adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a24041c-d7c8-4dc1-b0ed-45f702de0b81.json

661 lines
215 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5a24041c-d7c8-4dc1-b0ed-45f702de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:10:23.000Z",
"modified": "2017-12-03T14:10:23.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a24041c-d7c8-4dc1-b0ed-45f702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:10:23.000Z",
"modified": "2017-12-03T14:10:23.000Z",
"name": "OSINT - Android Malware Appears Linked to Lazarus Cybercrime Group",
"published": "2017-12-03T14:11:12Z",
"object_refs": [
"observed-data--5a240429-4354-43b6-8940-4e4e02de0b81",
"url--5a240429-4354-43b6-8940-4e4e02de0b81",
"x-misp-attribute--5a24043e-7338-4ea0-99e0-401e02de0b81",
"indicator--5a240487-534c-44f0-aaa0-485602de0b81",
"indicator--5a240487-ff18-49dd-99e9-4bd502de0b81",
"indicator--5a240487-d7f4-4beb-a63b-44cc02de0b81",
"indicator--5a240487-16e8-46a5-96c3-455c02de0b81",
"indicator--5a240487-5c80-44fc-8b58-4b5e02de0b81",
"indicator--5a240487-87ec-4dfe-b2f3-4df202de0b81",
"indicator--5a240487-6664-45b5-a902-461302de0b81",
"indicator--5a240487-a980-40d3-84ec-432602de0b81",
"indicator--5a240487-75dc-40a5-96f5-498d02de0b81",
"indicator--5a240487-9f38-4e74-a2e0-4c1002de0b81",
"indicator--5a240487-6b38-4ece-af7c-4a9502de0b81",
"indicator--5a240487-dc90-46ed-a6fa-47b102de0b81",
"indicator--5a2404de-10ec-4843-a865-428c02de0b81",
"indicator--5a2404de-bf84-4257-be7e-4e8302de0b81",
"indicator--5a2404de-a8f4-4bcd-8bc7-44f202de0b81",
"indicator--5a2404ef-1f38-47de-a5c5-4b0c02de0b81",
"indicator--5a2404ef-bb48-4ffe-8860-471502de0b81",
"indicator--5a2404ef-338c-42d5-af7e-45ad02de0b81",
"indicator--5a240514-e3dc-4f24-bf92-4bfa02de0b81",
"indicator--5a240514-6284-4d76-8aa6-46d302de0b81",
"observed-data--5a240514-a630-4963-af31-4add02de0b81",
"url--5a240514-a630-4963-af31-4add02de0b81",
"indicator--5a240564-a824-4c62-95b4-43ac02de0b81",
"observed-data--5a2405b7-b2e8-47ac-899f-495c02de0b81",
"file--5a2405b7-b2e8-47ac-899f-495c02de0b81",
"artifact--5a2405b7-b2e8-47ac-899f-495c02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Lazarus Group\"",
"ms-caro-malware:malware-platform=\"AndroidOS\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a240429-4354-43b6-8940-4e4e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:15.000Z",
"modified": "2017-12-03T14:07:15.000Z",
"first_observed": "2017-12-03T14:07:15Z",
"last_observed": "2017-12-03T14:07:15Z",
"number_observed": 1,
"object_refs": [
"url--5a240429-4354-43b6-8940-4e4e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"osint:certainty=\"93\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a240429-4354-43b6-8940-4e4e02de0b81",
"value": "https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group/#sf174581990"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a24043e-7338-4ea0-99e0-401e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:15.000Z",
"modified": "2017-12-03T14:07:15.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"osint:certainty=\"93\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "The McAfee Mobile Research team recently examined a new threat, Android malware that contains a backdoor file in the executable and linkable format (ELF). The ELF file is similar to several executables that have been reported to belong to the Lazarus cybercrime group. (For more on Lazarus, read this post from our Advanced Threat Research Team.)\r\n\r\nThe malware poses as a legitimate APK, available from Google Play, for reading the Bible in Korean. The legit app has been installed more than 1,300 times. The malware has never appeared on Google Play, and we do not know how the repackaged APK is spread in the wild."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-534c-44f0-aaa0-485602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '110.45.145.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-ff18-49dd-99e9-4bd502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '114.215.130.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-d7f4-4beb-a63b-44cc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.29.11.203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-16e8-46a5-96c3-455c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.248.228.30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-5c80-44fc-8b58-4b5e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.196.55.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-87ec-4dfe-b2f3-4df202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '14.139.200.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-6664-45b5-a902-461302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '175.100.189.174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-a980-40d3-84ec-432602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-75dc-40a5-96f5-498d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.211.212.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-9f38-4e74-a2e0-4c1002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.180.148.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-6b38-4ece-af7c-4a9502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.117.4.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240487-dc90-46ed-a6fa-47b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.106.2.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2404de-10ec-4843-a865-428c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[domain-name:value = 'mail.wavenet.com.ar']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2404de-bf84-4257-be7e-4e8302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[domain-name:value = 'vmware-probe.zol.co.zw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2404de-a8f4-4bcd-8bc7-44f202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[domain-name:value = 'wtps.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2404ef-1f38-47de-a5c5-4b0c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[file:hashes.MD5 = '24f61120946ddac5e1d15cd64c48b7e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2404ef-bb48-4ffe-8860-471502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[file:hashes.MD5 = '8b98bdf2c6a299e1fed217889af54845']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2404ef-338c-42d5-af7e-45ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"pattern": "[file:hashes.MD5 = '9ce9a0b3876aacbf0e8023c97fd0a21d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240514-e3dc-4f24-bf92-4bfa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"description": "- Xchecked via VT: 24f61120946ddac5e1d15cd64c48b7e6",
"pattern": "[file:hashes.SHA256 = '800f9ffd063dd2526a4a43b7370a8b04fbb9ffeff9c578aa644c44947d367266']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240514-6284-4d76-8aa6-46d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"description": "- Xchecked via VT: 24f61120946ddac5e1d15cd64c48b7e6",
"pattern": "[file:hashes.SHA1 = '903e3421a8cec914a41e851a31bd5a385f8d95b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a240514-a630-4963-af31-4add02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:07:16.000Z",
"modified": "2017-12-03T14:07:16.000Z",
"first_observed": "2017-12-03T14:07:16Z",
"last_observed": "2017-12-03T14:07:16Z",
"number_observed": 1,
"object_refs": [
"url--5a240514-a630-4963-af31-4add02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a240514-a630-4963-af31-4add02de0b81",
"value": "https://www.virustotal.com/file/800f9ffd063dd2526a4a43b7370a8b04fbb9ffeff9c578aa644c44947d367266/analysis/1511337265/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a240564-a824-4c62-95b4-43ac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:08:36.000Z",
"modified": "2017-12-03T14:08:36.000Z",
"pattern": "[file:name = '/data/system/dnscd.db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T14:08:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a2405b7-b2e8-47ac-899f-495c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T14:10:23.000Z",
"modified": "2017-12-03T14:10:23.000Z",
"first_observed": "2017-12-03T14:10:23Z",
"last_observed": "2017-12-03T14:10:23Z",
"number_observed": 1,
"object_refs": [
"file--5a2405b7-b2e8-47ac-899f-495c02de0b81",
"artifact--5a2405b7-b2e8-47ac-899f-495c02de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5a2405b7-b2e8-47ac-899f-495c02de0b81",
"name": "20171114-ELF-2.png",
"content_ref": "artifact--5a2405b7-b2e8-47ac-899f-495c02de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5a2405b7-b2e8-47ac-899f-495c02de0b81",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABYcAAAQaCAYAAAFvAPdQAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFxEAABcRAcom8z8AAP+lSURBVHhe7N0LlBRVmi96H8wMbdPdnGnpw/TQM65znR7m4sx41jjneM6iB+cu+yzmNCoqKAIqKq0oiIyigqIotNJKCyq2iIiotKKCojxEEeRR8gaL96uQ4l1goQgFFFBA3Prv2l+yKyoyKyMzInJHxv+31l4ZsSMyMjNy55dfRu7YcY5DFHNsxBR7bMQUe2zEFHtsxBR7bMQUe2zEFHtsxBR7bMQUe2zEFHvWNuLu3bvrqbNOnTqlp4jOilUjPuccfnFQQ7FqxMCGTG7Wtgg01iVLljhdu3ZVDVrm2YjJzepGXFFR4fyX//JfnH79+qn5Ll26sBFTA1Y34hkzZji//OUvnZdeeslp2bKlqmMjJjerG/G5557boLARk5u1LYI/7Chb1raIt99+O5U+uAuRKRYt4vL5DznnfNRRzxHVF0ojdkfLcePG1bsFrLNly5bUdLt27dS026OPPurccMMNTs2Zun/rWrRoUW/dNm3aqFusN2vWrFS0xn1kGWC5zJvPg+IvtEgsjcmclsZn1u/atUtNg1kvMH3w4EHVKM+56v9RDdW0aNEiPVUf1gc85urVq9W02kbt9sxGPM94LIqn2L2DzWd001PBqS4v11MUR7EMQ2Hlx4zK8RSLd21dx4aNNswfeqerq/UUxUEsGnG6CBlmQ2ZUjo9YN2Jo8vH1eiocu0eN0lNkq1g04k09eugpb12W/0FP1dk/caKeCgajst2K5t2pOH5QT9WZ36SJngrOkosu0lNkk6IOMWFE0GWtW+spskXRf0+GlQowxbBHIt6JRS1b6qlg7ZswQU9RIRVlI66qaXic9/Dy5XoqeIzKhRWbvb/qiiv0VHYGrH9LT0XjTE2NnqKoxaYR5xLtmk3voqeiw6gcvaJuxJDuX72K8eP1VDjYqSg6sWnEZX366Cn/0jXkMI4lmxiVo5GYvZyuIUfR0PL5AFLjEhUq0uXIUTTksKN+kiXu+67/ujf0VH04lryhi/8fguW1uW+nTp30XONKmjXTUxSUxDVi8DqODOWDB+spf6699lrnkUceyarAxjTDEZimTp2qp6gxiWzEQUMjhsOHD6tb086dO9XtY4895jz11FNqWvCHXzBitRdXXnaZnrJLpkb8zDPPqDHkOnfu7Fx/fcO+z0c3btRTDe3bt885c+aMc/r0aTU2c7pyzTXX6HtkZ8SIEXqqOMSqEQcZuTp6nPKUK69GfNttt6Xq4cYbb1QNOR2v14ZGjOdpbgfuuusutT2RSyO+6qqr1LYbK3GQ2EYs3P2Qc9FYOoHlgwYNcoYOHaprveH1mZ2VvBpxr169nHvuuce5+uqrU40sl0bs9a1gRvVly5Y51113nZq2Xawa8df9++up4GDcin977z495w0NJhNpZCdPnlS3XtasWeNs3bpVz2XHqxFjGgWNDbdIN4JqxCD11dXVzrBhw9S07RIfieVrVc7V27Rpk7oVlZWVWTViHHnA7YEDB1RBOuE+MoHiR7p0AnXScEtKSgJrxMtdPf327t2rpxqSbwEbxKoRh0EaMeBfvb59+6qG/MQTT6jGM2bMmKwjMRoGvoKl5AuNGD/qTJh3l6AasbyOxl6vbdiIjUYMaMi3336784c//CHVKAv9pr744oupcuzYMV2bu0zphB/48GBf4dsqnbKystCjNhuxqxEDGrLkg3ijsI4XjOsmBWT8N5A681bGgJO6QkEjBvNbI5dGjX2Dgn8tBeZPnDih5xxnyJAhyW3EUf1j5d7BmEf583fPHmZK14ghXYN0N2KzgZujdRbC8OHD1e17773n3HHHHanil1cjFthvuNYKPhyYDpO1jRi8DllFadS2GXoqWjKKJz4A7g+D+1ZgfvLkyXouGl6N+Oabb3buu+/s0R4JBGGyuhFXVVWpY5c4jGT+Q+Uus2fP1vcInoyL7BeOpIRxNCUXksbg20A+ILiVsZ9x7BnwQcC01AsMjyvrmNCA8XvBHYnnzJmjp+ouW5H4Ruy1E/BpN7/+zJ1mk621X6c2kegtERvz0nCRJ8tyqRdo1F7wD6T7vZHIa5Z0118JSuwaMQ4DIQLgb1f5MeK3EZtvkMl8E4X8CEKdGZ2yFWRDtiWyu+FSbVIKIXaNGNP4CkNDxq9qpBq2RmIRVEMOqxHb+uHIVuwaMWAejRjwj1WQjThTLlt2JP0/WI0JoiFvGzBATwVn79ixeso/SUtwi2upCPMSFpDumy8o1jdi/CNlcv9bhRLGD7t0owZ1WvasnvLPphy55mDuHZ/QKPFjUX4wmse/3SlXunw6SFY3YjnEZv5j9emnn6q6KGxP0+ss3Umn2bChIcc9fXArrlcTEq83Pa4NOawGXMgPBhuxD99MmqSn6kTZkG2OnpmeW//+/X333vPLqj1j/gCQXMr890pyL8A8rm8H7vowLWjaVE/Viaoh59OIv7r8cj0VrGy3K4cpw2JVI44Ts1Fd/Pndesq/sFOLsCK4nwEe0YhxODQssWvEeFPCemP8Mi8VNmnPQj3lX1gNec/o0XoqOLnsezRir15y0sXVfQjVr9g1YrG2QwdnhyWnzwTxoQqyIZ+qqtJTwcnnkFy6Rrx582Y9VQenROUito3YZEtkzvfCNOkasp8Paxj7It9tpmvEIGkGjvd/9NFHatqvvJ4d+jF06xb8tZbzUegGne+/al5Dzmb7moJ+7UENuZWuEeOfPfzzWlNTo84Auemmm/QSf/J+1XJelm3wBlSVluq56BX6w5SvXSNH6qn8oREj/8X5iybMu0suAmvE7vzGtG3bNj1VGIVoUGsP7VC3386cqW7DsvrKK/VUMMLYV2jEgCENjhw5kipBCawRL1myRN264ZcnxiA7dOiQrimcI2vXRjoqZduSgeo2rGFdg2xw333+uZ6Kn1AaMerMwyboFLJgwQI9Zwc0gCguFpPPnyFRiXvqE2okfvzxx1Nn037wwQeqDteyWHjhhWraFmG+ie/vWWhtQ4668SKYmf+o4ocd/m2VOvNfWUlBshFYI8ZwUG6l+ocVTidyj6xj42DTOJS1pn17PZe9X3zWU92ajVWmX9te9zVtW0PONBpn3ATSiJE6PPDAA7rmbJ27ePF7fbqohBGlbGjINqQOQT+HwCLx9OnTU+dZYdoP269nEeROv2xe8IMiZiOMwRj9wD4M6zdI4T+Whk09eugpO+FbY/eoUXoudyUHNuip9ILsjbe4VSs9Fa2oor5VjRhs+LrLRtjPE40434ZciH1ZiMfM6RHNnWtOY5AN9xBN5nL0Dc72jQnjpMgw4CvSxg9elNeaLvTrt2/vG2xsHJmgw/yxsjI91zj5oef+YKcLEtmIap/Z9N7Y80wyCCIPjVpjb/Ll8x8KtBEvv+QSPRUOHN+3NajY+aw8xC0qm9BYMx1eS9dQUZ9tIw7DvgkTYrHfY9cyDkybpqeygwu+uGXTMK5b+ntnTuWa1J8VcgvpGmS/tePUsnRXLU1nx44dqiuiu3z99dd6jeigT7P7PELbxa4Rg5/okK4R//u//7uey01j0TVOStu2dVZceqmei59YNmI/vBoxXHDBBXoqswk756nGihw2TJI6uEtY8Lf/5p51f5fHne+9hItxy790cSANAWO24RJcMt+qVSv1lQ2VJ+q6ieIKSmiwG6t2q/lilM/Ya7bK6aMe5unXQZNGi4EJzUaMW2nEQaQFMgYZtus1DgZu5Ti5FKwnY2fgGLt5Cxh7w1xf1jXrhMxLrzCZRjEH+ytGOTfi7du36zlvR48eLfjlCsB8o+Gbb75x2rdvr+qlEVO8BdqIMVYwRrJEujFx4kR1DbhCu/fee1O/9s2SbU5M9gusEb/00kv1cuWuXbuq/FkU6nhjvj/sCmLXSOwwPUONCTQSAy6e/dBDD6lTtLt06aJr6xoxOp0XojFLjmiWv/u7v9NLY4ANOqPAG/Enn3yibgcMGOB5xR1THP4Nsg4bdAM5N2L32RovvPB
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink