2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
|
"type": "bundle",
|
|
|
|
|
"id": "bundle--5c6baef6-fca0-446e-b0b1-ac45950d210f",
|
|
|
|
|
"objects": [
|
|
|
|
|
{
|
|
|
|
|
"type": "identity",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:50:29.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:50:29.000Z",
|
|
|
|
|
"name": "CIRCL",
|
|
|
|
|
"identity_class": "organization"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "report",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "report--5c6baef6-fca0-446e-b0b1-ac45950d210f",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:50:29.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:50:29.000Z",
|
|
|
|
|
"name": "Financial - socgen-compliance.com fake website delivering malicious documents",
|
|
|
|
|
"published": "2019-02-19T07:50:34Z",
|
|
|
|
|
"object_refs": [
|
|
|
|
|
"indicator--5c6baf1a-0d34-43dc-bdee-acf5950d210f",
|
|
|
|
|
"indicator--5c6baf1b-3680-46d3-8327-acf5950d210f",
|
|
|
|
|
"indicator--5c6baf1b-cd08-40f3-b990-acf5950d210f",
|
|
|
|
|
"indicator--5c6baf1b-0a6c-49e7-8915-acf5950d210f",
|
|
|
|
|
"indicator--5c6baf1b-43e8-4e4e-ae66-acf5950d210f",
|
|
|
|
|
"observed-data--5c6bb072-76bc-49df-bb81-acf5950d210f",
|
|
|
|
|
"file--5c6bb072-76bc-49df-bb81-acf5950d210f",
|
|
|
|
|
"artifact--5c6bb072-76bc-49df-bb81-acf5950d210f",
|
|
|
|
|
"indicator--5c6bb117-e894-4061-9f71-ac45950d210f",
|
|
|
|
|
"indicator--5c6bb2a2-9284-4346-ae45-ac4a950d210f",
|
|
|
|
|
"indicator--b81aa1ad-3fb3-4474-b131-de9ac363b46d",
|
|
|
|
|
"x-misp-object--1dd93d82-899d-47d1-b05b-74ea871bd098",
|
|
|
|
|
"indicator--9c164e47-4a79-4799-9a25-5fe94823c10b",
|
|
|
|
|
"x-misp-object--a217b961-07ab-4154-8be6-1ed62ccb44d5",
|
2024-08-07 08:13:15 +00:00
|
|
|
"relationship--40c6cf1a-ae7f-47ad-bfd8-a179b0cfc6c2",
|
|
|
|
|
"relationship--044bdc54-fcf5-411e-9cac-40c9c6f745ac"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"Threat-Report",
|
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\"",
|
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"",
|
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Hooking - T1179\"",
|
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"",
|
|
|
|
|
"misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"",
|
|
|
|
|
"type:OSINT",
|
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
|
"circl:topic=\"finance\""
|
|
|
|
|
],
|
|
|
|
|
"object_marking_refs": [
|
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5c6baf1a-0d34-43dc-bdee-acf5950d210f",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:24:10.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:10.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = '25ae00c80a4ec85cb548c891598cf76d131b168a70116a84cb62b4defa3f698c']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-02-19T07:24:10Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5c6baf1b-3680-46d3-8327-acf5950d210f",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:24:11.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:11.000Z",
|
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.10.68.204']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-02-19T07:24:11Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5c6baf1b-cd08-40f3-b990-acf5950d210f",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:24:11.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:11.000Z",
|
|
|
|
|
"pattern": "[domain-name:value = 'socgen-compliance.com']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-02-19T07:24:11Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5c6baf1b-0a6c-49e7-8915-acf5950d210f",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:24:11.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:11.000Z",
|
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b991288ecd158e84076f7cc38d4ecbcd18cccc580f1971b0dfdd7c88b78e0794']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-02-19T07:24:11Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5c6baf1b-43e8-4e4e-ae66-acf5950d210f",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:24:11.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:11.000Z",
|
|
|
|
|
"pattern": "[url:value = 'https://socgen-compliance.com/documents/PO-54789.doc']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-02-19T07:24:11Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "observed-data",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "observed-data--5c6bb072-76bc-49df-bb81-acf5950d210f",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:29:54.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:29:54.000Z",
|
|
|
|
|
"first_observed": "2019-02-19T07:29:54Z",
|
|
|
|
|
"last_observed": "2019-02-19T07:29:54Z",
|
|
|
|
|
"number_observed": 1,
|
|
|
|
|
"object_refs": [
|
|
|
|
|
"file--5c6bb072-76bc-49df-bb81-acf5950d210f",
|
|
|
|
|
"artifact--5c6bb072-76bc-49df-bb81-acf5950d210f"
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"attachment\"",
|
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "file",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "file--5c6bb072-76bc-49df-bb81-acf5950d210f",
|
|
|
|
|
"name": "report-a7e5ee61098748ffb9c42e65cdad6505.pdf",
|
|
|
|
|
"content_ref": "artifact--5c6bb072-76bc-49df-bb81-acf5950d210f"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "artifact",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "artifact--5c6bb072-76bc-49df-bb81-acf5950d210f",
|
|
|
|
|
"payload_bin": "JVBERi0xLjQKMSAwIG9iago8PAovVGl0bGUgKP7/AEEAdQB0AG8AbQBhAHQAZQBkACAATQBhAGwAdwBhAHIAZQAgAEEAbgBhAGwAeQBzAGkAcwAgAFIAZQBwAG8AcgB0ACAAZgBvAHIAIABQAE8ALQA1ADQANwA4ADkALgBkAG8AYwAgAC0AIABHAGUAbgBlAHIAYQB0AGUAZAAgAGIAeQAgAEoAbwBlACAAUwBhAG4AZABiAG8AeCkKL0NyZWF0b3IgKP7/AHcAawBoAHQAbQBsAHQAbwBwAGQAZgAgADAALgAxADIALgAyKQovUHJvZHVjZXIgKP7/AFEAdAAgADQALgA4AC4ANikKL0NyZWF0aW9uRGF0ZSAoRDoyMDE5MDIwNDExMDkyNyswMScwMCcpCj4+CmVuZG9iagozIDAgb2JqCjw8Ci9UeXBlIC9FeHRHU3RhdGUKL1NBIHRydWUKL1NNIDAuMDIKL2NhIDEuMAovQ0EgMS4wCi9BSVMgZmFsc2UKL1NNYXNrIC9Ob25lPj4KZW5kb2JqCjQgMCBvYmoKWy9QYXR0ZXJuIC9EZXZpY2VSR0JdCmVuZG9iago2IDAgb2JqCjw8Ci9UeXBlIC9YT2JqZWN0Ci9TdWJ0eXBlIC9JbWFnZQovV2lkdGggMTA2MAovSGVpZ2h0IDI2MQovSW1hZ2VNYXNrIHRydWUKL0RlY29kZSBbMSAwXQovTGVuZ3RoIDcgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nM2dTY7cuBWAKSiAstM2i0GYI2SZhTG8yhwhBwiGGszCu8wRfBUZXniZIwwbXngZDbyIBlGK4fshRYms7rK79FTEjKFmSeJXJN8PyUeWUtLJ+FG8zH3S/nyI1j8AhHkACKiI0yH0I0D4B4DoHgHCPAKEfwCI7hEg9CNA2AeAaPwDQFCXmM9E4C6xnMtAXWI4l6F5gMYgCzqcDNE/QI9Aw+HOhrAP0BrNI7QG9MtpmzWKQ/RFazRT/c4DU9CXl21OK680TKGpWvkuUgpo56UZmlJAe3GJBeHAiy7R9OKeRcdaAs0Y9VC9F9nDU89agvxMB5dG3KYaKpldvAtlSYuHpZ7Qsp/pMOvy/DN3T9wvI8SycsmlhvtlhPDENYpCtKwvo9sf2qMR9y86LjBBzHgpK6M9V32CuGDLyMqojp0wQvihE/dyTBTHBOE6Xxj3g5ONXzpBzL2P5kQqpeZPEJdeehzSJEGwieIX6RF6m1TCCvEhWTKh1KXvbH1Um795YUXRpdY3AIPdYbbCiqJPcvAG/8WeaYQh9E4jYFVoYW21919Qe38U1lZ2X+/QFJ+EtZXdi0EfxWOQgygUArTHLAvRlKoxyOdiRVVmW35jzeLhJCH2WR1bDzmV2ZWi2LKMykH0FaXEMiqnMmsQhmRUTmXqyhfWJKNyKtNUmr4jGZWEcOpPu7zQMy9WUm/boJPe7PJAZxpJCFCMP+4zQzW8k9TbUFQBYUhbjUIMDVR6IYuatJUkRFMIaU/ayglBtDD8LSCCeHwRhOiCXuwKTRHq53dB44EQrsgO2krQePShpH4ssi2qTDmISemhyDaoMqUsmK5DaFSZchBOmTK7RwdPyoKB/SoUJkK8k4SomA405v+Ss2BgRGPTd2sfaElvi0EMSWvbVUUGbfVZzoz6FaLNxYH0thiEalk793n9k6s7ykE4ujR5qRaNhwxEE8Swc5Ens5sG/W1BiJEvc5Ol0YK5K4/dN7WhL7L9wnm71DM1WjBBiAEvMcAo6cgeLdjGoWiPg5ij/cIJsyQeHc7gTZtbj4LoAIIutc9nZzo0ozmEORBiikbU+HxCu0Uzmns1xylx8Gm+p0ua2Xb87Vs0oxlEZTLlnhBsRGlq/TOX1eDwZ87vPMzF6YMU/iOHSC3i/a8b18pkzsVf7gvRBIiFr2KaVqaFPwhZmP1H4rm3JjWjmncQBGXjJUX9NCg33/Gdd26ZLkKk9WFWWDZeEkR7UZoFaWNt75PGZg9BJZgI0SFEN8OEpxkUKZTxzhQczdStEEMFop9grcxC4faAAWIJASWxAlVU+2FsMkJXsO5rwybDs21xt/aj3XTA6NNkEK4CYYaGJSdZ2wLFTtbtioO3/lyD2HbACNGvEFlsC79qUjbVAGh6+KAvukYFAhr1wzdBzOvfCSLcPFIAEEQ/6fC/8Xt/owJhb4Rgx6oOMTBEs9ArwzP6ArUx4vtfqgmsvW+DwAK7DQRN5uCanZlJ0fobINqvhNDPQ0ycB0WFq3tDsHeXQVxKiO5pULxAgx3BTM0tEN0rIUiDjgzRf8K7EALy9HwTBLbxLSJaQmQBTwniIxXjR7Jk/XIIhH8WQr/Fi2DEyd8FiMKUlhD6Vgjyc7s9RLOF+Cc/7VrqMZe2NGKvhshbAyt8C2G+ixA0idEeAmHqEG4LEVzSjgPD2nLeoITAmKGqAatC+Ochvv8bXfip/zqI6TaIPyuVO3cRQm0gfiSINkCwC/rzbRCOIbIoU7uUEN/T25+HePNXhpi3ELzIrZdwNQGEwQLHBDEyBBTXQwAXKJh3dYjuBYg//F1Rhc2asixBhFvCWxVMMIQR9GSfQLRCXkf63UYIjP4lCCyqCtG/AKF+2EO8jxBBY0BYjvbg/n0KV7CMBxDh4QQB73cE0V+F0CWErUIsmqravMc6h9c0MGodDUL8O1xBKT+TkbHwKhz5w6cvQZgNxJggpghBNMovZg/hGxi/MwRwQ4HvQb+PKwR8OhOErkG8SSWmtJQQYwkxMcRPWGU2QkyGIECGEwR8sBCEqUBkJW7b4xrEECGWDYTfQLig378GInawPLlrEDZCaIetVoPAf6A8tUJgec9BwI07iGkPEZfJNhBB/H8Iwvce3ulA9kL5g5/tgjrjGoStQ7idwiRX12wglgQRK8tGa/s+vMk/gSxM9qLsbEOZk5n7ywoR3v92hQjKZDf4qUIsN0CYGPf+Htr8CWRhskvwg8NDdg4QywYi/BchBr2zwE0V4nIDhKYKA4gpQYTx4gJrSbNe9AYiVNZLEO0Owt8A0XODgjgmCLdCgBWpQ6gbIYaXIeKuEA8KPEAMG4j+kkPAnK1lCH9PiBjvTxCfEsT/Qgl67i4wPnkdxHgdYoiPctB5FWLpPPgWW4hfDoBoqGPUISjy93UQ7gYIcHvNMxDjURA+h2hJRW8heoJojoC4JIjs+WAirkGQTXodxLSDaBOEzp63v12FaI6DaF6G0NvmGO8J4bkXRB+TIL6Etz0vHcdA9BmE+QKu5DN6wtwHwhMETQjAQlEcd7wEgRozDn7uDMEjsCZClLaD1DbZjjgMzNX27VZ0CxEKpseyAfFViNyKwoC4/wBWdEErGrx+gLA3+RMrhB0YArtCGFHGqQHumCtENOVz5k9oeMeH1ZTPPnpWr4Aw6yRJhGh2EIYgyLNiiEv0rLyPPuYGou7erRoT5/W1o4nDDALrw3+BjVIRAtxbl9y7CXxMhoAIhLcvQuy9bZJxgDBQA8bhFCpPnGHnmLGbfoFOxhCuRQh2dMnbxmI/eVLvtJOIXf4CYroFgpfDgnKCBtLkxX8BtxkhHHS6UDRUB7j8NO74Ogh7DULjEGTEGe1yMhWiTSKE3w1+YATW5RBL9wKE2UGMEQLrPfyJO5vXaWXrEOJphUjlo4/xRAPiNkLYFUJ/AwTOfA20s1kDBDRMA2U8BxEUaIJ44q8/J4j/1CH0DmKIENCy9P+yWWqghSAYzVmCCMX8ihAjvOsDtVskxa8/QeQQzk98rkP0VyAcTFdq2po1tLzogjn4/gHWxRLEO4QY4F1vaaYGX+J4nx8MEiasj48ViHk/ZxU3z4YHG1J3UZMsFO0QcjAD9uowhPYXjRAqThdZbubQUtgS0IIO7EhA3EFYhNgZj0uCUFw0C3G8deEzK4KvyxAwBxOkFO6Fb86rMzhhZnAwesFpCPxOxWwwQexU5rJCWCqahTjOzsy8k249k6DBF1tog9xI4sJuyMR5TEMTMvu51Qix01Ypx6X1No1hu45xXPGeVyWbzUakNK3TynHlsceVyJF
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5c6bb117-e894-4061-9f71-ac45950d210f",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:32:39.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:32:39.000Z",
|
|
|
|
|
"description": "On port 49190",
|
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.10.68.204' AND network-traffic:dst_port = '49190']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-02-19T07:32:39Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"ip-dst|port\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--5c6bb2a2-9284-4346-ae45-ac4a950d210f",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:39:14.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:39:14.000Z",
|
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.82.64.126']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-02-19T07:39:14Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--b81aa1ad-3fb3-4474-b131-de9ac363b46d",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:24:50.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:50.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a7e5ee61098748ffb9c42e65cdad6505' AND file:hashes.SHA1 = 'ed6bf6587c8ff529e26e5736856ecb606e6ca636' AND file:hashes.SHA256 = '25ae00c80a4ec85cb548c891598cf76d131b168a70116a84cb62b4defa3f698c']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-02-19T07:24:50Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--1dd93d82-899d-47d1-b05b-74ea871bd098",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:24:51.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:51.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-02-15T07:07:21",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "3e03edc4-4ccd-41fc-be8c-78f1ca25f67e"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/25ae00c80a4ec85cb548c891598cf76d131b168a70116a84cb62b4defa3f698c/analysis/1550214441/",
|
|
|
|
|
"category": "External analysis",
|
|
|
|
|
"uuid": "a8bec84f-7082-4195-bdde-200a74be62d6"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "30/58",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "2811beef-8535-4378-a294-f91c2e6bae7e"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "indicator",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "indicator--9c164e47-4a79-4799-9a25-5fe94823c10b",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:24:51.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:51.000Z",
|
|
|
|
|
"pattern": "[file:hashes.MD5 = 'dc496a639e8856b7525e33af2756d68c' AND file:hashes.SHA1 = '7989837cbbeebe195cdea3f038b962eec9cd2e5d' AND file:hashes.SHA256 = 'b991288ecd158e84076f7cc38d4ecbcd18cccc580f1971b0dfdd7c88b78e0794']",
|
|
|
|
|
"pattern_type": "stix",
|
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
|
"valid_from": "2019-02-19T07:24:51Z",
|
|
|
|
|
"kill_chain_phases": [
|
|
|
|
|
{
|
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
|
"phase_name": "file"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "x-misp-object",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "x-misp-object--a217b961-07ab-4154-8be6-1ed62ccb44d5",
|
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
|
"created": "2019-02-19T07:24:51.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:51.000Z",
|
|
|
|
|
"labels": [
|
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
|
],
|
|
|
|
|
"x_misp_attributes": [
|
|
|
|
|
{
|
|
|
|
|
"type": "datetime",
|
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
|
"value": "2019-02-04T09:57:14",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "1ec68942-f455-4253-9d51-b9b677d6ca0d"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "link",
|
|
|
|
|
"object_relation": "permalink",
|
|
|
|
|
"value": "https://www.virustotal.com/file/b991288ecd158e84076f7cc38d4ecbcd18cccc580f1971b0dfdd7c88b78e0794/analysis/1549274234/",
|
|
|
|
|
"category": "External analysis",
|
|
|
|
|
"uuid": "eefe361b-1372-478b-9538-fa7c47f9b588"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
|
"value": "1/58",
|
|
|
|
|
"category": "Other",
|
|
|
|
|
"uuid": "442339ae-a446-4768-8881-d8e42feaa3e7"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--40c6cf1a-ae7f-47ad-bfd8-a179b0cfc6c2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-02-19T07:24:51.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:51.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--b81aa1ad-3fb3-4474-b131-de9ac363b46d",
|
|
|
|
|
"target_ref": "x-misp-object--1dd93d82-899d-47d1-b05b-74ea871bd098"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "relationship",
|
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--044bdc54-fcf5-411e-9cac-40c9c6f745ac",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-02-19T07:24:51.000Z",
|
|
|
|
|
"modified": "2019-02-19T07:24:51.000Z",
|
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
|
"source_ref": "indicator--9c164e47-4a79-4799-9a25-5fe94823c10b",
|
|
|
|
|
"target_ref": "x-misp-object--a217b961-07ab-4154-8be6-1ed62ccb44d5"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "marking-definition",
|
|
|
|
|
"spec_version": "2.1",
|
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
|
"definition_type": "tlp",
|
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
|
"definition": {
|
|
|
|
|
"tlp": "white"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
