{ "type": "bundle", "id": "bundle--df7b7020-9f17-4a3c-9824-1baa4ff67cb1", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:43:05.000Z", "modified": "2023-11-22T15:43:05.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--df7b7020-9f17-4a3c-9824-1baa4ff67cb1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:43:05.000Z", "modified": "2023-11-22T15:43:05.000Z", "name": "CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits", "published": "2023-11-22T15:44:23Z", "object_refs": [ "vulnerability--a1b4fac8-86bc-4a56-a517-f620409aa985", "indicator--ec341f4e-0f70-4569-8ac5-e35465572726", "indicator--dec37bd8-3293-45dd-b087-73cc2018fb6d", "indicator--5dc9a60b-5b71-43fa-8859-e927cd7e813f", "indicator--c126e50d-8d22-4201-aeb2-ceb6c4438db8", "indicator--6f58a684-e56b-431b-8a90-f00d03cc2837", "indicator--28f55810-c61e-42d0-8565-cc7d2e7eb57c", "indicator--858d2d46-7d03-4e4e-9a57-f8a16abed89b", "indicator--6d1389be-2a8d-4cb4-824e-cc66f8f38063", "indicator--dec7c981-9fbf-4d43-b9d9-72f46c90800d", "indicator--b696aff7-fc3b-4f51-9928-a5cda3032840", "indicator--e9401439-1ca4-4cac-a561-73c2380cec27", "x-misp-object--8ccbf5d4-d4bb-4ddb-9055-ffde04cc2d79", "vulnerability--1423e354-7fb3-453f-8465-45dc2e660d79", "x-misp-object--4cac5b96-ce45-4fe8-b212-83d5620151ae", "attack-pattern--e9270a16-4ea3-465f-869c-6b667dde3350", "indicator--69b6801f-70f2-4f6f-88f4-6246d90a02f1", "indicator--d2aa05c5-9d0b-4b73-8784-f2772dab848b", "indicator--bff55684-ad68-46cc-9919-2b6bc1f3b179", "indicator--301c5825-7094-4eff-840a-be6d8c8e8195", "indicator--e66b0982-04a9-4ead-909b-499b49c8faf2", "indicator--4675bbfa-2304-4cc2-ba9c-1a3cebd3c7cf", "x-misp-object--72f8dfd0-2ab6-4839-956d-813372d4cbce", "x-misp-object--fec59623-a7d8-43bb-90ca-d1f8d2469bf0", "x-misp-object--2b12de36-4f9c-4ecd-8138-9a2ea40adb88", "indicator--c8e5e229-75f0-494f-bfa0-0de1b929bed9", "x-misp-object--c84d52b3-fdfb-4164-82c8-04fc9e76dc69", "indicator--23a79772-d43c-4c33-ba7d-0fec21a26bae", "x-misp-object--5dacd5e9-1cd3-40a5-95fd-3f76919bcaf3", "indicator--298b2c78-9d01-4046-a51a-6829f33b58fa", "x-misp-object--17054e47-ae49-4803-8640-54bfd422581a", "indicator--f7612330-d2f6-40bd-bc97-103283c02684", "indicator--a617657e-c7b8-441c-a432-b92a4f534a41", "x-misp-object--acfc0207-defe-445e-bf6a-57cd212030ad", "x-misp-object--2b18b23b-0776-4e5e-864f-d7d2449bf58c", "x-misp-object--fcab0f20-fdad-4882-852f-c5a5b07a621c", "indicator--2604d1c8-cc20-4373-8fd3-cb579dce9928", "x-misp-object--29cdd1eb-9702-4cdd-9d6f-5b21f1604cf3", "indicator--79b0dd04-14b2-4c8e-a036-1753c83e8f24", "x-misp-object--3a3e95e0-1ab6-47cd-a79c-504eb4c7761c", "indicator--4c1102ac-a885-43e6-9c60-319bb644882a", "indicator--4b29d4c4-a8ff-4a88-89d9-2344abf2bf86", "x-misp-object--89a35674-1ce6-43d7-a4e9-773e76105ef7", "x-misp-object--221e43e7-847d-40ed-b92f-c8a002202a76", "indicator--b266c2bf-23d9-4621-aa7a-18b3972919c0", "x-misp-object--49cf6520-3033-4c17-931e-eda0e9dc70df", "indicator--e2a40f1c-a4b5-41f4-9f7b-38199747ef9b", "x-misp-object--7182965a-7d9c-4164-8bf3-af0e5c0b0c46", "indicator--a2e218c6-e7f0-4b43-9a96-39f3e0223e18", "x-misp-object--9ff8bb23-38df-4b86-a7a9-bf539e82b91c", "indicator--d6d98d86-01e3-408e-963f-d4d367eb0c13", "x-misp-object--11de74c8-163e-4e3e-88ea-035a16ebf143", "indicator--7e13183f-96ba-4d22-b098-faf834459016", "x-misp-object--4b6e8088-4ac7-4290-883f-1560b2413c52", "indicator--e0d99c98-a0d5-4ffa-a247-ad989f5ee852", "x-misp-object--c307be58-48b4-43d0-84b1-9836ebbcb67f", "indicator--e73cb509-a734-46bf-bbc2-4c7ad7dbcd9b", "x-misp-object--cdfff20b-2054-4226-ac1d-15eda55808a6", "indicator--3b1d461d-66eb-45db-90ca-58088373ebf9", "x-misp-object--21c1f5d0-926e-4360-9877-2ce09997226d", "x-misp-object--16a55ce1-986f-4c5e-adbe-03a5ac50282e", "indicator--fb2149de-3034-4eb9-a3c4-2876e5aa1b69", "indicator--20430c3e-2aa4-4cf3-889e-6a75c4478738", "relationship--43e412ea-e5fe-4f7b-b562-6e92814bff37", "relationship--1398fd66-bf1e-4253-ad22-c6a6d8e70f23", "relationship--8d8f0a08-831f-475b-877c-585296831e40" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "tlp:clear", "misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--a1b4fac8-86bc-4a56-a517-f620409aa985", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:35:26.000Z", "modified": "2023-11-22T15:35:26.000Z", "name": "CVE-2023-46604", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2023-46604" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec341f4e-0f70-4569-8ac5-e35465572726", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:38:24.000Z", "modified": "2023-11-22T15:38:24.000Z", "pattern": "[url:value = 'http://185.122.204.197/acb.sh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:38:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dec37bd8-3293-45dd-b087-73cc2018fb6d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:38:24.000Z", "modified": "2023-11-22T15:38:24.000Z", "pattern": "[url:value = 'http://194.38.22.53/curl-aarch64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:38:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc9a60b-5b71-43fa-8859-e927cd7e813f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:38:24.000Z", "modified": "2023-11-22T15:38:24.000Z", "pattern": "[url:value = 'http://194.38.22.53/curl-amd64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:38:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c126e50d-8d22-4201-aeb2-ceb6c4438db8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:38:24.000Z", "modified": "2023-11-22T15:38:24.000Z", "pattern": "[url:value = 'http://194.38.22.53/kinsing']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:38:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f58a684-e56b-431b-8a90-f00d03cc2837", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:38:24.000Z", "modified": "2023-11-22T15:38:24.000Z", "pattern": "[url:value = 'http://194.38.22.53/kinsing_aarch64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:38:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28f55810-c61e-42d0-8565-cc7d2e7eb57c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:38:24.000Z", "modified": "2023-11-22T15:38:24.000Z", "pattern": "[url:value = 'http://194.38.22.53/libsystem.so']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:38:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--858d2d46-7d03-4e4e-9a57-f8a16abed89b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:43.000Z", "modified": "2023-11-22T15:39:43.000Z", "pattern": "[file:hashes.SHA256 = 'd8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d1389be-2a8d-4cb4-824e-cc66f8f38063", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:43.000Z", "modified": "2023-11-22T15:39:43.000Z", "pattern": "[file:hashes.SHA256 = '0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dec7c981-9fbf-4d43-b9d9-72f46c90800d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:43.000Z", "modified": "2023-11-22T15:39:43.000Z", "pattern": "[file:hashes.SHA256 = '787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b696aff7-fc3b-4f51-9928-a5cda3032840", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:43.000Z", "modified": "2023-11-22T15:39:43.000Z", "pattern": "[file:hashes.SHA256 = 'c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9401439-1ca4-4cac-a561-73c2380cec27", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:43.000Z", "modified": "2023-11-22T15:39:43.000Z", "pattern": "[file:hashes.SHA256 = 'c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8ccbf5d4-d4bb-4ddb-9055-ffde04cc2d79", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:36:48.000Z", "modified": "2023-11-22T15:36:48.000Z", "labels": [ "misp:name=\"report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "link", "value": "https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html", "category": "External analysis", "uuid": "0d46d9e1-6d0f-43b4-a436-239828c9f1b4" }, { "type": "text", "object_relation": "summary", "value": "We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. When exploited, this vulnerability leads to remote code execution (RCE), which Kinsing uses to download and install malware. The vulnerability itself is due to OpenWire commands failing to validate throwable class type, leading to RCE.", "category": "Other", "uuid": "7d5d7567-2a91-4c7c-98fe-bb4ccc725e98" }, { "type": "text", "object_relation": "type", "value": "Blog", "category": "Other", "uuid": "8ffe0cc3-7092-4bdc-98b8-cc64673e20e0" } ], "x_misp_meta_category": "misc", "x_misp_name": "report" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--1423e354-7fb3-453f-8465-45dc2e660d79", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:37:08.000Z", "modified": "2023-11-22T15:37:08.000Z", "name": "CVE-2023-46604", "description": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.", "labels": [ "misp:name=\"vulnerability\"", "misp:meta-category=\"vulnerability\"", "misp:to_ids=\"False\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2023-46604" }, { "source_name": "url", "url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt" }, { "source_name": "url", "url": "https://security.netapp.com/advisory/ntap-20231110-0010/" }, { "source_name": "url", "url": "https://www.openwall.com/lists/oss-security/2023/10/27/5" }, { "source_name": "url", "url": "http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html" }, { "source_name": "url", "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html" } ], "x_misp_cvss_score": "9.8", "x_misp_cvss_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "x_misp_modified": "2023-11-20T22:15:00+00:00", "x_misp_published": "2023-10-27T15:15:00+00:00", "x_misp_state": "Published", "x_misp_vulnerable_configuration": [ "cpe:2.3:a:apache:activemq:-:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.13.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.14.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.15.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq:5.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq_legacy_openwire_module:5.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq_legacy_openwire_module:5.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:activemq_legacy_openwire_module:5.16.0:*:*:*:*:*:*:*" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4cac5b96-ce45-4fe8-b212-83d5620151ae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:37:09.000Z", "modified": "2023-11-22T15:37:09.000Z", "labels": [ "misp:name=\"weakness\"", "misp:meta-category=\"vulnerability\"" ], "x_misp_attributes": [ { "type": "weakness", "object_relation": "id", "value": "CWE-502", "category": "External analysis", "uuid": "6c3bd37c-e18e-44ff-b58b-b171df7d18e1" }, { "type": "text", "object_relation": "name", "value": "Deserialization of Untrusted Data", "category": "Other", "uuid": "7162c223-adc9-4ee3-9c2d-efcec35a38b8" }, { "type": "text", "object_relation": "status", "value": "Draft", "category": "Other", "uuid": "e2ea23bd-4fdf-496d-b15f-4ce3c116e3bf" }, { "type": "text", "object_relation": "weakness-abs", "value": "Base", "category": "Other", "uuid": "eac6bb21-5d71-4acb-8ce0-5aba5df658a9" } ], "x_misp_comment": "CVE-2023-46604: Enriched via the cve_advanced module", "x_misp_meta_category": "vulnerability", "x_misp_name": "weakness" }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--e9270a16-4ea3-465f-869c-6b667dde3350", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:37:09.000Z", "modified": "2023-11-22T15:37:09.000Z", "name": "Object Injection", "description": "An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "vulnerability" } ], "labels": [ "misp:name=\"attack-pattern\"", "misp:meta-category=\"vulnerability\"", "misp:to_ids=\"False\"" ], "external_references": [ { "source_name": "capec", "external_id": "CAPEC-586" } ], "x_misp_prerequisites": "The target application must unserialize data before validation.", "x_misp_related_weakness": "CWE-502", "x_misp_solutions": "Implementation: Validate object before deserialization process Design: Limit which types can be deserialized. Implementation: Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. Use an allowlist of acceptable classes. Implementation: Keep session state on the server, when possible." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--69b6801f-70f2-4f6f-88f4-6246d90a02f1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:18.000Z", "modified": "2023-11-22T15:39:18.000Z", "description": "Enriched via the url_import module", "pattern": "[url:value = 'http://185.122.204.197/acb.sh' AND url:x_misp_resource_path = '/acb.sh' AND url:x_misp_host = '185.122.204.197' AND url:x_misp_domain_without_tld = '185.122.204.197' AND url:x_misp_domain = '185.122.204.197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2aa05c5-9d0b-4b73-8784-f2772dab848b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:18.000Z", "modified": "2023-11-22T15:39:18.000Z", "description": "Enriched via the url_import module", "pattern": "[url:value = 'http://194.38.22.53/curl-aarch64' AND url:x_misp_resource_path = '/curl-aarch64' AND url:x_misp_host = '194.38.22.53' AND url:x_misp_domain_without_tld = '194.38.22.53' AND url:x_misp_domain = '194.38.22.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bff55684-ad68-46cc-9919-2b6bc1f3b179", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:18.000Z", "modified": "2023-11-22T15:39:18.000Z", "description": "Enriched via the url_import module", "pattern": "[url:value = 'http://194.38.22.53/curl-amd64' AND url:x_misp_resource_path = '/curl-amd64' AND url:x_misp_host = '194.38.22.53' AND url:x_misp_domain_without_tld = '194.38.22.53' AND url:x_misp_domain = '194.38.22.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--301c5825-7094-4eff-840a-be6d8c8e8195", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:18.000Z", "modified": "2023-11-22T15:39:18.000Z", "description": "Enriched via the url_import module", "pattern": "[url:value = 'http://194.38.22.53/kinsing' AND url:x_misp_resource_path = '/kinsing' AND url:x_misp_host = '194.38.22.53' AND url:x_misp_domain_without_tld = '194.38.22.53' AND url:x_misp_domain = '194.38.22.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e66b0982-04a9-4ead-909b-499b49c8faf2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:18.000Z", "modified": "2023-11-22T15:39:18.000Z", "description": "Enriched via the url_import module", "pattern": "[url:value = 'http://194.38.22.53/kinsing_aarch64' AND url:x_misp_resource_path = '/kinsing_aarch64' AND url:x_misp_host = '194.38.22.53' AND url:x_misp_domain_without_tld = '194.38.22.53' AND url:x_misp_domain = '194.38.22.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4675bbfa-2304-4cc2-ba9c-1a3cebd3c7cf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:39:18.000Z", "modified": "2023-11-22T15:39:18.000Z", "description": "Enriched via the url_import module", "pattern": "[url:value = 'http://194.38.22.53/libsystem.so' AND url:x_misp_resource_path = '/libsystem.so' AND url:x_misp_host = '194.38.22.53' AND url:x_misp_domain_without_tld = '194.38.22.53' AND url:x_misp_domain = '194.38.22.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:39:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--72f8dfd0-2ab6-4839-956d-813372d4cbce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a", "category": "External analysis", "uuid": "cf428eb0-b056-4355-bc6b-c8f505ae083e" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/60", "category": "Other", "uuid": "22b554c6-f8c7-4367-8291-a310c4aedecf" } ], "x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fec59623-a7d8-43bb-90ca-d1f8d2469bf0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/218336a92c3856330bc926adf336fb4537742f85eee39a56660903acd4699729", "category": "External analysis", "uuid": "ea0091d8-b24f-47a6-96c6-234afe75f14a" }, { "type": "text", "object_relation": "detection-ratio", "value": "14/90", "category": "Other", "uuid": "d0aa461c-743c-487e-a88a-72f49f03609e" } ], "x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2b12de36-4f9c-4ecd-8138-9a2ea40adb88", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/a2a84fe32f387d17f7df1058ed594dd4658537c335667c73c15ffc78fddac256", "category": "External analysis", "uuid": "da5e0938-c07c-4d97-9c76-27bb253759a0" }, { "type": "text", "object_relation": "detection-ratio", "value": "7/89", "category": "Other", "uuid": "7206f043-4bba-46a9-a450-7d4530f763fb" } ], "x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8e5e229-75f0-494f-bfa0-0de1b929bed9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "description": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "pattern": "[url:value = 'http://194.38.21.25/libsystem.so']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:40:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c84d52b3-fdfb-4164-82c8-04fc9e76dc69", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/e4b7d05cadf1319d2f915d74ca9644e512182f6b8a470b9882b3a65e08cb9cba", "category": "External analysis", "uuid": "e5b1a692-c883-4f46-bfd5-5525167d9dbf" }, { "type": "text", "object_relation": "detection-ratio", "value": "3/90", "category": "Other", "uuid": "74331e0a-3c35-4754-a1e0-2916c12dbd06" } ], "x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23a79772-d43c-4c33-ba7d-0fec21a26bae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "description": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "pattern": "[url:value = 'http://45.15.158.124/libsystem.so']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:40:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5dacd5e9-1cd3-40a5-95fd-3f76919bcaf3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/df1e6c6270e8f4aaefab50c87ae9db569a24a082e98bfd0eb521b7339978a891", "category": "External analysis", "uuid": "19ceae8f-95fa-40ae-ae0c-bc7353025544" }, { "type": "text", "object_relation": "detection-ratio", "value": "7/90", "category": "Other", "uuid": "501737a6-d6af-4cc7-bcec-901605704c59" } ], "x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--298b2c78-9d01-4046-a51a-6829f33b58fa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "description": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "pattern": "[url:value = 'http://194.87.252.159/libsystem.so']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:40:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--17054e47-ae49-4803-8640-54bfd422581a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/ee9cf5f02f58fa2d1149485e3024eab2849c5d8a3c8e8530895100b2cde4907d", "category": "External analysis", "uuid": "151edbae-1dbc-4e98-addb-873ef925d4ae" }, { "type": "text", "object_relation": "detection-ratio", "value": "11/90", "category": "Other", "uuid": "f28c0fb3-7b6e-48b1-939c-85cdb774dcd2" } ], "x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7612330-d2f6-40bd-bc97-103283c02684", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "description": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "pattern": "[url:value = 'http://194.38.20.196/libsystem.so']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:40:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a617657e-c7b8-441c-a432-b92a4f534a41", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:40:33.000Z", "modified": "2023-11-22T15:40:33.000Z", "description": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "pattern": "[file:hashes.MD5 = 'ccef46c7edf9131ccffc47bd69eb743b' AND file:hashes.SHA1 = '38c56b5e1489092b80c9908f04379e5a16876f01' AND file:hashes.SHA256 = 'c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a' AND file:hashes.SSDEEP = '384:GkV8prsuhCY63B9dBRi9JsdgUa/Q1NXJZ6Cb1b:ZaLOVT6E' AND file:hashes.VHASH = 'fe6bc79726e96c10105967299ddec168' AND file:x_misp_tlsh = 't19ec2c637b9d2cab5c0c0e238a5d79276f1f5b0f14b22931ba294457e3e927c81f4ea45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:40:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--acfc0207-defe-445e-bf6a-57cd212030ad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:23.000Z", "modified": "2023-11-22T15:41:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf", "category": "External analysis", "uuid": "6dd7e193-5c2e-4cba-ba8b-dbc0b44cf8f0" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/62", "category": "Other", "uuid": "b84ffbd9-a6c7-4659-ac23-840c2fa2e511" } ], "x_misp_comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2b18b23b-0776-4e5e-864f-d7d2449bf58c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:23.000Z", "modified": "2023-11-22T15:41:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/1cba372316495cfc9a3e356c5bd6bc117ab9e88fdb8af13b3722ec57495b4e2f", "category": "External analysis", "uuid": "f7bde291-3d01-4439-b277-4bc1234ab40f" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/90", "category": "Other", "uuid": "bf64c7f6-ca76-416b-ae89-149b857ac215" } ], "x_misp_comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fcab0f20-fdad-4882-852f-c5a5b07a621c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:23.000Z", "modified": "2023-11-22T15:41:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/165df3d9737567242c4b0b130e9408ea7727bdebde81273b819a52836aac40ed", "category": "External analysis", "uuid": "84a6bf72-8f4e-420a-8227-903180e36b01" }, { "type": "text", "object_relation": "detection-ratio", "value": "8/90", "category": "Other", "uuid": "036a271b-7ea8-4970-8e4d-c65c843e1c13" } ], "x_misp_comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2604d1c8-cc20-4373-8fd3-cb579dce9928", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:23.000Z", "modified": "2023-11-22T15:41:23.000Z", "description": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "pattern": "[url:value = 'http://194.38.21.25/kinsing_aarch64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--29cdd1eb-9702-4cdd-9d6f-5b21f1604cf3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:23.000Z", "modified": "2023-11-22T15:41:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/8c6fdf6a7619b40cb998d37e0d1693d30346aee37390b8f309b35fb98bfd3a61", "category": "External analysis", "uuid": "dbf5b8f6-8f84-45a0-ab59-d4ffcba224c6" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/90", "category": "Other", "uuid": "d59c6003-5a64-40e7-bc75-4f567e0a9311" } ], "x_misp_comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79b0dd04-14b2-4c8e-a036-1753c83e8f24", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:23.000Z", "modified": "2023-11-22T15:41:23.000Z", "description": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "pattern": "[url:value = 'http://45.15.158.124/kinsing_aarch64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3a3e95e0-1ab6-47cd-a79c-504eb4c7761c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:23.000Z", "modified": "2023-11-22T15:41:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/7115f7b310d2ce8d953266e87ee37d7db0a23e0bf1b943cd7bb0194c19501cb0", "category": "External analysis", "uuid": "4d468458-94bc-43e7-9f0d-2b8f4e1f840f" }, { "type": "text", "object_relation": "detection-ratio", "value": "7/90", "category": "Other", "uuid": "e97bae4d-8455-4b91-8458-9b86a06b36df" } ], "x_misp_comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c1102ac-a885-43e6-9c60-319bb644882a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:23.000Z", "modified": "2023-11-22T15:41:23.000Z", "description": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "pattern": "[url:value = 'http://194.87.252.159/kinsing_aarch64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b29d4c4-a8ff-4a88-89d9-2344abf2bf86", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:23.000Z", "modified": "2023-11-22T15:41:23.000Z", "description": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "pattern": "[file:hashes.MD5 = 'da753ebcfe793614129fc11890acedbc' AND file:hashes.SHA1 = 'ee458e526125d60cc1a387b4163376be8e9bc689' AND file:hashes.SHA256 = 'c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf' AND file:hashes.SSDEEP = '98304:Slds3UPXBQSH14vZh7pIDhG9By8uCGUGan5UPiK/AF7XlzcKGYH0ye8nanVFflpu:ZUDIaLbI+ED2iJ' AND file:hashes.VHASH = '036051e39318996e6fe6578e87fd9a87' AND file:x_misp_tlsh = 't178564b02bc5db563e9cc7630777683d9323e7588cba14233aa64ee7d99f13688e17121']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--89a35674-1ce6-43d7-a4e9-773e76105ef7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:58.000Z", "modified": "2023-11-22T15:41:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c", "category": "External analysis", "uuid": "f1177b7d-c6c5-4d66-a0ba-83ed7b0ae30d" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/50", "category": "Other", "uuid": "881df600-7d23-4463-9893-4eb59c19d56e" } ], "x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--221e43e7-847d-40ed-b92f-c8a002202a76", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:58.000Z", "modified": "2023-11-22T15:41:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/944e32ccbd91d3d350477bbb8acb2130702923a74477e8aecdd2215986b32eb5", "category": "External analysis", "uuid": "14541f18-115a-437e-90c9-9d6670aa5628" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/90", "category": "Other", "uuid": "52fdccb2-dc53-46bf-802f-de64ccd43f9a" } ], "x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b266c2bf-23d9-4621-aa7a-18b3972919c0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:58.000Z", "modified": "2023-11-22T15:41:58.000Z", "description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "pattern": "[url:value = 'http://194.38.22.53/acb.sh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--49cf6520-3033-4c17-931e-eda0e9dc70df", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:58.000Z", "modified": "2023-11-22T15:41:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/domain/gateway.fe.apple-dns.net", "category": "External analysis", "uuid": "754fa744-eb03-4501-844a-621fa92d4dc3" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/88", "category": "Other", "uuid": "7dd61383-db96-4cf4-91f7-cd87d4768dde" } ], "x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2a40f1c-a4b5-41f4-9f7b-38199747ef9b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "pattern": "[domain-name:value = 'gateway.fe.apple-dns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7182965a-7d9c-4164-8bf3-af0e5c0b0c46", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/domain/mask-api.fe.apple-dns.net", "category": "External analysis", "uuid": "87b362e2-656d-4835-a100-3d496d1721bd" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/88", "category": "Other", "uuid": "ed99efcb-5c24-40d6-a188-54ba2b3b5372" } ], "x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a2e218c6-e7f0-4b43-9a96-39f3e0223e18", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "pattern": "[domain-name:value = 'mask-api.fe.apple-dns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9ff8bb23-38df-4b86-a7a9-bf539e82b91c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/ip_address/169.254.169.254", "category": "External analysis", "uuid": "86c55c15-b936-4228-a1ff-ae5f995216d5" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/88", "category": "Other", "uuid": "cff1e16a-ce6f-4cd0-8186-9ef9023f8a02" } ], "x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6d98d86-01e3-408e-963f-d4d367eb0c13", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "pattern": "[domain-name:resolves_to_refs[*].value = '169.254.169.254']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--11de74c8-163e-4e3e-88ea-035a16ebf143", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/ip_address/17.248.193.19", "category": "External analysis", "uuid": "ae0033ca-f6a1-45ae-a48e-e9a1215ed2cb" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/88", "category": "Other", "uuid": "1fe250a3-77c7-485e-8d19-f85ea93d8011" } ], "x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e13183f-96ba-4d22-b098-faf834459016", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "pattern": "[domain-name:resolves_to_refs[*].value = '17.248.193.19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4b6e8088-4ac7-4290-883f-1560b2413c52", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/ip_address/17.248.195.64", "category": "External analysis", "uuid": "844332ac-eae7-45d7-b2a7-a1b3a35e55b2" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/88", "category": "Other", "uuid": "7d3af4f8-3ac6-4e48-9dba-c1c85380cf83" } ], "x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0d99c98-a0d5-4ffa-a247-ad989f5ee852", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "pattern": "[domain-name:resolves_to_refs[*].value = '17.248.195.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c307be58-48b4-43d0-84b1-9836ebbcb67f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/ip_address/17.248.195.71", "category": "External analysis", "uuid": "05fefb9f-4ddd-483a-88a6-311de2883ac9" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/88", "category": "Other", "uuid": "d996fc7a-f5d8-4ec7-bdbf-3c9639148548" } ], "x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e73cb509-a734-46bf-bbc2-4c7ad7dbcd9b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "pattern": "[domain-name:resolves_to_refs[*].value = '17.248.195.71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cdfff20b-2054-4226-ac1d-15eda55808a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/ip_address/17.253.83.197", "category": "External analysis", "uuid": "5101fcca-0ad0-429a-8689-73c10d582c18" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/88", "category": "Other", "uuid": "a25c2f26-cfae-4cca-b854-d2f55f5a0bc3" } ], "x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b1d461d-66eb-45db-90ca-58088373ebf9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:41:59.000Z", "modified": "2023-11-22T15:41:59.000Z", "description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "pattern": "[domain-name:resolves_to_refs[*].value = '17.253.83.197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:41:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--21c1f5d0-926e-4360-9877-2ce09997226d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:42:18.000Z", "modified": "2023-11-22T15:42:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9", "category": "External analysis", "uuid": "865d779e-8b05-4c42-9fab-ad1607b924ff" }, { "type": "text", "object_relation": "detection-ratio", "value": "5/57", "category": "Other", "uuid": "f56b0ed5-3e30-4188-aeb4-3f2eaa95d850" } ], "x_misp_comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--16a55ce1-986f-4c5e-adbe-03a5ac50282e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:42:18.000Z", "modified": "2023-11-22T15:42:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/url/228d9bf9973bcf53926cbea6c31af08a221b5fe44716306abfc6c3d48c0fedcb", "category": "External analysis", "uuid": "a9f3c732-00cd-4600-8012-f3f002887607" }, { "type": "text", "object_relation": "detection-ratio", "value": "13/90", "category": "Other", "uuid": "e809b8fa-16c4-468e-9559-f4b92ae807b4" } ], "x_misp_comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module", "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb2149de-3034-4eb9-a3c4-2876e5aa1b69", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:42:18.000Z", "modified": "2023-11-22T15:42:18.000Z", "description": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module", "pattern": "[url:value = 'http://194.38.22.53/acb.xml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:42:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--20430c3e-2aa4-4cf3-889e-6a75c4478738", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-11-22T15:42:18.000Z", "modified": "2023-11-22T15:42:18.000Z", "description": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module", "pattern": "[file:hashes.MD5 = '0b882c863de5c302015c1a1cb8616bcd' AND file:hashes.SHA1 = 'b841db7fc24e59e60a9d7e158e3ef50236b605b4' AND file:hashes.SHA256 = 'd8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9' AND file:hashes.SSDEEP = '12:TMHdxXzY8id/73AC7ikxGWi2jLak9FFLWJLZ7UkWJ0nv:2dxXzY8kj/8Wi2jtQJLNUnJA' AND file:x_misp_tlsh = 't1b7f08b4ce2bccea109ddc692fab490184ad1a04b91f0a7d5f28d05357f00e4d2b6320d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-11-22T15:42:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--43e412ea-e5fe-4f7b-b562-6e92814bff37", "created": "2023-11-22T15:37:09.000Z", "modified": "2023-11-22T15:37:09.000Z", "relationship_type": "related-to", "source_ref": "vulnerability--1423e354-7fb3-453f-8465-45dc2e660d79", "target_ref": "vulnerability--a1b4fac8-86bc-4a56-a517-f620409aa985" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1398fd66-bf1e-4253-ad22-c6a6d8e70f23", "created": "2023-11-22T15:37:09.000Z", "modified": "2023-11-22T15:37:09.000Z", "relationship_type": "weakened-by", "source_ref": "vulnerability--1423e354-7fb3-453f-8465-45dc2e660d79", "target_ref": "x-misp-object--4cac5b96-ce45-4fe8-b212-83d5620151ae" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8d8f0a08-831f-475b-877c-585296831e40", "created": "2023-11-22T15:37:09.000Z", "modified": "2023-11-22T15:37:09.000Z", "relationship_type": "targeted-by", "source_ref": "vulnerability--1423e354-7fb3-453f-8465-45dc2e660d79", "target_ref": "attack-pattern--e9270a16-4ea3-465f-869c-6b667dde3350" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }