{ "type": "bundle", "id": "bundle--5de7883b-22bc-4264-995c-4d1f950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T13:43:04.000Z", "modified": "2019-12-04T13:43:04.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5de7883b-22bc-4264-995c-4d1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T13:43:04.000Z", "modified": "2019-12-04T13:43:04.000Z", "name": "Malicious PyPI packages", "published": "2019-12-04T13:43:10Z", "object_refs": [ "x-misp-attribute--5de78960-6df8-4e53-8db2-4f31950d210f", "x-misp-attribute--5de78990-431c-448b-a460-4da1950d210f", "observed-data--5de78c7c-6d88-48c2-98d0-47a0950d210f", "file--5de78c7c-6d88-48c2-98d0-47a0950d210f", "indicator--5de7889b-eb5c-4934-b531-483b950d210f", "indicator--5de788c9-2964-40a3-8c7b-44ac950d210f", "observed-data--5de788fd-e140-45b5-ac4b-47f2950d210f", "url--5de788fd-e140-45b5-ac4b-47f2950d210f", "observed-data--5de78919-6560-4e2d-80b6-4ecd950d210f", "url--5de78919-6560-4e2d-80b6-4ecd950d210f", "indicator--5de789bc-ea08-4bf7-9688-4ce8950d210f", "indicator--5de789d2-0f30-41e3-bcd5-45df950d210f", "indicator--5de78b13-9320-49f1-abff-420a950d210f", "indicator--5de78bdc-b330-495c-94b0-43dc950d210f", "indicator--5de78ce3-9f74-4f4b-a05b-4b15950d210f", "relationship--aa478248-b1df-4be6-97c8-0d9eb5c7900c", "relationship--b25834ac-4e18-4777-a52f-d5853f398091", "relationship--63116063-b17c-4f03-ab01-2c67bd0bdc8d", "relationship--ac6ffb85-338c-4dac-80a3-65b5b6c2652c", "relationship--773503e8-f030-415c-b8ab-5ef9ff77257c", "relationship--26bb11a5-9d9a-4b26-af41-9e6f064fc414", "relationship--d5be64fd-63d9-4fbe-b56f-e00986f30018", "relationship--e7b42353-1584-4cf0-a460-34cc699f6e59", "relationship--7d5dae9e-2e42-4798-b959-6eecb2be3d99", "relationship--c13a9f09-1f5d-4f0a-bab6-238fce563ad1" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\"", "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Other Network Medium - T1011\"", "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "osint:source-type=\"blog-post\"", "osint:source-type=\"source-code-repository\"", "osint:certainty=\"100\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5de78960-6df8-4e53-8db2-4f31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T10:25:30.000Z", "modified": "2019-12-04T10:25:30.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Other\"" ], "x_misp_category": "Other", "x_misp_comment": "Name of the malicious package", "x_misp_type": "text", "x_misp_value": "python3-dateutil" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5de78990-431c-448b-a460-4da1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T10:25:20.000Z", "modified": "2019-12-04T10:25:20.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Other\"" ], "x_misp_category": "Other", "x_misp_comment": "Name of the malicious package", "x_misp_type": "text", "x_misp_value": "jeIlyfish" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de78c7c-6d88-48c2-98d0-47a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T11:03:00.000Z", "modified": "2019-12-04T11:03:00.000Z", "first_observed": "2019-12-04T11:03:00Z", "last_observed": "2019-12-04T11:03:00Z", "number_observed": 1, "object_refs": [ "file--5de78c7c-6d88-48c2-98d0-47a0950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5de78c7c-6d88-48c2-98d0-47a0950d210f", "name": "Downloads/ITDS-2018-10-15-DRACO_SRV1-362.pfx" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de7889b-eb5c-4934-b531-483b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T10:51:37.000Z", "modified": "2019-12-04T10:51:37.000Z", "pattern": "[url:value = 'https://gitlab.com/olgired2017/aeg_wandoo_dag_m3/raw/master/hashsum']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-04T10:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de788c9-2964-40a3-8c7b-44ac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T10:22:01.000Z", "modified": "2019-12-04T10:22:01.000Z", "pattern": "[url:value = 'http://bitly.com/25VZxUbmkr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-04T10:22:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de788fd-e140-45b5-ac4b-47f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T13:22:14.000Z", "modified": "2019-12-04T13:22:14.000Z", "first_observed": "2019-12-04T13:22:14Z", "last_observed": "2019-12-04T13:22:14Z", "number_observed": 1, "object_refs": [ "url--5de788fd-e140-45b5-ac4b-47f2950d210f" ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5de788fd-e140-45b5-ac4b-47f2950d210f", "value": "https://github.com/dateutil/dateutil/issues/984" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de78919-6560-4e2d-80b6-4ecd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T13:22:37.000Z", "modified": "2019-12-04T13:22:37.000Z", "first_observed": "2019-12-04T13:22:37Z", "last_observed": "2019-12-04T13:22:37Z", "number_observed": 1, "object_refs": [ "url--5de78919-6560-4e2d-80b6-4ecd950d210f" ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5de78919-6560-4e2d-80b6-4ecd950d210f", "value": "https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de789bc-ea08-4bf7-9688-4ce8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T10:56:50.000Z", "modified": "2019-12-04T10:56:50.000Z", "pattern": "[url:value = 'https://pypi.org/project/python3-dateutil/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-04T10:56:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de789d2-0f30-41e3-bcd5-45df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T10:56:29.000Z", "modified": "2019-12-04T10:56:29.000Z", "pattern": "[url:value = 'https://pypi.org/project/jeIlyfish/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-04T10:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de78b13-9320-49f1-abff-420a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T10:51:06.000Z", "modified": "2019-12-04T10:51:06.000Z", "pattern": "[file:hashes.MD5 = '132fafca98f58aa3c39b2b6f168c5a9b' AND file:hashes.SHA1 = '47bddd8311cc683a401eacce51c5f7df49170fc7' AND file:hashes.SHA256 = 'e8ec763a658519d9a11284f4e000f4be41e86b5c726904b6d178824eefd738da' AND file:name = 'hashsum' AND file:size = '2987' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAPhThE+gjToZwgYAAKsLAAAgABwAMTMyZmFmY2E5OGY1OGFhM2MzOWIyYjZmMTY4YzVhOWJVVAkAAxOL510Ti+dddXgLAAEEIQAAAAQhAAAADyw4SDhBMwmGCAIZiIm23DZ+r6Y6n2DKo9vNppRtndVcm1cDJxt4pxRYqlVN/oA1SZtLjSDlR0HnfEM5dzFkSXOOYgOovyS7bNy4go8qkCKfnWYsM7UhPLAvwc5q3ZUFq+wgB+OQP9e7XAMzLIWDww/uArI+loWgqo5ndCk3VuNp/sstVv6VqfNSh0Igcc+SRu5aZzvgnJN1/JmvJlnMPxohRt7LRjV1ERMMhaNwqnAlz2LiY4GkSNOdWMJBppJtFlnwwBcZVuU54nZ6xwy+Ow4kolEjjVp57lFySx46MpJNe1wtr/huUSWIaIvikJ4740XmU3zck+CE1oQlMqjJ/NpdX7TA4Q0zzWe66ICMq+NjYOZ0GEi2ILP5Pw1QmK2Fcamy0kKV6EntVDWqq5/72BMfhVqGfySpNH0pTNoFrpIjaQjUeINeLvsnN1jbIWpLJNozCi90hlJltwmQxPo1zU+X3oZ+2JUsOWpGAcA+Op3xdqSS6aV6UxXURLE/oybRK0chqH8+30ewJojF1FwRFCI251t36L4paBJ3AH1JKDppBbjy1l0hrWaa5C7SVoqd36WXTNsZOggUNr5qL57qoEBMgPeQHXBTGQOMONMDxerxTnr1cEyA8zJAg+Qxd1Gb50ux4NUVwW1Wx0YxmY1lDDFw68F4nx/ULYQGRmmzKTlpCC8gj5keNX3nz5CyWgWmb9k1wQ2UKUUVeyb3EVHKfAwKVef901yRx5YJfkrroVc9FiXYJ4UGtkB6k+aLdnzO2MeliwfgLUTFK9H4krezzo0kxjKWTMTXscYJzq91tYI8+zrkR3TRpEafeDDTvphwTsRF77zFcFMq7bDUDBrr9y8qsqtEbc6CGgSJQ5NqBKq5MvN8dAp+G4QwkEowfLbRc68M0Rr4NBHmKaOhLa44Tuc6WeQZAaw4m6zQNb+EwuZpWeKvqvLYpEbtMrZWSua4GVNTHQbr7hWK6DAdmF66GJqlT9oLwid56uHq111Ofg2T+siZjbocmjbHtPrnF9hrq0Vzmpf8++A6F8CLgnSoyzhbH/sEbZ+AO2POEAY7l/Hx+K6q8qJwJY5pkeO3tkkBQB1p6pES5JRQAj8cLU6yLke84JuZaIEO2rqrQ+Tf+7asWEpxpE7HHM2PN31NeOXVbc338mdopKDd+L9RaRQ65SfbGy8hxgoXM6Hv1c5L4qOfHbmnXL055TrXdbyYCxgbxeZLmEDSnD6oEs8O0ij6yB+8JVPJ6TIduIiS6XNm6F+zNov0vwUfMBQJiLf4C5Yo1LLsmljkCk2O2aKU5f2n5R+K7wHE7IeMm2kibBft08rbJTT4M3eLl04H0zNMEY0F+ZxFXVs+8pgHnpRLcYQXVDnyZzyUfXbtITqKq4vuYfImSFhCDtadBe75Q2BR09zxt1Q4o1tjxcqD1fH0l8BsMfwAmPnPR7LiuHUBXXVo4C3VTm418rMcWNHgBd8wEhwJp6zUMFr/NwlkGP1fdIMwiYjRBijUWL+R041avp6ouJ7BxK9pXOqmaBd135hPrOaQxT6cGrfxkR1t4ioWd6jVNhc324W8VqS86i2CoottklxEHAO10LvW4BsNDVGCyjhXklji8CcqfyrRblfaNB9eoufG6V66mAOchNpa7JTZQez2HLwcUKxWY97GUj5tY+wDgTBvL6X5H02ZyPfg4sqoMa3QPWf4XUN9Pof3GFgmguA/TuWms7EL8XtE5cSFTAgh3hLRutS567UUS5AHM58TSMT0bnL9XGV8XCk0TXAtEJ3gCJ3P0mhqE7pyA4HpkxkpJfHOsdlSovSmUX1vY2JRygTX+aIj/46bbvt90a7Bi1f1HjX+b1+2o4R7AW4UDfJeqHdNbuN9ijNYL1UcyySXAtqnomnSK/vUaEpCb1nC4pszjtRSSNt1HG9N7i6lutIRoW0uQKwcdYvN3fBgD/As/ksT9QQEJbzt6h/xb6IdU8JyG35yOkdlJjZrg9+jOjpxYCAI0SzVWSTUk7zWrmxQjn/mujL+DB0wvyrlPjLHEj8PhlAM8ItZuVxXDS25GezgObmZSg/BS/Uf6EetUXxmBSemS9HZ03HSe/vBMMZFeQgeA/Bc2vS9JNGDXUyJt8x2e8pIIWDKqCog6GlEyFjB5MzGkk3hEcCc189alAj/bWrtS+cxt9ya/gK19pz7UdEpJT8bCZO/ENieSmBfHDghFs+eGYK4jwsdosJ2qdulRmHgXi7jkPA8DFJ8nkeYPtztQnbbkixSFrJgEHWJtk4Gnsgj2MdCDvBOuUnOXmQWR35VSw0b3XDOStc4hYiQhpRqMMpQSwcIoI06GcIGAACrCwAAUEsDBAoACQAAAPhThE+vAoGREwAAAAcAAAAtABwAMTMyZmFmY2E5OGY1OGFhM2MzOWIyYjZmMTY4YzVhOWIuZmlsZW5hbWUudHh0VVQJAAMTi+ddE4vnXXV4CwABBCEAAAAEIQAAAOAT4Gvlk6cv5HU9d9Tku8uLrXlQSwcIrwKBkRMAAAAHAAAAUEsBAh4DFAAJAAgA+FOET6CNOhnCBgAAqwsAACAAGAAAAAAAAQAAAKSBAAAAADEzMmZhZmNhOThmNThhYTNjMzliMmI2ZjE2OGM1YTliVVQFAAMTi+dddXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA+FOET68CgZETAAAABwAAAC0AGAAAAAAAAQAAAKSBLAcAADEzMmZhZmNhOThmNThhYTNjMzliMmI2ZjE2OGM1YTliLmZpbGVuYW1lLnR4dFVUBQADE4vnXXV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAC2BwAAAAA=' AND file:content_ref.x_misp_filename = 'hashsum' AND file:content_ref.hashes.MD5 = '132fafca98f58aa3c39b2b6f168c5a9b' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-04T10:51:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de78bdc-b330-495c-94b0-43dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T10:55:47.000Z", "modified": "2019-12-04T10:55:47.000Z", "description": "file unpack", "pattern": "[file:hashes.MD5 = 'a5ce34545c5b06e98f60c93c0db14be5' AND file:hashes.SHA1 = '015fb194428fe47cdf3a2c8eefc5b6518ed1a135' AND file:hashes.SHA256 = 'e4c356b41fe198da888eb9e4964b92883384d3a7070c51d622911f2b7b5947a9' AND file:name = 'workfile' AND file:size = '3971' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAGRUhE8iCGicpgUAAIMPAAAgABwAYTVjZTM0NTQ1YzViMDZlOThmNjBjOTNjMGRiMTRiZTVVVAkAA9yL513ci+dddXgLAAEEIQAAAAQhAAAAq/Of/EYMXqQBEOliyLKgWAHuAor4s8XGusnt8O1xokRyL/TcFVixsmPwyVuTlnGGvZvUTJlOMAuvXUBirzWbp05ZkINjv1RVVguGwCRHvukLKqgCgUrb+8izwv5oNZhEehide7oI3T+VblZSKGhElAeNhN+ZY6NlrLTd9ZfYMryN8szapPX4nSxImABtLq64OHQy5ZW3Bf3rBiIm7wEVRiy0tCMw8rNOd72YyHQWqPMAXv3Xn83Jywp9FoTopnliU4ttUc+vfRaggu8Di1RG1QaCiMkHnj2GzXBDZboLbTzy9RbN8Hp/XIcxmlItoxvWZV4Gve/1DWu+LA7gl66e/XfVSmHNOt25OqBXEzllZYfg1GMw6kjwmMCy/C634UmzKXQrqoT2EezQxBw2kdoTuaK68twy4qYYSDWQtpdYuxfWzOlA0tRxDEHCopETNg6nkslNmbXCDPg5DN2YNvY2Lx2t+vXqnWGmUHrwmmI2LeLzHTfjYd99/n/72q6bJOiC38FgKGf4t5VjIqvP2eQUS1Fgf26KdU2eyy1MrywU/OHK5fwonNeX9rM7VBl/IbXBOZ7Gvq3F5Xi8PX6BDc5hTdd4NnOABxJIOz9WZo1qokWJ/yqp4COv8kb5zA842Tbkdc4rFGhIeV/odhC3NNfQdMd7cBhFwXyG4K2uKy2Z8xQcwUyfp6AEKCHFrlIj/fKEgzI6iaOQUjYwTCrLXvByOL3HJsbk0Nrn3UL4ycknyDCqCGGYlkqP88dO/kmeLFd3kzrerJKo6/eBP5JEQmHY450pCA81/A0a/jg1/CJHdKtmd8C90+C94Akun5A/HA4+L932X87PPSAYHM0eB1DTh7VDRM7Byt2dVU5h9t3CZKPWGRvAKF1rppWlciJGMqSr9gBhMJl7/pxfULhErnN01kzgcoHaAhW+3T4acWVkvmy4IagjA9Kgh5vH/suIRIY8vKvqaHH15z/9sK6RuAiClqtWYYwEI1dbjHwTj3138062N96FJCjqXsTQ37mSJ+lNPuHG/d5rkzwnTbPG/9zZ+g9Jt/Bw7RDUopkL8I03HcWuyqQMPGmxsX6lZ1G5iVwhj0paPPTHw709c+YJ+dbyCJEcILVUsE/aCPMZU/0e5v5IIKxVjmKLfumqphqQjvIo/AX4Bm0JvvwosYT99lTkRlLeZpyEdTp9An79FS1JFgrCRAWqGgq2bHcIw+Qmbia4Sn5R9hpvDEBQ9BhhNJermMR+saOoV0imioS4mPaTEv3TmZBz4y5HkvrntChCToEZNPKL0jhjEoCtXCQE79dydhl88RAjhn0E2rcBiwyetEqcD97F4dXY6tq4+VH6s5rIudoC/oq0BbFDt5HstXIY/949SzBNZA+nIpN7Ki6p5YxDu6o2sist8rwKWSHjLGtmOUjLh6yL4NN0wivTPvQjbf+QJTTb2K7EU+bOoqJP+lrpoQ5JoO5rsGt7RVDBPIoHoo4keHhY6r/z9de8mumLgmAy9a6EXu+lM932nWGYugxhGxru/xGrovBnvN7vUQV0hxSF40BcmjlUx7k/zrT6qqsp33ccmFLVlQu2ogdKSlZlaniA6X1GihTCHieXZm+jCw2Cxa7K32lPxdmgWOHxyhLzs+oJHfpkkwpj4wYzn3SNuFTkfsN+46UgS2Wbl9O+YGVZuDDD8AsaSER5RvQfBP0GsolEFfZiRJanVdvUuCaytlPIayhkCSZUir2bgxxdekhp4oJTReL2fSd38viWkte2AJOATUTCSXrepEAk4Lx30AdX1j8txqQYhrjCb3Ke3RA7Giyq5HxnNyLKWhNIMCJ9/At5xO2xcdXaIVDLq5Y0wzvwg6LO9VUQ+bKTgVpWaze+dGRtj6b7JYWxDhy4MLMW6TJIoIe198XL5TVRjujwPImT2rdETNa6oXJDFLwWSqYZxtdTUEsHCCIIaJymBQAAgw8AAFBLAwQKAAkAAABkVIRPdniauxQAAAAIAAAALQAcAGE1Y2UzNDU0NWM1YjA2ZTk4ZjYwYzkzYzBkYjE0YmU1LmZpbGVuYW1lLnR4dFVUCQAD3IvnXdyL5111eAsAAQQhAAAABCEAAACuBmmFqn8V2tn8MeGTVzBc+cKrvVBLBwh2eJq7FAAAAAgAAABQSwECHgMUAAkACABkVIRPIghonKYFAACDDwAAIAAYAAAAAAABAAAApIEAAAAAYTVjZTM0NTQ1YzViMDZlOThmNjBjOTNjMGRiMTRiZTVVVAUAA9yL5111eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABkVIRPdniauxQAAAAIAAAALQAYAAAAAAABAAAApIEQBgAAYTVjZTM0NTQ1YzViMDZlOThmNjBjOTNjMGRiMTRiZTUuZmlsZW5hbWUudHh0VVQFAAPci+dddXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAJsGAAAAAA==' AND file:content_ref.x_misp_filename = 'workfile' AND file:content_ref.hashes.MD5 = 'a5ce34545c5b06e98f60c93c0db14be5' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-04T10:55:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de78ce3-9f74-4f4b-a05b-4b15950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-04T10:39:31.000Z", "modified": "2019-12-04T10:39:31.000Z", "description": "Exfiltration", "pattern": "[url:value = 'http://68.183.212.246:32258' AND url:x_misp_host = '68.183.212.246' AND url:x_misp_port = '32258']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-04T10:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aa478248-b1df-4be6-97c8-0d9eb5c7900c", "created": "2019-12-04T10:51:37.000Z", "modified": "2019-12-04T10:51:37.000Z", "relationship_type": "downloaded-from", "source_ref": "indicator--5de7889b-eb5c-4934-b531-483b950d210f", "target_ref": "indicator--5de788c9-2964-40a3-8c7b-44ac950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b25834ac-4e18-4777-a52f-d5853f398091", "created": "2019-12-04T10:48:45.000Z", "modified": "2019-12-04T10:48:45.000Z", "relationship_type": "downloads", "source_ref": "indicator--5de789bc-ea08-4bf7-9688-4ce8950d210f", "target_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--63116063-b17c-4f03-ab01-2c67bd0bdc8d", "created": "2019-12-04T10:56:49.000Z", "modified": "2019-12-04T10:56:49.000Z", "relationship_type": "is-in-relation-with", "source_ref": "indicator--5de789bc-ea08-4bf7-9688-4ce8950d210f", "target_ref": "x-misp-attribute--5de78960-6df8-4e53-8db2-4f31950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ac6ffb85-338c-4dac-80a3-65b5b6c2652c", "created": "2019-12-04T10:47:56.000Z", "modified": "2019-12-04T10:47:56.000Z", "relationship_type": "downloads", "source_ref": "indicator--5de789d2-0f30-41e3-bcd5-45df950d210f", "target_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--773503e8-f030-415c-b8ab-5ef9ff77257c", "created": "2019-12-04T10:56:29.000Z", "modified": "2019-12-04T10:56:29.000Z", "relationship_type": "abuses", "source_ref": "indicator--5de789d2-0f30-41e3-bcd5-45df950d210f", "target_ref": "x-misp-attribute--5de78990-431c-448b-a460-4da1950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--26bb11a5-9d9a-4b26-af41-9e6f064fc414", "created": "2019-12-04T10:45:43.000Z", "modified": "2019-12-04T10:45:43.000Z", "relationship_type": "downloads", "source_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f", "target_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d5be64fd-63d9-4fbe-b56f-e00986f30018", "created": "2019-12-04T10:51:06.000Z", "modified": "2019-12-04T10:51:06.000Z", "relationship_type": "downloaded-from", "source_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f", "target_ref": "indicator--5de7889b-eb5c-4934-b531-483b950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7b42353-1584-4cf0-a460-34cc699f6e59", "created": "2019-12-04T10:50:31.000Z", "modified": "2019-12-04T10:50:31.000Z", "relationship_type": "extracted-from", "source_ref": "indicator--5de78bdc-b330-495c-94b0-43dc950d210f", "target_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7d5dae9e-2e42-4798-b959-6eecb2be3d99", "created": "2019-12-04T10:52:17.000Z", "modified": "2019-12-04T10:52:17.000Z", "relationship_type": "exfiltrates-to", "source_ref": "indicator--5de78bdc-b330-495c-94b0-43dc950d210f", "target_ref": "indicator--5de78ce3-9f74-4f4b-a05b-4b15950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c13a9f09-1f5d-4f0a-bab6-238fce563ad1", "created": "2019-12-04T10:55:47.000Z", "modified": "2019-12-04T10:55:47.000Z", "relationship_type": "uploads", "source_ref": "indicator--5de78bdc-b330-495c-94b0-43dc950d210f", "target_ref": "observed-data--5de78c7c-6d88-48c2-98d0-47a0950d210f" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }