adulau/misp-circl-feed
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/581c63d3-9c2b-4af0-994c-c73cf9d2e895.json

6796 lines
2.2 MiB
JSON
Raw Normal View History

chg: [feeds] updated
2024-12-27 11:52:46 +01:00
{
"type": "bundle",
"id": "bundle--581c63d3-9c2b-4af0-994c-c73cf9d2e895",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T17:14:48.000Z",
"modified": "2024-11-07T17:14:48.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--581c63d3-9c2b-4af0-994c-c73cf9d2e895",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T17:14:48.000Z",
"modified": "2024-11-07T17:14:48.000Z",
"name": "OSINT - Gorilla DDoS",
"published": "2024-11-07T17:15:11Z",
"object_refs": [
"indicator--a2ee460d-e8ce-4fce-853f-12cf9757aecc",
"indicator--6eda1474-d953-4893-a8f6-edd727ee109b",
"indicator--5eb14db5-c556-40b7-ae3a-704c4cf7740d",
"indicator--95abf743-fa15-478c-83eb-93d6d82ed177",
"indicator--dbbd1432-dc62-4e8b-82c7-9abcda201f47",
"indicator--79fbdb59-8a92-4a17-ad08-928f9a145882",
"indicator--e8021651-7aac-4ee9-b3ff-1c3d65ccdaec",
"indicator--39f6a684-6e72-4fa1-b25e-c2af2300e195",
"indicator--1ba5caf3-1d43-41a2-b2b1-403c9f219dd5",
"indicator--fe80d4b3-a256-422b-8833-81f6bfbc4e99",
"indicator--9306ce00-f70c-4b49-b48f-614d06763a8d",
"indicator--23fd4bd9-0106-4d54-975e-1a69eb83fb2e",
"indicator--1332141f-4c1e-4da7-8823-e34d7b10746d",
"indicator--e5e27100-2da2-431c-93c2-835fc503c3eb",
"indicator--fe11a39b-af41-4f17-811e-19b5a85c9452",
"indicator--d93297a5-1884-402d-b241-2ffd60ccacdb",
"indicator--cacfe5be-a90e-405f-9d68-2a41788ae3fd",
"indicator--a529ab3b-4820-41b8-a21a-9362d25f37d3",
"indicator--40c9ab87-b8e4-47df-b9b6-c1b26fff0120",
"indicator--01d24d90-43e9-4689-8a69-228134f7c505",
"indicator--c05a40f4-a47b-4c14-8792-3872fbf5e5f8",
"indicator--12c2e2cd-0998-4fa2-b128-d2926c95108f",
"indicator--f814107f-86fb-428a-a3b5-a58adccd38f0",
"indicator--af8adc53-6b01-4710-bad3-4ffd01e70a63",
"indicator--8be61b6c-a0db-46f4-b225-8c02bb39cedc",
"indicator--e1a43e99-dc06-4cbf-88ed-9a4e9c15317e",
"indicator--942412ce-85e2-4d4d-9ec9-bb798d6847aa",
"indicator--c25fa8f5-ff40-41c2-b627-c7f5a0070496",
"indicator--de611fb1-fb29-47b0-82d0-b78a59846f21",
"indicator--00ed1bfb-15af-4760-ac40-331261fae359",
"indicator--1f130604-e1d3-4404-a1f5-74ce6e67ba67",
"indicator--7c9bbbee-3eeb-4303-8abe-d2e635b5ee83",
"indicator--4b245f43-d043-4b69-8612-c20cc4c4e3cb",
"indicator--12a09599-e731-47d1-8ad2-10c7c081a5f6",
"indicator--ae7a7c97-28fe-4264-b9ee-c3d74a01da56",
"indicator--726d05dd-78be-4839-91d3-f1580e10a0d1",
"indicator--d229754c-2195-4a08-9ab4-fb34894fc1d0",
"indicator--9c546b9c-7f1b-4014-b86c-dba774c46fd4",
"indicator--76142d73-ae4e-4819-93ce-97fceae27ad4",
"indicator--0aa10c0b-9753-4141-8c97-4f5983eea8a6",
"indicator--651fdd1d-cf29-4900-80e8-921b6fb6febd",
"indicator--5fb0bf0f-e66f-4a50-80fa-3afc8de18fd0",
"indicator--7cf08c16-d31b-4e70-8159-63b6eda2432b",
"indicator--16fda792-f6ca-468a-a879-b658e527e8db",
"indicator--55197b6a-8788-48f2-8e45-99ab48ddaf1b",
"indicator--5fe7724e-64e5-4322-841f-68d076d96787",
"indicator--302907e5-1dd2-459b-a435-3b14f045b1b0",
"indicator--9aaac43a-f46e-446f-9a86-1b0423544c5c",
"indicator--7a9c2437-689c-4235-b713-4057c96318a0",
"indicator--7cf355c6-94dd-4ec0-9c47-bb192a3c416f",
"indicator--08c6acb2-c62c-48d1-a01b-04145fe71a24",
"indicator--8412fdcd-06b6-4377-8ffa-be805e424865",
"indicator--63e67fc3-0af3-45d3-bb64-c82105176e1a",
"indicator--f61a6fa4-dd42-4346-8446-d5db37fe97d0",
"indicator--c118098b-bcc3-4cc1-8ff4-22a922595e88",
"indicator--d409dbb1-82bc-45a2-83ac-01e6b41c2af5",
"indicator--f5a19aae-0510-4e18-8a4c-5a073927b6bb",
"indicator--17de82b5-16fd-4bec-be4c-5468ec598fb1",
"indicator--7902f645-b5f7-4218-a4e8-c5ec5a180182",
"indicator--aeae15eb-c9b1-4189-acee-4e57bf39ac3c",
"indicator--9e3d7df9-bd2d-4581-92e1-0cc08e0e5c70",
"indicator--d5f7aa4e-92b8-4668-a371-9bab85b40a3a",
"indicator--d89ee045-d548-4221-8ec5-c56f5039ab4b",
"indicator--ef582cf4-5f5b-4a24-a764-1be6706f9b38",
"indicator--4debc156-8f00-45dd-bdf4-e8beae6333de",
"indicator--78287ba2-5572-41d3-afb1-d1c1752f83d8",
"indicator--ad838ff3-d99c-4f6e-8c74-5c168c7f2f5d",
"indicator--7b740095-8992-4004-bcfa-74e4a331de2d",
"indicator--3cc33b13-2cb5-4b89-9571-74e1140baaed",
"indicator--6f7062f6-1bd8-4e1e-93c1-a3e62df10cd7",
"indicator--893a8803-0a9f-4c43-a8ba-5d909fa8ce55",
"indicator--3cf2eb1e-806a-4bbd-bf04-295e36b11d91",
"indicator--ea561d3f-1a0c-405b-8ac4-4053675f6006",
"indicator--ce2b7d13-fe2e-4283-ae36-ffd53077b15b",
"indicator--c2971597-06e8-47fd-8cef-5f2df490adfe",
"indicator--e8697a6c-2629-4693-8376-acdcffe213ce",
"indicator--d623429a-4a92-4080-9080-d710a96ae0a1",
"indicator--5ebf040a-99b5-44a7-88f1-bb1d4dc23e0f",
"indicator--2c9e00eb-b296-4cf7-a925-88cfa96a05e3",
"indicator--7d2bb6c0-3243-4245-a45e-27332b41261f",
"indicator--3177ded7-4787-4bdf-aaff-73e63b95aec4",
"indicator--681da94d-bd87-4768-a94a-b1580e034b25",
"indicator--ab4f1fb1-cd16-402d-9801-7083f90fda11",
"indicator--30f30a78-1e24-4a1b-921b-c48a9e1e667e",
"indicator--2e5b9eae-6582-48b7-b113-35780efd0123",
"indicator--94cedd6d-7fca-40c4-a077-8da2ce554f10",
"indicator--d4871f0c-f6b9-4f0a-b1ee-e44d56dad43c",
"indicator--e259d986-91ba-4d85-8634-e0af8ef4ab41",
"indicator--92f6cbd4-280f-46c1-b528-baef3c3d1f04",
"indicator--99b42022-2a84-4ab5-a380-82a40ee22e4a",
"indicator--28ad127c-4476-4251-9100-37e0b7810463",
"indicator--ea0c31f7-2d94-439e-bb8b-f0a9bd151ad4",
"indicator--40d19067-b80c-48b5-9f3f-c2915291ced9",
"indicator--e7969a1d-018c-479f-9705-9204ef838d43",
"indicator--c4eb8df9-7e64-42af-8e54-0949b31ddc39",
"indicator--3ef5b5cc-50e3-4cd2-9d37-b7bc703c81e8",
"indicator--74bdd07f-a6bf-402b-a562-73c9e902cc08",
"indicator--736fd4f8-ce88-4752-86d4-c2f459a4c638",
"indicator--0465b455-f917-4158-adb2-fcb37e53596a",
"indicator--e3300b45-ef4c-4780-93ad-1ca9a1e9837d",
"indicator--3fe0d130-26f9-4619-8e40-a2d19cc50437",
"indicator--f88618bd-a78a-472b-af1c-a78523a22bf6",
"indicator--478133ab-a899-42a2-a04d-30be86c4b13f",
"indicator--9db20001-91f7-4159-9321-604d15f533d4",
"indicator--170e6a9b-495a-4aed-a46a-77dc79ff6da1",
"indicator--6e31304f-b772-4879-bbcf-03f7b7c4c7af",
"indicator--dca4d2ab-75d4-4791-a76f-bf9a72490b73",
"indicator--9998d8e2-da8e-485d-beeb-7ffa99eaabe6",
"indicator--b37ce15d-d40b-4735-8f27-1b589f9be5ef",
"indicator--c5bfc83d-7acb-472b-82f2-febf301426c4",
"indicator--8ced8a79-067b-4aab-a5c3-124d16fb48ff",
"indicator--3a64b7bf-527a-42e9-bf75-9df0723b8127",
"indicator--19efd0b7-fd6f-437f-baf6-015b98de8866",
"indicator--91f05de0-53e4-47f5-8c9f-f0a9faf5f01a",
"indicator--9b906fcf-79af-41b1-bedb-b7658ed94896",
"indicator--7f962387-8aed-49bf-95e3-df35c8428694",
"indicator--175d384a-a480-4709-ae75-8f2004e1eed1",
"indicator--8e1676a8-c7f4-411a-895e-e3b6653884ad",
"indicator--0bc0ff58-3bae-45b0-94d0-bbed0a71261f",
"indicator--4067e767-b630-4c0a-bb54-87408cc07aee",
"indicator--6f18a656-daa6-4b5b-9ba3-8901dffa3e20",
"indicator--836f789c-c47d-427a-a213-180432bf8dfa",
"indicator--a1ae468a-22c8-4ca3-b00d-85326b564b71",
"indicator--317c6d9d-a818-4520-90a8-05cae383d96d",
"indicator--95187ff0-ff81-466e-8b9a-e33d9ae5d5e6",
"indicator--f7f2a052-ae19-497b-922b-a00b4402c22e",
"indicator--81b0e116-9733-47c0-b03c-ebb6859c026a",
"indicator--f80e3e62-6acc-44cf-86fc-fcea54354a8d",
"indicator--08ecb208-d55c-4c65-ae2b-1239a0d49c52",
"indicator--d29702b3-b4f3-400f-a36d-85854f8fe0c5",
"indicator--6be31cba-7b58-4400-9967-ccdbfee59e0e",
"indicator--e47f0bbf-ff26-4e1c-bce7-d7f3f7a95bb2",
"indicator--4bc4e2f5-78b6-4e8a-b1b1-9fe969eeede7",
"indicator--974eb506-9b1d-4fdc-9078-37bfed62919b",
"indicator--6ad46983-274a-4b7d-9412-074914637532",
"indicator--b14b2624-ce89-4972-b205-e2cb41a537c8",
"indicator--04f16753-bab5-42a9-ba12-6ed99b52d28a",
"indicator--05c3dcd2-89e7-49b5-9bc7-06c8d56a3baa",
"indicator--6fc570b2-0f21-4503-aa39-831338f65c5f",
"indicator--ac3bc1e1-f367-4427-9975-a4ed04e929a6",
"indicator--efb8d19d-2d94-4b6e-a88f-c171b3586e4e",
"indicator--048096c6-3c41-4d50-94bc-4fccdd0ad50d",
"indicator--8534f8d0-4fac-4c4d-93bb-0e726da5f8e0",
"indicator--6062d33d-aa2c-4f1f-911c-837593e8fbb4",
"indicator--52fb5a19-8f62-4dc0-ac83-19a68f018ac4",
"indicator--c66f5f86-2fe3-45ac-9813-f9ed940e82ed",
"indicator--00dbc40b-0495-493d-9296-8b939a631cde",
"indicator--b3e1c2cd-b534-4bdc-9455-07a1cca8e8ce",
"indicator--7f46989d-8fcd-4231-b959-742f5ffc8d94",
"indicator--025eac53-5a5b-4387-8805-bef2aac7ee75",
"indicator--4455033a-692a-452d-a8c3-dbea15626231",
"indicator--7d2a99c5-9e1f-4042-b4f7-208925f60219",
"indicator--08ac0f6e-a472-4864-9b41-b6267dfed479",
"indicator--9f49787a-d363-40e7-9c96-d3cd172b47d3",
"indicator--b8c7f7e6-78c3-444b-9318-72ae96853488",
"indicator--9a03def5-9a9b-42da-974f-a036980f7502",
"indicator--b108ca3d-323a-48c5-a1a5-449a64af3b99",
"indicator--34cc9c99-7bac-4c23-b8f1-6cc3e7540489",
"indicator--137f2ea9-9c2d-4f70-a24b-982c74632152",
"indicator--6fe14e68-ea3a-43b4-8384-4aba9732d56a",
"indicator--f5012b85-f1b0-4bb0-826e-ba523a508d14",
"indicator--94b5a879-33a2-4592-b50f-1dde58a27621",
"indicator--80bff0ff-53fa-4e4e-b0c2-64c7872d74e4",
"indicator--d104bc1f-d4eb-4cb6-a98e-5e65243fd93b",
"indicator--ec92f1b2-6c50-4962-9d51-ac9d84bc6989",
"indicator--0e0087fc-234b-4715-9ef2-4b24e82b16f1",
"indicator--caba2472-0b3e-4ae0-bc8e-9d75dc23f291",
"indicator--a86aab47-b95c-4ec8-a751-0bc2a970b75b",
"indicator--10318329-c169-4a9d-bfd7-48ac48147ac5",
"indicator--2a310634-d36e-4fbb-b57b-c90b65c83126",
"indicator--ac26abf7-fb59-461b-b1e2-3bb16a88a726",
"indicator--4b99878a-948b-4c44-a6bb-5c8b90166511",
"indicator--8a76c574-5efc-4379-bcd9-29e205edf4f2",
"indicator--e2fb4f72-e72b-481e-be62-0c2f81fe7e75",
"indicator--84d34aee-5dc0-471c-b10c-98f61d36e0d0",
"indicator--ab3d8a45-bc1c-46e8-b589-5c41e3f4dd1e",
"indicator--8deb65b2-75bd-405a-b8b8-10db870d851c",
"indicator--03373592-1e72-4cd0-a48f-c58c71c520ac",
"indicator--205f794b-498a-44d3-9ad7-cd2d56d21cb6",
"indicator--90e115c2-0031-4a19-bace-f50fb850d253",
"indicator--083ecf5f-5bc2-4745-a4a8-3b5a29462bd7",
"indicator--17493e66-1ec8-491a-81d3-01d59bda4f4c",
"indicator--c89173e4-c0a3-42eb-bfa1-3f4625d7da63",
"x-misp-object--07201f05-298f-462d-9bdd-e67628c7aa6b",
"indicator--09184aa4-8266-4f6e-a041-e66199369469",
"x-misp-object--2c31cdb0-acda-451e-8ad8-6372e205487c",
"x-misp-object--61ea8ce2-ef50-44e4-a5a2-9709bba1e3aa",
"x-misp-object--d7c9ea35-b2b4-4e8e-b830-dc018f7a47ad",
"x-misp-object--bb59213c-ea39-4b05-b2b4-7a784e8fb387",
"x-misp-object--783e3102-3921-48c7-bcb1-94c014081ac1",
"x-misp-object--c3045b09-bdc5-440e-8756-6564adf707f7",
"x-misp-object--ea1812f3-b755-4c27-b117-a86d79a2f7c4",
"x-misp-object--0db20072-8b84-4d24-bd4f-43c0e31538b2",
"x-misp-object--9bd6147d-ea53-4bd5-8f1a-7afe5c0be463",
"x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"indicator--a863f04b-e1ef-4c93-8f1e-9bacce089cd0",
"x-misp-object--7643a61d-31ad-4ded-a4ed-930b6dd0c4dc",
"x-misp-object--014c63d0-2dd0-4f1b-86c5-2a772013b345",
"x-misp-object--e2bee0d4-c8a5-4926-8169-725790fa7270",
"x-misp-object--fe6b8d22-49d5-49b5-9841-5c973aa0393f",
"x-misp-object--108681f1-f6b4-4fe6-abdb-16b2ad1ea4d2",
"x-misp-object--0d2a323b-184e-470a-bfc2-d361c4346b24",
"x-misp-object--4092900d-d954-4a61-8e44-794e7a7d71b4",
"x-misp-object--b3ee5faa-d20e-4b19-a695-acd931331e11",
"x-misp-object--860c87d0-7fd3-44b3-a805-81952a56f50e",
"x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"indicator--75e53b3e-7629-4b07-9805-cccfc2c61212",
"relationship--029b9f8f-502a-4a4b-bf78-e40b326fb2dd",
"relationship--d1c9da4e-9892-4c97-82be-cc87cc389ed9",
"relationship--1727de7a-7701-4624-b9f4-4aaef916366d",
"relationship--7400d9da-36e5-4047-94d1-8e6717839291",
"relationship--84502403-b1b6-4ea2-8d90-a51dc72c9d78",
"relationship--3e963b58-e4e7-402f-9f94-488743517603",
"relationship--d8230d1a-d387-47b3-9d37-00a5c7fc76fd",
"relationship--e0e66484-c01f-4dc3-9388-e6c4cd448ec6",
"relationship--e71c5562-1540-4161-a437-b4bcdffcc955",
"relationship--76be9a3f-e330-443c-a05b-27ea88b2b00c",
"relationship--16640f5c-71c2-4fde-853b-7fe418bc0af9",
"relationship--9b207a37-d9c1-41da-a9a1-13510d8bc37a",
"relationship--ff5d4002-9136-4203-9b8d-dfa9a5322e2c",
"relationship--f4b35a23-938c-46c6-b460-38a4e4da0d08",
"relationship--f87caa11-9358-4fc3-889d-40dfeeb0b507",
"relationship--d7c5e813-6940-41ef-ba8d-7ed54573a176",
"relationship--633b6041-6d44-40b1-993d-9152a59e27fe",
"relationship--a3f83a6c-aaa3-4f85-91b8-68d716cf8b1d",
"relationship--001558e3-cebd-4c9f-b471-8116939511e4",
"relationship--e43220eb-e235-4a67-8c3d-2dff8534c31c"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"tlp:clear",
"misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1464\"",
"misp-galaxy:mitre-attack-pattern=\"Endpoint Denial of Service - T1499\"",
"misp-galaxy:mitre-attack-pattern=\"Endpoint Denial of Service - T1642\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a2ee460d-e8ce-4fce-853f-12cf9757aecc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:05.000Z",
"modified": "2024-11-07T15:56:05.000Z",
"pattern": "[domain-name:value = 'gorillacnc.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6eda1474-d953-4893-a8f6-edd727ee109b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:05.000Z",
"modified": "2024-11-07T15:56:05.000Z",
"pattern": "[domain-name:value = 'gorillabin.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5eb14db5-c556-40b7-ae3a-704c4cf7740d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:05.000Z",
"modified": "2024-11-07T15:56:05.000Z",
"pattern": "[domain-name:value = 'gorillaservices.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--95abf743-fa15-478c-83eb-93d6d82ed177",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:05.000Z",
"modified": "2024-11-07T15:56:05.000Z",
"pattern": "[domain-name:value = 'gorillafirewall.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dbbd1432-dc62-4e8b-82c7-9abcda201f47",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:05.000Z",
"modified": "2024-11-07T15:56:05.000Z",
"pattern": "[domain-name:value = 'gorillaproxy.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--79fbdb59-8a92-4a17-ad08-928f9a145882",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:05.000Z",
"modified": "2024-11-07T15:56:05.000Z",
"pattern": "[domain-name:value = 'gorilla-api.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e8021651-7aac-4ee9-b3ff-1c3d65ccdaec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 80",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.143.1.61' AND network-traffic:dst_port = '80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--39f6a684-6e72-4fa1-b25e-c2af2300e195",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 80",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.143.1.70' AND network-traffic:dst_port = '80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1ba5caf3-1d43-41a2-b2b1-403c9f219dd5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 7070",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.143.1.66' AND network-traffic:dst_port = '7070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fe80d4b3-a256-422b-8833-81f6bfbc4e99",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 7070",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.143.1.56' AND network-traffic:dst_port = '7070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9306ce00-f70c-4b49-b48f-614d06763a8d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 7070",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.143.1.62' AND network-traffic:dst_port = '7070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--23fd4bd9-0106-4d54-975e-1a69eb83fb2e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 7070",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.170.144.85' AND network-traffic:dst_port = '7070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1332141f-4c1e-4da7-8823-e34d7b10746d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 7070",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '154.216.19.146' AND network-traffic:dst_port = '7070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e5e27100-2da2-431c-93c2-835fc503c3eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 7070",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.156.177.62' AND network-traffic:dst_port = '7070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fe11a39b-af41-4f17-811e-19b5a85c9452",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 38241",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.123.85.166' AND network-traffic:dst_port = '38241']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d93297a5-1884-402d-b241-2ffd60ccacdb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 38241",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.202.35.64' AND network-traffic:dst_port = '38241']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cacfe5be-a90e-405f-9d68-2a41788ae3fd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 38242",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '154.216.19.139' AND network-traffic:dst_port = '38242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a529ab3b-4820-41b8-a21a-9362d25f37d3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 38241",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '154.216.17.220' AND network-traffic:dst_port = '38241']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--40c9ab87-b8e4-47df-b9b6-c1b26fff0120",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 38242",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.143.1.59' AND network-traffic:dst_port = '38242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--01d24d90-43e9-4689-8a69-228134f7c505",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 38242",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.156.177.61' AND network-traffic:dst_port = '38242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c05a40f4-a47b-4c14-8792-3872fbf5e5f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:31.000Z",
"modified": "2024-11-07T15:56:31.000Z",
"description": "On port 38242",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.170.144.84' AND network-traffic:dst_port = '38242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--12c2e2cd-0998-4fa2-b128-d2926c95108f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:57.000Z",
"modified": "2024-11-07T15:56:57.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.17.182/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '154.216.17.182' AND url:x_misp_domain_without_tld = '154.216.17.182' AND url:x_misp_domain = '154.216.17.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f814107f-86fb-428a-a3b5-a58adccd38f0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:57.000Z",
"modified": "2024-11-07T15:56:57.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.17.182/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '154.216.17.182' AND url:x_misp_domain_without_tld = '154.216.17.182' AND url:x_misp_domain = '154.216.17.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--af8adc53-6b01-4710-bad3-4ffd01e70a63",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:57.000Z",
"modified": "2024-11-07T15:56:57.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.17.182/lol' AND url:x_misp_resource_path = '/lol' AND url:x_misp_host = '154.216.17.182' AND url:x_misp_domain_without_tld = '154.216.17.182' AND url:x_misp_domain = '154.216.17.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8be61b6c-a0db-46f4-b225-8c02bb39cedc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:57.000Z",
"modified": "2024-11-07T15:56:57.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.17.182/lol.sh' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = '154.216.17.182' AND url:x_misp_domain_without_tld = '154.216.17.182' AND url:x_misp_domain = '154.216.17.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e1a43e99-dc06-4cbf-88ed-9a4e9c15317e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:57.000Z",
"modified": "2024-11-07T15:56:57.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.17.182/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '154.216.17.182' AND url:x_misp_domain_without_tld = '154.216.17.182' AND url:x_misp_domain = '154.216.17.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--942412ce-85e2-4d4d-9ec9-bb798d6847aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:57.000Z",
"modified": "2024-11-07T15:56:57.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.18.173/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '154.216.18.173' AND url:x_misp_domain_without_tld = '154.216.18.173' AND url:x_misp_domain = '154.216.18.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c25fa8f5-ff40-41c2-b627-c7f5a0070496",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:57.000Z",
"modified": "2024-11-07T15:56:57.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.18.173/lol' AND url:x_misp_resource_path = '/lol' AND url:x_misp_host = '154.216.18.173' AND url:x_misp_domain_without_tld = '154.216.18.173' AND url:x_misp_domain = '154.216.18.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--de611fb1-fb29-47b0-82d0-b78a59846f21",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:57.000Z",
"modified": "2024-11-07T15:56:57.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.18.173/lol.sh' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = '154.216.18.173' AND url:x_misp_domain_without_tld = '154.216.18.173' AND url:x_misp_domain = '154.216.18.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--00ed1bfb-15af-4760-ac40-331261fae359",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.18.173/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '154.216.18.173' AND url:x_misp_domain_without_tld = '154.216.18.173' AND url:x_misp_domain = '154.216.18.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1f130604-e1d3-4404-a1f5-74ce6e67ba67",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/arm5.nn' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7c9bbbee-3eeb-4303-8abe-d2e635b5ee83",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4b245f43-d043-4b69-8612-c20cc4c4e3cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--12a09599-e731-47d1-8ad2-10c7c081a5f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/arm.nn' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae7a7c97-28fe-4264-b9ee-c3d74a01da56",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/lol' AND url:x_misp_resource_path = '/lol' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--726d05dd-78be-4839-91d3-f1580e10a0d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/lol.sh' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d229754c-2195-4a08-9ab4-fb34894fc1d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/m68k.nn' AND url:x_misp_resource_path = '/m68k.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9c546b9c-7f1b-4014-b86c-dba774c46fd4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/mipsel.nn' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--76142d73-ae4e-4819-93ce-97fceae27ad4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/mips.nn' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0aa10c0b-9753-4141-8c97-4f5983eea8a6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/powerpc.nn' AND url:x_misp_resource_path = '/powerpc.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--651fdd1d-cf29-4900-80e8-921b6fb6febd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:58.000Z",
"modified": "2024-11-07T15:56:58.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/sh4.nn' AND url:x_misp_resource_path = '/sh4.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5fb0bf0f-e66f-4a50-80fa-3afc8de18fd0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/sparc.nn' AND url:x_misp_resource_path = '/sparc.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7cf08c16-d31b-4e70-8159-63b6eda2432b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--16fda792-f6ca-468a-a879-b658e527e8db",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.19.61/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '154.216.19.61' AND url:x_misp_domain_without_tld = '154.216.19.61' AND url:x_misp_domain = '154.216.19.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55197b6a-8788-48f2-8e45-99ab48ddaf1b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/arm5.nn' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5fe7724e-64e5-4322-841f-68d076d96787",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--302907e5-1dd2-459b-a435-3b14f045b1b0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9aaac43a-f46e-446f-9a86-1b0423544c5c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/arm.nn' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7a9c2437-689c-4235-b713-4057c96318a0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/lol' AND url:x_misp_resource_path = '/lol' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7cf355c6-94dd-4ec0-9c47-bb192a3c416f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/lol.sh' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--08c6acb2-c62c-48d1-a01b-04145fe71a24",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/m68k.nn' AND url:x_misp_resource_path = '/m68k.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8412fdcd-06b6-4377-8ffa-be805e424865",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/mipsel.nn' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--63e67fc3-0af3-45d3-bb64-c82105176e1a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/mips.nn' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f61a6fa4-dd42-4346-8446-d5db37fe97d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/powerpc.nn' AND url:x_misp_resource_path = '/powerpc.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c118098b-bcc3-4cc1-8ff4-22a922595e88",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:56:59.000Z",
"modified": "2024-11-07T15:56:59.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/sh4.nn' AND url:x_misp_resource_path = '/sh4.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:56:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d409dbb1-82bc-45a2-83ac-01e6b41c2af5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/sparc.nn' AND url:x_misp_resource_path = '/sparc.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f5a19aae-0510-4e18-8a4c-5a073927b6bb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--17de82b5-16fd-4bec-be4c-5468ec598fb1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.14/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '154.216.20.14' AND url:x_misp_domain_without_tld = '154.216.20.14' AND url:x_misp_domain = '154.216.20.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7902f645-b5f7-4218-a4e8-c5ec5a180182",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/arm5.nn' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--aeae15eb-c9b1-4189-acee-4e57bf39ac3c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e3d7df9-bd2d-4581-92e1-0cc08e0e5c70",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d5f7aa4e-92b8-4668-a371-9bab85b40a3a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/arm.nn' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d89ee045-d548-4221-8ec5-c56f5039ab4b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/lol' AND url:x_misp_resource_path = '/lol' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ef582cf4-5f5b-4a24-a764-1be6706f9b38",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/lol.sh' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4debc156-8f00-45dd-bdf4-e8beae6333de",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/m68k.nn' AND url:x_misp_resource_path = '/m68k.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--78287ba2-5572-41d3-afb1-d1c1752f83d8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/mipsel.nn' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ad838ff3-d99c-4f6e-8c74-5c168c7f2f5d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/mips.nn' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7b740095-8992-4004-bcfa-74e4a331de2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/powerpc.nn' AND url:x_misp_resource_path = '/powerpc.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3cc33b13-2cb5-4b89-9571-74e1140baaed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:00.000Z",
"modified": "2024-11-07T15:57:00.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/sh4.nn' AND url:x_misp_resource_path = '/sh4.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6f7062f6-1bd8-4e1e-93c1-a3e62df10cd7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/sparc.nn' AND url:x_misp_resource_path = '/sparc.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--893a8803-0a9f-4c43-a8ba-5d909fa8ce55",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3cf2eb1e-806a-4bbd-bf04-295e36b11d91",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://154.216.20.45/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '154.216.20.45' AND url:x_misp_domain_without_tld = '154.216.20.45' AND url:x_misp_domain = '154.216.20.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ea561d3f-1a0c-405b-8ac4-4053675f6006",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/arm5.nn' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ce2b7d13-fe2e-4283-ae36-ffd53077b15b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c2971597-06e8-47fd-8cef-5f2df490adfe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e8697a6c-2629-4693-8376-acdcffe213ce",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/arm.nn' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d623429a-4a92-4080-9080-d710a96ae0a1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/lol' AND url:x_misp_resource_path = '/lol' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ebf040a-99b5-44a7-88f1-bb1d4dc23e0f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/lol.sh' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2c9e00eb-b296-4cf7-a925-88cfa96a05e3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/m68k.nn' AND url:x_misp_resource_path = '/m68k.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d2bb6c0-3243-4245-a45e-27332b41261f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/mipsel.nn' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3177ded7-4787-4bdf-aaff-73e63b95aec4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/mips.nn' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--681da94d-bd87-4768-a94a-b1580e034b25",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/powerpc.nn' AND url:x_misp_resource_path = '/powerpc.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ab4f1fb1-cd16-402d-9801-7083f90fda11",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:01.000Z",
"modified": "2024-11-07T15:57:01.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/sh4.nn' AND url:x_misp_resource_path = '/sh4.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--30f30a78-1e24-4a1b-921b-c48a9e1e667e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/sparc.nn' AND url:x_misp_resource_path = '/sparc.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2e5b9eae-6582-48b7-b113-35780efd0123",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94cedd6d-7fca-40c4-a077-8da2ce554f10",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://185.170.144.49/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '185.170.144.49' AND url:x_misp_domain_without_tld = '185.170.144.49' AND url:x_misp_domain = '185.170.144.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d4871f0c-f6b9-4f0a-b1ee-e44d56dad43c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.202.35.87/m68k.nn' AND url:x_misp_resource_path = '/m68k.nn' AND url:x_misp_host = '45.202.35.87' AND url:x_misp_domain_without_tld = '45.202.35.87' AND url:x_misp_domain = '45.202.35.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e259d986-91ba-4d85-8634-e0af8ef4ab41",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.202.35.87/mipsel.nn' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = '45.202.35.87' AND url:x_misp_domain_without_tld = '45.202.35.87' AND url:x_misp_domain = '45.202.35.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--92f6cbd4-280f-46c1-b528-baef3c3d1f04",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.202.35.87/mips.nn' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = '45.202.35.87' AND url:x_misp_domain_without_tld = '45.202.35.87' AND url:x_misp_domain = '45.202.35.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--99b42022-2a84-4ab5-a380-82a40ee22e4a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.202.35.87/powerpc.nn' AND url:x_misp_resource_path = '/powerpc.nn' AND url:x_misp_host = '45.202.35.87' AND url:x_misp_domain_without_tld = '45.202.35.87' AND url:x_misp_domain = '45.202.35.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--28ad127c-4476-4251-9100-37e0b7810463",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.202.35.87/sparc.nn' AND url:x_misp_resource_path = '/sparc.nn' AND url:x_misp_host = '45.202.35.87' AND url:x_misp_domain_without_tld = '45.202.35.87' AND url:x_misp_domain = '45.202.35.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ea0c31f7-2d94-439e-bb8b-f0a9bd151ad4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.202.35.87/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '45.202.35.87' AND url:x_misp_domain_without_tld = '45.202.35.87' AND url:x_misp_domain = '45.202.35.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--40d19067-b80c-48b5-9f3f-c2915291ced9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.202.35.87/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '45.202.35.87' AND url:x_misp_domain_without_tld = '45.202.35.87' AND url:x_misp_domain = '45.202.35.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e7969a1d-018c-479f-9705-9204ef838d43",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.66.231.26/lol' AND url:x_misp_resource_path = '/lol' AND url:x_misp_host = '45.66.231.26' AND url:x_misp_domain_without_tld = '45.66.231.26' AND url:x_misp_domain = '45.66.231.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c4eb8df9-7e64-42af-8e54-0949b31ddc39",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.66.231.26/lol.sh' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = '45.66.231.26' AND url:x_misp_domain_without_tld = '45.66.231.26' AND url:x_misp_domain = '45.66.231.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3ef5b5cc-50e3-4cd2-9d37-b7bc703c81e8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:02.000Z",
"modified": "2024-11-07T15:57:02.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.66.231.26/m68k.nn' AND url:x_misp_resource_path = '/m68k.nn' AND url:x_misp_host = '45.66.231.26' AND url:x_misp_domain_without_tld = '45.66.231.26' AND url:x_misp_domain = '45.66.231.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--74bdd07f-a6bf-402b-a562-73c9e902cc08",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.66.231.26/powerpc.nn' AND url:x_misp_resource_path = '/powerpc.nn' AND url:x_misp_host = '45.66.231.26' AND url:x_misp_domain_without_tld = '45.66.231.26' AND url:x_misp_domain = '45.66.231.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--736fd4f8-ce88-4752-86d4-c2f459a4c638",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.66.231.26/sh4.nn' AND url:x_misp_resource_path = '/sh4.nn' AND url:x_misp_host = '45.66.231.26' AND url:x_misp_domain_without_tld = '45.66.231.26' AND url:x_misp_domain = '45.66.231.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0465b455-f917-4158-adb2-fcb37e53596a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.66.231.26/sparc.nn' AND url:x_misp_resource_path = '/sparc.nn' AND url:x_misp_host = '45.66.231.26' AND url:x_misp_domain_without_tld = '45.66.231.26' AND url:x_misp_domain = '45.66.231.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e3300b45-ef4c-4780-93ad-1ca9a1e9837d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.88.88.41/arm5.nn' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = '45.88.88.41' AND url:x_misp_domain_without_tld = '45.88.88.41' AND url:x_misp_domain = '45.88.88.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3fe0d130-26f9-4619-8e40-a2d19cc50437",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.88.88.41/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '45.88.88.41' AND url:x_misp_domain_without_tld = '45.88.88.41' AND url:x_misp_domain = '45.88.88.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f88618bd-a78a-472b-af1c-a78523a22bf6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.88.88.41/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '45.88.88.41' AND url:x_misp_domain_without_tld = '45.88.88.41' AND url:x_misp_domain = '45.88.88.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--478133ab-a899-42a2-a04d-30be86c4b13f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.88.88.41/arm.nn' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = '45.88.88.41' AND url:x_misp_domain_without_tld = '45.88.88.41' AND url:x_misp_domain = '45.88.88.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9db20001-91f7-4159-9321-604d15f533d4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.88.88.41/mipsel.nn' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = '45.88.88.41' AND url:x_misp_domain_without_tld = '45.88.88.41' AND url:x_misp_domain = '45.88.88.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--170e6a9b-495a-4aed-a46a-77dc79ff6da1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.88.88.41/mips.nn' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = '45.88.88.41' AND url:x_misp_domain_without_tld = '45.88.88.41' AND url:x_misp_domain = '45.88.88.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6e31304f-b772-4879-bbcf-03f7b7c4c7af",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.88.88.41/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '45.88.88.41' AND url:x_misp_domain_without_tld = '45.88.88.41' AND url:x_misp_domain = '45.88.88.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dca4d2ab-75d4-4791-a76f-bf9a72490b73",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.88.88.41/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '45.88.88.41' AND url:x_misp_domain_without_tld = '45.88.88.41' AND url:x_misp_domain = '45.88.88.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9998d8e2-da8e-485d-beeb-7ffa99eaabe6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/arm5.nn' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b37ce15d-d40b-4735-8f27-1b589f9be5ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c5bfc83d-7acb-472b-82f2-febf301426c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:03.000Z",
"modified": "2024-11-07T15:57:03.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8ced8a79-067b-4aab-a5c3-124d16fb48ff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/arm.nn' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a64b7bf-527a-42e9-bf75-9df0723b8127",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/lol' AND url:x_misp_resource_path = '/lol' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--19efd0b7-fd6f-437f-baf6-015b98de8866",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/lol.sh' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--91f05de0-53e4-47f5-8c9f-f0a9faf5f01a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/m68k.nn' AND url:x_misp_resource_path = '/m68k.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9b906fcf-79af-41b1-bedb-b7658ed94896",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/mipsel.nn' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7f962387-8aed-49bf-95e3-df35c8428694",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/mips.nn' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--175d384a-a480-4709-ae75-8f2004e1eed1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/powerpc.nn' AND url:x_misp_resource_path = '/powerpc.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8e1676a8-c7f4-411a-895e-e3b6653884ad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/sh4.nn' AND url:x_misp_resource_path = '/sh4.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0bc0ff58-3bae-45b0-94d0-bbed0a71261f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/sparc.nn' AND url:x_misp_resource_path = '/sparc.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4067e767-b630-4c0a-bb54-87408cc07aee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6f18a656-daa6-4b5b-9ba3-8901dffa3e20",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://45.89.247.112/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '45.89.247.112' AND url:x_misp_domain_without_tld = '45.89.247.112' AND url:x_misp_domain = '45.89.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--836f789c-c47d-427a-a213-180432bf8dfa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://46.8.69.32/arm5.nn' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = '46.8.69.32' AND url:x_misp_domain_without_tld = '46.8.69.32' AND url:x_misp_domain = '46.8.69.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1ae468a-22c8-4ca3-b00d-85326b564b71",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://46.8.69.32/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '46.8.69.32' AND url:x_misp_domain_without_tld = '46.8.69.32' AND url:x_misp_domain = '46.8.69.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--317c6d9d-a818-4520-90a8-05cae383d96d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:04.000Z",
"modified": "2024-11-07T15:57:04.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://46.8.69.32/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '46.8.69.32' AND url:x_misp_domain_without_tld = '46.8.69.32' AND url:x_misp_domain = '46.8.69.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--95187ff0-ff81-466e-8b9a-e33d9ae5d5e6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://46.8.69.32/arm.nn' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = '46.8.69.32' AND url:x_misp_domain_without_tld = '46.8.69.32' AND url:x_misp_domain = '46.8.69.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f7f2a052-ae19-497b-922b-a00b4402c22e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://46.8.69.32/lol' AND url:x_misp_resource_path = '/lol' AND url:x_misp_host = '46.8.69.32' AND url:x_misp_domain_without_tld = '46.8.69.32' AND url:x_misp_domain = '46.8.69.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--81b0e116-9733-47c0-b03c-ebb6859c026a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://46.8.69.32/lol.sh' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = '46.8.69.32' AND url:x_misp_domain_without_tld = '46.8.69.32' AND url:x_misp_domain = '46.8.69.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f80e3e62-6acc-44cf-86fc-fcea54354a8d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://46.8.69.32/mipsel.nn' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = '46.8.69.32' AND url:x_misp_domain_without_tld = '46.8.69.32' AND url:x_misp_domain = '46.8.69.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--08ecb208-d55c-4c65-ae2b-1239a0d49c52",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://46.8.69.32/mips.nn' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = '46.8.69.32' AND url:x_misp_domain_without_tld = '46.8.69.32' AND url:x_misp_domain = '46.8.69.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d29702b3-b4f3-400f-a36d-85854f8fe0c5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://46.8.69.32/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '46.8.69.32' AND url:x_misp_domain_without_tld = '46.8.69.32' AND url:x_misp_domain = '46.8.69.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6be31cba-7b58-4400-9967-ccdbfee59e0e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://46.8.69.32/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '46.8.69.32' AND url:x_misp_domain_without_tld = '46.8.69.32' AND url:x_misp_domain = '46.8.69.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e47f0bbf-ff26-4e1c-bce7-d7f3f7a95bb2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://91.194.55.151/arm5.nn' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = '91.194.55.151' AND url:x_misp_domain_without_tld = '91.194.55.151' AND url:x_misp_domain = '91.194.55.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4bc4e2f5-78b6-4e8a-b1b1-9fe969eeede7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://91.194.55.151/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '91.194.55.151' AND url:x_misp_domain_without_tld = '91.194.55.151' AND url:x_misp_domain = '91.194.55.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--974eb506-9b1d-4fdc-9078-37bfed62919b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://91.194.55.151/arm7' AND url:x_misp_resource_path = '/arm7' AND url:x_misp_host = '91.194.55.151' AND url:x_misp_domain_without_tld = '91.194.55.151' AND url:x_misp_domain = '91.194.55.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6ad46983-274a-4b7d-9412-074914637532",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://91.194.55.151/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '91.194.55.151' AND url:x_misp_domain_without_tld = '91.194.55.151' AND url:x_misp_domain = '91.194.55.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b14b2624-ce89-4972-b205-e2cb41a537c8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://91.194.55.151/arm.nn' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = '91.194.55.151' AND url:x_misp_domain_without_tld = '91.194.55.151' AND url:x_misp_domain = '91.194.55.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--04f16753-bab5-42a9-ba12-6ed99b52d28a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://91.194.55.151/mips' AND url:x_misp_resource_path = '/mips' AND url:x_misp_host = '91.194.55.151' AND url:x_misp_domain_without_tld = '91.194.55.151' AND url:x_misp_domain = '91.194.55.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--05c3dcd2-89e7-49b5-9bc7-06c8d56a3baa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://91.194.55.151/mipsel' AND url:x_misp_resource_path = '/mipsel' AND url:x_misp_host = '91.194.55.151' AND url:x_misp_domain_without_tld = '91.194.55.151' AND url:x_misp_domain = '91.194.55.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6fc570b2-0f21-4503-aa39-831338f65c5f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:05.000Z",
"modified": "2024-11-07T15:57:05.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://91.194.55.151/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '91.194.55.151' AND url:x_misp_domain_without_tld = '91.194.55.151' AND url:x_misp_domain = '91.194.55.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ac3bc1e1-f367-4427-9975-a4ed04e929a6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://91.194.55.151/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '91.194.55.151' AND url:x_misp_domain_without_tld = '91.194.55.151' AND url:x_misp_domain = '91.194.55.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--efb8d19d-2d94-4b6e-a88f-c171b3586e4e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.177.68/arm5.nn' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = '94.156.177.68' AND url:x_misp_domain_without_tld = '94.156.177.68' AND url:x_misp_domain = '94.156.177.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--048096c6-3c41-4d50-94bc-4fccdd0ad50d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.177.68/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '94.156.177.68' AND url:x_misp_domain_without_tld = '94.156.177.68' AND url:x_misp_domain = '94.156.177.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8534f8d0-4fac-4c4d-93bb-0e726da5f8e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.177.68/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '94.156.177.68' AND url:x_misp_domain_without_tld = '94.156.177.68' AND url:x_misp_domain = '94.156.177.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6062d33d-aa2c-4f1f-911c-837593e8fbb4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.177.68/arm.nn' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = '94.156.177.68' AND url:x_misp_domain_without_tld = '94.156.177.68' AND url:x_misp_domain = '94.156.177.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--52fb5a19-8f62-4dc0-ac83-19a68f018ac4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.177.68/mipsel.nn' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = '94.156.177.68' AND url:x_misp_domain_without_tld = '94.156.177.68' AND url:x_misp_domain = '94.156.177.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c66f5f86-2fe3-45ac-9813-f9ed940e82ed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.177.68/mips.nn' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = '94.156.177.68' AND url:x_misp_domain_without_tld = '94.156.177.68' AND url:x_misp_domain = '94.156.177.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--00dbc40b-0495-493d-9296-8b939a631cde",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.177.68/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '94.156.177.68' AND url:x_misp_domain_without_tld = '94.156.177.68' AND url:x_misp_domain = '94.156.177.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b3e1c2cd-b534-4bdc-9455-07a1cca8e8ce",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.177.68/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '94.156.177.68' AND url:x_misp_domain_without_tld = '94.156.177.68' AND url:x_misp_domain = '94.156.177.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7f46989d-8fcd-4231-b959-742f5ffc8d94",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/arm5.nn' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--025eac53-5a5b-4387-8805-bef2aac7ee75",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:06.000Z",
"modified": "2024-11-07T15:57:06.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/arm6.nn' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4455033a-692a-452d-a8c3-dbea15626231",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/arm7.nn' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d2a99c5-9e1f-4042-b4f7-208925f60219",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/arm.nn' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--08ac0f6e-a472-4864-9b41-b6267dfed479",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/lol' AND url:x_misp_resource_path = '/lol' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9f49787a-d363-40e7-9c96-d3cd172b47d3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/lol.sh' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b8c7f7e6-78c3-444b-9318-72ae96853488",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/m68k.nn' AND url:x_misp_resource_path = '/m68k.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9a03def5-9a9b-42da-974f-a036980f7502",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/mipsel.nn' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b108ca3d-323a-48c5-a1a5-449a64af3b99",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/mips.nn' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--34cc9c99-7bac-4c23-b8f1-6cc3e7540489",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/powerpc.nn' AND url:x_misp_resource_path = '/powerpc.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--137f2ea9-9c2d-4f70-a24b-982c74632152",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/sh4.nn' AND url:x_misp_resource_path = '/sh4.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6fe14e68-ea3a-43b4-8384-4aba9732d56a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/sparc.nn' AND url:x_misp_resource_path = '/sparc.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f5012b85-f1b0-4bb0-826e-ba523a508d14",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/x86_32.nn' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94b5a879-33a2-4592-b50f-1dde58a27621",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://94.156.65.232/x86_64.nn' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = '94.156.65.232' AND url:x_misp_domain_without_tld = '94.156.65.232' AND url:x_misp_domain = '94.156.65.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--80bff0ff-53fa-4e4e-b0c2-64c7872d74e4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:07.000Z",
"modified": "2024-11-07T15:57:07.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://gorillabin.su/arm5.nn' AND url:x_misp_tld = 'su' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = 'gorillabin.su' AND url:x_misp_domain_without_tld = 'gorillabin' AND url:x_misp_domain = 'gorillabin.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d104bc1f-d4eb-4cb6-a98e-5e65243fd93b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://gorillabin.su/arm6.nn' AND url:x_misp_tld = 'su' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = 'gorillabin.su' AND url:x_misp_domain_without_tld = 'gorillabin' AND url:x_misp_domain = 'gorillabin.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ec92f1b2-6c50-4962-9d51-ac9d84bc6989",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://gorillabin.su/arm7.nn' AND url:x_misp_tld = 'su' AND url:x_misp_resource_path = '/arm7.nn' AND url:x_misp_host = 'gorillabin.su' AND url:x_misp_domain_without_tld = 'gorillabin' AND url:x_misp_domain = 'gorillabin.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0e0087fc-234b-4715-9ef2-4b24e82b16f1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://gorillabin.su/arm.nn' AND url:x_misp_tld = 'su' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = 'gorillabin.su' AND url:x_misp_domain_without_tld = 'gorillabin' AND url:x_misp_domain = 'gorillabin.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--caba2472-0b3e-4ae0-bc8e-9d75dc23f291",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://gorillabin.su/lol.sh' AND url:x_misp_tld = 'su' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = 'gorillabin.su' AND url:x_misp_domain_without_tld = 'gorillabin' AND url:x_misp_domain = 'gorillabin.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a86aab47-b95c-4ec8-a751-0bc2a970b75b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://gorillabin.su/mipsel.nn' AND url:x_misp_tld = 'su' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = 'gorillabin.su' AND url:x_misp_domain_without_tld = 'gorillabin' AND url:x_misp_domain = 'gorillabin.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--10318329-c169-4a9d-bfd7-48ac48147ac5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://gorillabin.su/mips.nn' AND url:x_misp_tld = 'su' AND url:x_misp_resource_path = '/mips.nn' AND url:x_misp_host = 'gorillabin.su' AND url:x_misp_domain_without_tld = 'gorillabin' AND url:x_misp_domain = 'gorillabin.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2a310634-d36e-4fbb-b57b-c90b65c83126",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://gorillabin.su/x86_32.nn' AND url:x_misp_tld = 'su' AND url:x_misp_resource_path = '/x86_32.nn' AND url:x_misp_host = 'gorillabin.su' AND url:x_misp_domain_without_tld = 'gorillabin' AND url:x_misp_domain = 'gorillabin.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ac26abf7-fb59-461b-b1e2-3bb16a88a726",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://gorillabin.su/x86_64.nn' AND url:x_misp_tld = 'su' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = 'gorillabin.su' AND url:x_misp_domain_without_tld = 'gorillabin' AND url:x_misp_domain = 'gorillabin.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4b99878a-948b-4c44-a6bb-5c8b90166511",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://pen.gorillafirewall.su/lol.sh' AND url:x_misp_tld = 'su' AND url:x_misp_subdomain = 'pen' AND url:x_misp_resource_path = '/lol.sh' AND url:x_misp_host = 'pen.gorillafirewall.su' AND url:x_misp_domain_without_tld = 'gorillafirewall' AND url:x_misp_domain = 'gorillafirewall.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8a76c574-5efc-4379-bcd9-29e205edf4f2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://pen.gorillafirewall.su/sh4.nn' AND url:x_misp_tld = 'su' AND url:x_misp_subdomain = 'pen' AND url:x_misp_resource_path = '/sh4.nn' AND url:x_misp_host = 'pen.gorillafirewall.su' AND url:x_misp_domain_without_tld = 'gorillafirewall' AND url:x_misp_domain = 'gorillafirewall.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e2fb4f72-e72b-481e-be62-0c2f81fe7e75",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://www.xn--girsdom-9ya.com/arm5.nn' AND url:x_misp_tld = 'com' AND url:x_misp_subdomain = 'www' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = 'www.xn--girsdom-9ya.com' AND url:x_misp_domain_without_tld = 'xn--girsdom-9ya' AND url:x_misp_domain = 'xn--girsdom-9ya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--84d34aee-5dc0-471c-b10c-98f61d36e0d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:08.000Z",
"modified": "2024-11-07T15:57:08.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://www.xn--girsdom-9ya.com/arm6.nn' AND url:x_misp_tld = 'com' AND url:x_misp_subdomain = 'www' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = 'www.xn--girsdom-9ya.com' AND url:x_misp_domain_without_tld = 'xn--girsdom-9ya' AND url:x_misp_domain = 'xn--girsdom-9ya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ab3d8a45-bc1c-46e8-b589-5c41e3f4dd1e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:09.000Z",
"modified": "2024-11-07T15:57:09.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://www.xn--girsdom-9ya.com/arm.nn' AND url:x_misp_tld = 'com' AND url:x_misp_subdomain = 'www' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = 'www.xn--girsdom-9ya.com' AND url:x_misp_domain_without_tld = 'xn--girsdom-9ya' AND url:x_misp_domain = 'xn--girsdom-9ya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8deb65b2-75bd-405a-b8b8-10db870d851c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:09.000Z",
"modified": "2024-11-07T15:57:09.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://www.xn--girsdom-9ya.com/mipsel.nn' AND url:x_misp_tld = 'com' AND url:x_misp_subdomain = 'www' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = 'www.xn--girsdom-9ya.com' AND url:x_misp_domain_without_tld = 'xn--girsdom-9ya' AND url:x_misp_domain = 'xn--girsdom-9ya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--03373592-1e72-4cd0-a48f-c58c71c520ac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:09.000Z",
"modified": "2024-11-07T15:57:09.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://www.xn--girsdom-9ya.com/x86_64.nn' AND url:x_misp_tld = 'com' AND url:x_misp_subdomain = 'www' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = 'www.xn--girsdom-9ya.com' AND url:x_misp_domain_without_tld = 'xn--girsdom-9ya' AND url:x_misp_domain = 'xn--girsdom-9ya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--205f794b-498a-44d3-9ad7-cd2d56d21cb6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:10.000Z",
"modified": "2024-11-07T15:57:10.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://xn--girsdom-9ya.com/arm5.nn' AND url:x_misp_tld = 'com' AND url:x_misp_resource_path = '/arm5.nn' AND url:x_misp_host = 'xn--girsdom-9ya.com' AND url:x_misp_domain_without_tld = 'xn--girsdom-9ya' AND url:x_misp_domain = 'xn--girsdom-9ya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--90e115c2-0031-4a19-bace-f50fb850d253",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:10.000Z",
"modified": "2024-11-07T15:57:10.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://xn--girsdom-9ya.com/arm6.nn' AND url:x_misp_tld = 'com' AND url:x_misp_resource_path = '/arm6.nn' AND url:x_misp_host = 'xn--girsdom-9ya.com' AND url:x_misp_domain_without_tld = 'xn--girsdom-9ya' AND url:x_misp_domain = 'xn--girsdom-9ya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--083ecf5f-5bc2-4745-a4a8-3b5a29462bd7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:10.000Z",
"modified": "2024-11-07T15:57:10.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://xn--girsdom-9ya.com/arm.nn' AND url:x_misp_tld = 'com' AND url:x_misp_resource_path = '/arm.nn' AND url:x_misp_host = 'xn--girsdom-9ya.com' AND url:x_misp_domain_without_tld = 'xn--girsdom-9ya' AND url:x_misp_domain = 'xn--girsdom-9ya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--17493e66-1ec8-491a-81d3-01d59bda4f4c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:10.000Z",
"modified": "2024-11-07T15:57:10.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://xn--girsdom-9ya.com/mipsel.nn' AND url:x_misp_tld = 'com' AND url:x_misp_resource_path = '/mipsel.nn' AND url:x_misp_host = 'xn--girsdom-9ya.com' AND url:x_misp_domain_without_tld = 'xn--girsdom-9ya' AND url:x_misp_domain = 'xn--girsdom-9ya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c89173e4-c0a3-42eb-bfa1-3f4625d7da63",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:57:10.000Z",
"modified": "2024-11-07T15:57:10.000Z",
"description": "Enriched via the url_import module",
"pattern": "[url:value = 'http://xn--girsdom-9ya.com/x86_64.nn' AND url:x_misp_tld = 'com' AND url:x_misp_resource_path = '/x86_64.nn' AND url:x_misp_host = 'xn--girsdom-9ya.com' AND url:x_misp_domain_without_tld = 'xn--girsdom-9ya' AND url:x_misp_domain = 'xn--girsdom-9ya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T15:57:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--07201f05-298f-462d-9bdd-e67628c7aa6b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T15:58:19.000Z",
"modified": "2024-11-07T15:58:19.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://github.com/govcert-ch/CTI/blob/main/20241010_GorillaBot/20241010_NCSC-CH-GorillaBot.pdf",
"category": "External analysis",
"uuid": "93aca700-c6af-4e57-a495-8fc484013e52"
},
{
"type": "text",
"object_relation": "summary",
"value": "Since September 2024, the National Cyber Security Centre of Switzerland (NCSC)\r\nis witnessing an increase in DDoS attacks against national critical infrastructure in\r\nSwitzerland. According to our intelligence, these DDoS attacks are originating from\r\na DDoS-as-a-service called \u201dGorilla\u201d. The attacks were mostly UDP based amplifi-\r\ncation attacks, apparently using open DNS resolvers. While the recent attacks have\r\ntemporarily impacted the availability of certain services operated by the victim\u2019s orga-\r\nnization, the security and confidentially of data or services have not been impacted nor\r\never been at risk.\r\nUnder the name \u201dGorilla Services\u201d, an unknown threat actor is selling various services\r\non Telegram, including DDoS-as-a-service where the cheapest plan starts at only a\r\ncouple of dollars per day. While the service is already in business for quite some time,\r\nthe amount of DDoS attacks conducted by Gorilla has increased recently. Gorilla of-\r\nfers a Mirai-like DDoS botnet for hire (\u201dGorillaBot\u201d) which contains out of compromised\r\nLinux/Unix devices. However, they also offer 10Gbit/s hosting with spoofed uplink,\r\nwhich commonly get used for DDoS attacks as well. As documented by NSFOCUS1,\r\nthe number of attacks conducted by GorillaBot has increased rapidly to over 300\u2019000\r\nattacks in September 2024. With this, NSFOCUS considers the threat as \u201dThe New\r\nKing of DDoS Attacks\u201d.\r\nThe NCSC has mapped, together with the affected organizations in Switzerland, the\r\nattack infrastructure used by Gorilla and shared the corresponding cyber threat intel-\r\nligence (CTI) not only with operators of national critical infrastructure in Switzerland\r\nbut also with international partners. In addition, the NCSC has contacted Telegram, a\r\ncompany operating out of Dubai, and asked them to take actions against the offensive\r\nTelegram channel. This apparently resulted in the shut down of the reported Telegram\r\nchannel. However, we observed that the threat actor has already set up a new Tele-\r\ngram channel and Singal as backup.\r\nWith this technical report, we shed some light on the malware used by Gorilla and\r\ntheir DDoS operations.",
"category": "Other",
"uuid": "8b8dec85-6cb2-4eb3-a242-451e7cd915d7"
},
{
"type": "text",
"object_relation": "title",
"value": "Technical Analysis of GorillaBot",
"category": "Other",
"uuid": "29ae05cf-8351-4c9d-921d-2c4da3396239"
},
{
"type": "text",
"object_relation": "type",
"value": "Report",
"category": "Other",
"uuid": "4fa73f5a-a8a0-4a4b-ab96-4132dc767a45"
},
{
"type": "attachment",
"object_relation": "report-file",
"value": "20241010_NCSC-CH-GorillaBot.pdf",
"category": "External analysis",
"uuid": "d4d6acb5-9331-4d1b-9009-f4617f4906bd",
"data": "JVBERi0xLjUKJdDUxdgKNTYgMCBvYmoKPDwKL0xlbmd0aCAyOTEgICAgICAgCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp42o1QTU+EMBC98yvmCAe6naEf9OiibvSwiVlurgdEVklYiLt44N87SyESjdF0kr7Oa9/rPAmvIGETyD/2dR6sbpUGJ5whA/kBlCWRkAWrrXCJhvwFHkOSpGKUXNFTfv9D5SYPkIEEBEugEIW0COUxeA+EUtKO3BcaCWTJ8WRNOndXd0eE6y544PXdYzaI2SFeWMwTkBI25RaPwDfIJYIQ/e/zyMiwKiOU4Vtbl0UTxWTT8KplhDoczvXZd7qD3zfdqW6aYt31l3FZ3gIbOq3pIi8h1obzmrLZFn3dtbNoNjxXJw93VfnBkB3qfpjYqu2Z9qJ6KYomFWQu+YyieyLtn2yzXfaP0Ll83sZR6oNdwJFKSIspa+0ELVOn31L/BLagf7kKZW5kc3RyZWFtCmVuZG9iago1MiAwIG9iago8PAovVHlwZSAvWE9iamVjdAovU3VidHlwZSAvSW1hZ2UKL1dpZHRoIDEwMjQKL0hlaWdodCA3NjgKL0JpdHNQZXJDb21wb25lbnQgOAovQ29sb3JTcGFjZSAvRGV2aWNlUkdCCi9MZW5ndGggMTMwNzYwMwovRmlsdGVyL0ZsYXRlRGVjb2RlCi9EZWNvZGVQYXJtczw8L0NvbG9ycyAzL0NvbHVtbnMgMTAyNC9CaXRzUGVyQ29tcG9uZW50IDgvUHJlZGljdG9yIDEwPj4KPj4Kc3RyZWFtCnjatL1bjyzLkibkZu4eEZlVtfbefeacoRv+ABqh0byMeEEgkAYET/wE/gn/iRdACAkQwwgh3mnoCzAXDep9eu+9VlVmRribofC4efgtPLJWV7f2WZWVGRnhF3Ozzz77TP0H/8V/CQDC+2H3GzMsP+z9kZjl+kvwQf9Fdp+f/uF/fP3IeF33p+k75q9ePpW7rH/B1PX998v1PdMjLO/3r0+F71pvL/ceZphveBom94OI41+XK2+3591P8rkSX+ENl/eqDEagcPPenaD/5syQkX/NcFUQ+DPr/zs5IyBoGunxRcbSY05/ct+OYpvlZR2mZwGEjBfM+CtuDzddrWZ1BY9QuNv4U7DMfvxQyT+R2NZJbkDCSVw3C4f3RoL9ey4+yLwSalb7+uI6I/Fe3tYVTlOFbvxtemB5d2+5ZeZZoXH+YXe30yoi76lxvYgVdpr56Vv8255vz39kzpoX4dkKsW7wcC9787KYEMBtWwEyE8SGK3hY2D2bJKJ5FiRuHyROGWdG91AQLUhEzJnEzCOT9yuuxsG/sn+55PXH7/Um1LftzLbmNtbBifdLap1g0iy4F+nY1IQ/FO8X7/oozvy424d4eHNbLNpZGH/w6Z/U+Ox+0H/DNAKL/VwX8Dw7/oN4YyKdHaPEldk344Jx/cb4Ntykm3X5TBt8OjVQCrbkr6vpmpBd4+zb0W3BLKfbZEJnK+G+xL+f2KkIzSPY9Vnc6/7g1XoR/gZJLg/0fqX9RxYLxOVziqKzAA8OPvbmTaxeEgFNhn1nt4FgWx40zTHtVxyuK2d/wbw3xftBoIz7BwVvZ2/NZj9w/et+WrNOVNqfcUtvvab3J5puHgGIaHb/pjU82nMrpfzy8tr3vRmGcVik7O34EUtCSslslYTVj5p8K38c/Hv2HyS2w9MTTVvDbWIkEAzjd0lAIpoW/DTFIHGaTRWdu/FY+EsN9xYtuQRh2Yfg78P1JFi3cdIwnTy9xDTiwaf8kVrHcHkRY7t/6OR5K4nWGeLx8MekcV8Halu46beJpOO42VmmghHPWFIuPUjB8Zq2Ny1uCov9AcAw20+eltnyWDK2bm4RjP8zvh8m7w/8gyFcdOPbIA5NxgPAc0V2ux15WWq8X3kQnAW+b1Hwd7ORRmr8p/f7fwri2EKAWgjbZt+S5/h7fTJYj+foI3J9bZpesTwIQnINYOrVIMrPbUN/dS0GKFzJqwlbXoFlPVDS9QlGfhteMRqXYD24MXfviU405P1I8sF2qA/wEo47AKUGLYiWk1s7F73Hry/gAge2lVPexnZjlDk446ncO/qTqU9uBPA+zkQiY/H9Z/GOc64BOw7H/DAI98w713jDye2Z8hW4BpDyohdiTtiH5J2vTq33znnL+PcVgyzlrXoIohV+pvUzwSuZo02kdj0n1/PmTjg/MmdYEo/A63q24pNH3vhjxRpniu39oxO79zuD4zWYHfdxzK2iYKBi7MD/NV5pu0ulnmV3b0uQkDu54gdJ4mXx/DNgYXaWf68OAO3HjcUyvATzhRhqd3FhlXpvgM/HwxMwEcCXZfhvHf9oEucDbzoQVwtMZIgIgFutu4uWyP14aPBgGVFIqYS142gTMSpnNDi5sw7jJe+e2buxObQfw3hkGq8/hvaTQ+QOVna7glVwGK83ANs6CB2dMuQcIyLrsO8NZa2Jj7dT2UtbDCvnY+PEfCc3TOqdwf3DLuJJ+YXFYGmPwUTH8+jgZULh2rW+hGF8dIIeuqfpr2abGSvchYOrg8Z5xzcIRqabzyArq4cXD+gGPMBpkKy88CqzBH6Im1gMLpDaAq2Mm1GTDSv8NTnf4K2s/YIX6DJUgut9CF7dFN+Vya6cFMIqZoyf92FOiGdEZlqy4OCQjpb980DpwQ+6cHZ7roO8WpD3yDorgqag2UU9XNzRgqufJekv5u2nj8FTxsXHyqM66RTGIXfSTak8XM7CRsnNu4a0KSAZyjFk6k+7CMQBlmHo61/TeQkQOmGMlYuznA1+Itx1ywtZxKctnxtV4skUbzMI5AJjzm0r3yRO5h+8aQgfNoy74nGAODWTdLh97Kb8UL6bFb2TK8HEwvFRXmy+dzGhjxLAru8vOlR8tEOsmFMiS8oBaQFWOI54ZwjGZ3YkACeqsMNJF7wcou494HVSMBfQJlFXKPILUnZs9tQW33L9f+GvUgBA98NAKEhLeenUy0VaqR5yfNfdwv1+H+wgmBEVSDnd5AKocezKHi6P2ObDPpBglwKbkvDuj8juvGFiFWPVMUyey8+eT7Y+fxgfImeVjlEWaSu6wl4iCZ2BZs8coOfKk4AUxpr0ZCsfH+Q+/SrOGg6GhNudgr4YeJdAzUFW5e9NBta5PCAfpTLLfnn4LQtmHI93IdNy6GrUrLGaOGqfUTkR6571b04hoJBzzcthzBb2biSuIEuxnljuv7jkrjmIh5NzsZ0wCIJXbJURdYL3Fa9VEKu9488N1HpBLoQWwIcplHKKqTzFwafQpSCeM7yf9BRzAUawRzxbcRrliRdG7CKvl009Dufs0lk3K172h/YqBepnDUgA6/r+WIE5diqpVbjR+J3Ot8MnVkjiYTG1MJBzccRoH6TYcwVpSjHGlMh4T3lLJf3cEzy3EurKyzjGy5Ne+5LggkIOuR5j3j2Fl1Xg1AfnO1wCocPIvxj2+478nPohoDWQm0x3KgVEQeBL8R3O7hHVUOk8bsVMcSwkuKKoD5LzvlJlImqNzfn9ycMlN2UYZXWmAABmBNI0KFrBBgWjUFIbpvGsoEFJhSCMiyIcF4h9a1mD/fmnG4SoMhCsNy8BGHnCreTKK5vuVjlSHkRh4vRJKtuaQ0uUZPvE+YvANJc5EoUDNWfiy9newp5J5vjWKC3lg6aGaPRgMD+Gdn+Tm9+/tzKrIePkoZv3dI+9VZ88EydDyyFpzglIz0Xeew7O3QCtOQdiPcMc+GwgmixlCZb6mt71M9E5u1ye5VOjsZ/B4Eg7BryDsHM6w4F3Vr68QjLkisWxjrc8CD9Tn9oveHjOUSr5DPsYJTEFfsCAEKDBwZImEO6gcqa+uJCSuIP/j+0rPP5HboY+w2sK741PXLyGf/IZeCiXJEmlDqiA/BVwMv88KtZ38UHGJoUcr9zc/d0e25lTY1UALL9vdBcmvrx6nsMBz2GFcN6Gp1P0xefwkYtdkvloMPcZzvCsD4C0fbahNmGbRF7i825bhNFfy5SwpO2tWRhL9UXV+iQg5MBq4kpX8EqqaIoKgKgiK7J6O1
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--09184aa4-8266-4f6e-a041-e66199369469",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:38.000Z",
"modified": "2024-11-07T16:09:38.000Z",
"pattern": "[file:hashes.MD5 = '3c21544cfb3979b9d823eac46998f86a' AND file:hashes.SHA1 = '5a529aea9f676840b070bddc1b92519f57203b71' AND file:hashes.SHA256 = 'a9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547' AND file:hashes.SHA512 = 'c58072fb79dbc1c71f16aed468a3e97f96aa17f2e1d9e3b6065defdc0d9cae73aaa1ca1389299e63de92f00ffe95e04ba766ab765fbee37167dbe156c9e0899e' AND file:hashes.SSDEEP = '12:PRGH9vPnccGsQP1qyAA5Sq7FeIKW1h+A1DFTFIbn:PsXnWsYdAA5bMIKW1hV1Zun' AND file:name = 'a9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547' AND file:size = '616' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIADOBZ1nMaGZnoAAAAGgCAAAgABwAM2MyMTU0NGNmYjM5NzliOWQ4MjNlYWM0Njk5OGY4NmFVVAkAA0LmLGdC5ixndXgLAAEEIQAAAAQhAAAAcYONYlB8LrKVxD6P0MALEWS/4ncPUYLgUbUdQnuyYBML/a1i02p1/4e9kKw6b0gVLm7tQwhZijHQ/fKq8/jw+iyEa6GD+YrkutTG+NZKinbgzMsA9ekM3K2PL4KMrXOEY913LTrx7FWgYBa5Ri8jD1f8YJKieZ3IzZh/IQ7/Dw6AJ+8Ka1txITO4xqbFwIGDAIe9JP43+Fg7eDaiLfjp5FBLBwjMaGZnoAAAAGgCAABQSwMEFAAJAAgAM4FnWe7wTOBAAAAAQAAAAC0AHAAzYzIxNTQ0Y2ZiMzk3OWI5ZDgyM2VhYzQ2OTk4Zjg2YS5maWxlbmFtZS50eHRVVAkAA0LmLGdC5ixndXgLAAEEIQAAAAQhAAAAAjx+5NDW9lzuZ2aNOkItfm5GRBm/ARkORlzvtQN9nPNqffrAR8F6iKZpSCYoWezbk5oUkkkwyiw8CeNxDnly9FBLBwju8EzgQAAAAEAAAABQSwECHgMUAAkACAAzgWdZzGhmZ6AAAABoAgAAIAAYAAAAAAABAAAApIEAAAAAM2MyMTU0NGNmYjM5NzliOWQ4MjNlYWM0Njk5OGY4NmFVVAUAA0LmLGd1eAsAAQQhAAAABCEAAABQSwECHgMUAAkACAAzgWdZ7vBM4EAAAABAAAAALQAYAAAAAAABAAAApIEKAQAAM2MyMTU0NGNmYjM5NzliOWQ4MjNlYWM0Njk5OGY4NmEuZmlsZW5hbWUudHh0VVQFAANC5ixndXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAMEBAAAAAA==' AND file:content_ref.x_misp_filename = 'a9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547' AND file:content_ref.hashes.MD5 = '3c21544cfb3979b9d823eac46998f86a' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected') AND file:x_misp_entropy = '4.7352556208588' AND file:x_misp_mimetype = 'text/plain']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T16:09:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2c31cdb0-acda-451e-8ad8-6372e205487c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:38.000Z",
"modified": "2024-11-07T16:09:38.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".init",
"category": "Other",
"uuid": "071f04b8-cadd-4c7a-8092-1c238e920271"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "a12116c7-b4df-4416-81de-7fb2298c9098"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "088a6004-feb1-48dc-83e2-d38aa9c1088d"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "e0eb8ae5-6547-46a2-804e-bf390ea67318"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "19",
"category": "Other",
"uuid": "a91f88c9-6b6f-48ba-8253-8266d5772476"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.4058222502857",
"category": "Other",
"uuid": "2bbeecfa-c6bc-4180-bc06-f9d005065421"
},
{
"type": "md5",
"object_relation": "md5",
"value": "dac26d3f514daf8f091b4599cd062a71",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fd573d5b-1852-45d4-aca8-e7cc551a5528"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "46720cd8faf68bf8ba8ef1fa46b39d012271153a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1aeb6690-f10f-42e1-9dda-48e282f85593"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "fca79d9e3088517e1b7a8228af27527ee8e0b7060a2f8164b7b750f917d313b1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3dc7156e-d240-49bd-91ce-d9526a42381f"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "130a9d9811f1504565a918d662e3cb042a28be8d9542e413af07f8e71c603cd7301cb8c403055a17c8351b0b71b6e577209c0141528fd8c8ec473100610a48e0",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4aea7272-c74a-435b-91ac-1ad39dba98a7"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:4o/ns4U:fU4U",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3d2339fc-2e6d-4613-9808-147c871d6449"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--61ea8ce2-ef50-44e4-a5a2-9709bba1e3aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:38.000Z",
"modified": "2024-11-07T16:09:38.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "2bbee447-e864-4e54-b0b8-372a9da37eee"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "017a30b0-7204-45de-9c1e-9f733099df85"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "18e11829-ea6f-4561-bb70-79551c7e11e9"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "1af617b7-fae6-4209-ad7b-59be45f5c0d1"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "80550",
"category": "Other",
"uuid": "6022b39d-8a82-40a7-a32f-78be8fc8a47c"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.2614147616808",
"category": "Other",
"uuid": "80a6481f-df84-469c-ae4d-96e4e1b42c2a"
},
{
"type": "md5",
"object_relation": "md5",
"value": "7cd2de3905e9ec35d981d1e2e8208137",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bc2950d6-96a2-4200-9d2e-d3c528770261"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "8860ecc3dd756954216d9d441a2ff9512bb6bec5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bd51586a-8879-452f-85dd-f13a4ca13b48"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "3891ca18736558ebb156defd5290713f2684627a4c1d8c165d1de223cd289dcd",
"category": "Payload delivery",
"to_ids": true,
"uuid": "25504516-5550-4fd8-9eb4-697297ea6b42"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "094d8ee65c3b00f50c7eae9271efde491e7db5be35e0c901ff51ea3fe71693de91c0299e313c72fe711d9a84f89bfbb1fcc541b56797c7a815f03cf06f85d0f7",
"category": "Payload delivery",
"to_ids": true,
"uuid": "42558fcf-da4d-4e00-8a27-16b43d4dbf89"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "1536:5JOA3BJHQbOqxM21+4M280LWcmTmNGeccRJ6p2laHu12F+pHxvBVuK:SARJHp8M2Q4B80icmTKVJ02lD12F+Tvj",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ef03318e-f51e-48d1-8816-626a3f050cdd"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d7c9ea35-b2b4-4e8e-b830-dc018f7a47ad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:38.000Z",
"modified": "2024-11-07T16:09:38.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".fini",
"category": "Other",
"uuid": "e9d5b168-761c-4049-9b27-e78c2ebd409f"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "ef9d9251-ef97-4f15-aa35-08825e0df4e8"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "d7699782-c6e6-4aab-9ee1-c651371ba544"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "6768ffef-be62-44ff-b956-0b89580b9e85"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "14",
"category": "Other",
"uuid": "f59dbe1a-1d6b-44bb-9abe-8d03abc41a3c"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.3787834934862",
"category": "Other",
"uuid": "1b44891b-54bd-4232-aad0-c1be1732c394"
},
{
"type": "md5",
"object_relation": "md5",
"value": "f17d44750ffd57ca3bde2a8f74c66535",
"category": "Payload delivery",
"to_ids": true,
"uuid": "eb55df32-d173-4386-8239-28dd5cf54abf"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "7305114a96c27bafb749f788319a1215181811ae",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7e2b44e8-cf61-431c-b587-fc15d187dd1f"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "14ba7bb0bce448a41a06e438c09f58ad6d83d9adb37eebe36e0f277b0eeaa25a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "dcabcb57-e0c4-462d-afc6-38a3435158a3"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "1f50960ba1afd50dbd13d4307f2e7192af8888efc57af8d6c34fd8fb318b9bdff58073272e35ac870e16f84cbab271ad6efd8e2174732c08f7db7d12ebb8d791",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f30e0f46-190b-455f-80b0-0129353e9cf9"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:4mFtWU:RGU",
"category": "Payload delivery",
"to_ids": true,
"uuid": "458b4dc5-5307-4f67-8af5-ffb491526954"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bb59213c-ea39-4b05-b2b4-7a784e8fb387",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:39.000Z",
"modified": "2024-11-07T16:09:39.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rodata",
"category": "Other",
"uuid": "708f39c5-4078-422d-9d56-80688d343e9e"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "49d02fff-a797-4408-8b64-9bce15bdd0db"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "5650d9f2-e328-41fe-a85a-ea7810b71fa9"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "15312",
"category": "Other",
"uuid": "52d3abb9-c197-4747-98a0-e894a0cd96b6"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.4563632549439",
"category": "Other",
"uuid": "31ad4b83-b174-4ddf-ac3a-7eef5411d2d2"
},
{
"type": "md5",
"object_relation": "md5",
"value": "9de308df2b62f41fe69d37de7597491d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "dbad3a17-880a-40da-bcca-5daeed72f479"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "2c47bcae176985b3762eab5ce56014ec3f13bc84",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ef21ab9d-939b-4f38-bbaf-58b2caff2adc"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "dfcd6add0983cc5156197429278ff1e98f1ccb3f96ca6cf9da8cf5dcb00f4c91",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8be03af6-2850-43f0-b2fa-3d0105f86290"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "10b9c519a6b1efb0ec7ec17413b0376be92ac09cc726c6c1cd3cbf3e3d1c198c6aedf034492e12910d86c892d1b6f4e7481b16b9fc78196aa4af38724aaa5b03",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ea36cada-5d79-4c77-b5f9-fb63764f601d"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "384:WsDvgVuIGwhxHePdOnxxxxxxxxxxxxxxxOxuxxxxxxxZxxxsxxUexAjjjjjjjjjc:WszgApwhxHI0nxxxxxxxxxxxxxxxOxu+",
"category": "Payload delivery",
"to_ids": true,
"uuid": "95aa66ec-a4bc-4b61-8c5f-dff592eacdc8"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--783e3102-3921-48c7-bcb1-94c014081ac1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:39.000Z",
"modified": "2024-11-07T16:09:39.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".ctors",
"category": "Other",
"uuid": "713e9d3f-b37f-44d2-b8c5-ea271dd2b083"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "3fe13480-2136-449d-9e1c-5944d7ac2691"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "fdb521bb-3be5-4d13-9c03-bbb2a5d9a68c"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "3500dd4b-1b75-4a08-9819-6974124cdd6e"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "16",
"category": "Other",
"uuid": "88fa8d07-14d2-4e41-931a-f6833646666c"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1",
"category": "Other",
"uuid": "727de140-2a73-4090-b69f-a0eb19be8f95"
},
{
"type": "md5",
"object_relation": "md5",
"value": "f858d36231ba743ad8c898d86a67a864",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3e60b81d-0f60-42ce-aac4-6b53d422d6d4"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "f7fd9f0c0324c1723e1eaedd80f457bdf62aa9dc",
"category": "Payload delivery",
"to_ids": true,
"uuid": "38d27275-1f87-45d2-a7fe-95f70a75f3cb"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "60c69a3e87bf5c4f1e546bec45f262690bcf5494c4ecac2616bf2f731afa152a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "22cb2f8f-bd5e-4820-9dc8-f23f9e241110"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "2e68bf09036a490ce0e8d579ab0247a5cccf12f6ba44c3727ad22420e13e26c588a9fbf7b4dceeeced9d7148d9c29ef33ba6ca174596a65b1d297d0d7169bd6c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "0d03141d-9cc4-4768-a0cc-34b5b352a791"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:RRR//:LRX",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d21e0f6e-3da6-4521-9170-8d5563b8dd45"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c3045b09-bdc5-440e-8756-6564adf707f7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:39.000Z",
"modified": "2024-11-07T16:09:39.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".dtors",
"category": "Other",
"uuid": "1b945b93-a774-4934-985b-9a60e405d0a7"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "b597bf67-1f3f-4c70-bca4-23a40a935530"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "e4e5e5bb-1c51-4038-8e72-5dbfd6e71baa"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "384099af-9028-4e61-8631-d97751c700bb"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "16",
"category": "Other",
"uuid": "cb451d60-68b7-44df-83a1-b6d476c77176"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1",
"category": "Other",
"uuid": "36797a55-9552-44a8-bbd9-5c747c2f6f5d"
},
{
"type": "md5",
"object_relation": "md5",
"value": "f858d36231ba743ad8c898d86a67a864",
"category": "Payload delivery",
"to_ids": true,
"uuid": "45826e29-f39c-46a6-a808-fea1ccdf13b8"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "f7fd9f0c0324c1723e1eaedd80f457bdf62aa9dc",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ce769c63-24ef-4b26-a937-d700c67e3d88"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "60c69a3e87bf5c4f1e546bec45f262690bcf5494c4ecac2616bf2f731afa152a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "97256af9-0dec-4263-aa33-55e9f0c63fe4"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "2e68bf09036a490ce0e8d579ab0247a5cccf12f6ba44c3727ad22420e13e26c588a9fbf7b4dceeeced9d7148d9c29ef33ba6ca174596a65b1d297d0d7169bd6c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9bc1c738-4475-420f-8530-a0a43dae5be2"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:RRR//:LRX",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bf5137cd-2291-481c-a399-79b147f21b13"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ea1812f3-b755-4c27-b117-a86d79a2f7c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:39.000Z",
"modified": "2024-11-07T16:09:39.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "6baaa7d9-a555-4149-94d1-047e86c10f5d"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "a6ee5348-8e78-43cc-83d3-e8ef17c6453b"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "208ca66c-5c55-4a59-bfd1-c4c9bd4a1cd7"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "cd4d1799-a520-46a3-8f73-738cac83ea10"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "2208",
"category": "Other",
"uuid": "3fb6b785-e4e8-41d7-a0a8-e6d730e4fe55"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.9962404616202",
"category": "Other",
"uuid": "507588c1-f23d-4358-b24c-15370e782b13"
},
{
"type": "md5",
"object_relation": "md5",
"value": "4cd65de7456ca7c72970838ca38886f5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e133dfa3-caa5-4f45-9c05-8a8a22cd57cd"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "e2f39a924bf667891c060eff4b823d6d7b903732",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f26f48c0-67f4-4c88-b4dd-20d2a5eb679e"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "d33fc4c4bdd437da6be127ee90b9ddb6d9d4788e7f8feff38f5bb89f1090df44",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fc75b8ef-6c2c-43a3-9d95-8984d652c841"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "6b3b757f16155d89adc00f7b58e180c0dca521dc9fbcd7eb71da2e17c2aa38fba9a09429fd272156dc111cf4b5fc576d8b801c7a246118dce3be4c64455df87b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9521cb8c-71db-437f-9f9f-483e34491a76"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24:H4OJYpAKbqmMepg/pPsnRkysDbuC1+Xja1gs+y1OXGK1Q/BEWIbvxHwfULmqAyDo:H8P8RZgWqAw5eCefcmqxDgDh21664",
"category": "Payload delivery",
"to_ids": true,
"uuid": "05041578-ceb8-442a-9f10-f680f2b5073a"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0db20072-8b84-4d24-bd4f-43c0e31538b2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:39.000Z",
"modified": "2024-11-07T16:09:39.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".bss",
"category": "Other",
"uuid": "b8589a2d-8632-4ed1-93e6-4df3d505ad9c"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "10ece4e8-e7fc-4343-9970-ba1a944d8c61"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "a4951e94-a7e1-4583-bce3-2786719158a3"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "abab3950-52df-4070-a4b7-f2ce067fa37e"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "10696",
"category": "Other",
"uuid": "c9192207-5c16-464a-83d8-11041ac14cc3"
},
{
"type": "md5",
"object_relation": "md5",
"value": "d41d8cd98f00b204e9800998ecf8427e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a55c7833-44d6-48c3-9c7a-7bc7c0879682"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"category": "Payload delivery",
"to_ids": true,
"uuid": "001a8737-7f86-4a20-9bb7-fc65a097cb37"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3556524d-fb29-457c-9f68-38b63f791cce"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4439f5ef-acd8-4dea-9464-530715ec5ba5"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3::",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e84bad72-ecc8-4764-aa4d-facd7896036f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9bd6147d-ea53-4bd5-8f1a-7afe5c0be463",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:39.000Z",
"modified": "2024-11-07T16:09:39.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".shstrtab",
"category": "Other",
"uuid": "84b34489-acd1-4ca3-bfe8-4e1a4f0c44c9"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "9b063ff4-068d-40c8-ac37-55c2eba90b40"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "62",
"category": "Other",
"uuid": "649019ed-b3bb-462b-8ea9-ed250b3d8ad8"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.5847266094526",
"category": "Other",
"uuid": "01a3139d-ef22-468f-b2c1-190b5c424109"
},
{
"type": "md5",
"object_relation": "md5",
"value": "90d8eebc2a34162c49ec31cfc660cec1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7159305b-5a99-4dea-8e5a-15d33b96e542"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "82520d0c476256d276861afe5c02c83d444b380c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "157a343c-9832-4d52-aa1a-064946062171"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "5da0b2d927ccda5332c1e053baec019d7bfb4b0605d7d6c7621052087c81bda2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e7e8d2de-ac3a-4784-bb69-26a808384d7b"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "f91be34869f6f53fb61cea8c82c68c54d11f9eaa4db19e3192dea5effb6161d6907a6fc19ea3a61e32fae0c260efe4c842e15e5e83b8ac5bce453ccb8f437a9e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "75c64195-366c-42d7-ab08-82e89be79229"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:dqMLwlApLQ4lLaCMLdsxlLB4K2in:kMF84MFsOin",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3c159502-f995-48ea-82c8-cbbe6a96266e"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"labels": [
"misp:name=\"elf\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "0348fd55-d4aa-4fc8-87c4-3063ac87b6f7"
},
{
"type": "text",
"object_relation": "entrypoint-address",
"value": "4194708",
"category": "Other",
"uuid": "3f3e8826-6824-4039-950b-6b784f2b0bab"
},
{
"type": "text",
"object_relation": "arch",
"value": "_lief",
"category": "Other",
"uuid": "153040c6-241f-4861-9993-c23d7a040cf3"
},
{
"type": "text",
"object_relation": "os_abi",
"value": "_lief",
"category": "Other",
"uuid": "f751a459-618a-495d-ba8e-07f45581b4c4"
},
{
"type": "counter",
"object_relation": "number-sections",
"value": "9",
"category": "Other",
"uuid": "aebf7e10-fda8-4b96-96be-e41f8b7c4d2b"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a863f04b-e1ef-4c93-8f1e-9bacce089cd0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"pattern": "[file:hashes.MD5 = '6cfca1b6f1302235cf09a9942ba1d3c6' AND file:hashes.SHA1 = '4afebb350020f0ee8f9f07e2d9f8ea8798e2e55a' AND file:hashes.SHA256 = '14fb8b3b89c5f626519950882f242dd53889b1067578a9321e721dbf4311a91f' AND file:hashes.SHA512 = 'cfb4a10a6fb70670e7fc4be92c577c4edf414d5c2ccdb3c2b372f92a5ae4b85531c261554dbe8b7b4a8196c4f4488f5f9054f95bfa809eb2cab2f905dba8f495' AND file:hashes.SSDEEP = '3072:pARJHp8M2Q4B80icmTKVJ02lD12F+TvBVn5s:pAfHp8M2Q4B80LJFbzbB9e' AND file:name = '14fb8b3b89c5f626519950882f242dd53889b1067578a9321e721dbf4311a91f' AND file:size = '99104' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIADSBZ1m13/w84MQAACCDAQAgABwANmNmY2ExYjZmMTMwMjIzNWNmMDlhOTk0MmJhMWQzYzZVVAkAA0TmLGdE5ixndXgLAAEEIQAAAAQhAAAAvRJSBENBvZn2tlbjf1pFquFeEyWZCDpJl0qZYc5VqERe3HJupjHUZh8jgwW2f8NJUDLZoJjcue3tHDiBXgpsvs2/5vKtAZOUHlxTu6F6JeSMfP735WZ/EAz5HVmTrvuJuAHgch1q6Cf73BaY34M+tP3/3suBuDoCKFHMkJsHyzjEgrr4686uL6dC5A1KArD4tAYTndL1dIE3J+6y03wyG8P9dc+ALFX8tu+mVQmmYERJkif9peF6XGA2gv0PfMnEPnxj8wnEPGP/IwWGyGSSNMYFS10Qml1wykcCSs5cFYGAmBsQdIBwTuv8MuchwcwzQ6H+oMdJyvN6/v/mL1LdrEfZbovdERUuZpQOl8wjkFNk8Or4RSqtzLNOPuHDtFSNuoNO0bVkluYz84E445wdbkk9zNyJlOa1Q+Vy0I727VLRtTQM23EkBfCzbtGrrhvr3B4X//UksdQC3d2BQFqhokDXHsDCBKpuOhgdYrmn7rIIG56X+8kQQh6NzeB359h4cNX3Igs2ef1sJ6a8yyNWToAqBbHF/+ok9pcLJaB94m+5gptQj9doK9AzcB+NhNNOkRMhKJ2FtvssCFxozXeE6fGyH6qQxCT6gvWOFA8NLvq+gR0GtW6CxCdOIW/iyKqv1GCHb5tJWkLXuXKyEVE4YKzJ1GQOCF84/X4mOedyhylcvhSO4X+6Oa1c1KgHZcQC8XnfrZRBaTJGt7DTuiuYh+q+OSDPX9Au9XIPcbn8OWcHNrkCwHMua2XwQ7MbzrzIpw7PJAxoVMLdCqLCH+wSuueKOiU0/3cRWWIpAGlewUrDDVSaX741e96PaZd2AGMxpGUZe7wp1YcuvX3AbvAhUGkJbkn7SbOmc2sO9AJPXz7SvyAG41QRrW1zhJJxq7lLtr/C8WoQpd4yL7DYBV3QnzY8aQ4fLIB/Td/z9ETaLZ3sUG9/0+BX9cVkalT3Km3F45wU8aYzMmR2VuyQvl8HdyGfv5XbyxVGFEVBro88/mX3jegd4QhoHYK6rq/IQTzCfNlEGjt0GYpO65vAXfALw0vc9n0MKiQQgCFxU3ces9j4PJZwaSOmhGPGM/gL98Tdx9S9j+83wQB7ustOC4AKPtZMZ1BLBwDLhFG1syeSfrm89RBNfALb0rVn+xbZ1edgrpk2oaP6uknCWed/FDhcU66uvtafmZb9rwUMfzJ6YRPK819SkR+Hc7QDnQBh33nU5GXaEvEtlWqAPu3S6phx7hs5/nx0Uc1ew6BNsiyJlIU0yPWChS0FwFdfEeojpzJ3Z9AgE35XdkNfcWL9rOJDhQcgFCySkoUDpbiPK0zM9jgXPsEM0HOiX8bbQN72NZS5wtuA2Fuw7ouSt+lLBlghnwABP5D1ACt+yPNg9rWsOnOMm9/owKEvEIw9uWC/BPZgfzgBTXWLUc1FWw5pjqmQuooVBwhiRfhZCL8uy1XHEu3r3d2DV5+3fgBCyXQ0zBJgnPIQbmW4n271xmoGJdGhFwzr11wa56kBuvPvjMXNuZvkPahgBcQ81f1oO/bS9scD3sBktYHey/W9lB5R0mffrfm3gfVknwr/VQ4zATcDHZcbXppERmLSV3bKZabjEZO9qxPMDoCHqe9/Xng73f046wjzqBdT5iLi/NYr0k+AJ3fxCSHUqy16iVhxrz3v4wibU62bgYztDUbmjT+QvhWfApt/CGP5G9GTkxPGZc36tPufRyNHmkwDfJeCuMdDaSFd0xTedNF4AI+eei3uI6+ZDaItfoCKTdPE5FRXllEVsF591GDFyGDJK/IJJpgWdPmK+YnPahthSS1nfADROpthnVLR5gbjvRtYsqRYF0D6sZQ9mrlPnphZbczpqux/5XPtzYFV10mD9WjeXDTY44EPcJzbd8GZjtoHuYiBFAcvSbV753Aukvyv9YJM7GWY9oq+ezTW3K61Hzu5zze0wHlDANnjNW80AZwxhs16hLrH9Va6UqjdMf5YQUX6ELh3TxCJ5lQ6D7DefBXYRQUERSxh6U4LIUPConTHSGNFcMAgC+pRqAgw+FYdt21Erfq1n4McgDUVxvqPw7lgRrivBEhuPifT23x1ye0q/auIYi6A90WiRXlb1YONfsEG7GBR3YA69OMBPGH6X4iyAz7iklBUVkQEB5higcDBlZdlEiO4IhJgIeVOSOmNhLybsWfmvlWZUBMXV1jkTuRHZbfTTipqoOP00D/TOKKk6pzXl983E/fmTFmegUtl4QHfHMLLQAMyzUJp+NoO/PDqm3odTdLAokWW4H+k8ONeEmkFk7UdolbS2IxwZsLz8JyfRCMJvAnVPE4FXdUla6iEbAzRlMZftnEj+PNCk4QzuhQvmODzGZFzo8nTSBn+UyhS+DhWF+HMMAI9eal+35zCWIbrWp51KUbgywPj+y8KNAfVXQYnDruQ28gZNnOcnE7d52oLy54JZkOCcxIUXY7p93ZHlRFJUr/IBtcNOtdnmOuy6sApU0lEuinqDa2Fg7BEyT9Lu/cY06WJKzDKfpnC2HxA5qSRrKnm0VerDiwz8GgRSswxyoRk0dTNkdkdQ59LXI0SyD1nfrMM0GEzCPFtMAiYt16gM/pQwXkzcNTNyXsydbkJdaKbTZmKRblPp0ua9liPa0XP3iuqUduGsOG9w/T5a6Api5CBHkfp+ISn7Xkwo6T839rG7JxldLRzcHsYzkgAb5o9eOoDmqC6vkQEwXUHMFyhN5nPExBcb/L2lVDHIiLXVxU4svsYRO7NHqL8vRw9RDSXlMzOayFiS8DWNXS/DTp4lrd0cCU99Gk7eI6jFDY+pGbGkabfLFixWIqdATm1Gz4oc2HAC2gpvwAejvIt0GXQ56TBzcG9ewQwpMoxEomWb06pyO/Y5jbyEsl573vDTyA3fs/dUTV5zYDLQw6jL/VIgdSVfUttMAQ5/0/ueeOgy9FoAicP16swj28c8U+ZMv52wu2oPUyL0zrJfuWqSdAhiPG0oVNiSzdIuMLvXXVYEDRjhweyL9alR3TxYwxHlk4PckSlODuXzvfuvRcOqIb9pWAKetZ9RKXJLYOUu2LzBpPOzkiMYSkBmnW0+rLEUilHqaarUcpAYjRuqUAK8CKR6Zq9rBC2N2ahm0I+4YHWnEZEp59xYXpFHtxlcuH8R4C0qsx+pJBOoA3zFAFleUzSNISq542Ud3sSC1WWLn88v/7PH0riNCOs3FZJpJaeLthbskVKVaFJ3FVQ+B73tlMfwreMqHPaCANkQZv/ucLf3iM7UJy2Ccq+apTbSCDrVSzNV/6o/lNklRkTAq15fSUFO+NVGDIJyaNCwezkXU8LnMfcCBF2memHo9GYHdqe031AoxUFwlvtxzJIUuQp79L
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T16:09:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7643a61d-31ad-4ded-a4ed-930b6dd0c4dc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".init",
"category": "Other",
"uuid": "454fcf73-801f-460a-bbfe-9dd0b5f9f6ea"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "538d468f-357f-47a1-858e-b1f4024c5d0b"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "ca26e491-68e0-4872-93d5-2738c2be1c61"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "cbbf1fc0-691d-4df0-8e7e-c90b720b70ea"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "28",
"category": "Other",
"uuid": "a91d3084-6918-4d60-915d-627096e7b728"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.6375375112661",
"category": "Other",
"uuid": "e3d2742a-fc25-4e15-b0f3-861f0ae9b35b"
},
{
"type": "md5",
"object_relation": "md5",
"value": "02583bae37338df44022affe5c435d25",
"category": "Payload delivery",
"to_ids": true,
"uuid": "873b7e09-13f8-4a9e-a78c-1afdc28f2222"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "677d607fb1b1c81383e21ec91bcdd31fc4f108b4",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9538d923-9568-4a8d-aec6-a6ea1e106985"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "fe0b1f2674c22b18994e44902d79d2bee8baafe03368f8567c339c53161f7e2e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "89c118e6-5134-49ba-8eae-3fc1b99f79cf"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "4bf4eb2ab3da3da774cb06378a51b4631034ef5f4d85336e692ab158edd2f902ab9d8f143796f5aaf5ba76c9593df638e8ff9800c3a0ee32f64ad6291a98bbbe",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a64daf53-01bd-41a7-a505-9d19ced8e110"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:ZB1/XN/X2kr:Vld",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d3ccc8d0-395c-4fcb-9fe4-5cf67a2f4973"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--014c63d0-2dd0-4f1b-86c5-2a772013b345",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "20d3b495-be70-4177-8d84-5537ae041887"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "c4679f8c-f86f-4a94-870b-9ae62dc28300"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "c4953c04-e714-40d7-9097-876d3b85cb98"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "541a4ee6-8718-4e6a-9288-c6e2b1220deb"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "77654",
"category": "Other",
"uuid": "e78cb6c7-2c17-4674-b5fa-1eeccd3401a8"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.446127586329",
"category": "Other",
"uuid": "bef4cfeb-5af6-4a5b-bd8e-c98a2b0cfe2e"
},
{
"type": "md5",
"object_relation": "md5",
"value": "3d908716385f194e5a1bf277214e8213",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b6aeab51-9278-4c5f-8905-07b40609edf5"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "6a3fde177edbfa6aaf3b67a21f448eaa5f0426a2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "01388e54-fbc1-4d4c-b04a-35c4e60c6fae"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "da97af1e3b1e04ff63be13d2ae11276b707618261cd20526cfb2e61d1b3622e2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "191f8df8-2bba-443a-a99c-f620b3fd054a"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "d4dcb06c41a4642a1b8e8ba23b8304380c369df89f9c90a492becbf2731563f04522892b6323c2478eccecbea195215267d528928ec41d2ce8cda883cf767485",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bdb43a51-e005-453c-85b1-c065982a767b"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "1536:R+EVm3mt3zm4Yj1wORWWBsSJEiN+c0Ubt9B9o8LCoGULTswXSf:R+wkmt3zm4kV0iNtbTvo8WoG4IR",
"category": "Payload delivery",
"to_ids": true,
"uuid": "64183a3e-0f51-4db2-adea-6d8d8c4a247e"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e2bee0d4-c8a5-4926-8169-725790fa7270",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:41.000Z",
"modified": "2024-11-07T16:09:41.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".fini",
"category": "Other",
"uuid": "3f8c0bd2-2ff0-4aae-a3c4-344a6110b833"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "85713d2f-c17e-42d4-89e3-5d2a087ad44b"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "31819edb-c261-49e7-807a-23e6a0e115d5"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "46275b2e-eb0a-4b72-a5b7-2ac8c96ca081"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "23",
"category": "Other",
"uuid": "50577251-2e7a-42a2-9252-6b1d97607b29"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.0018228256222",
"category": "Other",
"uuid": "b51df652-3c8a-4067-912a-40b3f47f19de"
},
{
"type": "md5",
"object_relation": "md5",
"value": "901850fd8a67ae18d43bb63e94b81d6f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a316d90f-6900-4fb1-9161-c3e595b931ca"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "0785be31d16e84eeb087d518348606fef9be3b17",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4b0eabe7-be42-4920-bebb-6414677a0ca7"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "727dfefa0504bc9884daeba9be51b1c5f768e8d0f651dbfeeda89ec898459fd7",
"category": "Payload delivery",
"to_ids": true,
"uuid": "06a74988-d6b4-4b4c-9330-ec139686b28c"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "83bff39b4cc26c75c3698e4adcb175cd208c058757791e54e449a69f08ab4893ecce625d9344bc358eb95fe0d6a5789f9524fb6f2538621fb595c42465bf04f3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "57895222-f924-4092-865c-4c1caac84c33"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:ZBqvvlNpJn:2nHn",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c31d083f-0477-47d0-bbbc-15d1c8ab87ec"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fe6b8d22-49d5-49b5-9841-5c973aa0393f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:41.000Z",
"modified": "2024-11-07T16:09:41.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rodata",
"category": "Other",
"uuid": "960db2cf-f6b5-43e9-ac66-ef79e4166a24"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "65b5f602-6056-431d-a1bb-02b7765f52a9"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "968f9a15-f363-4e9a-80df-39b59fb6af47"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "14140",
"category": "Other",
"uuid": "3e64da7f-c310-4d27-9b88-da503cbb4f7b"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.764880966392",
"category": "Other",
"uuid": "9942d65d-9a87-47e2-ab2e-8814d0a2a44c"
},
{
"type": "md5",
"object_relation": "md5",
"value": "f83a04136594fa1967d66605b11b077a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9007d36b-f063-4059-9fe3-3496ef7b44d5"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "7a974250ed0da586b41aa8ddecaa88be4d15b540",
"category": "Payload delivery",
"to_ids": true,
"uuid": "170b084f-cff9-432a-afff-fe27f095cf7d"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "bb008bde4cbc41f91e86a5614c1e387cd4f00ccb254f26a48b536f0b48131155",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4897e1de-7041-4dfe-bf0c-10bc899a1b1d"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "c2b28c5c359ba584d6099ce6e4bd4af9667c79d979cc115ab5fa0500490029668b455b0f3c3f27b24c597645ed36086b81c824acc8257dc2976a9bd2256df566",
"category": "Payload delivery",
"to_ids": true,
"uuid": "0370ce39-1df3-4a9d-8bc3-4d135d04b343"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "192:qD4QkztZiIPzW0tdPFmF65lewVwQ7QRDFWaEnlRum67bqlOVyQSWB3jiGKl:qsT/BkuIGQRZaePuGKl",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f12134be-73a4-458f-bc4b-a9177484f1b3"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--108681f1-f6b4-4fe6-abdb-16b2ad1ea4d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:41.000Z",
"modified": "2024-11-07T16:09:41.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".ctors",
"category": "Other",
"uuid": "e175a395-c44e-4495-abc6-2b08168aff4a"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "e989044d-6d6c-4911-8d0b-dc2e2db99767"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "6d9a5730-e31a-4848-b622-bfdd45411ab9"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "e029fc77-3f1e-427e-ab31-a24c9c8128ef"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8",
"category": "Other",
"uuid": "72275d99-3d11-4a35-851a-5c71263da4b4"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1",
"category": "Other",
"uuid": "b5802917-c548-4d30-9e86-abb86c2f0a40"
},
{
"type": "md5",
"object_relation": "md5",
"value": "14f9c4ad952bff03b2eb8fa9fb3aae76",
"category": "Payload delivery",
"to_ids": true,
"uuid": "723e938f-1d24-4af7-aad8-3a9424dfae73"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "ce296b184763a332aca5193149245ab4653334e8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5017e3a0-4028-463c-b6cd-b1a8962dd9fe"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "72a4fa3544e43a836ffcb268ce06ccdbc55d44d5e6b1b1c19216a53ea98301fd",
"category": "Payload delivery",
"to_ids": true,
"uuid": "945c36a0-6a82-47a5-bff3-56651a65091c"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "7c403a4652234a853f476938085a4a0613f7540ea108da2da488812462f9479cd6af00d184ac313dcb9cbb0c7725342d0363aeff8e7ac856d9f45a2d1d05c4ec",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e73ab9da-ba60-4ee4-9332-33c10818e3bf"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:RRtl:LX",
"category": "Payload delivery",
"to_ids": true,
"uuid": "504033ea-45f5-4782-a33c-fe63fd5dedd4"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0d2a323b-184e-470a-bfc2-d361c4346b24",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:41.000Z",
"modified": "2024-11-07T16:09:41.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".dtors",
"category": "Other",
"uuid": "83b48f17-b8b6-4c01-8a01-6a0bf5e308b5"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "df8645e3-58f9-4781-aa3b-b0e58948157b"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "037e0555-208d-4aed-8fc2-9f0ef20f6bef"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "989900a4-ed7c-417c-8a9f-6c3fb218f0d7"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8",
"category": "Other",
"uuid": "4d69a568-a0d7-4046-b59b-65b3807e6d55"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1",
"category": "Other",
"uuid": "6bab45b7-69d7-46f5-8c17-3db3b9cca051"
},
{
"type": "md5",
"object_relation": "md5",
"value": "14f9c4ad952bff03b2eb8fa9fb3aae76",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2c36c258-1284-4069-8013-03db1ed36618"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "ce296b184763a332aca5193149245ab4653334e8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "163c65ef-d680-4a30-96f4-4ed5d6f30e44"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "72a4fa3544e43a836ffcb268ce06ccdbc55d44d5e6b1b1c19216a53ea98301fd",
"category": "Payload delivery",
"to_ids": true,
"uuid": "971b9db3-eb86-46b4-a579-3f9d249e5ba1"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "7c403a4652234a853f476938085a4a0613f7540ea108da2da488812462f9479cd6af00d184ac313dcb9cbb0c7725342d0363aeff8e7ac856d9f45a2d1d05c4ec",
"category": "Payload delivery",
"to_ids": true,
"uuid": "17ff449e-0595-41c9-8984-d99b37f5e9b1"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:RRtl:LX",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d7852531-c9b1-4bb3-855f-54647dca624f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4092900d-d954-4a61-8e44-794e7a7d71b4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:41.000Z",
"modified": "2024-11-07T16:09:41.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "8c4c0a0b-ceab-43c4-a49e-f640ef39f8ae"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "70bdec39-d52f-4a6f-b07e-1fa88877858c"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "11a84a8e-b25f-407e-9e7e-352deffd5b63"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "85bb38c9-a0fe-4412-95da-cf14f68b1b35"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1408",
"category": "Other",
"uuid": "c4ff0987-0d99-41ab-87ae-6f2c602f3d55"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.8582486136718",
"category": "Other",
"uuid": "0693895e-3a0b-4963-bf93-ee3f63b228b7"
},
{
"type": "md5",
"object_relation": "md5",
"value": "55c20ba1956b1854c3a778395fe3eec9",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c9766cf8-e13e-4143-9344-c4e052ed6b6a"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "4203802da10ee8a5d60d224ec60369d79c20204c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "13d075a1-c8f9-436f-97a6-64fa2c99a51b"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "195de6b10a26a68995772d7debd606c16200f8878cd4ab570cb94b523e7f831e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "04f4933f-1909-4f13-9369-444d7c502afb"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "45375f40ca02dc736ab3ce0a27b415b656b1d52ab9236c8372bf32cb6c4d79e930499b99ae0e39155449b6e08214f979259b8de3be27a478de3cbccff4290e9f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bd70c3ba-9f33-40e0-a232-a5762daef726"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24:0Xj4OtdrTq5k8V0XjkfULmqAyDxyND8W2kmvW5nr++8/1fLv:0jZtBq5k8V0XAfcmqxDgDn2LFb",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bd39ea1a-9ba2-43b3-9444-d0e45dfa37aa"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b3ee5faa-d20e-4b19-a695-acd931331e11",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:41.000Z",
"modified": "2024-11-07T16:09:41.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".bss",
"category": "Other",
"uuid": "6f8617e4-a1e7-4dd5-89b6-0ac0feece88f"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "11615d84-c854-497b-b764-92b433debe74"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "1283d6af-e52d-4e13-a6fd-30a93dba87c1"
},
{
"type": "text",
"object_relation": "flag",
"value": "_lief",
"category": "Other",
"uuid": "9bee196d-a915-44eb-97c3-471ef68b4bc0"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "9728",
"category": "Other",
"uuid": "e6694caa-dd84-411d-8e92-f7e8e1d98a90"
},
{
"type": "md5",
"object_relation": "md5",
"value": "d41d8cd98f00b204e9800998ecf8427e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6084f859-db3c-4cba-8941-6e868f241224"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"category": "Payload delivery",
"to_ids": true,
"uuid": "250674aa-93a6-448f-a439-901e5d3e7904"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fdbd0201-5d3f-430b-9974-0a780126f30f"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "40f11e81-1b4d-46b0-b48b-a37792fa5386"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3::",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6d668131-ca8d-4d5c-b552-51037ec8ace7"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--860c87d0-7fd3-44b3-a805-81952a56f50e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:41.000Z",
"modified": "2024-11-07T16:09:41.000Z",
"labels": [
"misp:name=\"elf-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".shstrtab",
"category": "Other",
"uuid": "b621e45d-b8c8-48eb-a34c-8f2f7983ac3a"
},
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "47b66a38-aa82-479f-b08b-27ab120ad219"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "62",
"category": "Other",
"uuid": "11bf976f-4867-4fdd-beb0-5a12a707ffc4"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.5847266094526",
"category": "Other",
"uuid": "415f4b74-0190-434d-bda3-73ea5d9147d7"
},
{
"type": "md5",
"object_relation": "md5",
"value": "90d8eebc2a34162c49ec31cfc660cec1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a585ff33-8e91-420f-be08-a3fbee60d4db"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "82520d0c476256d276861afe5c02c83d444b380c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9adf43e2-8641-448a-ab9e-c68fd8bc7a38"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "5da0b2d927ccda5332c1e053baec019d7bfb4b0605d7d6c7621052087c81bda2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "99b46602-3677-4028-9f82-d2812f47b4ae"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "f91be34869f6f53fb61cea8c82c68c54d11f9eaa4db19e3192dea5effb6161d6907a6fc19ea3a61e32fae0c260efe4c842e15e5e83b8ac5bce453ccb8f437a9e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4b083f2c-9f4e-40b0-a2f1-9204f4179abe"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:dqMLwlApLQ4lLaCMLdsxlLB4K2in:kMF84MFsOin",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8e891a86-32ba-4998-80f7-6efa1a6b191a"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"labels": [
"misp:name=\"elf\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "type",
"value": "_lief",
"category": "Other",
"uuid": "66e4567b-eb60-44b1-bd3c-1070c36cb9f9"
},
{
"type": "text",
"object_relation": "entrypoint-address",
"value": "134512996",
"category": "Other",
"uuid": "48b4bab4-228f-4441-bb68-6f60dd287ffc"
},
{
"type": "text",
"object_relation": "arch",
"value": "_lief",
"category": "Other",
"uuid": "b5ca4a85-1b84-4ead-b709-e6ae322f0403"
},
{
"type": "text",
"object_relation": "os_abi",
"value": "_lief",
"category": "Other",
"uuid": "b6bcd708-0c1f-40a1-9cc8-ce3d4fc0878c"
},
{
"type": "counter",
"object_relation": "number-sections",
"value": "9",
"category": "Other",
"uuid": "2c212d9d-a8dc-4f11-9052-e360cb2e3f4e"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "elf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--75e53b3e-7629-4b07-9805-cccfc2c61212",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"pattern": "[file:hashes.MD5 = '4dc38c34e95ee063a4328a07871689ff' AND file:hashes.SHA1 = '7df2a1d9b0a53b3eec0ae7f41b62066ff6ba86f0' AND file:hashes.SHA256 = 'd50acb9b20222c4e4a616a2ccc095eec2780141da7d4264a5ba2f82cae9c4670' AND file:hashes.SHA512 = '474df744c51fb1b7f968c384f2c836e5592e8950ff0821f2711a95785888e3934f3fc1e7f386236c52f2bbd13ea30cb63bd2200f70ca830f693949f0bb6c4f2c' AND file:hashes.SSDEEP = '1536:z+EVm3mt3zm4Yj1wORWWBsSJEiN+c0Ubt9B9o8LCoGULTswXSQVZQRZaLG:z+wkmt3zm4kV0iNtbTvo8WoG4IOVUaLG' AND file:name = 'd50acb9b20222c4e4a616a2ccc095eec2780141da7d4264a5ba2f82cae9c4670' AND file:size = '96112' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIADWBZ1lvq/vYbb0AAHB3AQAgABwANGRjMzhjMzRlOTVlZTA2M2E0MzI4YTA3ODcxNjg5ZmZVVAkAA0bmLGdG5ixndXgLAAEEIQAAAAQhAAAAsxBfILRjXHHRHbgYHT3BqEWgSi5ODU6WWZhuJgUR9cCNvTL8D+/y08L5sAp3zg9lRHNwOOY/d9tLhW5PJW1kT7MFhYm1oH5voS17s6p2Q4zyi1MjbxHVGbKtrrrwzxcb09aZ3hGct3EsEfON4q5+OcetA3nT2fpKHdGO4iS7jkHL/VXL7aNXDxoytnRnB1IIQUh1uRbbb4zs6Tq7Z+SokX+DxeL5T9s3u3Jjzv8PkhtBE1BK6Xnzu1TB+oMLLI4GfAy3KvMibTNp/W35IgU3gWBsj2JeVQHWcSlMJJljCtnPBcUEzHtVVCTS5JetiO1Rjf7ZrbRZfrKSrMSHlVUBW2Xb33YmxEtUjy2+1Yg4yK9CGQjlDaPTO3PYTzeNxeM3Slly8uV+9pAKOIQ4MKPwtKxSfU7xAYvN7NKc3QOZyxdl+lunH4ZWH7so0oYOdXqRPxS2hUpmItfe3lwwQ/hJ2o7QPFJQJC0BdB4ntieyGu4Gr89xA5yr7RbDJc7DDWYry9upcp56oPBvesQ+NicLhcHmkBfuNNlEFqTxv/yGL2IohaGyhihLiS2DNr8A7i2slEqT219qb5bUOJ5Lrn0YR63kzcpdaFi+I3gJ5SMzK/z5pZ/p2r8/LHphqq9xoYs9Mv+u6VLH4kBuQKPRomxc5/rwXlVRXjziqx01Wubl6Ijg51MxCMIEUteYFVNBu3d8vgtCEFi/YhcsgUZ8jY6zUqE4AgKGE82H0d9Acs48wvBX33iDcogwDEBr4JYrkvvbBdqn6sf7tqJR8w+LlgRp6aohVVec4GNge/3mJc+bB7yRhmh6kgxy0djyLHMxzc/U8Mv+Fa+/RvzbLNitBVFK3Ijyp5P+Sc/pt1ape/YiWHA1hJt5txchInMNYlIkuN7FT3kMiI3B/S4dTZRlt5+pMfwheHMkwIjR34JMMqXa2V4dU0G33HsgcptolM1v8G9h0pbxxSbqBzGfdEp2gJbQtn8Vjs3E1jloGh3+kxwtuHwFcQzwTb1E7CwzUyAMBaB3R4Wam8mYBL3QIkbQfPpVCOvNzN594VD7IjzL6sffMCYHHq2631diYH/iU2QJsoYzfgS8DZJUfM1SbAHRPGg7O4n/Sz2naYVOijIvq70VIspk2jyzuX4iJJODGwkSF3mDyKQssgidXvbWrM1+ZS4Mp4QTBp6TtHlj8b9SyfS5peGIifJxocp5K9M/5ZW6JiT2MEJb7Nprr0L5Ab0U2VDLSRxX5swwY1ik8B3eW4yD5taxOhPxrxqFIReS6i4sP0f9+L2DUBvHHw35ij6rLGn/i8ugcPANZ4WUi2iBcEf7qpHwPnpxj2HqZIPVZ5336EmIHgENBU8dh1gYiapulFNlXWu829vbE4a1050mZ144TZ+VCKhlDuvjhnmFBBzu8vDm9WdVHPqq+KTsCIlrX3Ccaca80ax4k0ivUbLr+IPUBbiwMI8CJThtJgjrYhtZSk6Z3/iXeIPxtQrY4ezsT52D1Jw98z7231AME4AyWuhsv3TPH6Sc4rAQoyjXIvJ/OwPfCAu1AGZhPseQHfw0NAOJaNL/Ac8IfhNzLooKTH2URfDFSG0cZf4oJ0vXr2SN9ZIXKi5xIeixZOEgHyxA3K/ow0aaTLleVrNv6ekLS6yXrYRdsxu9Yd/Wj8oOZgsbUPwa6xmbz+DB/Lhwz5pNnrETlTm641U+eh0ytXlx+EJFqXR06AC5KmLU7x9OxwytYzzlbAC3TsxUBhSBgo2dUiumhZN+ohROUffZ+lsrxNVQCnQKO++NuTveVyad5PI4EAhqiQ4kbmKuR2s6718c4y34x57pQSbRjVBEhjNjhjOYvJ3zK4PlfxwLIWt2IKeav1zX25HhvFZ8Xrt4i5ySemAYGRxW0rBFhSZ3Dvj6eUe4zHoKd6Ah+6XNwkyRcR8jOPaDe47nXnbpSiFlQ6Y7XDl4VsYBqFBhlrMj/FBr8wteL0439a21zRWMVKVLKRtewfAi1R6Knc73acYWpv1786RtzEiv0pgqiYadKVXvlUh9ZXCsnDByMbQSFow79fz+2eaHRTzlVWm8PTIT2ocdlpi0KwuCzYGmpTvCrlJS4Clzb6snIQgDKK3RE/ZVEGzMYFLgyTG44SIGCX3WZ8uhGn0qGO8Nt0zERLD7kKzqvePjh8KUsvTW6FDsroO02TNqMfhLPQsV70Vbdr62bgTscN3x4Ym0Wkn4Q14fyVim/x8JJrWt8dJATEyQFZNOQHM5EA2A1TN0N7LB1zqhAYwIuzx5ZlhZWmP78mAXj+jj61tfLFKEhv19yIrXTYFqzeX3fAflnF0V3MnpFDWcyOlIejR6+0iMtE9kFFiBKCVIr8gy2kK22d4wYQbkOEuqNDMwq2+Rkb1uaNbOA6laaohsvX4WBhJ6VbidoixEpMmMUl6AxOyC7Bog824sSpgPwZ+FsAsOYVY7YW8T0wQrXbM2wDQmw6POZnWI8MBw0ZqRD8UpPywGbdC5TE/GP8dK/JH0PP4YIflaKnzQd8jHBjAu3KPA9h291L2oFtR9EPtwkaY67nSjN+Pm/OTCg/otmiYa1BQO6TTnL6fxCNijzsK89Ii0Q2uAVeXsEsQKdOhnv8LrTiwP09LvJxSpm8FzFMNFAOKMYMd0K8+BmXNI0GQOydQmjSXtTAT7//V48hEHFljrTJFAUKr0sFrqHGmMdh2nSrlOFD4N/FIUh+mmitqCZ5c2J0sbC9jYHi1PNEuSESFIwLjMw8EqnSAtZ1dlnt6NVLpoppkSL7fixr3O3Onbn5VLBm0hMsv7sGq3lG9wvzmccHmsjNMUuqpzHIOF2SC4WCCIQ+2Ryj6wM3ht1IGwLnky5TpnLpL7dboAEi7WHVf/Vw5dQGsAMVK+V07wThK+o04WcH/Gu/CLA4bFzRda6vXsD0Z2xPTisj+WVRbgq2mVi013KPK1oheT4zVg3nnFfTGtKkmUxMnZtlHQrNSCb1doRUa60EbfvSaFKSyAJiAaHIyT8m0H4i2+LUhdvkVHr773LlE3pRCTE5lsjFz0X7g4V1v95A1DnBQGzAtPlI1vjgCZLyOInPVEsdY+3EyYfl0HvHx7GM2OyRqjkXY0NtCK1LWATz0eqFSzzpL9FoFkVlL8gIhDu879ax9HocwLua2HBYRE1zsT6Xno0Y+8lRD8hJUTdBAKIHwakgTgNA7BaCMprPNpheWkc6D0pp/ERQTpyw/lfml8nVrc3CDiQISu04gSPLUfsjQGT4Kt88AnPcuZh+B9APPtElo9ud3K3tS32ds+KpP7+MZQ0dWPjbD4DldNlOlFKnJJB1l4KSB20Xu7YRtMu0+
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-11-07T16:09:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--029b9f8f-502a-4a4b-bf78-e40b326fb2dd",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"target_ref": "x-misp-object--2c31cdb0-acda-451e-8ad8-6372e205487c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d1c9da4e-9892-4c97-82be-cc87cc389ed9",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"target_ref": "x-misp-object--61ea8ce2-ef50-44e4-a5a2-9709bba1e3aa"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1727de7a-7701-4624-b9f4-4aaef916366d",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"target_ref": "x-misp-object--d7c9ea35-b2b4-4e8e-b830-dc018f7a47ad"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7400d9da-36e5-4047-94d1-8e6717839291",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"target_ref": "x-misp-object--bb59213c-ea39-4b05-b2b4-7a784e8fb387"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--84502403-b1b6-4ea2-8d90-a51dc72c9d78",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"target_ref": "x-misp-object--783e3102-3921-48c7-bcb1-94c014081ac1"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3e963b58-e4e7-402f-9f94-488743517603",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"target_ref": "x-misp-object--c3045b09-bdc5-440e-8756-6564adf707f7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d8230d1a-d387-47b3-9d37-00a5c7fc76fd",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"target_ref": "x-misp-object--ea1812f3-b755-4c27-b117-a86d79a2f7c4"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e0e66484-c01f-4dc3-9388-e6c4cd448ec6",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"target_ref": "x-misp-object--0db20072-8b84-4d24-bd4f-43c0e31538b2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e71c5562-1540-4161-a437-b4bcdffcc955",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0",
"target_ref": "x-misp-object--9bd6147d-ea53-4bd5-8f1a-7afe5c0be463"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--76be9a3f-e330-443c-a05b-27ea88b2b00c",
"created": "2024-11-07T16:09:40.000Z",
"modified": "2024-11-07T16:09:40.000Z",
"relationship_type": "includes",
"source_ref": "indicator--a863f04b-e1ef-4c93-8f1e-9bacce089cd0",
"target_ref": "x-misp-object--3deeddb5-7052-42c3-9f65-f315d04632e0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--16640f5c-71c2-4fde-853b-7fe418bc0af9",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"target_ref": "x-misp-object--7643a61d-31ad-4ded-a4ed-930b6dd0c4dc"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9b207a37-d9c1-41da-a9a1-13510d8bc37a",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"target_ref": "x-misp-object--014c63d0-2dd0-4f1b-86c5-2a772013b345"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ff5d4002-9136-4203-9b8d-dfa9a5322e2c",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"target_ref": "x-misp-object--e2bee0d4-c8a5-4926-8169-725790fa7270"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f4b35a23-938c-46c6-b460-38a4e4da0d08",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"target_ref": "x-misp-object--fe6b8d22-49d5-49b5-9841-5c973aa0393f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f87caa11-9358-4fc3-889d-40dfeeb0b507",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"target_ref": "x-misp-object--108681f1-f6b4-4fe6-abdb-16b2ad1ea4d2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d7c5e813-6940-41ef-ba8d-7ed54573a176",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"target_ref": "x-misp-object--0d2a323b-184e-470a-bfc2-d361c4346b24"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--633b6041-6d44-40b1-993d-9152a59e27fe",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"target_ref": "x-misp-object--4092900d-d954-4a61-8e44-794e7a7d71b4"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a3f83a6c-aaa3-4f85-91b8-68d716cf8b1d",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"target_ref": "x-misp-object--b3ee5faa-d20e-4b19-a695-acd931331e11"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--001558e3-cebd-4c9f-b471-8116939511e4",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"relationship_type": "includes",
"source_ref": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34",
"target_ref": "x-misp-object--860c87d0-7fd3-44b3-a805-81952a56f50e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e43220eb-e235-4a67-8c3d-2dff8534c31c",
"created": "2024-11-07T16:09:42.000Z",
"modified": "2024-11-07T16:09:42.000Z",
"relationship_type": "includes",
"source_ref": "indicator--75e53b3e-7629-4b07-9805-cccfc2c61212",
"target_ref": "x-misp-object--ecc35127-09a5-4b0e-9560-71f123ae6a34"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink