2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5a7238f2-7ea4-499a-89f6-450b02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-02T03:00:35.000Z" ,
"modified" : "2018-02-02T03:00:35.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5a7238f2-7ea4-499a-89f6-450b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-02T03:00:35.000Z" ,
"modified" : "2018-02-02T03:00:35.000Z" ,
"name" : "OSINT - Smominru Monero mining botnet making millions for operators" ,
"published" : "2018-02-16T08:54:29Z" ,
"object_refs" : [
"x-misp-attribute--5a723909-f0f0-4dfa-b8b7-44fe02de0b81" ,
"observed-data--5a723916-3788-47c7-a70a-432502de0b81" ,
"url--5a723916-3788-47c7-a70a-432502de0b81" ,
"vulnerability--5a723935-bf74-4ea6-ba45-ee7702de0b81" ,
"vulnerability--5a723955-5430-48e4-976e-465a02de0b81" ,
"indicator--5a72399d-8ba0-4d8e-bd4a-4d4102de0b81" ,
"indicator--5a72399d-0d98-4599-89c2-4c9e02de0b81" ,
"indicator--5a72399e-cd14-491a-bb01-4cde02de0b81" ,
"indicator--5a72399e-0cbc-46d1-8db9-4aad02de0b81" ,
"indicator--5a72399f-5eec-49b8-9e5b-497102de0b81" ,
"indicator--5a72399f-4114-48f0-bd34-4ce902de0b81" ,
"indicator--5a7239a0-9fbc-4402-afa4-437302de0b81" ,
"indicator--5a7239a0-9a04-48d4-854d-440602de0b81" ,
"indicator--5a7239a0-1728-4a2c-b7a8-49ac02de0b81" ,
"indicator--5a7239a1-3eb8-4e05-8a34-42f502de0b81" ,
"indicator--5a7239a1-df5c-4a4f-9230-4cc102de0b81" ,
"indicator--5a7239a2-b0c0-4de5-89c2-4aaa02de0b81" ,
"indicator--5a7239a2-8e18-403a-b976-46cf02de0b81" ,
"indicator--5a7239a2-72dc-4348-bb4f-499d02de0b81" ,
"indicator--5a7239a3-1900-4d9f-91ae-482f02de0b81" ,
"indicator--5a7239a3-66e4-4708-9a76-47a002de0b81" ,
"indicator--5a7239a4-e710-43bf-98dd-490d02de0b81" ,
"indicator--5a7239a4-4890-4892-a9db-40e102de0b81" ,
"indicator--5a7239a5-9d44-4b30-a5a7-4baf02de0b81" ,
"indicator--5a7239a5-224c-4629-bb56-4b8e02de0b81" ,
"indicator--5a7239a5-8f14-4b49-85f3-4eb502de0b81" ,
"indicator--5a7239a6-f020-4087-81a4-42fe02de0b81" ,
"indicator--5a7239a6-861c-4d25-a9fd-4c0c02de0b81" ,
"indicator--5a7239a7-2978-41cc-8885-428902de0b81" ,
"indicator--5a7239a7-9454-42de-b5ae-481102de0b81" ,
"indicator--5a723ae2-140c-452f-889f-4daa02de0b81" ,
"indicator--5a723ae2-c428-440c-9be4-4bb102de0b81" ,
"indicator--5a723ae3-8304-4789-91de-4b0b02de0b81" ,
"indicator--5a723ae3-feb8-4011-993a-493e02de0b81" ,
"indicator--5a723ae4-261c-4c19-b8cd-4cd602de0b81" ,
"indicator--5a723ae4-1520-45c3-b378-412002de0b81" ,
"indicator--5a723ae5-1970-44f3-bdbf-423e02de0b81" ,
"indicator--5a723ae5-64bc-4529-86ee-420e02de0b81" ,
"indicator--5a723b7b-b10c-4792-977a-411302de0b81" ,
"indicator--5a723b7c-92ec-49fd-be05-47b102de0b81" ,
"indicator--5a723b7c-f44c-442c-a15d-43f102de0b81" ,
"indicator--5a723b7d-5ee4-4b59-aae7-409102de0b81" ,
"indicator--5a723b7d-cf18-46da-b75d-42cb02de0b81" ,
"indicator--5a723b7d-39fc-4346-b8dc-4d2202de0b81" ,
"indicator--5a723b7e-8b04-4a40-862f-455402de0b81" ,
"indicator--5a723b7e-eab4-493f-ba7b-4dbe02de0b81" ,
"indicator--5a723b7f-97d8-449f-8ed6-489b02de0b81" ,
"x-misp-object--5a7239fe-2ec0-4295-a0f1-ee7702de0b81" ,
"x-misp-object--5a723a43-35dc-43c6-aebc-448102de0b81" ,
"x-misp-object--5a723a78-fa6c-4f56-b48b-41ff02de0b81" ,
"indicator--5a72dd50-62b4-49c8-ba81-b1ce950d210f" ,
"indicator--5a72e14f-c2c4-4a5b-b3b9-5bec950d210f" ,
"indicator--5a72e1ea-ce94-495a-ab42-7a86950d210f" ,
"indicator--5a72e248-e0fc-4718-8b49-8f0b950d210f" ,
"indicator--5a72e2d4-d378-4bfe-89bc-b1e2950d210f" ,
"indicator--5a72e33c-e520-40ad-991f-b1fb950d210f" ,
"indicator--5a72e4eb-bb78-4f19-ae51-b1db950d210f" ,
"indicator--5a72e941-384c-4ed5-8bb4-4b0a950d210f" ,
"indicator--5a72eb79-1514-4dc9-87d4-4763950d210f" ,
"indicator--5a72ecdc-ad08-41d6-b1cc-8f0b950d210f" ,
"indicator--5a72ed40-73e4-40d3-b0c0-b1fb950d210f" ,
"indicator--5a72ed5c-1854-41db-ac03-5bf2950d210f" ,
"indicator--5a72ed74-9234-4129-81bb-47f3950d210f" ,
"indicator--5a72edaa-8670-4ea1-a903-4e28950d210f" ,
"indicator--5a72ee09-c0b0-48d0-9a90-4d69950d210f" ,
"indicator--5a72ee50-f530-4793-8783-6767950d210f" ,
"indicator--5a72ee73-9cc0-4425-b60a-4260950d210f" ,
"indicator--5a72ee8d-cc5c-48e6-b05a-5bee950d210f" ,
"indicator--5a72eea1-0f08-4da7-a5a1-b1db950d210f" ,
"indicator--1e2fd26e-d1ec-406d-bb1b-b4d72f61d52f" ,
"x-misp-object--0b7e3026-09c1-4f49-af9a-07f5ceb0592b" ,
"indicator--b538582a-ca89-45a4-895c-35d517c9b279" ,
"x-misp-object--a804d5b1-7ca5-406d-9a56-e06577b0629d" ,
"indicator--c7f56e48-5ca3-4ab4-8a44-d508a7c3f1b5" ,
"x-misp-object--857bce07-e7e4-4cfb-a435-fbb587cf250a" ,
"indicator--994aa712-e77a-411f-bec0-cf4b547a61a1" ,
"x-misp-object--28763b93-461a-4389-8100-45731b4fcb27" ,
"indicator--fae35839-05f9-4c5d-86f2-0694b89e6be3" ,
"x-misp-object--38c84b61-e001-46f6-a99c-172c5e4e5d67" ,
"indicator--959bcddc-d26f-44f7-9a79-07df0acb6a95" ,
"x-misp-object--33bb45b6-d3bd-4cc1-bec6-84cb666c0c0d" ,
"indicator--eb0f9ec8-b388-422a-99dc-5d7a32e340b3" ,
"x-misp-object--c38c22d3-60e6-4336-94d4-f9772f9e56fe" ,
"indicator--055ccd02-bd02-4e47-9fd1-1e668f23f024" ,
"x-misp-object--1718834e-3131-4711-92e4-4fd9e25abcb7" ,
2023-06-24 09:36:52 +00:00
"relationship--024a7202-4f1f-4985-bc5e-c788cd23c55e" ,
"relationship--e3e0b07c-aa49-4dfd-a36c-7aa105a68c54" ,
"relationship--b7551518-ddf9-49e1-b78c-d653dfec69a2" ,
"relationship--14d85c2d-bf3b-4f23-99a0-06bdadb70821" ,
"relationship--a333e624-68e8-4480-ac16-05316a15cb1c" ,
"relationship--c4cba47e-238f-41d5-ae2f-b6a8a4c5da07" ,
"relationship--494664bd-3d44-4f1e-8de5-f2a404d5cdf8" ,
"relationship--064b0f79-c1d5-4055-b4e6-572cc44381ad"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5a723909-f0f0-4dfa-b8b7-44fe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:01.000Z" ,
"modified" : "2018-02-01T12:41:01.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Even with recent volatility in the price of most cryptocurrencies, especially Bitcoin, interest among mainstream users and the media remains high. At the same time, Bitcoin alternatives like Monero and Ethereum continue their overall upward trend in value (Figure 1), putting them squarely in the crosshairs of threat actors looking for quick profits and anonymous transactions. Because obtaining these cryptocurrencies through legitimate mining mechanisms is quite resource-intensive, cybercriminals are stealing them, demanding ransomware payments in them, and harnessing other computers to mine them for free. Recently, Proofpoint researchers have been tracking the massive Smominru botnet, the combined computing power of which had earned millions of dollars for its operators."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a723916-3788-47c7-a70a-432502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:02.000Z" ,
"modified" : "2018-02-01T12:41:02.000Z" ,
"first_observed" : "2018-02-01T12:41:02Z" ,
"last_observed" : "2018-02-01T12:41:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a723916-3788-47c7-a70a-432502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a723916-3788-47c7-a70a-432502de0b81" ,
"value" : "https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators"
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5a723935-bf74-4ea6-ba45-ee7702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:02.000Z" ,
"modified" : "2018-02-01T12:41:02.000Z" ,
"name" : "CVE-2017-0144" ,
"labels" : [
"misp:type=\"vulnerability\"" ,
"misp:category=\"Payload delivery\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2017-0144"
}
]
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5a723955-5430-48e4-976e-465a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:03.000Z" ,
"modified" : "2018-02-01T12:41:03.000Z" ,
"name" : "CVE-2017-0176" ,
"labels" : [
"misp:type=\"vulnerability\"" ,
"misp:category=\"Payload delivery\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2017-0176"
}
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72399d-8ba0-4d8e-bd4a-4d4102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:03.000Z" ,
"modified" : "2018-02-01T12:41:03.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.34.114']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72399d-0d98-4599-89c2-4c9e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:04.000Z" ,
"modified" : "2018-02-01T12:41:04.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.81.70']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72399e-cd14-491a-bb01-4cde02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:04.000Z" ,
"modified" : "2018-02-01T12:41:04.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.31.14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72399e-0cbc-46d1-8db9-4aad02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:05.000Z" ,
"modified" : "2018-02-01T12:41:05.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.28.58']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72399f-5eec-49b8-9e5b-497102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:05.000Z" ,
"modified" : "2018-02-01T12:41:05.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.12.110']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72399f-4114-48f0-bd34-4ce902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:06.000Z" ,
"modified" : "2018-02-01T12:41:06.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.24.98']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a0-9fbc-4402-afa4-437302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:06.000Z" ,
"modified" : "2018-02-01T12:41:06.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.13.58']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a0-9a04-48d4-854d-440602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:06.000Z" ,
"modified" : "2018-02-01T12:41:06.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.38.78']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a0-1728-4a2c-b7a8-49ac02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:07.000Z" ,
"modified" : "2018-02-01T12:41:07.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.22.58']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a1-3eb8-4e05-8a34-42f502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:07.000Z" ,
"modified" : "2018-02-01T12:41:07.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.241.229.122']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a1-df5c-4a4f-9230-4cc102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:08.000Z" ,
"modified" : "2018-02-01T12:41:08.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.39.186']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a2-b0c0-4de5-89c2-4aaa02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:08.000Z" ,
"modified" : "2018-02-01T12:41:08.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.14.246']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a2-8e18-403a-b976-46cf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:09.000Z" ,
"modified" : "2018-02-01T12:41:09.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.31.110']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a2-72dc-4348-bb4f-499d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:09.000Z" ,
"modified" : "2018-02-01T12:41:09.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.27.198']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a3-1900-4d9f-91ae-482f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:10.000Z" ,
"modified" : "2018-02-01T12:41:10.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.25.106']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a3-66e4-4708-9a76-47a002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:10.000Z" ,
"modified" : "2018-02-01T12:41:10.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.1.46']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a4-e710-43bf-98dd-490d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:11.000Z" ,
"modified" : "2018-02-01T12:41:11.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.36.34']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a4-4890-4892-a9db-40e102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:11.000Z" ,
"modified" : "2018-02-01T12:41:11.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.21.186']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a5-9d44-4b30-a5a7-4baf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:12.000Z" ,
"modified" : "2018-02-01T12:41:12.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.12.162']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a5-224c-4629-bb56-4b8e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:12.000Z" ,
"modified" : "2018-02-01T12:41:12.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.24.106']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a5-8f14-4b49-85f3-4eb502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:13.000Z" ,
"modified" : "2018-02-01T12:41:13.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.44.46']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a6-f020-4087-81a4-42fe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:13.000Z" ,
"modified" : "2018-02-01T12:41:13.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.11.222']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a6-861c-4d25-a9fd-4c0c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:14.000Z" ,
"modified" : "2018-02-01T12:41:14.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.29.6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a7-2978-41cc-8885-428902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:14.000Z" ,
"modified" : "2018-02-01T12:41:14.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.8.86']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a7239a7-9454-42de-b5ae-481102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:14.000Z" ,
"modified" : "2018-02-01T12:41:14.000Z" ,
"description" : "Attacking IP (via EB)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.1.14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723ae2-140c-452f-889f-4daa02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:53:38.000Z" ,
"modified" : "2018-01-31T21:53:38.000Z" ,
"description" : "ups.rar" ,
"pattern" : "[file:hashes.SHA256 = 'da3b2e4da23aae505bf991cb68833d01d0c5b75645d246dfa9b6e403be1798c8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:53:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723ae2-c428-440c-9be4-4bb102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:53:38.000Z" ,
"modified" : "2018-01-31T21:53:38.000Z" ,
"description" : "EternalBlue dropped" ,
"pattern" : "[file:hashes.SHA256 = '8ceb370e5f32dd732809c827f8eda38cc9b746d40adea3dca33b8c27ee38eb6f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:53:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723ae3-8304-4789-91de-4b0b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:53:39.000Z" ,
"modified" : "2018-01-31T21:53:39.000Z" ,
"description" : "EternalBlue dropped" ,
"pattern" : "[file:hashes.SHA256 = '5e15c97546a19759a8397e51e98a2d8168e6e27aff4dc518220459ed3184e4e2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:53:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723ae3-feb8-4011-993a-493e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:53:39.000Z" ,
"modified" : "2018-01-31T21:53:39.000Z" ,
"description" : "64.rar" ,
"pattern" : "[file:hashes.SHA256 = '2e3f534bd6b7d1cf18dc727820124faed92fb28f1d4626c9658587b9b3c09509']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:53:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723ae4-261c-4c19-b8cd-4cd602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:53:40.000Z" ,
"modified" : "2018-01-31T21:53:40.000Z" ,
"description" : "0107.rar (Smominru - Coin Miner)" ,
"pattern" : "[file:hashes.SHA256 = 'b7f8b5cb8fc7bd5c14105fde118f5ac7a808e590e52f16c70128b4bd28aa4b5a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:53:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723ae4-1520-45c3-b378-412002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:53:40.000Z" ,
"modified" : "2018-01-31T21:53:40.000Z" ,
"description" : "0121.rar (Smominru Coin Miner)" ,
"pattern" : "[file:hashes.SHA256 = '32e0712ff24e5f9ab8ee682a53514c501486f0836ef24125503335d86bd10a4e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:53:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723ae5-1970-44f3-bdbf-423e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:53:41.000Z" ,
"modified" : "2018-01-31T21:53:41.000Z" ,
"description" : "0126.rar (Smominru Coin Miner)" ,
"pattern" : "[file:hashes.SHA256 = '3b1824b41f3853376e21153d9125781dbb57b820d8a9a6cc037f82ea87f50973']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:53:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723ae5-64bc-4529-86ee-420e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:53:41.000Z" ,
"modified" : "2018-01-31T21:53:41.000Z" ,
"description" : "0114.rar (Smominru - Coin Miner)" ,
"pattern" : "[file:hashes.SHA256 = 'f1c36aebdcd92a04fd689d31944e5388e7e9b9421063ec4c98804ac7a04e6b0d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:53:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723b7b-b10c-4792-977a-411302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:56:11.000Z" ,
"modified" : "2018-01-31T21:56:11.000Z" ,
"description" : "Smominru C&C (Binary Server)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.58.186.145']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:56:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723b7c-92ec-49fd-be05-47b102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:56:12.000Z" ,
"modified" : "2018-01-31T21:56:12.000Z" ,
"description" : "Smominru C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.29.8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:56:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723b7c-f44c-442c-a15d-43f102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:56:12.000Z" ,
"modified" : "2018-01-31T21:56:12.000Z" ,
"description" : "Smominru C&C (WMI call)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.58.140.194']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:56:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723b7d-5ee4-4b59-aae7-409102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:56:12.000Z" ,
"modified" : "2018-01-31T21:56:12.000Z" ,
"description" : "Smominru C&C (binary server)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '170.178.171.162']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:56:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723b7d-cf18-46da-b75d-42cb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:56:13.000Z" ,
"modified" : "2018-01-31T21:56:13.000Z" ,
"description" : "Smominru C&C (WMI call) Sinkholed domain" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.30.26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:56:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723b7d-39fc-4346-b8dc-4d2202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:56:13.000Z" ,
"modified" : "2018-01-31T21:56:13.000Z" ,
"description" : "Smominru binary server" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.64.166.82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:56:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723b7e-8b04-4a40-862f-455402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:56:14.000Z" ,
"modified" : "2018-01-31T21:56:14.000Z" ,
"description" : "Smominru binary server" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.255.79.151']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:56:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723b7e-eab4-493f-ba7b-4dbe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:15.000Z" ,
"modified" : "2018-02-01T12:41:15.000Z" ,
"description" : "Smominru C&C" ,
"pattern" : "[file:name = 'down.my0709.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a723b7f-97d8-449f-8ed6-489b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:56:15.000Z" ,
"modified" : "2018-01-31T21:56:15.000Z" ,
"description" : "Smominru C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.148.80.194']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-31T21:56:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5a7239fe-2ec0-4295-a0f1-ee7702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:49:50.000Z" ,
"modified" : "2018-01-31T21:49:50.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "43Lm9q14s7GhMLpUsiXY3MH6G67Sn81B5DqmN46u8WnBXNvJmC6FwH3ZMwAmkEB1nHSrujgthFPQeQCFPCwwE7m7TpspYBd" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5a7239ff-8b94-41dd-91e0-ee7702de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "XMR" ,
"category" : "Other" ,
"uuid" : "5a7239ff-9bcc-43f2-8e1f-ee7702de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "text" ,
"value" : "used after 2018-01-14" ,
"category" : "Other" ,
"uuid" : "5a723a00-2378-4cb9-8c44-ee7702de0b81"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5a723a43-35dc-43c6-aebc-448102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:50:59.000Z" ,
"modified" : "2018-01-31T21:50:59.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "47Tscy1QuJn1fxHiBRjWFtgHmvqkW71YZCQL33LeunfH4rsGEHx5UGTPdfXNJtMMATMz8bmaykGVuDFGWP3KyufBSdzxBb2" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5a723a44-1f80-459f-ab1f-4f7b02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "XMR" ,
"category" : "Other" ,
"uuid" : "5a723a44-3498-4397-9114-49b602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "text" ,
"value" : "used from before 2017/05 till 2017/09\r\n\r\n \r\n\r\nMined 2000 Monero" ,
"category" : "Other" ,
"uuid" : "5a723a45-3cb4-4b1b-80a1-4d6102de0b81"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5a723a78-fa6c-4f56-b48b-41ff02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-31T21:51:52.000Z" ,
"modified" : "2018-01-31T21:51:52.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "45bbP2muiJHD8Fd5tZyPAfC2RsajyEcsRVVMZ7Tm5qJjdTMprexz6yQ5DVQ1BbmjkMYm9nMid2QSbiGLvvfau7At5V18FzQ" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5a723a78-bfe8-4820-84b5-4a5602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "XMR" ,
"category" : "Other" ,
"uuid" : "5a723a78-7cb8-482c-baf0-447e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "text" ,
"value" : "from 2017/09 till 2018-01-13\r\n\r\nMined around 6800 Monero" ,
"category" : "Other" ,
"uuid" : "5a723a79-95e4-426e-9a91-4ee402de0b81"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72dd50-62b4-49c8-ba81-b1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T09:44:03.000Z" ,
"modified" : "2018-02-01T09:44:03.000Z" ,
"description" : "Smominru C&C" ,
"pattern" : "[domain-name:value = 'down.down0116.info' AND domain-name:resolves_to_refs[*].value = '198.148.80.194']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T09:44:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72e14f-c2c4-4a5b-b3b9-5bec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T09:43:43.000Z" ,
"modified" : "2018-02-01T09:43:43.000Z" ,
"description" : "Smominru C&C (Binary Server)" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.58.186.145') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'down.oo000oo.club') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T09:43:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72e1ea-ce94-495a-ab42-7a86950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T09:46:18.000Z" ,
"modified" : "2018-02-01T09:46:18.000Z" ,
"description" : "Smominru C&C" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.29.8') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'www.cyg2016.xyz') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T09:46:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72e248-e0fc-4718-8b49-8f0b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T09:47:52.000Z" ,
"modified" : "2018-02-01T09:47:52.000Z" ,
"description" : "Smominru C&C (Binary Server)" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.29.8') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'down.mys2016.info') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T09:47:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72e2d4-d378-4bfe-89bc-b1e2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T09:50:12.000Z" ,
"modified" : "2018-02-01T09:50:12.000Z" ,
"description" : "Smominru C&C (WMI call)" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.58.140.194') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'wmi.mykings.top.info') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T09:50:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72e33c-e520-40ad-991f-b1fb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T09:51:56.000Z" ,
"modified" : "2018-02-01T09:51:56.000Z" ,
"description" : "Smominru C&C (WMI call)" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.58.140.194') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'wmi.oo000oo.club') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T09:51:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72e4eb-bb78-4f19-ae51-b1db950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T09:59:07.000Z" ,
"modified" : "2018-02-01T09:59:07.000Z" ,
"description" : "Smominru C&C" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.58.140.194') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'xmr.5b6b7b.ru') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T09:59:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72e941-384c-4ed5-8bb4-4b0a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:17:37.000Z" ,
"modified" : "2018-02-01T10:17:37.000Z" ,
"description" : "Smominru C&C (binary server)" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '170.178.171.162') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = '64.myxmr.pw') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:17:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72eb79-1514-4dc9-87d4-4763950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:27:05.000Z" ,
"modified" : "2018-02-01T10:27:05.000Z" ,
"description" : "Smominru C&C (WMI call) - Sinkholed domain" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.30.26') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'wmi.my0709.xyz') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72ecdc-ad08-41d6-b1cc-8f0b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:33:00.000Z" ,
"modified" : "2018-02-01T10:33:00.000Z" ,
"description" : "Smominru binary server" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.64.166.82') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'ftp.ruisgood.ru') AND network-traffic:dst_port = '21']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:33:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72ed40-73e4-40d3-b0c0-b1fb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:34:40.000Z" ,
"modified" : "2018-02-01T10:34:40.000Z" ,
"description" : "Smominru binary server" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.64.166.82') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'ftp.oo000oo.me') AND network-traffic:dst_port = '21']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:34:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72ed5c-1854-41db-ac03-5bf2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:35:08.000Z" ,
"modified" : "2018-02-01T10:35:08.000Z" ,
"description" : "Smominru binary server" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.64.166.82') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'ftp.ftp0118.info') AND network-traffic:dst_port = '21']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:35:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72ed74-9234-4129-81bb-47f3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:35:32.000Z" ,
"modified" : "2018-02-01T10:35:32.000Z" ,
"description" : "Smominru binary server" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.255.79.151') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'js.mys2016.info') AND network-traffic:dst_port = '280']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:35:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72edaa-8670-4ea1-a903-4e28950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:36:26.000Z" ,
"modified" : "2018-02-01T10:36:26.000Z" ,
"description" : "Smominru C&C (Binary Server)" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '170.178.171.162') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = '64.mymyxmra.ru') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:36:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72ee09-c0b0-48d0-9a90-4d69950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:38:01.000Z" ,
"modified" : "2018-02-01T10:38:01.000Z" ,
"description" : "Smominru C&C" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.58.140.194') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'xmr.xmr5b.ru') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:38:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72ee50-f530-4793-8783-6767950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:39:12.000Z" ,
"modified" : "2018-02-01T10:39:12.000Z" ,
"description" : "Smominru C&C" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'js.my0115.ru') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:39:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72ee73-9cc0-4425-b60a-4260950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:39:47.000Z" ,
"modified" : "2018-02-01T10:39:47.000Z" ,
"description" : "Smominru C&C (WMI call)" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.30.26') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'wmi.my0115.ru') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:39:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72ee8d-cc5c-48e6-b05a-5bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:40:13.000Z" ,
"modified" : "2018-02-01T10:40:13.000Z" ,
"description" : "Smominru C&C (Binary Server)" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.30.26') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'down.my0115.ru') AND network-traffic:dst_port = '8888']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:40:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a72eea1-0f08-4da7-a5a1-b1db950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T10:40:33.000Z" ,
"modified" : "2018-02-01T10:40:33.000Z" ,
"description" : "Smominru C&C" ,
"pattern" : "[domain-name:value = 'down.my0709.xyz' AND domain-name:resolves_to_refs[*].value = '103.95.30.26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T10:40:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1e2fd26e-d1ec-406d-bb1b-b4d72f61d52f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:19.000Z" ,
"modified" : "2018-02-01T12:41:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '1487e2b148f7a4869c212f78cb28d682' AND file:hashes.SHA1 = 'a56c110dcf859d83aa1fa5ad455e94539dfa8d12' AND file:hashes.SHA256 = '8ceb370e5f32dd732809c827f8eda38cc9b746d40adea3dca33b8c27ee38eb6f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0b7e3026-09c1-4f49-af9a-07f5ceb0592b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:17.000Z" ,
"modified" : "2018-02-01T12:41:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8ceb370e5f32dd732809c827f8eda38cc9b746d40adea3dca33b8c27ee38eb6f/analysis/1517456055/" ,
"category" : "External analysis" ,
"comment" : "EternalBlue dropped" ,
"uuid" : "5a730aed-3e50-42bb-927c-450902de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "45/65" ,
"category" : "Other" ,
"comment" : "EternalBlue dropped" ,
"uuid" : "5a730aee-fe60-4ff3-a8a3-428102de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-01T03:34:15" ,
"category" : "Other" ,
"comment" : "EternalBlue dropped" ,
"uuid" : "5a730aee-cf3c-4a4b-b699-434c02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b538582a-ca89-45a4-895c-35d517c9b279" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:22.000Z" ,
"modified" : "2018-02-01T12:41:22.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ff604679b2e12040dea81f6ecffd5ea2' AND file:hashes.SHA1 = 'd789b6b33d739810cab2e3f5a55933dd16721823' AND file:hashes.SHA256 = 'b7f8b5cb8fc7bd5c14105fde118f5ac7a808e590e52f16c70128b4bd28aa4b5a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a804d5b1-7ca5-406d-9a56-e06577b0629d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:20.000Z" ,
"modified" : "2018-02-01T12:41:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b7f8b5cb8fc7bd5c14105fde118f5ac7a808e590e52f16c70128b4bd28aa4b5a/analysis/1517457171/" ,
"category" : "External analysis" ,
"comment" : "0107.rar (Smominru - Coin Miner)" ,
"uuid" : "5a730af0-28d8-461f-8bc1-48eb02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/66" ,
"category" : "Other" ,
"comment" : "0107.rar (Smominru - Coin Miner)" ,
"uuid" : "5a730af1-ebd8-4440-a145-46e502de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-01T03:52:51" ,
"category" : "Other" ,
"comment" : "0107.rar (Smominru - Coin Miner)" ,
"uuid" : "5a730af1-2a48-4e30-b9dc-468602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c7f56e48-5ca3-4ab4-8a44-d508a7c3f1b5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:25.000Z" ,
"modified" : "2018-02-01T12:41:25.000Z" ,
"pattern" : "[file:hashes.MD5 = '0224b573793d1780e3fec22739526c8f' AND file:hashes.SHA1 = '6ca9bc55382736c6fb173afb789318ee7067f206' AND file:hashes.SHA256 = '3b1824b41f3853376e21153d9125781dbb57b820d8a9a6cc037f82ea87f50973']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--857bce07-e7e4-4cfb-a435-fbb587cf250a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:23.000Z" ,
"modified" : "2018-02-01T12:41:23.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/3b1824b41f3853376e21153d9125781dbb57b820d8a9a6cc037f82ea87f50973/analysis/1517153840/" ,
"category" : "External analysis" ,
"comment" : "0126.rar (Smominru Coin Miner)" ,
"uuid" : "5a730af3-4578-439d-b113-485d02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/66" ,
"category" : "Other" ,
"comment" : "0126.rar (Smominru Coin Miner)" ,
"uuid" : "5a730af4-2254-4135-a0e4-4ed602de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-28T15:37:20" ,
"category" : "Other" ,
"comment" : "0126.rar (Smominru Coin Miner)" ,
"uuid" : "5a730af4-9a70-46ec-b537-492902de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--994aa712-e77a-411f-bec0-cf4b547a61a1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:28.000Z" ,
"modified" : "2018-02-01T12:41:28.000Z" ,
"pattern" : "[file:hashes.MD5 = '6ca24e8ae6988ee1187be72c777e7397' AND file:hashes.SHA1 = '53accdd58a67fe7bc7fbcaefa1e2b65c13aba9ff' AND file:hashes.SHA256 = '2e3f534bd6b7d1cf18dc727820124faed92fb28f1d4626c9658587b9b3c09509']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--28763b93-461a-4389-8100-45731b4fcb27" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:27.000Z" ,
"modified" : "2018-02-01T12:41:27.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2e3f534bd6b7d1cf18dc727820124faed92fb28f1d4626c9658587b9b3c09509/analysis/1517457638/" ,
"category" : "External analysis" ,
"comment" : "64.rar" ,
"uuid" : "5a730af7-d48c-4b0b-be0c-452702de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/64" ,
"category" : "Other" ,
"comment" : "64.rar" ,
"uuid" : "5a730af7-12c8-4405-af2c-47c102de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-01T04:00:38" ,
"category" : "Other" ,
"comment" : "64.rar" ,
"uuid" : "5a730af8-d5c4-4360-b181-4c4002de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fae35839-05f9-4c5d-86f2-0694b89e6be3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:31.000Z" ,
"modified" : "2018-02-01T12:41:31.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ebdc2be63b2fcb8fe22845c75850c9e6' AND file:hashes.SHA1 = 'c788a27c9f18f1e732e34e60a73b83ccdcfd9a29' AND file:hashes.SHA256 = '32e0712ff24e5f9ab8ee682a53514c501486f0836ef24125503335d86bd10a4e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--38c84b61-e001-46f6-a99c-172c5e4e5d67" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:30.000Z" ,
"modified" : "2018-02-01T12:41:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/32e0712ff24e5f9ab8ee682a53514c501486f0836ef24125503335d86bd10a4e/analysis/1517399898/" ,
"category" : "External analysis" ,
"comment" : "0121.rar (Smominru Coin Miner)" ,
"uuid" : "5a730afa-b5b4-4ef0-9030-4a5302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/66" ,
"category" : "Other" ,
"comment" : "0121.rar (Smominru Coin Miner)" ,
"uuid" : "5a730afa-eb88-472e-9db8-491e02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-31T11:58:18" ,
"category" : "Other" ,
"comment" : "0121.rar (Smominru Coin Miner)" ,
"uuid" : "5a730afb-ff20-49ea-8d61-439d02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--959bcddc-d26f-44f7-9a79-07df0acb6a95" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:34.000Z" ,
"modified" : "2018-02-01T12:41:34.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f63e34b172bc6c88c002a2d25c738ea9' AND file:hashes.SHA1 = '368ef0af957492ad0b55ce1351da1b44f67dbcb8' AND file:hashes.SHA256 = '5e15c97546a19759a8397e51e98a2d8168e6e27aff4dc518220459ed3184e4e2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--33bb45b6-d3bd-4cc1-bec6-84cb666c0c0d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:33.000Z" ,
"modified" : "2018-02-01T12:41:33.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/5e15c97546a19759a8397e51e98a2d8168e6e27aff4dc518220459ed3184e4e2/analysis/1517462947/" ,
"category" : "External analysis" ,
"comment" : "EternalBlue dropped" ,
"uuid" : "5a730afd-5ae4-4e1d-976f-4e1e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/63" ,
"category" : "Other" ,
"comment" : "EternalBlue dropped" ,
"uuid" : "5a730afd-1514-4e7f-8862-49ae02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-01T05:29:07" ,
"category" : "Other" ,
"comment" : "EternalBlue dropped" ,
"uuid" : "5a730afe-2ad4-4d85-af66-4a4702de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--eb0f9ec8-b388-422a-99dc-5d7a32e340b3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:37.000Z" ,
"modified" : "2018-02-01T12:41:37.000Z" ,
"pattern" : "[file:hashes.MD5 = '822b8150022ba179560ac42384ff997e' AND file:hashes.SHA1 = 'b8a53e651be77914428f6a3cefc797041ff3df51' AND file:hashes.SHA256 = 'f1c36aebdcd92a04fd689d31944e5388e7e9b9421063ec4c98804ac7a04e6b0d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c38c22d3-60e6-4336-94d4-f9772f9e56fe" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:36.000Z" ,
"modified" : "2018-02-01T12:41:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f1c36aebdcd92a04fd689d31944e5388e7e9b9421063ec4c98804ac7a04e6b0d/analysis/1517332171/" ,
"category" : "External analysis" ,
"comment" : "0114.rar (Smominru - Coin Miner)" ,
"uuid" : "5a730b00-d828-4158-99c6-4f4702de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/65" ,
"category" : "Other" ,
"comment" : "0114.rar (Smominru - Coin Miner)" ,
"uuid" : "5a730b00-cfac-4258-a9b1-4f4202de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-30T17:09:31" ,
"category" : "Other" ,
"comment" : "0114.rar (Smominru - Coin Miner)" ,
"uuid" : "5a730b01-39ac-4f84-93b3-498602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--055ccd02-bd02-4e47-9fd1-1e668f23f024" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:40.000Z" ,
"modified" : "2018-02-01T12:41:40.000Z" ,
"pattern" : "[file:hashes.MD5 = '6b13994f83dad0d45764911a88564a7b' AND file:hashes.SHA1 = '0b5616228f6556b320ac0d2f586504538abb638e' AND file:hashes.SHA256 = 'da3b2e4da23aae505bf991cb68833d01d0c5b75645d246dfa9b6e403be1798c8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-01T12:41:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1718834e-3131-4711-92e4-4fd9e25abcb7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-01T12:41:39.000Z" ,
"modified" : "2018-02-01T12:41:39.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/da3b2e4da23aae505bf991cb68833d01d0c5b75645d246dfa9b6e403be1798c8/analysis/1517457719/" ,
"category" : "External analysis" ,
"comment" : "ups.rar" ,
"uuid" : "5a730b03-589c-47de-a519-4d8702de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/64" ,
"category" : "Other" ,
"comment" : "ups.rar" ,
"uuid" : "5a730b03-0afc-42a7-a1b0-48e002de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-01T04:01:59" ,
"category" : "Other" ,
"comment" : "ups.rar" ,
"uuid" : "5a730b04-ae70-4fab-b15f-48c602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--024a7202-4f1f-4985-bc5e-c788cd23c55e" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:54:28.000Z" ,
"modified" : "2018-02-16T08:54:28.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--1e2fd26e-d1ec-406d-bb1b-b4d72f61d52f" ,
"target_ref" : "x-misp-object--0b7e3026-09c1-4f49-af9a-07f5ceb0592b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--e3e0b07c-aa49-4dfd-a36c-7aa105a68c54" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:54:28.000Z" ,
"modified" : "2018-02-16T08:54:28.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--b538582a-ca89-45a4-895c-35d517c9b279" ,
"target_ref" : "x-misp-object--a804d5b1-7ca5-406d-9a56-e06577b0629d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--b7551518-ddf9-49e1-b78c-d653dfec69a2" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:54:28.000Z" ,
"modified" : "2018-02-16T08:54:28.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--c7f56e48-5ca3-4ab4-8a44-d508a7c3f1b5" ,
"target_ref" : "x-misp-object--857bce07-e7e4-4cfb-a435-fbb587cf250a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--14d85c2d-bf3b-4f23-99a0-06bdadb70821" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:54:28.000Z" ,
"modified" : "2018-02-16T08:54:28.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--994aa712-e77a-411f-bec0-cf4b547a61a1" ,
"target_ref" : "x-misp-object--28763b93-461a-4389-8100-45731b4fcb27"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--a333e624-68e8-4480-ac16-05316a15cb1c" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:54:28.000Z" ,
"modified" : "2018-02-16T08:54:28.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--fae35839-05f9-4c5d-86f2-0694b89e6be3" ,
"target_ref" : "x-misp-object--38c84b61-e001-46f6-a99c-172c5e4e5d67"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--c4cba47e-238f-41d5-ae2f-b6a8a4c5da07" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:54:28.000Z" ,
"modified" : "2018-02-16T08:54:28.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--959bcddc-d26f-44f7-9a79-07df0acb6a95" ,
"target_ref" : "x-misp-object--33bb45b6-d3bd-4cc1-bec6-84cb666c0c0d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--494664bd-3d44-4f1e-8de5-f2a404d5cdf8" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:54:28.000Z" ,
"modified" : "2018-02-16T08:54:28.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--eb0f9ec8-b388-422a-99dc-5d7a32e340b3" ,
"target_ref" : "x-misp-object--c38c22d3-60e6-4336-94d4-f9772f9e56fe"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--064b0f79-c1d5-4055-b4e6-572cc44381ad" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:54:29.000Z" ,
"modified" : "2018-02-16T08:54:29.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--055ccd02-bd02-4e47-9fd1-1e668f23f024" ,
"target_ref" : "x-misp-object--1718834e-3131-4711-92e4-4fd9e25abcb7"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}