2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5e67e70a-9666-4c32-b3ec-4b51d43a8e4b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-06-01T07:16:13.000Z",
|
|
|
|
"modified": "2022-06-01T07:16:13.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5e67e70a-9666-4c32-b3ec-4b51d43a8e4b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-06-01T07:16:13.000Z",
|
|
|
|
"modified": "2022-06-01T07:16:13.000Z",
|
|
|
|
"name": "Sample Linux miner - XMring",
|
|
|
|
"published": "2022-06-01T07:16:24Z",
|
|
|
|
"object_refs": [
|
|
|
|
"x-misp-object--c00a4152-4bb4-4d06-ac6e-12af821f773d",
|
|
|
|
"indicator--9cff63dc-2a41-42e9-aa0f-de04ebd5770f",
|
|
|
|
"x-misp-object--a09b02e5-99ed-48fe-8ca8-65efa7a084e2",
|
|
|
|
"x-misp-object--24c72dcd-a2d4-4283-8e2d-ed7a438fc3f0",
|
|
|
|
"x-misp-object--3a6fbda8-bd96-48d0-842d-1d0b1c114e51",
|
2023-05-19 09:05:37 +00:00
|
|
|
"relationship--5397bff4-e12d-4503-a803-608ab0a453bf"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Leverage compromised 3rd party resources - T1375\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Application or System Exploitation - T1499.004\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c00a4152-4bb4-4d06-ac6e-12af821f773d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-06-01T07:12:01.000Z",
|
|
|
|
"modified": "2022-06-01T07:12:01.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "DYNAMIC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f303e90d-75a8-4d23-b1ca-2e1122087af7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "entrypoint-address",
|
|
|
|
"value": "940656",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8912305f-25b0-4ecb-802f-bf7245b5e992"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "arch",
|
|
|
|
"value": "x86_64",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e8d91314-1769-40ef-b396-b511bcfcbd68"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "os_abi",
|
|
|
|
"value": "SYSTEMV",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d36ea4b8-d8be-44db-b799-6532ece94f62"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "counter",
|
|
|
|
"object_relation": "number-sections",
|
|
|
|
"value": "0",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e7cba7a4-09a7-4568-9d31-a4665c33ebe0"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--9cff63dc-2a41-42e9-aa0f-de04ebd5770f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-06-01T07:12:02.000Z",
|
|
|
|
"modified": "2022-06-01T07:12:02.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a3d50f130c57b5f9b3c81bb237912c83' AND file:hashes.SHA1 = 'b8e9bb170890e44785cdfbb0b00ea4233ba6dd73' AND file:hashes.SHA256 = '31fe8c12206d590afe61ebaff9d277793af34c8f201e9025f10d7a44a7f52e35' AND file:hashes.SHA512 = '8a402df5632b6a85535d5532e46d8c3a52c0ffaf5dbaed6f58a19e64177bb91a231efa82262b1a10b2e5226521391cbfd0855984c3e29ca487a99a3e0b690c5c' AND file:hashes.SSDEEP = '24576:yn7lwq/OfYQ2e7fXF1geyzUBjp5XLU8E0sM+E7DOoI:YDdeZihzUBfL9sMRCR' AND file:name = '31fe8c12206d590afe61ebaff9d277793af34c8f201e9025f10d7a44a7f52e35' AND file:size = '945904' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAIE5wVS0KYLX9GoOAPBuDgAgABwAYTNkNTBmMTMwYzU3YjVmOWIzYzgxYmIyMzc5MTJjODNVVAkAA0IRl2JCEZdidXgLAAEEIQAAAAQhAAAANI50tEvfO9bLL1z6K+tY4cGB/fOzPTBA4rFYSEjvtgHJna1gxRh/BLwrUPLsYzb0Js79Ggutx/MA9mMBrT8353/pQ53Zx2XsZtynUF4wJCmw6HPlpfGUyi2eWIgRnwZ/SsA4df9wAZBjIwhXkN54bdrQXXB3yOydOx9UvNTN3KLtAe66MiRilLPtjF8m7OXk630crFBd8W/Z3b0Ykl2xVpCllpzJOK0CWS6PPZTwENf8/Wsp7qUoPakzl+epV2xu5bhDUP6sJiHRiKh0Fh25qlh3v9cdCijl+54sSg5eynawnpD1fwJJGH15e5TWHQ0rcy0rgWR1xzE3BF+dpJfbwIY0Dt5Qwhc7w9x44p7U/WbsaesYIM6wrYMjoN+oKuCauKnsd7pcSy5H21yVQUZ8/OzgwTj00oZZUM43Zpgm4fv/ov8+5cxUWgbj7mIcVRAR6JhEsRagWsuoOQy/UaBoly+edhMCuxlUEw/6TosvHN5bdGiv6nofFuFCj4Gdjp5FHY6SfI3iRgloZRAi+RjU5QOxSqIIPvTArCX1eP4heTR/SarY51Dy0F5L3RtNWPejRGYg+F9lLxwa4GpwqOZXURkQpuXTqunSctSsriiBgoSBtmvMFOrdF4DXlT8sM3WbWvqiYCEKUtTaXxB8bE5OnIjgS7i+1tqe5nR56+c7XDmzjrZ7Lgb974K07VWsx+VzAp2a4WlaunoDGV+vwkWzWMvMJUERRQwKI4L+CZ+VIGlSCyMuWYG6tTPSS/j3ATEs8JilI1ysi6moQ+owTHfTK3JGMo5JcKUICyhb4qv94nyVOJC7KJs5OZl62WTYCs7gqBatDT2iH3C1u8OzG/sD5KMDJa/6sVEbcAbk9RKDEMeeDSfpfuC4HFxumWFR47wIOxf+MMVgoErXKiepP8PQxfHFSn78FR4JSZ706ELTt4cXESY/t5W7GOGtyqFKewMUBJuPdwtaRlo+zfII1Wk6FVVW25R9Z/+5tabCTsyEpNhil4Gym77czCg1MEOZaAWNFoGz8g1hvL4Iw3pE1x3TbqbtWgbNCd4Lwl1Lz5E/1+ZvjcpwKTWxlwO9IeKJSPS77Bo+L6fbNf/hH2luN5whJvM9275sJA4dmB9ekgJr0SQhmbu3zrhs4IyQ8m/+gsrrG2SuiTfFMM2qmG4QuwVDc08KWzG9TJQvLXytTx1BIdeyD61loeMtu6WI6H5RUfDXz0FOwL6ghhmwOV0hZioEwV7/7B18uV6cp+LYE0frPUaOO4WAJWZ3/bwZs0Yd6C/voY5kJRRWN/fV76NiMdn+5y+c16jyhrGFOcpsgn19Y5w+UmTLAxHaC+JhpzAAZ31Txz11Q09BiZkUPf/sDkLYhzQltYcbrgDlSzgooWEWGzowVLMLsQiWbuqmpl29E7wqwN39+thQqwVwveLfmGAu+VtJLCb9yccmE7MCmtsrtO/Zb2OQmA+190grF2I5cenhi0AboisJUiyPaVDpMXECb8Qw3dS22tcDVvPe38epkpc/sudmH/KXGXAtyfueYIWox8q4jVRGV96fKeUcMNnXlWuzszhrjb7l3omn4PdOBlwvBANA5Qm/J8onn30D5alQsGkLfKsi2oZ+XM/b7i45LMP/T+MF7P8XP/kTjDjfM6cE3411ZICMi2I8NBkk1qojTH5Ngvp2D9nhOM3uArdUleeXdyEZAnaH2o82NDHrh1dsvhl3hWQovmY6JJSAND2NFfgTDgQw2qHlUOx01jzIGlBYB/x7SpR95MT+pFbNXjilAH6SEf6rlD8zzqTA0t6EVU6PZdiuR4fjluRmi3EdUjjYh5tyFbAtEIBkk0ezqWyR1v0lWFBl610rQUbaMxceE0rZawRB+Mu8B3iQ6eLVIrJB4E8foTPHqAnfKmFfnOpetFjzZOsw2QdyTG0hlxkCIgaBhT7QsEkEt8hzB+STXeqs+yVpR5W5WxT2j93VshLVSsp/t6WA3ciB9jjwlQeGa0D9DBkues++w3flikr2OeumXJi/fwopvx/z24s2yzBaDBx8FH6I01oS7HSzSxR0xfITPuYMw8AWVNd48FODYtZXBWNM8XVQ8luNBZtkLPsWzCHB93wGWXLWBimZnW3TvhbmmmL6lg9jgz04X8qxEQSirzoevcJzZnO6N+8LtOsrBwWgJWEn8GfIgNqWZq4fowH2lSzQr4w4NBmCFXMM34RYQJr6Pft2D2rUJuPqOJvmiUg+0U8cVYfRuSZU4Vbg66wt67+SS5cCYb3X+BOwC3I96//Ezgx9ZlW3PQVkQgbgwZa7Vjt/v25lojTm2HqF/iM3gyLxwYwpLxPEmz2FjtacwF31ruqlGQH1LbkGHlRHLUSsJ/nLsDhoOjXn/ljUqFg9n4IHpK9N2IGoeXI5W8kGeIaKvLTnbiaAE3x0+mqR4gIeAQs69E/edLluOu/aP8/t458SoXSYc2Gc8qZNLD2hHmHX/nPb2kACxGt9vrjPVXF+QRZXy1bZZkra6sawEl6GTsThxqebMlkdPp+nfPzogFSNUy+Ax1KBUf3ZkCYTMewW5T8OgzUDefUnZRLkWPcRJOQY/TtjKUukjhXGuVRZYo3IwlCCHx9wu7qrQFY6Ea0jor9ppFNamPmQ61ke+KQqOSXnEbZFNKqf0+CmFELVGtjDkWtkq5QXfQYP2ly8nyGSmNisl3VAKsFcOzh0AXuG6B5ssrl0db8b90jPdMzTTW+IQk22LbIwx9AwOD3c4I9q2MA2vRwHDNiTCo0KtwNgQo1bIq1y2p8I+d1RgtBwXgpUbrbcHhGRqe5awCEtGxemSBRQun1bOILxh6YbGPWfRfni5N3EkHzc5Y7ktObojYMIXSbze3+QQZl9fYdxbKE6Ci1iq7hjNVs/nGfoHNJfoYPydNIUzwSu1d+ZBKBtzQjqN3fO8Hj2S+6Gi43CMInRbYWwPyvYndgBJYddgoTgNlXjHNE60k3he3TJQlKHHcOTl3QE9CUtJHeJH6t0lByxesjn2pARkdhslmbLH24ohz37opGEzlPjlrxWayzSsw2NDv51JLlKyFjT9Wvz9/GPz9F0xp/Wlas5jzQNkTGyXwwOyjM6vdcOxpJiqzCymJMp0Ej1nXz4cuAiNlJhPne2q1jzW/67NKuWxB2Wi7x7d/FyjPE9UDuONl2JQJwwga25QmDn/IF/Fl0e8QLu4VfhU1pRp9dhwEgVm9Nz6RvF7EjxsSgqTPZKQhniqQIXdSHzGiJYAUqAQgKCiGF49a2mBwi/21XDO8/qvSCRLPbKcIzMCufmFHOhMH/B/DZ94O4RHuXXe08kd/iH+Mlr6KN1aRcB4nY1dTv7adFh3L8eOlplaCq/FO0
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2022-06-01T07:12:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a09b02e5-99ed-48fe-8ca8-65efa7a084e2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-06-01T07:12:29.000Z",
|
|
|
|
"modified": "2022-06-01T07:12:29.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/31fe8c12206d590afe61ebaff9d277793af34c8f201e9025f10d7a44a7f52e35",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "b8e9bb170890e44785cdfbb0b00ea4233ba6dd73: Enriched via the virustotal module",
|
|
|
|
"uuid": "bd2689e5-4c6e-49cb-bea2-a1880a8b7fa7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "14/59",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "b8e9bb170890e44785cdfbb0b00ea4233ba6dd73: Enriched via the virustotal module",
|
|
|
|
"uuid": "47dbcc3d-0e56-44d3-913a-9a13e085cef7"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_comment": "b8e9bb170890e44785cdfbb0b00ea4233ba6dd73: Enriched via the virustotal module",
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--24c72dcd-a2d4-4283-8e2d-ed7a438fc3f0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-06-01T07:12:29.000Z",
|
|
|
|
"modified": "2022-06-01T07:12:29.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/ip_address/136.243.90.99",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "b8e9bb170890e44785cdfbb0b00ea4233ba6dd73: Enriched via the virustotal module",
|
|
|
|
"uuid": "0e94aa43-d907-4979-8e4e-8d7c13eeb00d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "3/91",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "b8e9bb170890e44785cdfbb0b00ea4233ba6dd73: Enriched via the virustotal module",
|
|
|
|
"uuid": "3a5db87d-c339-4549-bb8c-afcbcee798d3"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_comment": "b8e9bb170890e44785cdfbb0b00ea4233ba6dd73: Enriched via the virustotal module",
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--3a6fbda8-bd96-48d0-842d-1d0b1c114e51",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-06-01T07:13:14.000Z",
|
|
|
|
"modified": "2022-06-01T07:13:14.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"domain-ip\"",
|
|
|
|
"misp:meta-category=\"network\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "ip-dst",
|
|
|
|
"object_relation": "ip",
|
|
|
|
"value": "136.243.90.99",
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "b8e9bb170890e44785cdfbb0b00ea4233ba6dd73: Enriched via the virustotal module",
|
|
|
|
"uuid": "c4ade9f2-5e89-4667-91c6-7bef350cae87"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_comment": "b8e9bb170890e44785cdfbb0b00ea4233ba6dd73: Enriched via the virustotal module",
|
|
|
|
"x_misp_meta_category": "network",
|
|
|
|
"x_misp_name": "domain-ip"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--5397bff4-e12d-4503-a803-608ab0a453bf",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-06-01T07:12:02.000Z",
|
|
|
|
"modified": "2022-06-01T07:12:02.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "indicator--9cff63dc-2a41-42e9-aa0f-de04ebd5770f",
|
|
|
|
"target_ref": "x-misp-object--c00a4152-4bb4-4d06-ac6e-12af821f773d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|