2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5c687cb3-08c4-46d3-9981-093702de0b81",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:23:33.000Z",
|
|
|
|
"modified": "2019-02-16T21:23:33.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5c687cb3-08c4-46d3-9981-093702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:23:33.000Z",
|
|
|
|
"modified": "2019-02-16T21:23:33.000Z",
|
|
|
|
"name": "Fake amf-fr.org website delivering malicious Word document and binaries",
|
|
|
|
"published": "2019-02-16T21:25:34Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5c687ce0-c8a8-403a-8182-0a7902de0b81",
|
|
|
|
"url--5c687ce0-c8a8-403a-8182-0a7902de0b81",
|
|
|
|
"indicator--5c687cf5-6ed8-4a61-b92f-444d02de0b81",
|
|
|
|
"indicator--5c687d3c-6974-4753-90ef-4ca302de0b81",
|
|
|
|
"indicator--5c687d3c-df04-49a6-bd7d-4de102de0b81",
|
|
|
|
"indicator--5c687d3c-b928-4705-aa8e-4c1e02de0b81",
|
|
|
|
"indicator--5c687d3c-7354-4f21-940d-4eb402de0b81",
|
|
|
|
"indicator--5c687d3c-0670-42ad-b4ba-4a1d02de0b81",
|
|
|
|
"indicator--5c687d3c-60e8-40ad-bba5-419602de0b81",
|
|
|
|
"indicator--5c687d3c-b814-49f9-a110-488102de0b81",
|
|
|
|
"indicator--5c687d3c-1480-41fb-9406-437002de0b81",
|
|
|
|
"indicator--5c687d3c-f0cc-4229-87cc-49ec02de0b81",
|
|
|
|
"indicator--5c687d3c-89e8-4e4e-a36d-4f9f02de0b81",
|
|
|
|
"indicator--5c687d7f-c2c4-40f2-aaf6-4ddf02de0b81",
|
|
|
|
"indicator--5c687d80-4cc0-4ca7-875e-44a702de0b81",
|
|
|
|
"indicator--5c687d80-c348-4494-8fc8-4d1502de0b81",
|
|
|
|
"indicator--5c687db7-0758-4215-ac9f-0a7902de0b81",
|
|
|
|
"indicator--5c687db7-abdc-465d-b2a1-0a7902de0b81",
|
|
|
|
"indicator--5c687db7-b9e0-4080-a8e6-0a7902de0b81",
|
|
|
|
"indicator--06d5a45f-c38b-432c-b5ed-ae6d4678d1b3",
|
|
|
|
"x-misp-object--4727229f-b670-4858-96fd-767498563eb3",
|
|
|
|
"indicator--eed1fbf3-e607-459f-acaa-2c6e95ed0b35",
|
|
|
|
"x-misp-object--dce07551-b2f6-465f-8974-3641d201f213",
|
|
|
|
"indicator--87116905-ee45-4287-a160-b0a4394d7a72",
|
|
|
|
"x-misp-object--41e5f71c-fa1c-4134-b00b-02000993764b",
|
|
|
|
"indicator--fcef97bb-467e-4d5c-962b-9f328dc1f3e9",
|
|
|
|
"x-misp-object--3128ae45-b4ce-4757-8b61-047167aed701",
|
2024-08-07 08:13:15 +00:00
|
|
|
"relationship--92f63b9e-58b0-4414-8350-5c664459c099",
|
|
|
|
"relationship--c08b1dc4-f83a-443b-af9d-35f0445d4071",
|
|
|
|
"relationship--bf55d78d-6d98-4130-bc40-75163e92c9a2",
|
|
|
|
"relationship--d4922563-b5f7-4acb-8c26-d37e9822a0e2"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"",
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Hooking - T1179\"",
|
|
|
|
"circl:topic=\"finance\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5c687ce0-c8a8-403a-8182-0a7902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:13:04.000Z",
|
|
|
|
"modified": "2019-02-16T21:13:04.000Z",
|
|
|
|
"first_observed": "2019-02-16T21:13:04Z",
|
|
|
|
"last_observed": "2019-02-16T21:13:04Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5c687ce0-c8a8-403a-8182-0a7902de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5c687ce0-c8a8-403a-8182-0a7902de0b81",
|
|
|
|
"value": "https://www.amf-france.org/en_US/Actualites/Communiques-de-presse/AMF/annee-2018?docId=workspace%3A%2F%2FSpacesStore%2F3d58f35b-f448-438e-9923-cd6e8e903fc0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687cf5-6ed8-4a61-b92f-444d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:13:25.000Z",
|
|
|
|
"modified": "2019-02-16T21:13:25.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.38.150.171']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:13:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d3c-6974-4753-90ef-4ca302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:14:36.000Z",
|
|
|
|
"modified": "2019-02-16T21:14:36.000Z",
|
|
|
|
"pattern": "[url:value = 'http://amf-fr.org/d1.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d3c-df04-49a6-bd7d-4de102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:14:36.000Z",
|
|
|
|
"modified": "2019-02-16T21:14:36.000Z",
|
|
|
|
"pattern": "[url:value = 'http://amf-fr.org/files/litigations/complaint-96.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d3c-b928-4705-aa8e-4c1e02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:14:36.000Z",
|
|
|
|
"modified": "2019-02-16T21:14:36.000Z",
|
|
|
|
"pattern": "[url:value = 'http://amf-fr.org/litigations/complaint-201.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d3c-7354-4f21-940d-4eb402de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:14:36.000Z",
|
|
|
|
"modified": "2019-02-16T21:14:36.000Z",
|
|
|
|
"pattern": "[url:value = 'http://amf-fr.org/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d3c-0670-42ad-b4ba-4a1d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:14:36.000Z",
|
|
|
|
"modified": "2019-02-16T21:14:36.000Z",
|
|
|
|
"pattern": "[url:value = 'http://www.amf-fr.org/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d3c-60e8-40ad-bba5-419602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:14:36.000Z",
|
|
|
|
"modified": "2019-02-16T21:14:36.000Z",
|
|
|
|
"pattern": "[url:value = 'https://amf-fr.org/files/litigations/complaint-96.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d3c-b814-49f9-a110-488102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:14:36.000Z",
|
|
|
|
"modified": "2019-02-16T21:14:36.000Z",
|
|
|
|
"pattern": "[url:value = 'https://amf-fr.org/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d3c-1480-41fb-9406-437002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:14:36.000Z",
|
|
|
|
"modified": "2019-02-16T21:14:36.000Z",
|
|
|
|
"pattern": "[url:value = 'https://www.amf-fr.org/documents/document-a1657.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d3c-f0cc-4229-87cc-49ec02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:14:36.000Z",
|
|
|
|
"modified": "2019-02-16T21:14:36.000Z",
|
|
|
|
"pattern": "[url:value = 'https://www.amf-fr.org/litigations/compliant-201.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d3c-89e8-4e4e-a36d-4f9f02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:14:36.000Z",
|
|
|
|
"modified": "2019-02-16T21:14:36.000Z",
|
|
|
|
"pattern": "[url:value = 'https://www.amf-fr.org/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d7f-c2c4-40f2-aaf6-4ddf02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:15:43.000Z",
|
|
|
|
"modified": "2019-02-16T21:15:43.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'efbcffc10763a287bdedfb6e892ae20c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:15:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d80-4cc0-4ca7-875e-44a702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:15:44.000Z",
|
|
|
|
"modified": "2019-02-16T21:15:44.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0dfe75a01e525bc599dff0c17204129b7ac3a437']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:15:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687d80-c348-4494-8fc8-4d1502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:15:44.000Z",
|
|
|
|
"modified": "2019-02-16T21:15:44.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:15:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687db7-0758-4215-ac9f-0a7902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:16:39.000Z",
|
|
|
|
"modified": "2019-02-16T21:16:39.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:16:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687db7-abdc-465d-b2a1-0a7902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:16:39.000Z",
|
|
|
|
"modified": "2019-02-16T21:16:39.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:16:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c687db7-b9e0-4080-a8e6-0a7902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:16:39.000Z",
|
|
|
|
"modified": "2019-02-16T21:16:39.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:16:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--06d5a45f-c38b-432c-b5ed-ae6d4678d1b3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:21:27.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'efbcffc10763a287bdedfb6e892ae20c' AND file:hashes.SHA1 = '0dfe75a01e525bc599dff0c17204129b7ac3a437' AND file:hashes.SHA256 = '728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:21:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--4727229f-b670-4858-96fd-767498563eb3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:21:27.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-15T11:14:58",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9855c53c-9fa6-4ddc-8d31-1289c1de6275"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b/analysis/1550229298/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "75ebbd07-bb66-4db7-af0b-5b506c6c3a3b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "33/59",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1c675ba2-05ca-4790-82bd-bdd2049c0914"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--eed1fbf3-e607-459f-acaa-2c6e95ed0b35",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:21:27.