adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5bb3ba96-4868-4147-a4e8-4dfb02de0b81.json

857 lines
1,015 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5bb3ba96-4868-4147-a4e8-4dfb02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-03T12:01:49.000Z",
"modified": "2018-10-03T12:01:49.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5bb3ba96-4868-4147-a4e8-4dfb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-03T12:01:49.000Z",
"modified": "2018-10-03T12:01:49.000Z",
"name": "OSINT - DHS-USCERT MAR-10201537",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5bb3bac4-92fc-434c-abcc-4f5302de0b81",
"file--5bb3bac4-92fc-434c-abcc-4f5302de0b81",
"artifact--5bb3bac4-92fc-434c-abcc-4f5302de0b81",
"indicator--5bb3bb0e-9b30-411e-8d7a-46a802de0b81",
"indicator--5bb3bb10-4c18-4c67-863c-41d502de0b81",
"indicator--5bb3bb11-50ec-4b22-b675-49fa02de0b81",
"indicator--5bb3bb11-4f40-4d56-b3e2-428c02de0b81",
"indicator--5bb3bb12-0114-4a64-85f3-450802de0b81",
"indicator--5bb3bb12-58a4-4245-97ea-43fb02de0b81",
"indicator--5bb3bb12-b39c-47e3-9534-48d002de0b81",
"indicator--5bb3bb13-fdb8-49e6-830d-447402de0b81",
"indicator--5bb3bb13-9b80-4bfb-941e-4d0c02de0b81",
"indicator--5bb3bb14-5f78-4188-9fe1-4d6f02de0b81",
"indicator--5bb3bb14-1b64-4ed2-9102-459702de0b81",
"indicator--5bb3bb15-8bf0-4b08-a195-4fbb02de0b81",
"indicator--5bb3bb25-7648-4e70-9280-4a4802de0b81",
"indicator--5bb3bb26-df88-4d34-9157-405002de0b81",
"observed-data--5bb3bb32-dcdc-451b-a51c-4a4d02de0b81",
"network-traffic--5bb3bb32-dcdc-451b-a51c-4a4d02de0b81",
"ipv4-addr--5bb3bb32-dcdc-451b-a51c-4a4d02de0b81",
"indicator--5bb3bb74-8834-4c0a-b291-458202de0b81",
"indicator--24353fa4-39c9-4f22-afef-ffbeb15bfd8e",
"x-misp-object--2379fc5b-3f38-41fa-953f-35dda1401a93",
"indicator--195ddb4c-b080-4cf9-8ec9-5ebbdb25c37c",
"x-misp-object--1b43c535-7d20-4ac8-9a35-b26aa3a2f09b",
"indicator--8176c716-23dc-44d4-9664-4f0939090210",
"x-misp-object--60fa3a56-124d-43d8-b8fd-3d2c4b7feb4d",
"indicator--169823c0-da81-4f29-a314-c836d9bb2f0e",
"x-misp-object--c64ab4ce-d90f-4cb6-bcce-f87642debe8e",
"indicator--994af4ce-78cf-46fb-8b81-9b7ec660fbb5",
"x-misp-object--82711df4-871d-4350-984d-c0dbf94eba02",
"relationship--0888efbd-43cb-42ef-b3cb-68cff0ca044d",
"relationship--202f770a-5ead-4843-8a99-9280590da7e0",
"relationship--5e9ee311-e7e2-48ef-bfbd-cff76aea7857",
"relationship--6dbc7713-3c6a-4530-9021-813bd401c5de",
"relationship--1d1501a7-928c-4548-88d3-621e4d21144e"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:topic=\"finance\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bb3bac4-92fc-434c-abcc-4f5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:36:52.000Z",
"modified": "2018-10-02T18:36:52.000Z",
"first_observed": "2018-10-02T18:36:52Z",
"last_observed": "2018-10-02T18:36:52Z",
"number_observed": 1,
"object_refs": [
"file--5bb3bac4-92fc-434c-abcc-4f5302de0b81",
"artifact--5bb3bac4-92fc-434c-abcc-4f5302de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bb3bac4-92fc-434c-abcc-4f5302de0b81",
"name": "MAR-10201537.pdf",
"content_ref": "artifact--5bb3bac4-92fc-434c-abcc-4f5302de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bb3bac4-92fc-434c-abcc-4f5302de0b81",
"payload_bin": "JVBERi0xLjYNJeLjz9MNCjE2MSAwIG9iag08PC9MaW5lYXJpemVkIDEvTCA3NTE4ODEvTyAxNjMvRSA2ODI4MC9OIDMyL1QgNzUxMzIzL0ggWyA0ODMgMzUxXT4+DWVuZG9iag0gICAgICAgICAgICAgDQoxNzggMCBvYmoNPDwvRGVjb2RlUGFybXM8PC9Db2x1bW5zIDQvUHJlZGljdG9yIDEyPj4vRmlsdGVyL0ZsYXRlRGVjb2RlL0lEWzxCRDc5RDMyNDE0RTQzRDQ5NkRCN0FGRUVFODZDQjAwND48NjZGOEIxMUI4MTkxODM0Mjg2RjE0QjczNjM0Qzk2QkE+XS9JbmRleFsxNjEgMjhdL0xlbmd0aCA4Ny9QcmV2IDc1MTMyNC9Sb290IDE2MiAwIFIvU2l6ZSAxODkvVHlwZS9YUmVmL1dbMSAyIDFdPj5zdHJlYW0NCmjeYmJkEGBgYmA2AhIMLkCCcT+QYOEFiZmCCAcQwQ4iGEFEL5BgigOxjgMJ4Q4QdzOQ4G4FEkZzgIQbG5DwmcjAxMhgADKUgZEY4j+j/Q+AAAMAkCgKHg0KZW5kc3RyZWFtDWVuZG9iag1zdGFydHhyZWYNCjANCiUlRU9GDQogICAgICAgIA0KMTg4IDAgb2JqDTw8L0ZpbHRlci9GbGF0ZURlY29kZS9MIDQ1OS9MZW5ndGggMjY4L1MgMzk2Pj5zdHJlYW0NCmjeYmBgYGZgYFJnYAEyOhkEGRBAECjGCsQcByB8oDpBQWFBQYbGKw0MjFsdjgWEfRD4wfWGVZ0ttOnfwaUP7B7onRBaIio1eR/reabLjekOx1wT/ttxzq4V5jG5+lhx4sGXZ56ZKOYsUF3AtDYUAsJmggggBprPqp3sNHXjQq8bF5bmZARtM9GMlhJZ28sVdqwVU0JSNScj5cva3h6mn6o5PTjUGWE1yoG9o6GigyBh3tEgWNHRwcDegUWeAUOEGmECDINcBu7Ey0CaH4iFwaEeAmRf43sizqF3ICxhtaNMExfLM48LQj8Wi3kK5qw60HBSno+BgU8AEkWFDNylpkCaEYh7AQIMAH30pecNCmVuZHN0cmVhbQ1lbmRvYmoNMTYyIDAgb2JqDTw8L1BhZ2VMYWJlbHMgMTU0IDAgUi9QYWdlcyAxNTYgMCBSL1R5cGUvQ2F0YWxvZz4+DWVuZG9iag0xNjMgMCBvYmoNPDwvQ29udGVudHNbMTY1IDAgUiAxNjYgMCBSIDE2NyAwIFIgMTY4IDAgUiAxNjkgMCBSIDE3MCAwIFIgMTcxIDAgUiAxNzMgMCBSXS9Dcm9wQm94WzAgMCA2MTIgNzkyXS9NZWRpYUJveFswIDAgNjEyIDc5Ml0vUGFyZW50IDE1NyAwIFIvUmVzb3VyY2VzIDE3OSAwIFIvUm90YXRlIDAvVHlwZS9QYWdlPj4NZW5kb2JqDTE2NCAwIG9iag08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvRmlyc3QgNzMvTGVuZ3RoIDk0MS9OIDkvVHlwZS9PYmpTdG0+PnN0cmVhbQ0KaN6cVdtu2zgQ/RU+tlhkxTtFoDCQuHXiRZ0YldEWCPKgOlxbu5ZkyMo2+fs9Q/ke1EkDY8TR3DgcnyMK5xlnIoVYjVVAFEQyqVXUjZBYNfMuxWqYkJoUS+LxcExyb9mHD0m/XtRNtsyngV5WNpbl7Euvl3x6bC+zNm/Jc5mJuFHnGdRVC+NkIuNuMELXcadOt3GPLnjc1NMstLfJ+OMgmYTHNhmW+Sz075LvNz/+CVOqNCxR3smYPSxR1a2ze73bZNjvX+SrcA+rJusdEm7G7O98sQpQRkwk2fn6NRsx/ieXyeRpGXYHSOpl5+/1kHu+moaqZV7YpJ8vr0Ixm7fMpjb5GDrPmRQuGSzy2YopGQ97cVE/3p5JnsJnMHauMVsl7qJzkJfF4undoMmrfxdFxS7rdl5M2VXI/3t630UUi0CH6sZDluu8DMl48NfN5eiPTWKXdxbzYlDWNqGdzpPruinzRTR967rVnCfDNl8U0/NqtgiMJ1kbyismfBq1r1GLQ6AsOlhTLNu6Sb6vz2uEiMOgyVLIyWY+VdP6vqhmybeiOq9WxfZ9UDSrtj/Pm82gdjtFPNJxP+frECFlkj38aKmrSfMQYnvbHlH7vp2vbmm+StCkup/T9JReRelsEpMkwSGYAapfI9Ltahpt8bQqZRaEsRIrKGWIONoBChoicCTCuzXIV56lWhBImPWiy6LVw88d046v63mOFdWNp87S7Y5x19iJY0aqbsW78pIZUJLipSfQG4Bces1SY7oo6BSJqaAno7CCKAZUM9xiOjQTort24u4EvK17Ed4CfazhjUmn/jS8R+G+eCgP8W2f43v8+RhSXeIbAZ66Db6FOIlv7dVzfP+ymTcCXB8B3OlXApzAqPBt3oDTOYKaFHoL9C1sAbuN6AjSV8J9nXNg54I5AYBzFWFrUM8SzBR0TmSQEORZF0Fm0Y/2gD7yrCFgA4p4p5UoYNC1JtJ41EBeSrrFPuRT3Tmo53geEIOEx0gilLYdsYzUIDx0gXlousNMFKM6PXU82o30XTx0BZ82yJOw4wOhqSPQR9OU4NfikHov/2hWvxPvnNrXD6gH6uxRT3BgeY97dsM9vcc9Y3G1KE73MicCcndAvklRhhW7Dj/Zl7rMq/c7jkUPHNE+zkaTNxHrK0vlSTrRIQ759HzjN5LIHpFIpK8k0a9+iqAX/RvQvSRHf62kiwtfTHoKsbVR3S4iTf06ij+L9FqfBM6uyt7NwI99sABS/wswAM9jls4NCmVuZHN0cmVhbQ1lbmRvYmoNMTY1IDAgb2JqDTw8L0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGggNzUwPj5zdHJlYW0NCkiJlFRNb9s4EL3rVwx6IoE1Q1IkRfXYpmi6WCxaRMAe0h60Mp0ItSlXUhrk3/eRtI0u0BRY+yByOJz3MSMpuq+u3t8qul+q2gnlSSvhyNat8Joa44WnOVS7SjjnkWu0MJpMa1Oq1V60jrRoXEm6ers4GhYSrbTe41Hjh4d13tEyxMoaoQ0Zq1N1qxqhDKlaNKbcL8faOYHbLx0rZYX71bFM/JwVtaOm9iBMSjohNSGzKSlvuuqq6xChblcpKZwmiX9ZmVYJhbumToK6QwVXKiGlMdQN1QYr66l7qu5Y9xd3omYfectecy0so3+4YzdciZZ94PCMddyKhr3jX7o/q3dd9Q1gqJrBajCEBzDSUy2TgcOhuvpwUHQ9VZ9+VlGrzP4iwpmLihe4o4XyQv3/8kzIG4P2t6ZFb4VulKbuGnHIl0X539M67sah5wbV1nGK+SY8NcVTnxqbaOWFbfKYNDJRgn/KplJYQE8x8gEEFRsXCDtO80rY+rQ9ztP3cRu29KpfEHOMxuUV7aaZxgjKjmF5yNjKYcwSJpgmCH2GsAWiB0tU0Cz2+1L++DgfpyUsNMX9s6DuIdB1OPZzzlr5pgajQ4grTbty4WYqSK1QtVMFKo2DrE9YJzWHsO/jlm4D3zjYMzzyjWXziJIGjJ/5Jun4zK5vEBeG3SJg2GdO2wlk4rSeVKfTlgXq43PG3eSuetqgxdbZk1DZnMBVAX+CgNTLmac81sd1TBJzbFdEpYr0dQTFOdz383aM9zk0xt3Fyv94edYnTcGA56nzJrvEUveTDhqmPGZxLYcjVyyidU9QXsO+B+hs2RgFdi0rft/cnlWfrZUW75m8zFuCbwrqSiFup3nJjgDscMgGazYPY1+uS+Fb9Rvie1ibOU7bxwGNnUtjl1Ci35M/EDSEP4rjJg2VL5Y7fMJQ9o7NYRfmEAdIy0OI12nF/KZxzbfwlalNU0jcsX8f9/uwnhOBOK0PYX4alyD4F6IfAgwAT99NTA0KZW5kc3RyZWFtDWVuZG9iag0xNjYgMCBvYmoNPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCA3NjE+PnN0cmVhbQ0KSIl8VE1v4yAUvOdXvCNINTU2/uq17Wq7qlaVamkPbQ+OQxpa20SAN+q/3wfY6ar
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb0e-9b30-411e-8d7a-46a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:06.000Z",
"modified": "2018-10-02T18:38:06.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:hashes.SHA256 = '10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb10-4c18-4c67-863c-41d502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:08.000Z",
"modified": "2018-10-02T18:38:08.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:name = 'Lost_File.so']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb11-50ec-4b22-b675-49fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:09.000Z",
"modified": "2018-10-02T18:38:09.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:hashes.SHA256 = '3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb11-4f40-4d56-b3e2-428c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:09.000Z",
"modified": "2018-10-02T18:38:09.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:hashes.SHA256 = '4a740227eeb82c20286d9c112ef95f0c1380d0e90ffb39fc75c8456db4f60756']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb12-0114-4a64-85f3-450802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:10.000Z",
"modified": "2018-10-02T18:38:10.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:hashes.SHA256 = '820ca1903a30516263d630c7c08f2b95f7b65dffceb21129c51c9e21cf9551c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb12-58a4-4245-97ea-43fb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:10.000Z",
"modified": "2018-10-02T18:38:10.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:hashes.SHA256 = 'a9bc09a17d55fc790568ac864e3885434a43c33834551e027adb1896a463aafc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb12-b39c-47e3-9534-48d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:10.000Z",
"modified": "2018-10-02T18:38:10.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:hashes.SHA256 = 'ab88f12f0a30b4601dc26dbae57646efb77d5c6382fb25522c529437e5428629']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb13-fdb8-49e6-830d-447402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:11.000Z",
"modified": "2018-10-02T18:38:11.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:hashes.SHA256 = 'ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb13-9b80-4bfb-941e-4d0c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:11.000Z",
"modified": "2018-10-02T18:38:11.000Z",
"description": "Submitted Files (10)",
"pattern": "[domain-name:value = '2.so']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb14-5f78-4188-9fe1-4d6f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:12.000Z",
"modified": "2018-10-02T18:38:12.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:hashes.SHA256 = 'd465637518024262c063f4a82d799a4e40ff3381014972f24ea18bc23c3b27ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb14-1b64-4ed2-9102-459702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:12.000Z",
"modified": "2018-10-02T18:38:12.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:hashes.SHA256 = 'e03dc5f1447f243cf1f305c58d95000ef4e7dbcc5c4e91154daa5acd83fea9a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb15-8bf0-4b08-a195-4fbb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:13.000Z",
"modified": "2018-10-02T18:38:13.000Z",
"description": "Submitted Files (10)",
"pattern": "[file:hashes.SHA256 = 'f3e521996c85c0cdb2bfb3a0fd91eb03e25ba6feef2ba3a1da844f1b17278dd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb25-7648-4e70-9280-4a4802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:29.000Z",
"modified": "2018-10-02T18:38:29.000Z",
"pattern": "[file:hashes.SHA256 = '1f2cd2bc23556fb84a51467fedb89cbde7a5883f49e3cfd75a241a6f08a42d6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb26-df88-4d34-9157-405002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:30.000Z",
"modified": "2018-10-02T18:38:30.000Z",
"pattern": "[file:hashes.SHA256 = '9ddacbcd0700dc4b9babcd09ac1cebe23a0035099cb612e6c85ff4dffd087a26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:38:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bb3bb32-dcdc-451b-a51c-4a4d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:38:42.000Z",
"modified": "2018-10-02T18:38:42.000Z",
"first_observed": "2018-10-02T18:38:42Z",
"last_observed": "2018-10-02T18:38:42Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5bb3bb32-dcdc-451b-a51c-4a4d02de0b81",
"ipv4-addr--5bb3bb32-dcdc-451b-a51c-4a4d02de0b81"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5bb3bb32-dcdc-451b-a51c-4a4d02de0b81",
"dst_ref": "ipv4-addr--5bb3bb32-dcdc-451b-a51c-4a4d02de0b81",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5bb3bb32-dcdc-451b-a51c-4a4d02de0b81",
"value": "75.99.63.27"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb3bb74-8834-4c0a-b291-458202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:39:48.000Z",
"modified": "2018-10-02T18:39:48.000Z",
"pattern": "[domain-name:value = 'optonline.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:39:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--24353fa4-39c9-4f22-afef-ffbeb15bfd8e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:39:05.000Z",
"modified": "2018-10-02T18:39:05.000Z",
"pattern": "[file:hashes.MD5 = '4f67f3e4a7509af1b2b1c6180a03b3e4' AND file:hashes.SHA1 = '1c9a437ed876a0ce0e5374bd93acdfd9e9023f1f' AND file:hashes.SHA256 = '4a740227eeb82c20286d9c112ef95f0c1380d0e90ffb39fc75c8456db4f60756']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:39:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2379fc5b-3f38-41fa-953f-35dda1401a93",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:39:04.000Z",
"modified": "2018-10-02T18:39:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-28 04:06:38",
"category": "Other",
"uuid": "d496f4be-1741-480d-bf18-f74e42f46633"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4a740227eeb82c20286d9c112ef95f0c1380d0e90ffb39fc75c8456db4f60756/analysis/1538107598/",
"category": "External analysis",
"uuid": "01a4bf63-9e77-44be-8351-6c4a963d2467"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/69",
"category": "Other",
"uuid": "1283ebae-cffd-4532-9965-1ad59314f771"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--195ddb4c-b080-4cf9-8ec9-5ebbdb25c37c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:39:08.000Z",
"modified": "2018-10-02T18:39:08.000Z",
"pattern": "[file:hashes.MD5 = '8efaabb7b1700686efedadb7949eba49' AND file:hashes.SHA1 = '7b17d63694eee51010bcad143bc72e355e17cb50' AND file:hashes.SHA256 = 'a9bc09a17d55fc790568ac864e3885434a43c33834551e027adb1896a463aafc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:39:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1b43c535-7d20-4ac8-9a35-b26aa3a2f09b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:39:06.000Z",
"modified": "2018-10-02T18:39:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-05 03:11:47",
"category": "Other",
"uuid": "dd585d6e-ca2e-49e9-b82e-8c55f307afac"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a9bc09a17d55fc790568ac864e3885434a43c33834551e027adb1896a463aafc/analysis/1536117107/",
"category": "External analysis",
"uuid": "46df00d5-2e72-462f-94b1-3f466d2b967f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/66",
"category": "Other",
"uuid": "bdcb9d76-cb04-4c88-bbb9-3ee566f8300a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8176c716-23dc-44d4-9664-4f0939090210",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-03T12:01:32.000Z",
"modified": "2018-10-03T12:01:32.000Z",
"description": "This file is not considered malicious, but may have been used by actors for malicious purposes.",
"pattern": "[file:hashes.MD5 = 'b66be2f7c046205b01453951c161e6cc' AND file:hashes.SHA1 = 'ec5784548ffb33055d224c184ab2393f47566c7a' AND file:hashes.SHA256 = 'ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-03T12:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--60fa3a56-124d-43d8-b8fd-3d2c4b7feb4d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:39:08.000Z",
"modified": "2018-10-02T18:39:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-15 12:57:52",
"category": "Other",
"uuid": "4b1ef54b-59fe-454d-951c-ac9015a21b31"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c/analysis/1510750672/",
"category": "External analysis",
"uuid": "41afe04e-8c3f-467e-85cc-d0a5832105ab"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/59",
"category": "Other",
"uuid": "7c82c27e-9c5a-493e-bdbb-92bef39edeef"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--169823c0-da81-4f29-a314-c836d9bb2f0e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:39:12.000Z",
"modified": "2018-10-02T18:39:12.000Z",
"pattern": "[file:hashes.MD5 = '5cfa1c2cb430bec721063e3e2d144feb' AND file:hashes.SHA1 = 'c1a9044f180dc7d0c87e256c4b9356463f2cb7c6' AND file:hashes.SHA256 = '820ca1903a30516263d630c7c08f2b95f7b65dffceb21129c51c9e21cf9551c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-02T18:39:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c64ab4ce-d90f-4cb6-bcce-f87642debe8e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:39:11.000Z",
"modified": "2018-10-02T18:39:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-28 04:05:30",
"category": "Other",
"uuid": "e30c82a0-4f63-4284-991e-c8b84b4adb9f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/820ca1903a30516263d630c7c08f2b95f7b65dffceb21129c51c9e21cf9551c6/analysis/1538107530/",
"category": "External analysis",
"uuid": "d879fdc2-4115-42a5-aeec-423ec7f6d487"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/69",
"category": "Other",
"uuid": "bbfc0be3-6d8b-4df0-8e08-b32da3089b4d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--994af4ce-78cf-46fb-8b81-9b7ec660fbb5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-03T11:59:03.000Z",
"modified": "2018-10-03T11:59:03.000Z",
"description": "This file is not considered malicious but may have been used by actors for malicious purposes.",
"pattern": "[file:hashes.MD5 = '46b318bbb72ee68c9d9183d78e79fb5a' AND file:hashes.SHA1 = '5375ad3746ce42a6f262f55c4f1f0d273fb69c54' AND file:hashes.SHA256 = '10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-03T11:59:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--82711df4-871d-4350-984d-c0dbf94eba02",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-02T18:39:13.000Z",
"modified": "2018-10-02T18:39:13.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-01 18:10:22",
"category": "Other",
"uuid": "487eeed9-2b31-4cbb-aaf8-4ff4c9c3f119"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba/analysis/1538417422/",
"category": "External analysis",
"uuid": "d10f033c-7614-4ad4-8b20-88e40ef7c530"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/58",
"category": "Other",
"uuid": "c3547d1e-4759-4fea-9a93-d724275cd2aa"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0888efbd-43cb-42ef-b3cb-68cff0ca044d",
"created": "2018-10-02T18:39:14.000Z",
"modified": "2018-10-02T18:39:14.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--24353fa4-39c9-4f22-afef-ffbeb15bfd8e",
"target_ref": "x-misp-object--2379fc5b-3f38-41fa-953f-35dda1401a93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--202f770a-5ead-4843-8a99-9280590da7e0",
"created": "2018-10-02T18:39:15.000Z",
"modified": "2018-10-02T18:39:15.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--195ddb4c-b080-4cf9-8ec9-5ebbdb25c37c",
"target_ref": "x-misp-object--1b43c535-7d20-4ac8-9a35-b26aa3a2f09b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5e9ee311-e7e2-48ef-bfbd-cff76aea7857",
"created": "2018-10-02T18:39:16.000Z",
"modified": "2018-10-02T18:39:16.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8176c716-23dc-44d4-9664-4f0939090210",
"target_ref": "x-misp-object--60fa3a56-124d-43d8-b8fd-3d2c4b7feb4d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6dbc7713-3c6a-4530-9021-813bd401c5de",
"created": "2018-10-02T18:39:16.000Z",
"modified": "2018-10-02T18:39:16.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--169823c0-da81-4f29-a314-c836d9bb2f0e",
"target_ref": "x-misp-object--c64ab4ce-d90f-4cb6-bcce-f87642debe8e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1d1501a7-928c-4548-88d3-621e4d21144e",
"created": "2018-10-02T18:39:16.000Z",
"modified": "2018-10-02T18:39:16.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--994af4ce-78cf-46fb-8b81-9b7ec660fbb5",
"target_ref": "x-misp-object--82711df4-871d-4350-984d-c0dbf94eba02"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink