19629c-cdb5-48c3-8464-f0a11f9af688",
|
||
|
"indicator--9c898012-fbc4-42cf-85b1-8b7cfd52fb02",
|
||
|
"indicator--b4355207-5ed7-4bcc-b9fd-ce733e35e948",
|
||
|
"x-misp-object--7d2b9a59-a74c-4b12-89db-abd9a8a214aa",
|
||
|
"indicator--98970377-e1e1-4548-b3bd-bf0fa58decf6",
|
||
|
"indicator--064ba27d-6f2c-464f-9d53-6ca966c36a10",
|
||
|
"x-misp-object--69f72631-333c-48b0-83ab-31046bac7283",
|
||
|
"x-misp-object--d20ab4c0-bf02-4485-98bb-e2abce3ceda1",
|
||
|
"indicator--47e4c9d1-054f-41a0-ae77-1b2308d051a4",
|
||
|
"indicator--2c3ed81a-0a2c-4fb4-9683-5c4e0fc458f7",
|
||
|
"x-misp-object--7009b0e1-4ff2-46c0-961f-ed918af0088a",
|
||
|
"indicator--1f683c76-940c-47d1-a3e4-30b0112f5458",
|
||
|
"indicator--16a98b47-e930-429d-9503-058bcbe136e8",
|
||
|
"indicator--a23881d4-86f0-4bf5-8e99-30f0036587ad",
|
||
|
"indicator--453e6a83-70cc-4d4d-b8fc-6cf50e71d5cc",
|
||
|
"x-misp-object--435ccf96-5f50-4de2-a6a9-4b483a77a619",
|
||
|
"indicator--5d96ae1b-0410-4d4a-978e-9731d2122885",
|
||
|
"indicator--e608c614-323c-47ad-8f91-8aa5c274177c",
|
||
|
"x-misp-object--d3a50bdf-45b6-4af5-9081-a10ddef0f412",
|
||
|
"indicator--f4ad33db-9e3f-4178-835e-4851b778e17e",
|
||
|
"x-misp-object--9b8609f6-b5a8-4281-a9b1-49bc36fdd23d",
|
||
|
"indicator--8e911c46-1453-4309-a88f-8caad577dce9",
|
||
|
"indicator--ab161fb0-237a-43f7-b34e-f402a7cccd8b",
|
||
|
"x-misp-object--a0e531d8-baef-4c28-b6e6-b8cac7d35c51",
|
||
|
"x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881",
|
||
|
"indicator--866d91f3-e765-42b7-bc40-f4849eecbdb3",
|
||
|
"indicator--efbd15be-c3a0-4988-b0a7-b0703b06ea53",
|
||
|
"indicator--49a85d25-494f-4975-9d34-ea8e7361518e",
|
||
|
"indicator--9940ddb2-2526-4783-a9b2-84aaeda0d4a5",
|
||
|
"indicator--3b67328a-e7af-4dd0-be3c-296a0f1c6cfc",
|
||
|
"indicator--f14245f9-6180-43ef-a0e0-6994a7ca739a",
|
||
|
"indicator--430e9391-ed2c-4a15-932d-1355991c821f",
|
||
|
"indicator--dcd75ccd-014c-4d10-9f1c-d3bb2d23083a",
|
||
|
"indicator--9be8694b-8b3d-486b-b321-147f4bcf81fc",
|
||
|
"x-misp-object--f03a31fe-4880-4b17-88e8-683cc53edb0b",
|
||
|
"x-misp-object--b24fd92b-be6e-4560-9bdb-59a0def6afe3",
|
||
|
"x-misp-object--96dccff4-1e0f-4e11-a29d-dd4e85d9dd35",
|
||
|
"observed-data--f1549cfb-2f8a-49df-9a58-c6863a7ce5cd",
|
||
|
"domain-name--cffcc952-1960-4ef0-a9a7-f86f5b4b22a9",
|
||
|
"x-misp-object--c4853164-2333-41e1-9d6b-c622bd385a03",
|
||
|
"observed-data--0d7c814d-dcbe-44b3-a678-30edadecf71c",
|
||
|
"domain-name--6b888415-35eb-41a6-b4c9-649790dccbe5",
|
||
|
"x-misp-object--b442277b-946e-42c3-a9d6-7976cb65b884",
|
||
|
"observed-data--6a5712ea-cf3c-44f4-9788-1cf8df970630",
|
||
|
"domain-name--fbb66ecf-5b6f-469f-8f36-01255c3728d6",
|
||
|
"x-misp-object--b20f1cc9-361c-441c-8bc3-eabb28b458e2",
|
||
|
"observed-data--215fe060-4fbf-4342-a230-7b5a303d56c4",
|
||
|
"domain-name--9a0ed427-09b2-4fa3-9447-8de10e641497",
|
||
|
"x-misp-object--29d07632-dfe0-45cc-9828-daea9263bee8",
|
||
|
"observed-data--49efdf22-09cb-4003-83d2-912da3368585",
|
||
|
"domain-name--ba1db68c-a465-4b55-a1b2-2c8d3594646b",
|
||
|
"indicator--45c10194-bac4-48dd-b603-be916b720d8d",
|
||
|
"observed-data--b5cb5d88-8a8d-49ab-8e16-17195de44963",
|
||
|
"file--f7070e93-ba47-527a-b86e-e8a8a2ff2f7d",
|
||
|
"observed-data--dfd98fbd-2f3d-4109-9e12-9bb1f0cf6259",
|
||
|
"file--fff9e07c-4f80-547e-a710-caf7644218e7",
|
||
|
"observed-data--39ae74ee-34c8-42ea-a5bf-4e6feb0d4674",
|
||
|
"file--e965c29b-8743-5871-8728-22d2a284334d",
|
||
|
"observed-data--00fe6521-be7e-47d1-a37b-8e082e5d55cf",
|
||
|
"file--ba7693ec-bae8-5b24-8836-ed83d494308f",
|
||
|
"observed-data--d6560272-9243-4a9e-9bab-eeab7d6b6541",
|
||
|
"file--2804d76e-a785-5839-b3e5-b0375f83570d",
|
||
|
"observed-data--906f9bcd-da99-4235-a25c-b9dc5d700e01",
|
||
|
"file--005e1666-be83-54b8-a537-f7df55b214b7",
|
||
|
"observed-data--d7315525-4a21-4b79-9b98-78f904c491db",
|
||
|
"file--884a506a-88fd-5079-a07b-01351795568c",
|
||
|
"observed-data--f2913348-56e8-4176-9564-b227eeb36058",
|
||
|
"file--f2486b5c-6a83-59c5-ac8a-d019e9da94b0",
|
||
|
"observed-data--e344f346-3a41-4316-b5e2-084f9b295757",
|
||
|
"file--9f6f92bf-a899-566f-882e-0dfb07b122b7",
|
||
|
"observed-data--1f9833ef-40d2-4a88-85ff-8b528ad865cb",
|
||
|
"file--6e0bd9ea-79ea-5930-a936-ae233de7e12f",
|
||
|
"observed-data--7a3326c8-6a3f-44bd-b5c6-b452daea50cf",
|
||
|
"file--6fbba472-d03c-5328-9c5b-c5510bb417ea",
|
||
|
"observed-data--e54ec09a-9757-40b4-86e7-e56e7235011e",
|
||
|
"file--ab10ce91-3657-53e1-a914-561de3b00dde",
|
||
|
"observed-data--1db5fc1c-dbbd-4b7c-b6cf-6b815fd8f74b",
|
||
|
"file--59109c28-5a48-5414-a0a7-2766cfc0ade5",
|
||
|
"observed-data--14a942a7-acdf-4cf7-9ff3-ab14f8b591a9",
|
||
|
"file--e5ffe50b-851d-51c0-8474-7f3021c5a7ff",
|
||
|
"observed-data--adae0edc-d213-4688-a2a9-1e8107bb8fea",
|
||
|
"file--8adba602-6c53-5f8b-b8d2-603edfc84f07",
|
||
|
"observed-data--a3e3b961-6c52-40fb-83e8-2794611f8046",
|
||
|
"file--13c4a295-b183-5bdb-a3ae-c033726c84af",
|
||
|
"observed-data--95c0cda8-9847-4ec7-89b2-90c6f2ab9f21",
|
||
|
"file--64336ccf-c157-5a69-8d80-4763750701f8",
|
||
|
"observed-data--20b43104-86e0-45fc-9a91-1715f584acdd",
|
||
|
"file--df86290f-f1f8-55b6-9ef3-f8d8564a4ea7",
|
||
|
"observed-data--899ede30-5028-48fb-99fa-07ee835a9200",
|
||
|
"file--af25ca81-4ae5-5756-b9cc-5b8b1ed468a0",
|
||
|
"observed-data--42719644-b407-42ed-84e1-114f1a6cd729",
|
||
|
"file--c71ada66-fc2d-5338-8f06-d78498ae32a7",
|
||
|
"observed-data--76805542-8e3c-4810-9c54-55b0c04b6c16",
|
||
|
"file--97b7198b-f672-55dc-a8f6-9e3cdb3f7e79",
|
||
|
"observed-data--1cc1cc28-6dff-4e25-9ab8-c2dc4bd02e1b",
|
||
|
"file--b0d8b96c-ed4d-55cf-b4f4-39c7d131f10f",
|
||
|
"observed-data--73e9ffe9-8abf-43d0-bf2b-b2eac124f6b1",
|
||
|
"file--2da94744-20d2-52ce-b2d6-8c97804855a0",
|
||
|
"observed-data--17419941-1697-43a4-a3a7-53516c4b8614",
|
||
|
"file--5114077b-9f86-582b-bd97-b01ee9fdf4e9",
|
||
|
"observed-data--c1d092e8-489a-45df-a7d6-b69fc81e2136",
|
||
|
"file--cced2161-46e5-508d-a2c2-a94ec186d1ec",
|
||
|
"observed-data--bf487be6-3dcc-47cc-a9e6-256270637834",
|
||
|
"file--a0a0a19b-bb49-5abd-a77e-5caec7525b89",
|
||
|
"observed-data--0bef2e0e-9281-4fd1-a88e-418b06a9b16d",
|
||
|
"file--7af381de-ba5e-5217-a738-8e9b978e0b4c",
|
||
|
"observed-data--da8b7d10-0694-4249-9bd1-a5ad540a6e40",
|
||
|
"file--46495212-9ffe-5f85-bd83-655efe9063ba",
|
||
|
"observed-data--758bff01-3add-4f26-bc1b-3ea92ebe0ec6",
|
||
|
"file--9be70a4c-2ab7-56d7-bff0-668e8919d084",
|
||
|
"observed-data--2e7c479e-7c91-49e9-a8ae-4acf6ef8b3bc",
|
||
|
"file--51dd0529-252b-554a-af2c-fed21bf8e922",
|
||
|
"observed-data--9c83e2e4-31c3-4851-90d9-725057096171",
|
||
|
"file--70cc74c6-ae9f-585a-811b-fcf82bc6fd07",
|
||
|
"relationship--981add10-93db-4b8b-be5a-0d694c53615c",
|
||
|
"relationship--d3f433da-14d8-4d70-bd44-e1eb6188ee55",
|
||
|
"relationship--d55618c8-a272-48df-be96-8a4a18a7b4f0",
|
||
|
"relationship--853de013-0064-4855-aef6-5e18f07f30aa",
|
||
|
"relationship--6737b0e5-817a-4a59-8fee-17c8ce834519",
|
||
|
"relationship--f64a1058-9af9-4e8e-915e-332b69062644",
|
||
|
"relationship--baa87c66-17bd-4a90-a1e6-410791d7b5f8",
|
||
|
"relationship--fcff3f32-e5d3-45cc-9720-5da0e2afdec9",
|
||
|
"relationship--3a477fdc-f520-40f1-b382-b5af344b0d55",
|
||
|
"relationship--94c52c13-2896-475e-843a-d4b0ce3d71c7",
|
||
|
"relationship--b38f9400-8b90-4a6a-b812-d1c3033e2ea3",
|
||
|
"relationship--b7ce82ab-0984-4f52-8c6f-d063f95dc404",
|
||
|
"relationship--893fdee9-145a-42d3-88b6-3c256b371b46",
|
||
|
"relationship--668da010-d52d-40a6-aceb-7ef8979ed9b5",
|
||
|
"relationship--a2988e5f-529b-431d-88ff-2a7a9748dbe2",
|
||
|
"relationship--d30993a4-2dd0-48a2-9aa2-205cdea67709",
|
||
|
"relationship--f7ff9974-d0d0-49dc-8632-7bdabbc9c910",
|
||
|
"relationship--b8c62382-aad4-46cf-9c7b-c1da08da4a73",
|
||
|
"relationship--5798b723-00c1-4a22-8358-8fe0c9284888",
|
||
|
"relationship--dbe37adf-b96e-42e8-b4e9-f1b9f0246fb2",
|
||
|
"relationship--5b4d4345-b703-498d-9a9d-037336cde62f",
|
||
|
"relationship--da0d71a9-94b2-4f84-b9cf-4abd9dc3ae7a",
|
||
|
"relationship--e7dbd5f6-422d-4cb7-a8e6-01705ed69ff2",
|
||
|
"relationship--19503a7e-bbd6-48e8-a6e9-61e1291e531b",
|
||
|
"relationship--f749a5b6-6562-4dbf-8d45-451e04bc0b0f",
|
||
|
"relationship--5a975592-f762-4f00-8f8e-f22afdeb7408",
|
||
|
"relationship--3242bcb2-7f4f-4866-8912-11d81679e350",
|
||
|
"relationship--4172ac18-0a53-4c12-b4fc-019c64c330b7",
|
||
|
"relationship--4c7dc8d0-6778-4311-b6de-555539a7ee3c",
|
||
|
"relationship--2662f28f-ed41-448f-84ff-3fb08193c19b",
|
||
|
"relationship--4c8f8390-6f54-4860-b9f1-409bb2aeb8a0",
|
||
|
"relationship--2cb98c95-b5e6-476d-8bcb-08934bf1b70d",
|
||
|
"relationship--230aa002-7d95-4da1-aedf-f7db37edd91b",
|
||
|
"relationship--9d502210-46b6-408a-b5db-fd4b6137bfd8",
|
||
|
"relationship--16a273b7-a29e-4f6a-97e4-52b89b308a5c",
|
||
|
"relationship--842698df-fd8f-4643-92f8-ada44cdcbb06",
|
||
|
"relationship--14ef846c-faa8-4ce2-b6cd-fa8cb06910ed",
|
||
|
"relationship--70b87970-10fe-4650-a4fc-34a95f664864",
|
||
|
"relationship--ba62c4d0-280f-4fed-adf3-767508e77411",
|
||
|
"relationship--e5788fe5-6bdb-456b-81dd-6dc9d8a99e44",
|
||
|
"relationship--83a98345-a4b1-4abe-99f8-128216e44c75",
|
||
|
"relationship--e610d251-ee12-45e0-861b-c86cc264316e",
|
||
|
"relationship--27fb6fc4-704e-4b3b-9ca4-2a84bfae8982",
|
||
|
"relationship--830671d1-b6f6-494e-87ba-cbea1fec4108",
|
||
|
"relationship--4720073a-54bb-450d-8180-6ee2c2397547",
|
||
|
"relationship--42d977ad-6c7d-4fb4-b84f-fc4429971915",
|
||
|
"relationship--2dc05ce4-d132-48af-9b6c-3c7c12b346bb",
|
||
|
"relationship--842c580d-baab-4306-a2d3-19f2671c57bc",
|
||
|
"relationship--1e9f8bae-a983-4313-9450-6aa6ab538c9d",
|
||
|
"relationship--ae259e13-e947-4cd5-a112-d08688d4cc43",
|
||
|
"relationship--c98c60c6-a8b4-4299-987b-375499893f34",
|
||
|
"relationship--6d358dca-6316-41ea-a66a-3133048223d5",
|
||
|
"relationship--6409b0e6-0bb7-4d59-a734-8eed2c5eb028",
|
||
|
"relationship--693f6701-4878-4bb2-b68a-658c5a2cd2e4",
|
||
|
"relationship--50394342-9af0-4465-8131-827c5e00f072",
|
||
|
"relationship--e806552c-cffd-4de2-bf3a-753f093ddb25",
|
||
|
"relationship--f3890a9b-7c1f-42fa-aac6-db13ac0e71b5"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"tlp:clear",
|
||
|
"misp-galaxy:target-information=\"Belarus\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--6135dc84-9e57-4a3c-8406-7338cf1c742f",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:28.000Z",
|
||
|
"modified": "2023-07-21T13:34:28.000Z",
|
||
|
"first_observed": "2023-07-21T13:34:28Z",
|
||
|
"last_observed": "2023-07-21T13:34:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"email-message--6135dc84-9e57-4a3c-8406-7338cf1c742f",
|
||
|
"email-addr--6135dc84-9e57-4a3c-8406-7338cf1c742f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"email-src\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "email-message",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-message--6135dc84-9e57-4a3c-8406-7338cf1c742f",
|
||
|
"is_multipart": false,
|
||
|
"from_ref": "email-addr--6135dc84-9e57-4a3c-8406-7338cf1c742f"
|
||
|
},
|
||
|
{
|
||
|
"type": "email-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-addr--6135dc84-9e57-4a3c-8406-7338cf1c742f",
|
||
|
"value": "glen.morriss75@seznam.cz"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--2efaebfc-00e9-468b-a5af-c3f320ed2e30",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:28.000Z",
|
||
|
"modified": "2023-07-21T13:34:28.000Z",
|
||
|
"first_observed": "2023-07-21T13:34:28Z",
|
||
|
"last_observed": "2023-07-21T13:34:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"email-message--2efaebfc-00e9-468b-a5af-c3f320ed2e30",
|
||
|
"email-addr--2efaebfc-00e9-468b-a5af-c3f320ed2e30"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"email-src\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "email-message",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-message--2efaebfc-00e9-468b-a5af-c3f320ed2e30",
|
||
|
"is_multipart": false,
|
||
|
"from_ref": "email-addr--2efaebfc-00e9-468b-a5af-c3f320ed2e30"
|
||
|
},
|
||
|
{
|
||
|
"type": "email-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-addr--2efaebfc-00e9-468b-a5af-c3f320ed2e30",
|
||
|
"value": "fhtgbbwi@mail.ru"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--9bce6827-ba66-443b-98b2-2e9cf741add2",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:28.000Z",
|
||
|
"modified": "2023-07-21T13:34:28.000Z",
|
||
|
"first_observed": "2023-07-21T13:34:28Z",
|
||
|
"last_observed": "2023-07-21T13:34:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"email-message--9bce6827-ba66-443b-98b2-2e9cf741add2",
|
||
|
"email-addr--9bce6827-ba66-443b-98b2-2e9cf741add2"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"email-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "email-message",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-message--9bce6827-ba66-443b-98b2-2e9cf741add2",
|
||
|
"is_multipart": false,
|
||
|
"to_refs": [
|
||
|
"email-addr--9bce6827-ba66-443b-98b2-2e9cf741add2"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "email-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-addr--9bce6827-ba66-443b-98b2-2e9cf741add2",
|
||
|
"value": "nvjfnvjfnjf@mail.ru"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--e4e35985-a451-4725-a8c1-403499277264",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:28.000Z",
|
||
|
"modified": "2023-07-21T13:34:28.000Z",
|
||
|
"first_observed": "2023-07-21T13:34:28Z",
|
||
|
"last_observed": "2023-07-21T13:34:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"email-message--e4e35985-a451-4725-a8c1-403499277264",
|
||
|
"email-addr--e4e35985-a451-4725-a8c1-403499277264"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"email-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "email-message",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-message--e4e35985-a451-4725-a8c1-403499277264",
|
||
|
"is_multipart": false,
|
||
|
"to_refs": [
|
||
|
"email-addr--e4e35985-a451-4725-a8c1-403499277264"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "email-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-addr--e4e35985-a451-4725-a8c1-403499277264",
|
||
|
"value": "sunyaf@seznam.cz"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--33a36cb8-e7ec-4a16-a737-67bc4d3882cc",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:43:47.000Z",
|
||
|
"modified": "2023-07-21T13:43:47.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"victim\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "target-location",
|
||
|
"object_relation": "regions",
|
||
|
"value": "BY",
|
||
|
"category": "Targeting data",
|
||
|
"uuid": "0490c25a-53f0-495e-bf75-6e376e39667d"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "sectors",
|
||
|
"value": "Foreign diplomatic mission",
|
||
|
"category": "Other",
|
||
|
"uuid": "39e532d5-f490-46e8-9b8f-2410e5d9123f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "victim"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--f1e2370c-0cb8-424b-ab63-2f165161e29b",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:43:52.000Z",
|
||
|
"modified": "2023-07-21T13:43:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "70d90102-e702-4696-8588-d81d4e81fe5f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "JS/TrojanDownloader.Agent.YJJ",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "65d4eb70-eed5-49e2-9904-dbf13c390ecf"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--11fe4f04-22b9-43e1-a0e0-ab1cbede8509",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:43:56.000Z",
|
||
|
"modified": "2023-07-21T13:43:56.000Z",
|
||
|
"first_observed": "2022-02-28T00:00:00Z",
|
||
|
"last_observed": "2023-07-21T13:43:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--ae13d755-f844-4203-9888-d081d62d94b7"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--ae13d755-f844-4203-9888-d081d62d94b7",
|
||
|
"value": "updates.microsoft.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--68673e6b-f462-42b1-96c4-71b9cc0687b2",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:43:43.000Z",
|
||
|
"modified": "2023-07-21T13:43:43.000Z",
|
||
|
"pattern": "[url:value = 'http://updates.microsoft.com' AND url:x_misp_scheme = 'http' AND url:x_misp_port = '80']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-01T00:00:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5ce832e8-cbee-4eda-a2e4-278006d1f10d",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:28.000Z",
|
||
|
"modified": "2023-07-21T13:34:28.000Z",
|
||
|
"description": "Fake Windows update webpage.",
|
||
|
"pattern": "[file:hashes.MD5 = '41898dae353a85c04282979c44448beb' AND file:hashes.SHA1 = '02790dc4b276dfbb26c714f29d19e53129bb6186' AND file:hashes.SHA256 = 'b654f03e7e9125169088a8b4ee5cd04e3f96982ff1148eef2781d9f2613b08bb' AND file:name = 'index.html']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-01T05:53:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ba525ea8-9e77-40dd-a06e-167099c0d338",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:44:03.000Z",
|
||
|
"modified": "2023-07-21T13:44:03.000Z",
|
||
|
"pattern": "[url:value = 'http://updates.microsoft.com/jdrop.js' AND url:x_misp_scheme = 'http' AND url:x_misp_resource_path = '/jdrop.js' AND url:x_misp_port = '80']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-01T00:00:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9178f8b0-99a7-4cfd-9273-b83b5e871630",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:28.000Z",
|
||
|
"modified": "2023-07-21T13:34:28.000Z",
|
||
|
"description": "JavaScript code that triggers the download prompt of the fake Windows update.",
|
||
|
"pattern": "[file:hashes.MD5 = '56f8c84135c3b42d332ac720c25d0b76' AND file:hashes.SHA1 = '6eff58edf7ac0fc60f0b8f7e22cfe243566e2a13' AND file:hashes.SHA256 = '498a903f94e91159ccf1b43f363e83252345295435b084ba7d912e3bd0021980' AND file:name = 'jdrop.js']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-01T05:54:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8555643c-fc32-4c47-aecf-00ad3e0b6d48",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:44:08.000Z",
|
||
|
"modified": "2023-07-21T13:44:08.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "d1c6dda7-59be-4fc8-ae98-02a71fcad6dd"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "WinGo/Agent.ET",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1bb7e7e8-fbff-4c9a-b1ff-95330c38ee38"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--697d3e35-143a-43c0-9ab9-6766488e069d",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:43:59.000Z",
|
||
|
"modified": "2023-07-21T13:43:59.000Z",
|
||
|
"pattern": "[url:value = 'http://updates.microsoft.com/MicrosoftUpdate845255.zip' AND url:x_misp_scheme = 'http' AND url:x_misp_resource_path = '/MicrosoftUpdate845255.zip' AND url:x_misp_port = '80']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-02-28T00:00:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6918d59c-5802-4ec0-b720-53efb2b33ba1",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:28.000Z",
|
||
|
"modified": "2023-07-21T13:34:28.000Z",
|
||
|
"description": "Disco dropper.",
|
||
|
"pattern": "[file:hashes.MD5 = '367c31aa5e1d3f4d36e56303d73b760d' AND file:hashes.SHA1 = 'e65eb4467ddb1c99b09ae87ba0a964c36bab4c30' AND file:hashes.SHA256 = '645aa19daec5752821b194ddbd4a4ec5f0c3072cb58fb140aa6b16abb9cbcfca' AND file:name = 'MicrosoftUpdate845255.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-02-28T09:05:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c28c3bbd-4d77-4ff1-80fe-04ef2e7dff06",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:23.000Z",
|
||
|
"modified": "2023-07-21T13:41:23.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "8264cb02-da17-472e-a0b0-d15ea8198be4"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "WinGo/Runner.B",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b1eff63c-6263-4abd-8b1b-72b5998ccc35"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cced97f0-086a-4a31-b902-952a7a2d3aa0",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "Disco plug-in. Execute PowerShell scripts.",
|
||
|
"pattern": "[file:hashes.MD5 = 'b1f2f44b213831056e2d1fa34031b5df' AND file:hashes.SHA1 = '3a9b699a25257cbd0476cb1239ff9b25810305fe' AND file:hashes.SHA256 = '89b7c003b65365241e100d895a7ad7926d8eafe109ba26669cfc9f6c259ad8fd' AND file:name = 'driverpackUpdate.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-11-29T14:33:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b8e8926b-f611-4d76-a56a-5b61d8b4167d",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:53.000Z",
|
||
|
"modified": "2023-07-21T13:41:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "868bac42-49a1-4480-bc0e-07222c08e5ac"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "WinGo/Runner.C",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "dd0ff957-5250-414b-bfec-714162dfb457"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--65405377-76ee-4c40-ab8f-db7f8204428c",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "38.9.8.78",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "3e1117e5-cb5b-4e0a-a582-259650f8eba1"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "\"Fake\" SMB share IP address.",
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a179fa6a-7dae-43b3-a0da-0100a562d440",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:48.000Z",
|
||
|
"modified": "2023-07-21T13:41:48.000Z",
|
||
|
"pattern": "[url:value = 'smb://38.9.8.78/driverpack/DPU.exe' AND url:x_misp_scheme = 'smb' AND url:x_misp_resource_path = '/driverpack/DPU.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-07T11:49:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5f677eb8-5b42-49b4-84a1-9a8f7143a6a2",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "Disco plug-in. Execute PowerShell scripts.",
|
||
|
"pattern": "[file:hashes.MD5 = '05821f6ad89a5c9c586ff662e82b0e1c' AND file:hashes.SHA1 = '19e3d06fbe276d4aaea25abc36cc40ea88435630' AND file:hashes.SHA256 = '9fc8a77b40ac77ae892bd43fd174fc21d3dafff0e7fcceefea98bd4dc7e26a32' AND file:name = 'DPU.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-07T11:49:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--6d176998-9af8-4733-936d-bd29d6a19973",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:42:00.000Z",
|
||
|
"modified": "2023-07-21T13:42:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "d0547013-efa2-4d2f-9072-b3b111437f0b"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "Win64/Exploit.CVE-2021-1732.I",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "01084c24-38d2-4842-90cd-2c2cd1ac03f3"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--dfd3f545-7c14-4041-b14e-781dc3dd0828",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"first_observed": "2021-11-29T14:15:13Z",
|
||
|
"last_observed": "2023-07-21T13:34:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--dfd3f545-7c14-4041-b14e-781dc3dd0828"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--dfd3f545-7c14-4041-b14e-781dc3dd0828",
|
||
|
"hashes": {
|
||
|
"MD5": "5445ca8e5f076c2147bc9312b61a224a",
|
||
|
"SHA-1": "52be04c420795b0d9c7cd1a4acbf8d5953fafd16",
|
||
|
"SHA-256": "b0b8effdda97a3589daaae373bf321810bc29b22623eb12ad7b46fb931e40d9b"
|
||
|
},
|
||
|
"name": "sdrive.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--64d9ba53-9e9e-475f-92ea-592ed9d0ad25",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:37.000Z",
|
||
|
"modified": "2023-07-21T13:41:37.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "ccd7ca1a-bfa1-4f0c-8391-a0c807789468"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "WinGo/Agent.EV",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "de652205-268d-46d9-939a-9ac79a257355"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ab4d0f8a-ad97-4164-ad21-0c00225d1f2d",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "Disco plug-in. Reverse proxy based on revsocks.",
|
||
|
"pattern": "[file:hashes.MD5 = '14500d005f29b5cf9452ea21de0a5771' AND file:hashes.SHA1 = '0241a01d4b03bd360dd09165b59b63ac2ceceafb' AND file:hashes.SHA256 = 'f7aa0d7d2ef62e3bb9c925375823250f896da6e05d7d8e64ec8cdf8d26932699' AND file:name = 'nod32update.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-02T17:03:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--32734d0e-bfcc-44d7-96a3-d1e272ec5d44",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:20.000Z",
|
||
|
"modified": "2023-07-21T13:41:20.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "f2c1ba17-40d3-4675-814a-429cae5c429e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "WinGo/Spy.Agent.W",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5ace8b27-35d1-4d51-9495-873eb7926ae1"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c4d10ea4-e0a6-4689-bd55-e052e8263355",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "209.19.37.184",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "502e7ced-cfdd-4a22-b372-2ce2ef516b6e"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "\"Fake\" SMB share IP address.",
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--548f46db-2410-4a8a-9c86-cff918474455",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "Merged from event 1548",
|
||
|
"pattern": "[url:value = 'smb://209.19.37.184/driverpack/aact.exe' AND url:x_misp_scheme = 'smb' AND url:x_misp_resource_path = '/driverpack/aact.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-11-26T13:56:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--933e9ea5-4cc8-40b0-82ad-303ee1fcc3f7",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "Disco plug-in. Take screenshots.",
|
||
|
"pattern": "[file:hashes.MD5 = 'f75c4a594ed7a85cddffc9ca817bca81' AND file:hashes.SHA1 = 'a01f1a9336c83ffe1b13410c93c1b04e15e2996c' AND file:hashes.SHA256 = '5e3b7c34db0b8c155d06b026ee935c11cf58635532faff628281a0ddd5dd7bd0' AND file:name = 'aact.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-11-26T13:56:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--a6c9e653-caaa-497e-9f55-40cb5df88c72",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:42:03.000Z",
|
||
|
"modified": "2023-07-21T13:42:03.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "f922798d-d33a-451c-aca9-ec412e7ff0af"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "WinGo/Agent.BT",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "7d875487-4c31-4c3d-8bd7-c6981ccf2886"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8f92e3b4-2a26-4733-a153-fcfdbe095edf",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:42:24.000Z",
|
||
|
"modified": "2023-07-21T13:42:24.000Z",
|
||
|
"pattern": "[url:value = 'smb://209.19.37.184/driverpack/officetelemetry.exe' AND url:x_misp_scheme = 'smb' AND url:x_misp_resource_path = '/driverpack/officetelemetry.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-02-28T17:47:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3c3efb45-ae68-4077-bc7c-799a40c414c8",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "Disco plug-in. Reverse proxy based on revsocks. ",
|
||
|
"pattern": "[file:hashes.MD5 = '72adcf5641dbea85fd7f99844c66d2ec' AND file:hashes.SHA1 = 'c2aa90b441391adefaa3a841aa8ce777d6ec7e18' AND file:hashes.SHA256 = 'ae81489226c57b09672fe5f6ac34c89123598960cbaf8ca8b00e43f75879bd43' AND file:name = 'officetelemetry.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-02-28T17:47:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--9b19629c-cdb5-48c3-8464-f0a11f9af688",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "52.3.8.25",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "98d93643-21af-4cca-aec8-a65713d71b28"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "\"Fake\" SMB IP address.",
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9c898012-fbc4-42cf-85b1-8b7cfd52fb02",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:42:10.000Z",
|
||
|
"modified": "2023-07-21T13:42:10.000Z",
|
||
|
"pattern": "[url:value = 'smb://52.3.8.25/oracle/oracleTelemetry.exe' AND url:x_misp_scheme = 'smb' AND url:x_misp_resource_path = '/oracle/oracleTelemetry.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-04T15:26:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b4355207-5ed7-4bcc-b9fd-ce733e35e948",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "Disco plug-in packed with Themida. Take screenshots. ",
|
||
|
"pattern": "[file:hashes.MD5 = '317e591a34c87537d614dfb41e895b91' AND file:hashes.SHA1 = 'c5b2323eae5e01a6019931ce35ff7623df7346ba' AND file:hashes.SHA256 = '9f59ac2b6ad389950beefb899ef02cba02fc6038a44646e9a797ec9916d0acf9' AND file:name = 'oracleTelemetry.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-04T15:26:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--7d2b9a59-a74c-4b12-89db-abd9a8a214aa",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "59.6.8.25",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "67cd29bb-c51a-46fe-9cd7-8020d81e55b7"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "\"Fake\" SMB IP address.",
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--98970377-e1e1-4548-b3bd-bf0fa58decf6",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "Merged from event 1548",
|
||
|
"pattern": "[url:value = 'smb://59.6.8.25/outlooksync/outlooksync.exe' AND url:x_misp_scheme = 'smb' AND url:x_misp_resource_path = '/outlooksync/outlooksync.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-02T17:03:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--064ba27d-6f2c-464f-9d53-6ca966c36a10",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "Disco plug-in. Take screenshots. ",
|
||
|
"pattern": "[file:hashes.MD5 = '05887f9c2b0d92032a32f6186523b760' AND file:hashes.SHA1 = 'c46cb98d0ceccb83ec7de070b3fa7afee7f41189' AND file:hashes.SHA256 = '3c37a01c6b2f1cf9e15f043cb55c2ed0682d859179e5b51812dd80f676247bf4' AND file:name = 'outlooksync.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-03-02T17:03:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--69f72631-333c-48b0-83ab-31046bac7283",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:14.000Z",
|
||
|
"modified": "2023-07-21T13:41:14.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "b58042a7-6f1e-44ea-96e4-c832187d19c9"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "MSIL/TrojanDropper.Agent.FKQ",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a7fa5dac-c0fc-42a0-b5b1-4c0d291314ac"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d20ab4c0-bf02-4485-98bb-e2abce3ceda1",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "24.9.51.94",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "0f0bbc39-b790-4bd4-a8d0-bdf31ad26b53"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "\"Fake\" SMB IP address.",
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--47e4c9d1-054f-41a0-ae77-1b2308d051a4",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:22.000Z",
|
||
|
"modified": "2023-07-21T13:40:22.000Z",
|
||
|
"pattern": "[url:value = 'smb://24.9.51.94/EDGEUPDATE/' AND url:x_misp_scheme = 'smb' AND url:x_misp_resource_path = '/EDGEUPDATE/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-01-08T06:24:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2c3ed81a-0a2c-4fb4-9683-5c4e0fc458f7",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "Disco .NET dropper.",
|
||
|
"pattern": "[file:hashes.MD5 = '4c2114ee7ae26fc09443b7e1b7658ca0' AND file:hashes.SHA1 = 'a3ae82b19fee2756d6354e85a094f1a4598314ab' AND file:hashes.SHA256 = 'c4d7cef97f1111aed8b876e11e51faa772dfe0b8c51fa042aeee82ede0bfca22' AND file:name = 'kb4480959_EdgeUpdate.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-01-08T06:24:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--7009b0e1-4ff2-46c0-961f-ed918af0088a",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:26.000Z",
|
||
|
"modified": "2023-07-21T13:40:26.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "adb5d0e4-9fac-4d74-aea3-4499865579fc"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "Win32/Nightclub.B",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "9ffb3fa6-ba55-48d3-86b9-5aa2ce9b4fb6"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1f683c76-940c-47d1-a3e4-30b0112f5458",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:37.000Z",
|
||
|
"modified": "2023-07-21T13:40:37.000Z",
|
||
|
"pattern": "[url:value = 'smb://24.9.51.94/EDGEUPDATE/update/' AND url:x_misp_scheme = 'smb' AND url:x_misp_resource_path = '/EDGEUPDATE/update']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-01-23T08:51:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--16a98b47-e930-429d-9503-058bcbe136e8",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "NightClub plug-in used by Disco. Steal recent files. ",
|
||
|
"pattern": "[file:hashes.MD5 = 'f048c6118856a6edcb46fa90c88e8ecb' AND file:hashes.SHA1 = '4f1cecf6d05571ae35ed00ac02d5e8e0f878a984' AND file:hashes.SHA256 = '45a9b848f0b8844a3819df4603fff92b16080f28f14393ac0fde42c5b5d64cbd' AND file:name = 'WinSrcNT.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-01-23T08:51:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a23881d4-86f0-4bf5-8e99-30f0036587ad",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "NightClub plug-in used by Disco. Steal recent files.",
|
||
|
"pattern": "[file:hashes.MD5 = '7396b1e03da633fb1841daaaf0d395bb' AND file:hashes.SHA1 = '0daea89f91a55f46d33c294cfe84ef06ce22e393' AND file:hashes.SHA256 = 'b19784949e32d0cc8a032be3b58962233dbff5bfec0b26f426202820f336e845' AND file:name = 'It11.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-01-22T07:46:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--453e6a83-70cc-4d4d-b8fc-6cf50e71d5cc",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "NightClub plug-in used by Disco. Make raw dumps of removable drives.",
|
||
|
"pattern": "[file:hashes.MD5 = 'af727e5a0e45fac2e9c476c7a6fbd813' AND file:hashes.SHA1 = '11cf38d971534d9b619581cedc19319962f3b996' AND file:hashes.SHA256 = 'a8640da964a129ea6dcea8452c847019d10628bdaedd42e6a0beb5114e558258' AND file:name = 'It3.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-01-14T08:23:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--435ccf96-5f50-4de2-a6a9-4b483a77a619",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:56.000Z",
|
||
|
"modified": "2023-07-21T13:40:56.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "d459afcc-545a-481a-829f-8aaea3c0477b"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "Win64/Nightclub.B",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "50dccbd3-ecb5-4547-afed-a81042a90405"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5d96ae1b-0410-4d4a-978e-9731d2122885",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "NightClub (2017 version).",
|
||
|
"pattern": "[file:hashes.MD5 = '494298fcd20f349680b4b9bf69049f25' AND file:hashes.SHA1 = 'f92fe4dd679903f75ade64dc8a20d46dfbd3b277' AND file:hashes.SHA256 = '94a55354cf10a24bd3840072626f48fd0b7bbe18537760615555f92e82fab500' AND file:name = 'metamn.dll']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-12-03T10:06:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e608c614-323c-47ad-8f91-8aa5c274177c",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"description": "NightClub plugin. Keylogger.",
|
||
|
"pattern": "[file:hashes.MD5 = 'fa80ce4fce73226d6a1ece32555e3c9f' AND file:hashes.SHA1 = '6999730d0715606d14acd19329af0685b8ad0299' AND file:hashes.SHA256 = '90fcbd7b4b74bb396f29825f0abfc3cd9db86ff4a5177df24def249d52ef8c66' AND file:name = 'et2z7q0FREZ.cr']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-11-06T09:52:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d3a50bdf-45b6-4af5-9081-a10ddef0f412",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:04.000Z",
|
||
|
"modified": "2023-07-21T13:41:04.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "57662e1f-a1d8-460c-9e8d-63cede474a8d"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "Win64/Nightclub.A",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "303995d7-e94a-4b72-93ec-705b8b040fbd"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f4ad33db-9e3f-4178-835e-4851b778e17e",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "NightClub plugin. File stealer.",
|
||
|
"pattern": "[file:hashes.MD5 = '67b7bcb0621931a0a6e012851529d781' AND file:hashes.SHA1 = '6e729e84c7672f048ed8ae847f20a0219e917fa3' AND file:hashes.SHA256 = '55d4ad1ab4dcb6b593da363a0b5d0e213e5960e541651502195e19202100ea56' AND file:name = 'sTUlsWa1.cr']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-18T05:51:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--9b8609f6-b5a8-4281-a9b1-49bc36fdd23d",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:23.000Z",
|
||
|
"modified": "2023-07-21T13:39:23.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "ddd7ce3f-81f2-4c1b-9cdb-6982b71c6638"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "Win32/Nightclub.C",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "ea715e45-5811-47bf-a80b-54b926d7d381"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8e911c46-1453-4309-a88f-8caad577dce9",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "NightClub dropper.",
|
||
|
"pattern": "[file:hashes.MD5 = 'af5595472e4afc355f9f7977a580e0ae' AND file:hashes.SHA1 = '0401ee7f3bc384734bf7e352c4c4bc372840c30d' AND file:hashes.SHA256 = 'ee2c61216ed691f8bf1f080fb9c7d7cfc6f370e6f5c0d493db523b48e699a2ec' AND file:name = 'EsetUpdate-0117583943.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-19T17:23:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ab161fb0-237a-43f7-b34e-f402a7cccd8b",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "NightClub (2014).",
|
||
|
"pattern": "[file:hashes.MD5 = 'f08ef7cadee08ba4a0696c4fbfb4c04b' AND file:hashes.SHA1 = '5b55250cc0da407201b5f042322cfdbf56041632' AND file:hashes.SHA256 = '39d534148fe7ac7f3e03da1ceeee556b2e1db9cf466f7e03c24c4f899aa0c407' AND file:name = 'creh.dll']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-19T17:25:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--a0e531d8-baef-4c28-b6e6-b8cac7d35c51",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "35.214.56.2",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "fe52e8dc-3161-4098-a0a5-ebe7934369b5"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": " \"Fake\" SMB IP address. ",
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:38:54.000Z",
|
||
|
"modified": "2023-07-21T13:38:54.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "8ed6e72f-e451-4f5d-aec4-d1d624a1569a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "Win32/Nightclub.D",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e054378d-5045-4382-8791-d5fdafe3d9b9"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--866d91f3-e765-42b7-bc40-f4849eecbdb3",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "Orchestrator (NightClub).",
|
||
|
"pattern": "[file:hashes.MD5 = 'df08f277630f5593a8b297a5d6fd02ee' AND file:hashes.SHA1 = 'd14d9118335c9bf6633cb2a41023486dacbeb052' AND file:hashes.SHA256 = '54afe0eab3ce64a7c7a944e0ee9b9614d3358d28e35e8e56dd3c40f5846c4b9e' AND file:name = 'svhvost.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-07-08T13:41:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--efbd15be-c3a0-4988-b0a7-b0703b06ea53",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "Module agent (NightClub).",
|
||
|
"pattern": "[file:hashes.MD5 = 'b8eac3478d5b505d234d04a3ec8eb172' AND file:hashes.SHA1 = 'e6de72516c1d4338d7e45e028340b54dcdc7a8ac' AND file:hashes.SHA256 = '9c7dc4418f0cbce48a89b73ca81707d87554fea324544adefccfb297782bc49d' AND file:name = 'schvost.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-07-06T13:55:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--49a85d25-494f-4975-9d34-ea8e7361518e",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "Backdoor with DNS tunneling (NightClub plug-in).",
|
||
|
"pattern": "[file:hashes.MD5 = '214e79625cc78e639e16cf62f42120da' AND file:hashes.SHA1 = '3ad77281640e7ba754e9b203c8b6abfd3f6a7bdd' AND file:hashes.SHA256 = 'c53639a1675303bb45991288f1d2664781cfaf10f809289c65ba20ff9ab1025a' AND file:name = 'nullnat.ini']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-07-06T13:55:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9940ddb2-2526-4783-a9b2-84aaeda0d4a5",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "Keylogger (NightClub plug-in).",
|
||
|
"pattern": "[file:hashes.MD5 = 'e2d4da7ccbd52b5b8b2bfe55f85d7e67' AND file:hashes.SHA1 = '142ff0770bc6e3d077fbb64d6f23499d9deb9093' AND file:hashes.SHA256 = '8f38f4da6cc8ac9f0512f503449140d6067d45d1b47c7628723364fc7647c1a6' AND file:name = 'soccix.ini']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-07-06T13:55:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3b67328a-e7af-4dd0-be3c-296a0f1c6cfc",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:39.000Z",
|
||
|
"modified": "2023-07-21T13:39:39.000Z",
|
||
|
"description": "Screenshotter (NightClub plug-in).",
|
||
|
"pattern": "[file:hashes.MD5 = '36106f11f4babc5cce3f899061b5b9ae' AND file:hashes.SHA1 = 'fe9527277c06d7f986161291ce7854ee79788cb8' AND file:hashes.SHA256 = '79cb962862a9e5299f32ee948f6a5a8b696effcd0be40bd537f68d6d28dfb0fd' AND file:name = 'oreonion.ini']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-07-06T13:55:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f14245f9-6180-43ef-a0e0-6994a7ca739a",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "Orchestrator (NightClub).",
|
||
|
"pattern": "[file:hashes.MD5 = 'a78602510d0ed6794beb25ee2b62f602' AND file:hashes.SHA1 = '92115e21e565440b1a26ecc20d2552a214155669' AND file:hashes.SHA256 = '185a6b60ab35878fe24e0f84f82a276127d8aff8f547dddfa5606cacebd3bd6a' AND file:name = 'svhvost.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-11-10T06:34:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--430e9391-ed2c-4a15-932d-1355991c821f",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "Module agent (NightClub).",
|
||
|
"pattern": "[file:hashes.MD5 = 'ef18329f1a8d4dfedee2eeb3853a4882' AND file:hashes.SHA1 = 'de0b38e12c0af0fd63a67b03dd1f8c1bf7fa6128' AND file:hashes.SHA256 = '4526f147fba692c577afbd1de2e91ab5e07e02a051cc8d1ab4a28d997ee7eba8' AND file:name = 'schvost.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-11-10T06:45:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dcd75ccd-014c-4d10-9f1c-d3bb2d23083a",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "Record audio (NightClub plug-in).",
|
||
|
"pattern": "[file:hashes.MD5 = 'e8ed8bb5958a6d544a3f480f796a6d5b' AND file:hashes.SHA1 = 'd2b715a72bba307cc9bf7690439d34f62edf1324' AND file:hashes.SHA256 = '2d6126df41aa69bc9fc25d6f6d13d8005b8daaa766319e4a53bd5e5042142337' AND file:name = 'sysleg.ini']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-11-10T06:45:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9be8694b-8b3d-486b-b321-147f4bcf81fc",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"description": "Take screenshots (NightClub plug-in).",
|
||
|
"pattern": "[file:hashes.MD5 = '08d70fd4747bd93067c345fc1903ca86' AND file:hashes.SHA1 = 'df8ded42f9b7de1f439aec50f9c2a13cd5eb1db6' AND file:hashes.SHA256 = '6deff2f98cbfda4ca7615b3160ed9f7163dd426f8503d4030bd36b69fae3f68a' AND file:name = 'oreonion.ini']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-11-10T06:45:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--f03a31fe-4880-4b17-88e8-683cc53edb0b",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:02.000Z",
|
||
|
"modified": "2023-07-21T13:40:02.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "b88a2167-4dd4-4f6b-8a1b-3e8b388d8b03"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "Win32/Nightclub.F",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a19e00bc-d996-453e-8f68-554861b55d92"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b24fd92b-be6e-4560-9bdb-59a0def6afe3",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:47.000Z",
|
||
|
"modified": "2023-07-21T13:39:47.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"av-signature\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "software",
|
||
|
"value": "ESET",
|
||
|
"category": "Other",
|
||
|
"uuid": "1dd095a8-9024-4cf7-849d-5199f291c176"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "signature",
|
||
|
"value": "Win32/Nightclub.E",
|
||
|
"category": "Other",
|
||
|
"to_ids": true,
|
||
|
"uuid": "706ae0bb-96a5-470e-84d5-f4cf32207c29"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "av-signature"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--96dccff4-1e0f-4e11-a29d-dd4e85d9dd35",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:49:23.000Z",
|
||
|
"modified": "2023-07-21T13:49:23.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "45.136.199.67",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "82c8b1b4-6c13-4250-8ce9-9221961cd77e"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--f1549cfb-2f8a-49df-9a58-c6863a7ce5cd",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:50:00.000Z",
|
||
|
"modified": "2023-07-21T13:50:00.000Z",
|
||
|
"first_observed": "2022-07-05T00:00:00Z",
|
||
|
"last_observed": "2023-07-21T13:50:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--cffcc952-1960-4ef0-a9a7-f86f5b4b22a9"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--cffcc952-1960-4ef0-a9a7-f86f5b4b22a9",
|
||
|
"value": "securityocspdev.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c4853164-2333-41e1-9d6b-c622bd385a03",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:49:23.000Z",
|
||
|
"modified": "2023-07-21T13:49:23.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "185.87.148.86",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "a87bface-5526-433a-a185-83adc80b0c97"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--0d7c814d-dcbe-44b3-a678-30edadecf71c",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:50:21.000Z",
|
||
|
"modified": "2023-07-21T13:50:21.000Z",
|
||
|
"first_observed": "2021-11-03T00:00:00Z",
|
||
|
"last_observed": "2023-07-21T13:50:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--6b888415-35eb-41a6-b4c9-649790dccbe5"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--6b888415-35eb-41a6-b4c9-649790dccbe5",
|
||
|
"value": "centrocspupdate.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b442277b-946e-42c3-a9d6-7976cb65b884",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:49:23.000Z",
|
||
|
"modified": "2023-07-21T13:49:23.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "185.87.151.130",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "50efb617-ca1d-45e1-be3b-59ddb11d1447"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--6a5712ea-cf3c-44f4-9788-1cf8df970630",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:50:17.000Z",
|
||
|
"modified": "2023-07-21T13:50:17.000Z",
|
||
|
"first_observed": "2021-11-11T00:00:00Z",
|
||
|
"last_observed": "2023-07-21T13:50:17Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--fbb66ecf-5b6f-469f-8f36-01255c3728d6"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--fbb66ecf-5b6f-469f-8f36-01255c3728d6",
|
||
|
"value": "ocsp-atomsecure.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b20f1cc9-361c-441c-8bc3-eabb28b458e2",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:49:23.000Z",
|
||
|
"modified": "2023-07-21T13:49:23.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "45.136.199.129",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "f58c0940-98b0-4ab0-9947-3bbf77273caa"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--215fe060-4fbf-4342-a230-7b5a303d56c4",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:50:14.000Z",
|
||
|
"modified": "2023-07-21T13:50:14.000Z",
|
||
|
"first_observed": "2022-10-12T00:00:00Z",
|
||
|
"last_observed": "2023-07-21T13:50:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--9a0ed427-09b2-4fa3-9447-8de10e641497"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--9a0ed427-09b2-4fa3-9447-8de10e641497",
|
||
|
"value": "dervasopssec.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--29d07632-dfe0-45cc-9828-daea9263bee8",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:51:46.000Z",
|
||
|
"modified": "2023-07-21T13:51:46.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "ip-dst",
|
||
|
"object_relation": "ip",
|
||
|
"value": "71.15.110.25",
|
||
|
"category": "Network activity",
|
||
|
"uuid": "51d90d29-95bd-4800-bdc3-4234ae60e814"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "domain-ip"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--49efdf22-09cb-4003-83d2-912da3368585",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:51:54.000Z",
|
||
|
"modified": "2023-07-21T13:51:54.000Z",
|
||
|
"first_observed": "2023-01-13T00:00:00Z",
|
||
|
"last_observed": "2023-07-21T13:51:54Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--ba1db68c-a465-4b55-a1b2-2c8d3594646b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--ba1db68c-a465-4b55-a1b2-2c8d3594646b",
|
||
|
"value": "windows.network.troubleshooter.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--45c10194-bac4-48dd-b603-be916b720d8d",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:52:09.000Z",
|
||
|
"modified": "2023-07-21T13:52:09.000Z",
|
||
|
"description": "Fake update page - AitM.",
|
||
|
"pattern": "[url:value = 'http://windows.network.troubleshooter.com/jdrop.js' AND url:x_misp_scheme = 'http' AND url:x_misp_resource_path = '/jdrop.js' AND url:x_misp_port = '80']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-01-13T00:00:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--b5cb5d88-8a8d-49ab-8e16-17195de44963",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:44:11.000Z",
|
||
|
"modified": "2023-07-21T13:44:11.000Z",
|
||
|
"first_observed": "2023-07-21T13:44:11Z",
|
||
|
"last_observed": "2023-07-21T13:44:11Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--f7070e93-ba47-527a-b86e-e8a8a2ff2f7d"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--f7070e93-ba47-527a-b86e-e8a8a2ff2f7d",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "c7269d59926fa4252270f407e4dab043",
|
||
|
"x_misp_authentihash": "85aec9a10f2b988b3426bd704dfc26ae8ab549c876f27d1e1c4bbce0f9de3ce6",
|
||
|
"x_misp_compilation_timestamp": "1970-01-01T00:00:00+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--dfd98fbd-2f3d-4109-9e12-9bb1f0cf6259",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:29.000Z",
|
||
|
"modified": "2023-07-21T13:41:29.000Z",
|
||
|
"first_observed": "2023-07-21T13:41:29Z",
|
||
|
"last_observed": "2023-07-21T13:41:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--fff9e07c-4f80-547e-a710-caf7644218e7"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--fff9e07c-4f80-547e-a710-caf7644218e7",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "c7269d59926fa4252270f407e4dab043",
|
||
|
"x_misp_authentihash": "c016e33501534b84afae053928410f273631ac73f712a059d1dbe613fdbf1cdf",
|
||
|
"x_misp_compilation_timestamp": "1970-01-01T00:00:00+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--39ae74ee-34c8-42ea-a5bf-4e6feb0d4674",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:17.000Z",
|
||
|
"modified": "2023-07-21T13:41:17.000Z",
|
||
|
"first_observed": "2023-07-21T13:41:17Z",
|
||
|
"last_observed": "2023-07-21T13:41:17Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--e965c29b-8743-5871-8728-22d2a284334d"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--e965c29b-8743-5871-8728-22d2a284334d",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "c7269d59926fa4252270f407e4dab043",
|
||
|
"x_misp_authentihash": "8fbd81ffe1d2361607673bc002492ab67e83a512600c3fb8890283ffb5656564",
|
||
|
"x_misp_compilation_timestamp": "1970-01-01T00:00:00+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--00fe6521-be7e-47d1-a37b-8e082e5d55cf",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:42.000Z",
|
||
|
"modified": "2023-07-21T13:41:42.000Z",
|
||
|
"first_observed": "2023-07-21T13:41:42Z",
|
||
|
"last_observed": "2023-07-21T13:41:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--ba7693ec-bae8-5b24-8836-ed83d494308f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--ba7693ec-bae8-5b24-8836-ed83d494308f",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "ef263ccd3c50525efd62546d5922e7de",
|
||
|
"x_misp_authentihash": "31f087f93e353bc1d79a31bc80e242991a79bda48eea27f49a57f90ad913f7d3",
|
||
|
"x_misp_compilation_timestamp": "2021-11-29T13:33:00+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--d6560272-9243-4a9e-9bab-eeab7d6b6541",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"first_observed": "2023-07-21T13:34:29Z",
|
||
|
"last_observed": "2023-07-21T13:34:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--2804d76e-a785-5839-b3e5-b0375f83570d"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--2804d76e-a785-5839-b3e5-b0375f83570d",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "c7269d59926fa4252270f407e4dab043",
|
||
|
"x_misp_authentihash": "dfe87b9de008e466a174a8930e7b93d3d8b580857e7c6d1da847adee373067bc",
|
||
|
"x_misp_compilation_timestamp": "1970-01-01T00:00:00+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--906f9bcd-da99-4235-a25c-b9dc5d700e01",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:34:29.000Z",
|
||
|
"modified": "2023-07-21T13:34:29.000Z",
|
||
|
"first_observed": "2023-07-21T13:34:29Z",
|
||
|
"last_observed": "2023-07-21T13:34:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--005e1666-be83-54b8-a537-f7df55b214b7"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--005e1666-be83-54b8-a537-f7df55b214b7",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "c7269d59926fa4252270f407e4dab043",
|
||
|
"x_misp_authentihash": "58ee19a2e8e695c300e6857923c12257c6b6448203cfe1588a94011d31c7d199",
|
||
|
"x_misp_compilation_timestamp": "1970-01-01T00:00:00+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--d7315525-4a21-4b79-9b98-78f904c491db",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:42:19.000Z",
|
||
|
"modified": "2023-07-21T13:42:19.000Z",
|
||
|
"first_observed": "2023-07-21T13:42:19Z",
|
||
|
"last_observed": "2023-07-21T13:42:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--884a506a-88fd-5079-a07b-01351795568c"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--884a506a-88fd-5079-a07b-01351795568c",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "4035d2883e01d64f3e7a9dccb1d63af5",
|
||
|
"x_misp_authentihash": "2bcc0ed647811018dff4387d0294ce8855d97fac865a582972cb0f469a06efea",
|
||
|
"x_misp_compilation_timestamp": "1970-01-01T00:00:00+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--f2913348-56e8-4176-9564-b227eeb36058",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:42:29.000Z",
|
||
|
"modified": "2023-07-21T13:42:29.000Z",
|
||
|
"first_observed": "2023-07-21T13:42:29Z",
|
||
|
"last_observed": "2023-07-21T13:42:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--f2486b5c-6a83-59c5-ac8a-d019e9da94b0"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--f2486b5c-6a83-59c5-ac8a-d019e9da94b0",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "a56f115ee5ef2625bd949acaeec66b76",
|
||
|
"x_misp_authentihash": "5e08b28cbdb4e680b2938e43ae46a0cc402cc33d199e408817a9d50c81e7d374",
|
||
|
"x_misp_compilation_timestamp": "1970-01-01T00:00:00+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--e344f346-3a41-4316-b5e2-084f9b295757",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:42:15.000Z",
|
||
|
"modified": "2023-07-21T13:42:15.000Z",
|
||
|
"first_observed": "2023-07-21T13:42:15Z",
|
||
|
"last_observed": "2023-07-21T13:42:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--9f6f92bf-a899-566f-882e-0dfb07b122b7"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--9f6f92bf-a899-566f-882e-0dfb07b122b7",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "c7269d59926fa4252270f407e4dab043",
|
||
|
"x_misp_authentihash": "8b4487327711ce2045032e9bc013a4024846137d187a311146807dcc0f33c580",
|
||
|
"x_misp_compilation_timestamp": "1970-01-01T00:00:00+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--1f9833ef-40d2-4a88-85ff-8b528ad865cb",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:08.000Z",
|
||
|
"modified": "2023-07-21T13:41:08.000Z",
|
||
|
"first_observed": "2023-07-21T13:41:08Z",
|
||
|
"last_observed": "2023-07-21T13:41:08Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--6e0bd9ea-79ea-5930-a936-ae233de7e12f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--6e0bd9ea-79ea-5930-a936-ae233de7e12f",
|
||
|
"name": "EdgeUpdate.exe",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
|
||
|
"x_misp_authentihash": "8f45749ded6c56a96d79f45f305542bdef89b858b354130d3c6bbacc31a23a04",
|
||
|
"x_misp_company_name": "Microsoft",
|
||
|
"x_misp_compilation_timestamp": "2019-12-31T08:40:06+00:00",
|
||
|
"x_misp_file_description": "EdgeUpdate",
|
||
|
"x_misp_file_version": "1.0.0.0",
|
||
|
"x_misp_internal_filename": "EdgeUpdate.exe",
|
||
|
"x_misp_lang_id": "000004b0",
|
||
|
"x_misp_legal_copyright": "Copyright \u00a9 Microsoft 2019",
|
||
|
"x_misp_original_filename": "EdgeUpdate.exe",
|
||
|
"x_misp_product_name": "EdgeUpdate",
|
||
|
"x_misp_product_version": "1.0.0.0"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--7a3326c8-6a3f-44bd-b5c6-b452daea50cf",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:30.000Z",
|
||
|
"modified": "2023-07-21T13:40:30.000Z",
|
||
|
"first_observed": "2023-07-21T13:40:30Z",
|
||
|
"last_observed": "2023-07-21T13:40:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--6fbba472-d03c-5328-9c5b-c5510bb417ea"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--6fbba472-d03c-5328-9c5b-c5510bb417ea",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "71a23744f5b8c234d0cdcc36bdf42d30",
|
||
|
"x_misp_authentihash": "2fd1169e25996e79bdc6553206df8e69c7bc0dd46d085f43013dae1ffe9419b0",
|
||
|
"x_misp_compilation_timestamp": "2014-03-19T03:41:29+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--e54ec09a-9757-40b4-86e7-e56e7235011e",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:43.000Z",
|
||
|
"modified": "2023-07-21T13:40:43.000Z",
|
||
|
"first_observed": "2023-07-21T13:40:43Z",
|
||
|
"last_observed": "2023-07-21T13:40:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--ab10ce91-3657-53e1-a914-561de3b00dde"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--ab10ce91-3657-53e1-a914-561de3b00dde",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "71a23744f5b8c234d0cdcc36bdf42d30",
|
||
|
"x_misp_authentihash": "c597b99a994af8b68cb086f74fe4252ccdb32f748b37185579830bb0883522ba",
|
||
|
"x_misp_compilation_timestamp": "2014-03-05T03:11:48+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--1db5fc1c-dbbd-4b7c-b6cf-6b815fd8f74b",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:50.000Z",
|
||
|
"modified": "2023-07-21T13:40:50.000Z",
|
||
|
"first_observed": "2023-07-21T13:40:50Z",
|
||
|
"last_observed": "2023-07-21T13:40:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--59109c28-5a48-5414-a0a7-2766cfc0ade5"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--59109c28-5a48-5414-a0a7-2766cfc0ade5",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "60afcd30d3d4ee2edd0e49cdaae59994",
|
||
|
"x_misp_authentihash": "15ea306f6a76b52c0383b6a2884eda2f8860afa5e6d5ea98dd21b8b1590936c5",
|
||
|
"x_misp_compilation_timestamp": "2019-09-02T22:18:43+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--14a942a7-acdf-4cf7-9ff3-ab14f8b591a9",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:46.000Z",
|
||
|
"modified": "2023-07-21T13:40:46.000Z",
|
||
|
"first_observed": "2023-07-21T13:40:46Z",
|
||
|
"last_observed": "2023-07-21T13:40:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--e5ffe50b-851d-51c0-8474-7f3021c5a7ff"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--e5ffe50b-851d-51c0-8474-7f3021c5a7ff",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "122adc45d7150dc4217005b05c74ffbf",
|
||
|
"x_misp_authentihash": "848be042079760376729879b30613dab9eb2665e0c5a03cdba241aa8b2543daf",
|
||
|
"x_misp_compilation_timestamp": "2017-06-05T12:39:59+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--adae0edc-d213-4688-a2a9-1e8107bb8fea",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:41:00.000Z",
|
||
|
"modified": "2023-07-21T13:41:00.000Z",
|
||
|
"first_observed": "2023-07-21T13:41:00Z",
|
||
|
"last_observed": "2023-07-21T13:41:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--8adba602-6c53-5f8b-b8d2-603edfc84f07"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--8adba602-6c53-5f8b-b8d2-603edfc84f07",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "371a19457e925c3aa70f3305a7aef799",
|
||
|
"x_misp_authentihash": "9bcead6af590134d1da3c116be912e98dd1844ae5581124c524f58ecca3df186",
|
||
|
"x_misp_compilation_timestamp": "2017-06-14T09:57:30+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--a3e3b961-6c52-40fb-83e8-2794611f8046",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:26.000Z",
|
||
|
"modified": "2023-07-21T13:39:26.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:26Z",
|
||
|
"last_observed": "2023-07-21T13:39:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--13c4a295-b183-5bdb-a3ae-c033726c84af"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--13c4a295-b183-5bdb-a3ae-c033726c84af",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "0ec1d88490cb68e5fa0d4eeba0c61d42",
|
||
|
"x_misp_authentihash": "0399ab30bd37102612796a087f89aaf33e0b1f9935ef160e390d8b0e02946f3a",
|
||
|
"x_misp_compilation_timestamp": "2017-06-14T09:57:36+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--95c0cda8-9847-4ec7-89b2-90c6f2ab9f21",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:19.000Z",
|
||
|
"modified": "2023-07-21T13:39:19.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:19Z",
|
||
|
"last_observed": "2023-07-21T13:39:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--64336ccf-c157-5a69-8d80-4763750701f8"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--64336ccf-c157-5a69-8d80-4763750701f8",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "58edb5f4eabbb52e430646a5ed1a1cd1",
|
||
|
"x_misp_authentihash": "ae651295df5bcb65bf4a1c3d4c097d43f6af5caf68a4ad5f165c591dd71d202a",
|
||
|
"x_misp_compilation_timestamp": "2014-11-17T14:22:59+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--20b43104-86e0-45fc-9a91-1715f584acdd",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:16.000Z",
|
||
|
"modified": "2023-07-21T13:39:16.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:16Z",
|
||
|
"last_observed": "2023-07-21T13:39:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--df86290f-f1f8-55b6-9ef3-f8d8564a4ea7"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--df86290f-f1f8-55b6-9ef3-f8d8564a4ea7",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "72093c181ac0f7a289e462b70f8c131f",
|
||
|
"x_misp_authentihash": "3120a67edf4ba7b327ebf236bda3835ce687a603a32fb4c6fe622d01d4187c3d",
|
||
|
"x_misp_compilation_timestamp": "2014-11-17T14:22:46+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--899ede30-5028-48fb-99fa-07ee835a9200",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:09.000Z",
|
||
|
"modified": "2023-07-21T13:39:09.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:09Z",
|
||
|
"last_observed": "2023-07-21T13:39:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--af25ca81-4ae5-5756-b9cc-5b8b1ed468a0"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--af25ca81-4ae5-5756-b9cc-5b8b1ed468a0",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "4f462ccbd7a2130b0d806d5947a4b2a0",
|
||
|
"x_misp_authentihash": "12cda9472533d4898dce572caad547f06a7016c23619448982ce413c52aa26a5",
|
||
|
"x_misp_compilation_timestamp": "2022-04-12T09:37:56+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--42719644-b407-42ed-84e1-114f1a6cd729",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:06.000Z",
|
||
|
"modified": "2023-07-21T13:39:06.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:06Z",
|
||
|
"last_observed": "2023-07-21T13:39:06Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--c71ada66-fc2d-5338-8f06-d78498ae32a7"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--c71ada66-fc2d-5338-8f06-d78498ae32a7",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "bcfeaded8d78f013e0e9714e4b82fbd2",
|
||
|
"x_misp_authentihash": "33f91a154c7c929997b25d25516ff77081261de058908216498a509a9e7cd8d9",
|
||
|
"x_misp_compilation_timestamp": "2022-04-12T09:37:08+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--76805542-8e3c-4810-9c54-55b0c04b6c16",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:02.000Z",
|
||
|
"modified": "2023-07-21T13:39:02.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:02Z",
|
||
|
"last_observed": "2023-07-21T13:39:02Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--97b7198b-f672-55dc-a8f6-9e3cdb3f7e79"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--97b7198b-f672-55dc-a8f6-9e3cdb3f7e79",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "65d8b1585a5def81b05324281d1c105f",
|
||
|
"x_misp_authentihash": "254f7a9d74df5e2701be83bbc77f4d5a872e20ee19f5f4037f69b3466fffb1dd",
|
||
|
"x_misp_compilation_timestamp": "2022-04-27T07:42:27+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--1cc1cc28-6dff-4e25-9ab8-c2dc4bd02e1b",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:38:58.000Z",
|
||
|
"modified": "2023-07-21T13:38:58.000Z",
|
||
|
"first_observed": "2023-07-21T13:38:58Z",
|
||
|
"last_observed": "2023-07-21T13:38:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--b0d8b96c-ed4d-55cf-b4f4-39c7d131f10f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--b0d8b96c-ed4d-55cf-b4f4-39c7d131f10f",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "3cb60683a7c10a0a4b23925d0b1cae4b",
|
||
|
"x_misp_authentihash": "e2f7c3a6ac4bc489b023ca5204ebd717d5a5c42349257decfc44b87e9f426a34",
|
||
|
"x_misp_compilation_timestamp": "2022-04-12T08:43:29+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--73e9ffe9-8abf-43d0-bf2b-b2eac124f6b1",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:13.000Z",
|
||
|
"modified": "2023-07-21T13:39:13.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:13Z",
|
||
|
"last_observed": "2023-07-21T13:39:13Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--2da94744-20d2-52ce-b2d6-8c97804855a0"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--2da94744-20d2-52ce-b2d6-8c97804855a0",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "339d79e103c9d853bb18c751fd6718f9",
|
||
|
"x_misp_authentihash": "a5d50b14db18054857226d25a5f3343c09bdecc4a1bd0f2086ab47bcf40e0943",
|
||
|
"x_misp_compilation_timestamp": "2022-04-12T08:43:34+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--17419941-1697-43a4-a3a7-53516c4b8614",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:43.000Z",
|
||
|
"modified": "2023-07-21T13:39:43.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:43Z",
|
||
|
"last_observed": "2023-07-21T13:39:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5114077b-9f86-582b-bd97-b01ee9fdf4e9"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5114077b-9f86-582b-bd97-b01ee9fdf4e9",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "41b6c1548fc590155cb047f63dde61a8",
|
||
|
"x_misp_authentihash": "ea4e3a36184fe4181231e8ee82c6ba271b6b86237f2ca311b90d77e75f855c6a",
|
||
|
"x_misp_compilation_timestamp": "2019-01-14T05:42:03+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--c1d092e8-489a-45df-a7d6-b69fc81e2136",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:14.000Z",
|
||
|
"modified": "2023-07-21T13:40:14.000Z",
|
||
|
"first_observed": "2023-07-21T13:40:14Z",
|
||
|
"last_observed": "2023-07-21T13:40:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--cced2161-46e5-508d-a2c2-a94ec186d1ec"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--cced2161-46e5-508d-a2c2-a94ec186d1ec",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "6fc6de7c6d0822f69218d408da86af0a",
|
||
|
"x_misp_authentihash": "58d1ffaaf9134b7022da2642dade19a4544de4b1d874fc175358a9f50a091b56",
|
||
|
"x_misp_compilation_timestamp": "2019-01-14T05:42:02+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--bf487be6-3dcc-47cc-a9e6-256270637834",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:10.000Z",
|
||
|
"modified": "2023-07-21T13:40:10.000Z",
|
||
|
"first_observed": "2023-07-21T13:40:10Z",
|
||
|
"last_observed": "2023-07-21T13:40:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--a0a0a19b-bb49-5abd-a77e-5caec7525b89"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--a0a0a19b-bb49-5abd-a77e-5caec7525b89",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "953daa2bc2bb55996033e09b176b9690",
|
||
|
"x_misp_authentihash": "3ee19608e827bafd7a1723e1b005e891998bd16e9e0e564a2560b8b4cf525339",
|
||
|
"x_misp_compilation_timestamp": "2019-01-14T05:42:01+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--0bef2e0e-9281-4fd1-a88e-418b06a9b16d",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:40:05.000Z",
|
||
|
"modified": "2023-07-21T13:40:05.000Z",
|
||
|
"first_observed": "2023-07-21T13:40:05Z",
|
||
|
"last_observed": "2023-07-21T13:40:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--7af381de-ba5e-5217-a738-8e9b978e0b4c"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--7af381de-ba5e-5217-a738-8e9b978e0b4c",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "7cb5da04751f85160f73090b6513857e",
|
||
|
"x_misp_authentihash": "4c9a6230054e0f13d7a963051d5f3e2169a1ab345123192fc2279e36e672be41",
|
||
|
"x_misp_compilation_timestamp": "2019-01-14T05:42:03+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--da8b7d10-0694-4249-9bd1-a5ad540a6e40",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:32.000Z",
|
||
|
"modified": "2023-07-21T13:39:32.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:32Z",
|
||
|
"last_observed": "2023-07-21T13:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--46495212-9ffe-5f85-bd83-655efe9063ba"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--46495212-9ffe-5f85-bd83-655efe9063ba",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "exe",
|
||
|
"imphash": "2f5eecf908af0655a1bfe7277b77322c",
|
||
|
"x_misp_authentihash": "dd117c18447c8f70a0f6bc05f37b31221cf8cf2133ae54c430bbd8995b72e227",
|
||
|
"x_misp_compilation_timestamp": "2016-12-26T09:11:24+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--758bff01-3add-4f26-bc1b-3ea92ebe0ec6",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:55.000Z",
|
||
|
"modified": "2023-07-21T13:39:55.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:55Z",
|
||
|
"last_observed": "2023-07-21T13:39:55Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--9be70a4c-2ab7-56d7-bff0-668e8919d084"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--9be70a4c-2ab7-56d7-bff0-668e8919d084",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "3bf30da72df91ad2ca63bf95399061fd",
|
||
|
"x_misp_authentihash": "0fae81f1b23d563d4e44a779796d4dddc4fd34f9d4139bd1dbb93394808ebeed",
|
||
|
"x_misp_compilation_timestamp": "2016-12-26T09:11:17+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--2e7c479e-7c91-49e9-a8ae-4acf6ef8b3bc",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:52.000Z",
|
||
|
"modified": "2023-07-21T13:39:52.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:52Z",
|
||
|
"last_observed": "2023-07-21T13:39:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--51dd0529-252b-554a-af2c-fed21bf8e922"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--51dd0529-252b-554a-af2c-fed21bf8e922",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "c9c6c23afe612ae708600a1270fe814d",
|
||
|
"x_misp_authentihash": "14c4e77aa195945f68739c6b860f72ec1e019879eb98eeb47655c6078d52c9ac",
|
||
|
"x_misp_compilation_timestamp": "2016-12-26T09:11:04+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--9c83e2e4-31c3-4851-90d9-725057096171",
|
||
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
||
|
"created": "2023-07-21T13:39:58.000Z",
|
||
|
"modified": "2023-07-21T13:39:58.000Z",
|
||
|
"first_observed": "2023-07-21T13:39:58Z",
|
||
|
"last_observed": "2023-07-21T13:39:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--70cc74c6-ae9f-585a-811b-fcf82bc6fd07"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--70cc74c6-ae9f-585a-811b-fcf82bc6fd07",
|
||
|
"name": "",
|
||
|
"extensions": {
|
||
|
"windows-pebinary-ext": {
|
||
|
"pe_type": "dll",
|
||
|
"imphash": "e230ade5fee441b52f024c7f51644b5b",
|
||
|
"x_misp_authentihash": "90cc318a654e1464cef513b7b5e99b760375e276b4b5b8b4fb9814fe8ae54de3",
|
||
|
"x_misp_compilation_timestamp": "2017-03-13T13:27:40+00:00"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--981add10-93db-4b8b-be5a-0d694c53615c",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--68673e6b-f462-42b1-96c4-71b9cc0687b2",
|
||
|
"target_ref": "observed-data--11fe4f04-22b9-43e1-a0e0-ab1cbede8509"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d3f433da-14d8-4d70-bd44-e1eb6188ee55",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--5ce832e8-cbee-4eda-a2e4-278006d1f10d",
|
||
|
"target_ref": "x-misp-object--f1e2370c-0cb8-424b-ab63-2f165161e29b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d55618c8-a272-48df-be96-8a4a18a7b4f0",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "downloaded-from",
|
||
|
"source_ref": "indicator--5ce832e8-cbee-4eda-a2e4-278006d1f10d",
|
||
|
"target_ref": "indicator--68673e6b-f462-42b1-96c4-71b9cc0687b2"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--853de013-0064-4855-aef6-5e18f07f30aa",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--ba525ea8-9e77-40dd-a06e-167099c0d338",
|
||
|
"target_ref": "observed-data--11fe4f04-22b9-43e1-a0e0-ab1cbede8509"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--6737b0e5-817a-4a59-8fee-17c8ce834519",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--9178f8b0-99a7-4cfd-9273-b83b5e871630",
|
||
|
"target_ref": "x-misp-object--f1e2370c-0cb8-424b-ab63-2f165161e29b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f64a1058-9af9-4e8e-915e-332b69062644",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "downloaded-from",
|
||
|
"source_ref": "indicator--9178f8b0-99a7-4cfd-9273-b83b5e871630",
|
||
|
"target_ref": "indicator--ba525ea8-9e77-40dd-a06e-167099c0d338"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--baa87c66-17bd-4a90-a1e6-410791d7b5f8",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--697d3e35-143a-43c0-9ab9-6766488e069d",
|
||
|
"target_ref": "observed-data--11fe4f04-22b9-43e1-a0e0-ab1cbede8509"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--fcff3f32-e5d3-45cc-9720-5da0e2afdec9",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--6918d59c-5802-4ec0-b720-53efb2b33ba1",
|
||
|
"target_ref": "x-misp-object--8555643c-fc32-4c47-aecf-00ad3e0b6d48"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--3a477fdc-f520-40f1-b382-b5af344b0d55",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "downloaded-from",
|
||
|
"source_ref": "indicator--6918d59c-5802-4ec0-b720-53efb2b33ba1",
|
||
|
"target_ref": "indicator--697d3e35-143a-43c0-9ab9-6766488e069d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--94c52c13-2896-475e-843a-d4b0ce3d71c7",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--cced97f0-086a-4a31-b902-952a7a2d3aa0",
|
||
|
"target_ref": "x-misp-object--c28c3bbd-4d77-4ff1-80fe-04ef2e7dff06"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b38f9400-8b90-4a6a-b812-d1c3033e2ea3",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--a179fa6a-7dae-43b3-a0da-0100a562d440",
|
||
|
"target_ref": "x-misp-object--65405377-76ee-4c40-ab8f-db7f8204428c"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b7ce82ab-0984-4f52-8c6f-d063f95dc404",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--5f677eb8-5b42-49b4-84a1-9a8f7143a6a2",
|
||
|
"target_ref": "x-misp-object--b8e8926b-f611-4d76-a56a-5b61d8b4167d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--893fdee9-145a-42d3-88b6-3c256b371b46",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "downloaded-from",
|
||
|
"source_ref": "indicator--5f677eb8-5b42-49b4-84a1-9a8f7143a6a2",
|
||
|
"target_ref": "indicator--a179fa6a-7dae-43b3-a0da-0100a562d440"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--668da010-d52d-40a6-aceb-7ef8979ed9b5",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "observed-data--dfd3f545-7c14-4041-b14e-781dc3dd0828",
|
||
|
"target_ref": "x-misp-object--6d176998-9af8-4733-936d-bd29d6a19973"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a2988e5f-529b-431d-88ff-2a7a9748dbe2",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--ab4d0f8a-ad97-4164-ad21-0c00225d1f2d",
|
||
|
"target_ref": "x-misp-object--64d9ba53-9e9e-475f-92ea-592ed9d0ad25"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d30993a4-2dd0-48a2-9aa2-205cdea67709",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--548f46db-2410-4a8a-9c86-cff918474455",
|
||
|
"target_ref": "x-misp-object--c4d10ea4-e0a6-4689-bd55-e052e8263355"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f7ff9974-d0d0-49dc-8632-7bdabbc9c910",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--933e9ea5-4cc8-40b0-82ad-303ee1fcc3f7",
|
||
|
"target_ref": "x-misp-object--32734d0e-bfcc-44d7-96a3-d1e272ec5d44"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b8c62382-aad4-46cf-9c7b-c1da08da4a73",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "downloaded-from",
|
||
|
"source_ref": "indicator--933e9ea5-4cc8-40b0-82ad-303ee1fcc3f7",
|
||
|
"target_ref": "indicator--548f46db-2410-4a8a-9c86-cff918474455"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--5798b723-00c1-4a22-8358-8fe0c9284888",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--8f92e3b4-2a26-4733-a153-fcfdbe095edf",
|
||
|
"target_ref": "x-misp-object--c4d10ea4-e0a6-4689-bd55-e052e8263355"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--dbe37adf-b96e-42e8-b4e9-f1b9f0246fb2",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--3c3efb45-ae68-4077-bc7c-799a40c414c8",
|
||
|
"target_ref": "x-misp-object--a6c9e653-caaa-497e-9f55-40cb5df88c72"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--5b4d4345-b703-498d-9a9d-037336cde62f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "downloaded-from",
|
||
|
"source_ref": "indicator--3c3efb45-ae68-4077-bc7c-799a40c414c8",
|
||
|
"target_ref": "indicator--8f92e3b4-2a26-4733-a153-fcfdbe095edf"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--da0d71a9-94b2-4f84-b9cf-4abd9dc3ae7a",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--9c898012-fbc4-42cf-85b1-8b7cfd52fb02",
|
||
|
"target_ref": "x-misp-object--9b19629c-cdb5-48c3-8464-f0a11f9af688"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--e7dbd5f6-422d-4cb7-a8e6-01705ed69ff2",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--b4355207-5ed7-4bcc-b9fd-ce733e35e948",
|
||
|
"target_ref": "x-misp-object--32734d0e-bfcc-44d7-96a3-d1e272ec5d44"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--19503a7e-bbd6-48e8-a6e9-61e1291e531b",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "downloaded-from",
|
||
|
"source_ref": "indicator--b4355207-5ed7-4bcc-b9fd-ce733e35e948",
|
||
|
"target_ref": "indicator--9c898012-fbc4-42cf-85b1-8b7cfd52fb02"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f749a5b6-6562-4dbf-8d45-451e04bc0b0f",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--98970377-e1e1-4548-b3bd-bf0fa58decf6",
|
||
|
"target_ref": "x-misp-object--7d2b9a59-a74c-4b12-89db-abd9a8a214aa"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--5a975592-f762-4f00-8f8e-f22afdeb7408",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--064ba27d-6f2c-464f-9d53-6ca966c36a10",
|
||
|
"target_ref": "x-misp-object--32734d0e-bfcc-44d7-96a3-d1e272ec5d44"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--3242bcb2-7f4f-4866-8912-11d81679e350",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "downloaded-from",
|
||
|
"source_ref": "indicator--064ba27d-6f2c-464f-9d53-6ca966c36a10",
|
||
|
"target_ref": "indicator--98970377-e1e1-4548-b3bd-bf0fa58decf6"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--4172ac18-0a53-4c12-b4fc-019c64c330b7",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--47e4c9d1-054f-41a0-ae77-1b2308d051a4",
|
||
|
"target_ref": "x-misp-object--d20ab4c0-bf02-4485-98bb-e2abce3ceda1"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--4c7dc8d0-6778-4311-b6de-555539a7ee3c",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--2c3ed81a-0a2c-4fb4-9683-5c4e0fc458f7",
|
||
|
"target_ref": "x-misp-object--69f72631-333c-48b0-83ab-31046bac7283"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2662f28f-ed41-448f-84ff-3fb08193c19b",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "connected-to",
|
||
|
"source_ref": "indicator--2c3ed81a-0a2c-4fb4-9683-5c4e0fc458f7",
|
||
|
"target_ref": "indicator--47e4c9d1-054f-41a0-ae77-1b2308d051a4"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--4c8f8390-6f54-4860-b9f1-409bb2aeb8a0",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--1f683c76-940c-47d1-a3e4-30b0112f5458",
|
||
|
"target_ref": "x-misp-object--d20ab4c0-bf02-4485-98bb-e2abce3ceda1"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2cb98c95-b5e6-476d-8bcb-08934bf1b70d",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--16a98b47-e930-429d-9503-058bcbe136e8",
|
||
|
"target_ref": "x-misp-object--7009b0e1-4ff2-46c0-961f-ed918af0088a"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--230aa002-7d95-4da1-aedf-f7db37edd91b",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "connected-to",
|
||
|
"source_ref": "indicator--16a98b47-e930-429d-9503-058bcbe136e8",
|
||
|
"target_ref": "indicator--1f683c76-940c-47d1-a3e4-30b0112f5458"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--9d502210-46b6-408a-b5db-fd4b6137bfd8",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--a23881d4-86f0-4bf5-8e99-30f0036587ad",
|
||
|
"target_ref": "x-misp-object--7009b0e1-4ff2-46c0-961f-ed918af0088a"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--16a273b7-a29e-4f6a-97e4-52b89b308a5c",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "connected-to",
|
||
|
"source_ref": "indicator--a23881d4-86f0-4bf5-8e99-30f0036587ad",
|
||
|
"target_ref": "indicator--1f683c76-940c-47d1-a3e4-30b0112f5458"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--842698df-fd8f-4643-92f8-ada44cdcbb06",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--453e6a83-70cc-4d4d-b8fc-6cf50e71d5cc",
|
||
|
"target_ref": "x-misp-object--7009b0e1-4ff2-46c0-961f-ed918af0088a"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--14ef846c-faa8-4ce2-b6cd-fa8cb06910ed",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--5d96ae1b-0410-4d4a-978e-9731d2122885",
|
||
|
"target_ref": "x-misp-object--435ccf96-5f50-4de2-a6a9-4b483a77a619"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--70b87970-10fe-4650-a4fc-34a95f664864",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--e608c614-323c-47ad-8f91-8aa5c274177c",
|
||
|
"target_ref": "x-misp-object--435ccf96-5f50-4de2-a6a9-4b483a77a619"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--ba62c4d0-280f-4fed-adf3-767508e77411",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--f4ad33db-9e3f-4178-835e-4851b778e17e",
|
||
|
"target_ref": "x-misp-object--d3a50bdf-45b6-4af5-9081-a10ddef0f412"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--e5788fe5-6bdb-456b-81dd-6dc9d8a99e44",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--8e911c46-1453-4309-a88f-8caad577dce9",
|
||
|
"target_ref": "x-misp-object--9b8609f6-b5a8-4281-a9b1-49bc36fdd23d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--83a98345-a4b1-4abe-99f8-128216e44c75",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--ab161fb0-237a-43f7-b34e-f402a7cccd8b",
|
||
|
"target_ref": "x-misp-object--9b8609f6-b5a8-4281-a9b1-49bc36fdd23d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--e610d251-ee12-45e0-861b-c86cc264316e",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "dropped-by",
|
||
|
"source_ref": "indicator--ab161fb0-237a-43f7-b34e-f402a7cccd8b",
|
||
|
"target_ref": "indicator--8e911c46-1453-4309-a88f-8caad577dce9"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--27fb6fc4-704e-4b3b-9ca4-2a84bfae8982",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--866d91f3-e765-42b7-bc40-f4849eecbdb3",
|
||
|
"target_ref": "x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--830671d1-b6f6-494e-87ba-cbea1fec4108",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--efbd15be-c3a0-4988-b0a7-b0703b06ea53",
|
||
|
"target_ref": "x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--4720073a-54bb-450d-8180-6ee2c2397547",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--49a85d25-494f-4975-9d34-ea8e7361518e",
|
||
|
"target_ref": "x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--42d977ad-6c7d-4fb4-b84f-fc4429971915",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--9940ddb2-2526-4783-a9b2-84aaeda0d4a5",
|
||
|
"target_ref": "x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2dc05ce4-d132-48af-9b6c-3c7c12b346bb",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--3b67328a-e7af-4dd0-be3c-296a0f1c6cfc",
|
||
|
"target_ref": "x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--842c580d-baab-4306-a2d3-19f2671c57bc",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--f14245f9-6180-43ef-a0e0-6994a7ca739a",
|
||
|
"target_ref": "x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--1e9f8bae-a983-4313-9450-6aa6ab538c9d",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--430e9391-ed2c-4a15-932d-1355991c821f",
|
||
|
"target_ref": "x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--ae259e13-e947-4cd5-a112-d08688d4cc43",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--dcd75ccd-014c-4d10-9f1c-d3bb2d23083a",
|
||
|
"target_ref": "x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c98c60c6-a8b4-4299-987b-375499893f34",
|
||
|
"created": "2023-07-21T13:34:30.000Z",
|
||
|
"modified": "2023-07-21T13:34:30.000Z",
|
||
|
"relationship_type": "detected-as",
|
||
|
"source_ref": "indicator--9be8694b-8b3d-486b-b321-147f4bcf81fc",
|
||
|
"target_ref": "x-misp-object--c52ba0bc-e33b-4722-9d36-440b4dabe881"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--6d358dca-6316-41ea-a66a-3133048223d5",
|
||
|
"created": "2023-07-21T13:49:23.000Z",
|
||
|
"modified": "2023-07-21T13:49:23.000Z",
|
||
|
"relationship_type": "resolved-to",
|
||
|
"source_ref": "observed-data--f1549cfb-2f8a-49df-9a58-c6863a7ce5cd",
|
||
|
"target_ref": "x-misp-object--96dccff4-1e0f-4e11-a29d-dd4e85d9dd35"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--6409b0e6-0bb7-4d59-a734-8eed2c5eb028",
|
||
|
"created": "2023-07-21T13:49:23.000Z",
|
||
|
"modified": "2023-07-21T13:49:23.000Z",
|
||
|
"relationship_type": "resolved-to",
|
||
|
"source_ref": "observed-data--0d7c814d-dcbe-44b3-a678-30edadecf71c",
|
||
|
"target_ref": "x-misp-object--c4853164-2333-41e1-9d6b-c622bd385a03"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--693f6701-4878-4bb2-b68a-658c5a2cd2e4",
|
||
|
"created": "2023-07-21T13:49:23.000Z",
|
||
|
"modified": "2023-07-21T13:49:23.000Z",
|
||
|
"relationship_type": "resolved-to",
|
||
|
"source_ref": "observed-data--6a5712ea-cf3c-44f4-9788-1cf8df970630",
|
||
|
"target_ref": "x-misp-object--b442277b-946e-42c3-a9d6-7976cb65b884"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--50394342-9af0-4465-8131-827c5e00f072",
|
||
|
"created": "2023-07-21T13:49:23.000Z",
|
||
|
"modified": "2023-07-21T13:49:23.000Z",
|
||
|
"relationship_type": "resolved-to",
|
||
|
"source_ref": "observed-data--215fe060-4fbf-4342-a230-7b5a303d56c4",
|
||
|
"target_ref": "x-misp-object--b20f1cc9-361c-441c-8bc3-eabb28b458e2"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--e806552c-cffd-4de2-bf3a-753f093ddb25",
|
||
|
"created": "2023-07-21T13:51:54.000Z",
|
||
|
"modified": "2023-07-21T13:51:54.000Z",
|
||
|
"relationship_type": "resolved-to",
|
||
|
"source_ref": "observed-data--49efdf22-09cb-4003-83d2-912da3368585",
|
||
|
"target_ref": "x-misp-object--29d07632-dfe0-45cc-9828-daea9263bee8"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f3890a9b-7c1f-42fa-aac6-db13ac0e71b5",
|
||
|
"created": "2023-07-21T13:51:54.000Z",
|
||
|
"modified": "2023-07-21T13:51:54.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--45c10194-bac4-48dd-b603-be916b720d8d",
|
||
|
"target_ref": "observed-data--49efdf22-09cb-4003-83d2-912da3368585"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|