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '28202ac7689aaef894840c773b7e1e56' AND file:hashes.SHA1 = 'b0f4377953f59ba0d5b295861e2ab7fc5c6d03de' AND file:hashes.SHA256 = '49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:21:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--dce07551-b2f6-465f-8974-3641d201f213",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:21:27.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-14T09:56:32",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f9a9b973-ba12-4fc6-afff-200d07e7e703"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0/analysis/1550138192/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "5e41e640-8995-4536-ab09-da2fc06c37b5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "0/54",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "455f9992-cfd2-43bc-a839-a9072fcaafc3"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--87116905-ee45-4287-a160-b0a4394d7a72",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:21:27.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '11df89bd965bbd85bed31b90f1481312' AND file:hashes.SHA1 = '79ee5019cebead10c6527e2531e7b0ee69322405' AND file:hashes.SHA256 = '1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:21:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--41e5f71c-fa1c-4134-b00b-02000993764b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:21:28.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-11-29T14:41:31",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5e121da8-35b8-43a9-a3c5-7e8775bcff8a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a/analysis/1543502491/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "b2067c10-5f14-4cf3-9588-c5027f9c3a62"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "0/57",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a15b1066-3af7-4989-a398-7b6615d82931"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--fcef97bb-467e-4d5c-962b-9f328dc1f3e9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:21:28.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:28.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8ec83dba30c4f4d014899fbcc9a78171' AND file:hashes.SHA1 = '96a942174c55f5f3ab7236eb7e3ac549b67c88db' AND file:hashes.SHA256 = 'd57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-16T21:21:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--3128ae45-b4ce-4757-8b61-047167aed701",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-16T21:21:28.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-11-30T10:14:04",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4930b271-4207-4c55-98ee-b2ad7aad0333"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/d57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44/analysis/1543572844/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "69e9a82f-bfbd-401e-bd63-ae39bfcaab3e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "30/59",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "95e48f3e-8da2-4521-b203-dbe94341995f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--92f63b9e-58b0-4414-8350-5c664459c099",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-02-16T21:21:28.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:28.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--06d5a45f-c38b-432c-b5ed-ae6d4678d1b3",
|
|
|
|
"target_ref": "x-misp-object--4727229f-b670-4858-96fd-767498563eb3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--c08b1dc4-f83a-443b-af9d-35f0445d4071",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-02-16T21:21:28.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:28.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--eed1fbf3-e607-459f-acaa-2c6e95ed0b35",
|
|
|
|
"target_ref": "x-misp-object--dce07551-b2f6-465f-8974-3641d201f213"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--bf55d78d-6d98-4130-bc40-75163e92c9a2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-02-16T21:21:28.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:28.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--87116905-ee45-4287-a160-b0a4394d7a72",
|
|
|
|
"target_ref": "x-misp-object--41e5f71c-fa1c-4134-b00b-02000993764b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--d4922563-b5f7-4acb-8c26-d37e9822a0e2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-02-16T21:21:28.000Z",
|
|
|
|
"modified": "2019-02-16T21:21:28.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--fcef97bb-467e-4d5c-962b-9f328dc1f3e9",
|
|
|
|
"target_ref": "x-misp-object--3128ae45-b4ce-4757-8b61-047167aed701"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|