1933 lines
No EOL
88 KiB
JSON
1933 lines
No EOL
88 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--df7b7020-9f17-4a3c-9824-1baa4ff67cb1",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:43:05.000Z",
|
|
"modified": "2023-11-22T15:43:05.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--df7b7020-9f17-4a3c-9824-1baa4ff67cb1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:43:05.000Z",
|
|
"modified": "2023-11-22T15:43:05.000Z",
|
|
"name": "CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits",
|
|
"published": "2023-11-22T15:44:23Z",
|
|
"object_refs": [
|
|
"vulnerability--a1b4fac8-86bc-4a56-a517-f620409aa985",
|
|
"indicator--ec341f4e-0f70-4569-8ac5-e35465572726",
|
|
"indicator--dec37bd8-3293-45dd-b087-73cc2018fb6d",
|
|
"indicator--5dc9a60b-5b71-43fa-8859-e927cd7e813f",
|
|
"indicator--c126e50d-8d22-4201-aeb2-ceb6c4438db8",
|
|
"indicator--6f58a684-e56b-431b-8a90-f00d03cc2837",
|
|
"indicator--28f55810-c61e-42d0-8565-cc7d2e7eb57c",
|
|
"indicator--858d2d46-7d03-4e4e-9a57-f8a16abed89b",
|
|
"indicator--6d1389be-2a8d-4cb4-824e-cc66f8f38063",
|
|
"indicator--dec7c981-9fbf-4d43-b9d9-72f46c90800d",
|
|
"indicator--b696aff7-fc3b-4f51-9928-a5cda3032840",
|
|
"indicator--e9401439-1ca4-4cac-a561-73c2380cec27",
|
|
"x-misp-object--8ccbf5d4-d4bb-4ddb-9055-ffde04cc2d79",
|
|
"vulnerability--1423e354-7fb3-453f-8465-45dc2e660d79",
|
|
"x-misp-object--4cac5b96-ce45-4fe8-b212-83d5620151ae",
|
|
"attack-pattern--e9270a16-4ea3-465f-869c-6b667dde3350",
|
|
"indicator--69b6801f-70f2-4f6f-88f4-6246d90a02f1",
|
|
"indicator--d2aa05c5-9d0b-4b73-8784-f2772dab848b",
|
|
"indicator--bff55684-ad68-46cc-9919-2b6bc1f3b179",
|
|
"indicator--301c5825-7094-4eff-840a-be6d8c8e8195",
|
|
"indicator--e66b0982-04a9-4ead-909b-499b49c8faf2",
|
|
"indicator--4675bbfa-2304-4cc2-ba9c-1a3cebd3c7cf",
|
|
"x-misp-object--72f8dfd0-2ab6-4839-956d-813372d4cbce",
|
|
"x-misp-object--fec59623-a7d8-43bb-90ca-d1f8d2469bf0",
|
|
"x-misp-object--2b12de36-4f9c-4ecd-8138-9a2ea40adb88",
|
|
"indicator--c8e5e229-75f0-494f-bfa0-0de1b929bed9",
|
|
"x-misp-object--c84d52b3-fdfb-4164-82c8-04fc9e76dc69",
|
|
"indicator--23a79772-d43c-4c33-ba7d-0fec21a26bae",
|
|
"x-misp-object--5dacd5e9-1cd3-40a5-95fd-3f76919bcaf3",
|
|
"indicator--298b2c78-9d01-4046-a51a-6829f33b58fa",
|
|
"x-misp-object--17054e47-ae49-4803-8640-54bfd422581a",
|
|
"indicator--f7612330-d2f6-40bd-bc97-103283c02684",
|
|
"indicator--a617657e-c7b8-441c-a432-b92a4f534a41",
|
|
"x-misp-object--acfc0207-defe-445e-bf6a-57cd212030ad",
|
|
"x-misp-object--2b18b23b-0776-4e5e-864f-d7d2449bf58c",
|
|
"x-misp-object--fcab0f20-fdad-4882-852f-c5a5b07a621c",
|
|
"indicator--2604d1c8-cc20-4373-8fd3-cb579dce9928",
|
|
"x-misp-object--29cdd1eb-9702-4cdd-9d6f-5b21f1604cf3",
|
|
"indicator--79b0dd04-14b2-4c8e-a036-1753c83e8f24",
|
|
"x-misp-object--3a3e95e0-1ab6-47cd-a79c-504eb4c7761c",
|
|
"indicator--4c1102ac-a885-43e6-9c60-319bb644882a",
|
|
"indicator--4b29d4c4-a8ff-4a88-89d9-2344abf2bf86",
|
|
"x-misp-object--89a35674-1ce6-43d7-a4e9-773e76105ef7",
|
|
"x-misp-object--221e43e7-847d-40ed-b92f-c8a002202a76",
|
|
"indicator--b266c2bf-23d9-4621-aa7a-18b3972919c0",
|
|
"x-misp-object--49cf6520-3033-4c17-931e-eda0e9dc70df",
|
|
"indicator--e2a40f1c-a4b5-41f4-9f7b-38199747ef9b",
|
|
"x-misp-object--7182965a-7d9c-4164-8bf3-af0e5c0b0c46",
|
|
"indicator--a2e218c6-e7f0-4b43-9a96-39f3e0223e18",
|
|
"x-misp-object--9ff8bb23-38df-4b86-a7a9-bf539e82b91c",
|
|
"indicator--d6d98d86-01e3-408e-963f-d4d367eb0c13",
|
|
"x-misp-object--11de74c8-163e-4e3e-88ea-035a16ebf143",
|
|
"indicator--7e13183f-96ba-4d22-b098-faf834459016",
|
|
"x-misp-object--4b6e8088-4ac7-4290-883f-1560b2413c52",
|
|
"indicator--e0d99c98-a0d5-4ffa-a247-ad989f5ee852",
|
|
"x-misp-object--c307be58-48b4-43d0-84b1-9836ebbcb67f",
|
|
"indicator--e73cb509-a734-46bf-bbc2-4c7ad7dbcd9b",
|
|
"x-misp-object--cdfff20b-2054-4226-ac1d-15eda55808a6",
|
|
"indicator--3b1d461d-66eb-45db-90ca-58088373ebf9",
|
|
"x-misp-object--21c1f5d0-926e-4360-9877-2ce09997226d",
|
|
"x-misp-object--16a55ce1-986f-4c5e-adbe-03a5ac50282e",
|
|
"indicator--fb2149de-3034-4eb9-a3c4-2876e5aa1b69",
|
|
"indicator--20430c3e-2aa4-4cf3-889e-6a75c4478738",
|
|
"relationship--43e412ea-e5fe-4f7b-b562-6e92814bff37",
|
|
"relationship--1398fd66-bf1e-4253-ad22-c6a6d8e70f23",
|
|
"relationship--8d8f0a08-831f-475b-877c-585296831e40"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"tlp:clear",
|
|
"misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--a1b4fac8-86bc-4a56-a517-f620409aa985",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:35:26.000Z",
|
|
"modified": "2023-11-22T15:35:26.000Z",
|
|
"name": "CVE-2023-46604",
|
|
"labels": [
|
|
"misp:type=\"vulnerability\"",
|
|
"misp:category=\"Payload delivery\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2023-46604"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ec341f4e-0f70-4569-8ac5-e35465572726",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:38:24.000Z",
|
|
"modified": "2023-11-22T15:38:24.000Z",
|
|
"pattern": "[url:value = 'http://185.122.204.197/acb.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:38:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dec37bd8-3293-45dd-b087-73cc2018fb6d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:38:24.000Z",
|
|
"modified": "2023-11-22T15:38:24.000Z",
|
|
"pattern": "[url:value = 'http://194.38.22.53/curl-aarch64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:38:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5dc9a60b-5b71-43fa-8859-e927cd7e813f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:38:24.000Z",
|
|
"modified": "2023-11-22T15:38:24.000Z",
|
|
"pattern": "[url:value = 'http://194.38.22.53/curl-amd64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:38:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c126e50d-8d22-4201-aeb2-ceb6c4438db8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:38:24.000Z",
|
|
"modified": "2023-11-22T15:38:24.000Z",
|
|
"pattern": "[url:value = 'http://194.38.22.53/kinsing']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:38:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6f58a684-e56b-431b-8a90-f00d03cc2837",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:38:24.000Z",
|
|
"modified": "2023-11-22T15:38:24.000Z",
|
|
"pattern": "[url:value = 'http://194.38.22.53/kinsing_aarch64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:38:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--28f55810-c61e-42d0-8565-cc7d2e7eb57c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:38:24.000Z",
|
|
"modified": "2023-11-22T15:38:24.000Z",
|
|
"pattern": "[url:value = 'http://194.38.22.53/libsystem.so']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:38:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--858d2d46-7d03-4e4e-9a57-f8a16abed89b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:43.000Z",
|
|
"modified": "2023-11-22T15:39:43.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6d1389be-2a8d-4cb4-824e-cc66f8f38063",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:43.000Z",
|
|
"modified": "2023-11-22T15:39:43.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dec7c981-9fbf-4d43-b9d9-72f46c90800d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:43.000Z",
|
|
"modified": "2023-11-22T15:39:43.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b696aff7-fc3b-4f51-9928-a5cda3032840",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:43.000Z",
|
|
"modified": "2023-11-22T15:39:43.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e9401439-1ca4-4cac-a561-73c2380cec27",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:43.000Z",
|
|
"modified": "2023-11-22T15:39:43.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8ccbf5d4-d4bb-4ddb-9055-ffde04cc2d79",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:36:48.000Z",
|
|
"modified": "2023-11-22T15:36:48.000Z",
|
|
"labels": [
|
|
"misp:name=\"report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html",
|
|
"category": "External analysis",
|
|
"uuid": "0d46d9e1-6d0f-43b4-a436-239828c9f1b4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "summary",
|
|
"value": "We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. When exploited, this vulnerability leads to remote code execution (RCE), which Kinsing uses to download and install malware. The vulnerability itself is due to OpenWire commands failing to validate throwable class type, leading to RCE.",
|
|
"category": "Other",
|
|
"uuid": "7d5d7567-2a91-4c7c-98fe-bb4ccc725e98"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "type",
|
|
"value": "Blog",
|
|
"category": "Other",
|
|
"uuid": "8ffe0cc3-7092-4bdc-98b8-cc64673e20e0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "report"
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--1423e354-7fb3-453f-8465-45dc2e660d79",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:37:08.000Z",
|
|
"modified": "2023-11-22T15:37:08.000Z",
|
|
"name": "CVE-2023-46604",
|
|
"description": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2023-46604"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://security.netapp.com/advisory/ntap-20231110-0010/"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
|
|
}
|
|
],
|
|
"x_misp_cvss_score": "9.8",
|
|
"x_misp_cvss_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"x_misp_modified": "2023-11-20T22:15:00+00:00",
|
|
"x_misp_published": "2023-10-27T15:15:00+00:00",
|
|
"x_misp_state": "Published",
|
|
"x_misp_vulnerable_configuration": [
|
|
"cpe:2.3:a:apache:activemq:-:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.11.3:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.12.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.12.3:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.13.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.13.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.13.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.13.3:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.13.4:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.13.5:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.14.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.14.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.14.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.14.3:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.14.4:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.14.5:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.3:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.4:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.5:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.6:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.7:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.8:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.10:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.11:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.12:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.13:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.14:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.15.15:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.18.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.17.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.16.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.16.1:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq:5.16.2:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq_legacy_openwire_module:5.18.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq_legacy_openwire_module:5.17.0:*:*:*:*:*:*:*",
|
|
"cpe:2.3:a:apache:activemq_legacy_openwire_module:5.16.0:*:*:*:*:*:*:*"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4cac5b96-ce45-4fe8-b212-83d5620151ae",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:37:09.000Z",
|
|
"modified": "2023-11-22T15:37:09.000Z",
|
|
"labels": [
|
|
"misp:name=\"weakness\"",
|
|
"misp:meta-category=\"vulnerability\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "weakness",
|
|
"object_relation": "id",
|
|
"value": "CWE-502",
|
|
"category": "External analysis",
|
|
"uuid": "6c3bd37c-e18e-44ff-b58b-b171df7d18e1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "name",
|
|
"value": "Deserialization of Untrusted Data",
|
|
"category": "Other",
|
|
"uuid": "7162c223-adc9-4ee3-9c2d-efcec35a38b8"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "status",
|
|
"value": "Draft",
|
|
"category": "Other",
|
|
"uuid": "e2ea23bd-4fdf-496d-b15f-4ce3c116e3bf"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "weakness-abs",
|
|
"value": "Base",
|
|
"category": "Other",
|
|
"uuid": "eac6bb21-5d71-4acb-8ce0-5aba5df658a9"
|
|
}
|
|
],
|
|
"x_misp_comment": "CVE-2023-46604: Enriched via the cve_advanced module",
|
|
"x_misp_meta_category": "vulnerability",
|
|
"x_misp_name": "weakness"
|
|
},
|
|
{
|
|
"type": "attack-pattern",
|
|
"spec_version": "2.1",
|
|
"id": "attack-pattern--e9270a16-4ea3-465f-869c-6b667dde3350",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:37:09.000Z",
|
|
"modified": "2023-11-22T15:37:09.000Z",
|
|
"name": "Object Injection",
|
|
"description": "An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "vulnerability"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"attack-pattern\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "capec",
|
|
"external_id": "CAPEC-586"
|
|
}
|
|
],
|
|
"x_misp_prerequisites": "The target application must unserialize data before validation.",
|
|
"x_misp_related_weakness": "CWE-502",
|
|
"x_misp_solutions": "Implementation: Validate object before deserialization process Design: Limit which types can be deserialized. Implementation: Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. Use an allowlist of acceptable classes. Implementation: Keep session state on the server, when possible."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--69b6801f-70f2-4f6f-88f4-6246d90a02f1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:18.000Z",
|
|
"modified": "2023-11-22T15:39:18.000Z",
|
|
"description": "Enriched via the url_import module",
|
|
"pattern": "[url:value = 'http://185.122.204.197/acb.sh' AND url:x_misp_resource_path = '/acb.sh' AND url:x_misp_host = '185.122.204.197' AND url:x_misp_domain_without_tld = '185.122.204.197' AND url:x_misp_domain = '185.122.204.197']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d2aa05c5-9d0b-4b73-8784-f2772dab848b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:18.000Z",
|
|
"modified": "2023-11-22T15:39:18.000Z",
|
|
"description": "Enriched via the url_import module",
|
|
"pattern": "[url:value = 'http://194.38.22.53/curl-aarch64' AND url:x_misp_resource_path = '/curl-aarch64' AND url:x_misp_host = '194.38.22.53' AND url:x_misp_domain_without_tld = '194.38.22.53' AND url:x_misp_domain = '194.38.22.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bff55684-ad68-46cc-9919-2b6bc1f3b179",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:18.000Z",
|
|
"modified": "2023-11-22T15:39:18.000Z",
|
|
"description": "Enriched via the url_import module",
|
|
"pattern": "[url:value = 'http://194.38.22.53/curl-amd64' AND url:x_misp_resource_path = '/curl-amd64' AND url:x_misp_host = '194.38.22.53' AND url:x_misp_domain_without_tld = '194.38.22.53' AND url:x_misp_domain = '194.38.22.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--301c5825-7094-4eff-840a-be6d8c8e8195",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:18.000Z",
|
|
"modified": "2023-11-22T15:39:18.000Z",
|
|
"description": "Enriched via the url_import module",
|
|
"pattern": "[url:value = 'http://194.38.22.53/kinsing' AND url:x_misp_resource_path = '/kinsing' AND url:x_misp_host = '194.38.22.53' AND url:x_misp_domain_without_tld = '194.38.22.53' AND url:x_misp_domain = '194.38.22.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e66b0982-04a9-4ead-909b-499b49c8faf2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:18.000Z",
|
|
"modified": "2023-11-22T15:39:18.000Z",
|
|
"description": "Enriched via the url_import module",
|
|
"pattern": "[url:value = 'http://194.38.22.53/kinsing_aarch64' AND url:x_misp_resource_path = '/kinsing_aarch64' AND url:x_misp_host = '194.38.22.53' AND url:x_misp_domain_without_tld = '194.38.22.53' AND url:x_misp_domain = '194.38.22.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4675bbfa-2304-4cc2-ba9c-1a3cebd3c7cf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:39:18.000Z",
|
|
"modified": "2023-11-22T15:39:18.000Z",
|
|
"description": "Enriched via the url_import module",
|
|
"pattern": "[url:value = 'http://194.38.22.53/libsystem.so' AND url:x_misp_resource_path = '/libsystem.so' AND url:x_misp_host = '194.38.22.53' AND url:x_misp_domain_without_tld = '194.38.22.53' AND url:x_misp_domain = '194.38.22.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--72f8dfd0-2ab6-4839-956d-813372d4cbce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a",
|
|
"category": "External analysis",
|
|
"uuid": "cf428eb0-b056-4355-bc6b-c8f505ae083e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/60",
|
|
"category": "Other",
|
|
"uuid": "22b554c6-f8c7-4367-8291-a310c4aedecf"
|
|
}
|
|
],
|
|
"x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--fec59623-a7d8-43bb-90ca-d1f8d2469bf0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/218336a92c3856330bc926adf336fb4537742f85eee39a56660903acd4699729",
|
|
"category": "External analysis",
|
|
"uuid": "ea0091d8-b24f-47a6-96c6-234afe75f14a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "14/90",
|
|
"category": "Other",
|
|
"uuid": "d0aa461c-743c-487e-a88a-72f49f03609e"
|
|
}
|
|
],
|
|
"x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2b12de36-4f9c-4ecd-8138-9a2ea40adb88",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/a2a84fe32f387d17f7df1058ed594dd4658537c335667c73c15ffc78fddac256",
|
|
"category": "External analysis",
|
|
"uuid": "da5e0938-c07c-4d97-9c76-27bb253759a0"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "7/89",
|
|
"category": "Other",
|
|
"uuid": "7206f043-4bba-46a9-a450-7d4530f763fb"
|
|
}
|
|
],
|
|
"x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c8e5e229-75f0-494f-bfa0-0de1b929bed9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"description": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"pattern": "[url:value = 'http://194.38.21.25/libsystem.so']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:40:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c84d52b3-fdfb-4164-82c8-04fc9e76dc69",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/e4b7d05cadf1319d2f915d74ca9644e512182f6b8a470b9882b3a65e08cb9cba",
|
|
"category": "External analysis",
|
|
"uuid": "e5b1a692-c883-4f46-bfd5-5525167d9dbf"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "3/90",
|
|
"category": "Other",
|
|
"uuid": "74331e0a-3c35-4754-a1e0-2916c12dbd06"
|
|
}
|
|
],
|
|
"x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--23a79772-d43c-4c33-ba7d-0fec21a26bae",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"description": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"pattern": "[url:value = 'http://45.15.158.124/libsystem.so']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:40:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5dacd5e9-1cd3-40a5-95fd-3f76919bcaf3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/df1e6c6270e8f4aaefab50c87ae9db569a24a082e98bfd0eb521b7339978a891",
|
|
"category": "External analysis",
|
|
"uuid": "19ceae8f-95fa-40ae-ae0c-bc7353025544"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "7/90",
|
|
"category": "Other",
|
|
"uuid": "501737a6-d6af-4cc7-bcec-901605704c59"
|
|
}
|
|
],
|
|
"x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--298b2c78-9d01-4046-a51a-6829f33b58fa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"description": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"pattern": "[url:value = 'http://194.87.252.159/libsystem.so']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:40:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--17054e47-ae49-4803-8640-54bfd422581a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/ee9cf5f02f58fa2d1149485e3024eab2849c5d8a3c8e8530895100b2cde4907d",
|
|
"category": "External analysis",
|
|
"uuid": "151edbae-1dbc-4e98-addb-873ef925d4ae"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "11/90",
|
|
"category": "Other",
|
|
"uuid": "f28c0fb3-7b6e-48b1-939c-85cdb774dcd2"
|
|
}
|
|
],
|
|
"x_misp_comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f7612330-d2f6-40bd-bc97-103283c02684",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"description": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"pattern": "[url:value = 'http://194.38.20.196/libsystem.so']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:40:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a617657e-c7b8-441c-a432-b92a4f534a41",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:40:33.000Z",
|
|
"modified": "2023-11-22T15:40:33.000Z",
|
|
"description": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"pattern": "[file:hashes.MD5 = 'ccef46c7edf9131ccffc47bd69eb743b' AND file:hashes.SHA1 = '38c56b5e1489092b80c9908f04379e5a16876f01' AND file:hashes.SHA256 = 'c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a' AND file:hashes.SSDEEP = '384:GkV8prsuhCY63B9dBRi9JsdgUa/Q1NXJZ6Cb1b:ZaLOVT6E' AND file:hashes.VHASH = 'fe6bc79726e96c10105967299ddec168' AND file:x_misp_tlsh = 't19ec2c637b9d2cab5c0c0e238a5d79276f1f5b0f14b22931ba294457e3e927c81f4ea45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:40:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--acfc0207-defe-445e-bf6a-57cd212030ad",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:23.000Z",
|
|
"modified": "2023-11-22T15:41:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf",
|
|
"category": "External analysis",
|
|
"uuid": "6dd7e193-5c2e-4cba-ba8b-dbc0b44cf8f0"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/62",
|
|
"category": "Other",
|
|
"uuid": "b84ffbd9-a6c7-4659-ac23-840c2fa2e511"
|
|
}
|
|
],
|
|
"x_misp_comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2b18b23b-0776-4e5e-864f-d7d2449bf58c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:23.000Z",
|
|
"modified": "2023-11-22T15:41:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/1cba372316495cfc9a3e356c5bd6bc117ab9e88fdb8af13b3722ec57495b4e2f",
|
|
"category": "External analysis",
|
|
"uuid": "f7bde291-3d01-4439-b277-4bc1234ab40f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "12/90",
|
|
"category": "Other",
|
|
"uuid": "bf64c7f6-ca76-416b-ae89-149b857ac215"
|
|
}
|
|
],
|
|
"x_misp_comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--fcab0f20-fdad-4882-852f-c5a5b07a621c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:23.000Z",
|
|
"modified": "2023-11-22T15:41:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/165df3d9737567242c4b0b130e9408ea7727bdebde81273b819a52836aac40ed",
|
|
"category": "External analysis",
|
|
"uuid": "84a6bf72-8f4e-420a-8227-903180e36b01"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "8/90",
|
|
"category": "Other",
|
|
"uuid": "036a271b-7ea8-4970-8e4d-c65c843e1c13"
|
|
}
|
|
],
|
|
"x_misp_comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2604d1c8-cc20-4373-8fd3-cb579dce9928",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:23.000Z",
|
|
"modified": "2023-11-22T15:41:23.000Z",
|
|
"description": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"pattern": "[url:value = 'http://194.38.21.25/kinsing_aarch64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--29cdd1eb-9702-4cdd-9d6f-5b21f1604cf3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:23.000Z",
|
|
"modified": "2023-11-22T15:41:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/8c6fdf6a7619b40cb998d37e0d1693d30346aee37390b8f309b35fb98bfd3a61",
|
|
"category": "External analysis",
|
|
"uuid": "dbf5b8f6-8f84-45a0-ab59-d4ffcba224c6"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "12/90",
|
|
"category": "Other",
|
|
"uuid": "d59c6003-5a64-40e7-bc75-4f567e0a9311"
|
|
}
|
|
],
|
|
"x_misp_comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--79b0dd04-14b2-4c8e-a036-1753c83e8f24",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:23.000Z",
|
|
"modified": "2023-11-22T15:41:23.000Z",
|
|
"description": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"pattern": "[url:value = 'http://45.15.158.124/kinsing_aarch64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3a3e95e0-1ab6-47cd-a79c-504eb4c7761c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:23.000Z",
|
|
"modified": "2023-11-22T15:41:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/7115f7b310d2ce8d953266e87ee37d7db0a23e0bf1b943cd7bb0194c19501cb0",
|
|
"category": "External analysis",
|
|
"uuid": "4d468458-94bc-43e7-9f0d-2b8f4e1f840f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "7/90",
|
|
"category": "Other",
|
|
"uuid": "e97bae4d-8455-4b91-8458-9b86a06b36df"
|
|
}
|
|
],
|
|
"x_misp_comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4c1102ac-a885-43e6-9c60-319bb644882a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:23.000Z",
|
|
"modified": "2023-11-22T15:41:23.000Z",
|
|
"description": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"pattern": "[url:value = 'http://194.87.252.159/kinsing_aarch64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4b29d4c4-a8ff-4a88-89d9-2344abf2bf86",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:23.000Z",
|
|
"modified": "2023-11-22T15:41:23.000Z",
|
|
"description": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"pattern": "[file:hashes.MD5 = 'da753ebcfe793614129fc11890acedbc' AND file:hashes.SHA1 = 'ee458e526125d60cc1a387b4163376be8e9bc689' AND file:hashes.SHA256 = 'c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf' AND file:hashes.SSDEEP = '98304:Slds3UPXBQSH14vZh7pIDhG9By8uCGUGan5UPiK/AF7XlzcKGYH0ye8nanVFflpu:ZUDIaLbI+ED2iJ' AND file:hashes.VHASH = '036051e39318996e6fe6578e87fd9a87' AND file:x_misp_tlsh = 't178564b02bc5db563e9cc7630777683d9323e7588cba14233aa64ee7d99f13688e17121']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--89a35674-1ce6-43d7-a4e9-773e76105ef7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:58.000Z",
|
|
"modified": "2023-11-22T15:41:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c",
|
|
"category": "External analysis",
|
|
"uuid": "f1177b7d-c6c5-4d66-a0ba-83ed7b0ae30d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "24/50",
|
|
"category": "Other",
|
|
"uuid": "881df600-7d23-4463-9893-4eb59c19d56e"
|
|
}
|
|
],
|
|
"x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--221e43e7-847d-40ed-b92f-c8a002202a76",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:58.000Z",
|
|
"modified": "2023-11-22T15:41:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/944e32ccbd91d3d350477bbb8acb2130702923a74477e8aecdd2215986b32eb5",
|
|
"category": "External analysis",
|
|
"uuid": "14541f18-115a-437e-90c9-9d6670aa5628"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "12/90",
|
|
"category": "Other",
|
|
"uuid": "52fdccb2-dc53-46bf-802f-de64ccd43f9a"
|
|
}
|
|
],
|
|
"x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b266c2bf-23d9-4621-aa7a-18b3972919c0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:58.000Z",
|
|
"modified": "2023-11-22T15:41:58.000Z",
|
|
"description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"pattern": "[url:value = 'http://194.38.22.53/acb.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--49cf6520-3033-4c17-931e-eda0e9dc70df",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:58.000Z",
|
|
"modified": "2023-11-22T15:41:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/domain/gateway.fe.apple-dns.net",
|
|
"category": "External analysis",
|
|
"uuid": "754fa744-eb03-4501-844a-621fa92d4dc3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/88",
|
|
"category": "Other",
|
|
"uuid": "7dd61383-db96-4cf4-91f7-cd87d4768dde"
|
|
}
|
|
],
|
|
"x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e2a40f1c-a4b5-41f4-9f7b-38199747ef9b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"pattern": "[domain-name:value = 'gateway.fe.apple-dns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7182965a-7d9c-4164-8bf3-af0e5c0b0c46",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/domain/mask-api.fe.apple-dns.net",
|
|
"category": "External analysis",
|
|
"uuid": "87b362e2-656d-4835-a100-3d496d1721bd"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/88",
|
|
"category": "Other",
|
|
"uuid": "ed99efcb-5c24-40d6-a188-54ba2b3b5372"
|
|
}
|
|
],
|
|
"x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a2e218c6-e7f0-4b43-9a96-39f3e0223e18",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"pattern": "[domain-name:value = 'mask-api.fe.apple-dns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9ff8bb23-38df-4b86-a7a9-bf539e82b91c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/ip_address/169.254.169.254",
|
|
"category": "External analysis",
|
|
"uuid": "86c55c15-b936-4228-a1ff-ae5f995216d5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/88",
|
|
"category": "Other",
|
|
"uuid": "cff1e16a-ce6f-4cd0-8186-9ef9023f8a02"
|
|
}
|
|
],
|
|
"x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d6d98d86-01e3-408e-963f-d4d367eb0c13",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"pattern": "[domain-name:resolves_to_refs[*].value = '169.254.169.254']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--11de74c8-163e-4e3e-88ea-035a16ebf143",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/ip_address/17.248.193.19",
|
|
"category": "External analysis",
|
|
"uuid": "ae0033ca-f6a1-45ae-a48e-e9a1215ed2cb"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/88",
|
|
"category": "Other",
|
|
"uuid": "1fe250a3-77c7-485e-8d19-f85ea93d8011"
|
|
}
|
|
],
|
|
"x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7e13183f-96ba-4d22-b098-faf834459016",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"pattern": "[domain-name:resolves_to_refs[*].value = '17.248.193.19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4b6e8088-4ac7-4290-883f-1560b2413c52",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/ip_address/17.248.195.64",
|
|
"category": "External analysis",
|
|
"uuid": "844332ac-eae7-45d7-b2a7-a1b3a35e55b2"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/88",
|
|
"category": "Other",
|
|
"uuid": "7d3af4f8-3ac6-4e48-9dba-c1c85380cf83"
|
|
}
|
|
],
|
|
"x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0d99c98-a0d5-4ffa-a247-ad989f5ee852",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"pattern": "[domain-name:resolves_to_refs[*].value = '17.248.195.64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c307be58-48b4-43d0-84b1-9836ebbcb67f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/ip_address/17.248.195.71",
|
|
"category": "External analysis",
|
|
"uuid": "05fefb9f-4ddd-483a-88a6-311de2883ac9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/88",
|
|
"category": "Other",
|
|
"uuid": "d996fc7a-f5d8-4ec7-bdbf-3c9639148548"
|
|
}
|
|
],
|
|
"x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e73cb509-a734-46bf-bbc2-4c7ad7dbcd9b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"pattern": "[domain-name:resolves_to_refs[*].value = '17.248.195.71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--cdfff20b-2054-4226-ac1d-15eda55808a6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/ip_address/17.253.83.197",
|
|
"category": "External analysis",
|
|
"uuid": "5101fcca-0ad0-429a-8689-73c10d582c18"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/88",
|
|
"category": "Other",
|
|
"uuid": "a25c2f26-cfae-4cca-b854-d2f55f5a0bc3"
|
|
}
|
|
],
|
|
"x_misp_comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3b1d461d-66eb-45db-90ca-58088373ebf9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:41:59.000Z",
|
|
"modified": "2023-11-22T15:41:59.000Z",
|
|
"description": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"pattern": "[domain-name:resolves_to_refs[*].value = '17.253.83.197']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:41:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--21c1f5d0-926e-4360-9877-2ce09997226d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:42:18.000Z",
|
|
"modified": "2023-11-22T15:42:18.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9",
|
|
"category": "External analysis",
|
|
"uuid": "865d779e-8b05-4c42-9fab-ad1607b924ff"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "5/57",
|
|
"category": "Other",
|
|
"uuid": "f56b0ed5-3e30-4188-aeb4-3f2eaa95d850"
|
|
}
|
|
],
|
|
"x_misp_comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--16a55ce1-986f-4c5e-adbe-03a5ac50282e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:42:18.000Z",
|
|
"modified": "2023-11-22T15:42:18.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/url/228d9bf9973bcf53926cbea6c31af08a221b5fe44716306abfc6c3d48c0fedcb",
|
|
"category": "External analysis",
|
|
"uuid": "a9f3c732-00cd-4600-8012-f3f002887607"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "13/90",
|
|
"category": "Other",
|
|
"uuid": "e809b8fa-16c4-468e-9559-f4b92ae807b4"
|
|
}
|
|
],
|
|
"x_misp_comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module",
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fb2149de-3034-4eb9-a3c4-2876e5aa1b69",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:42:18.000Z",
|
|
"modified": "2023-11-22T15:42:18.000Z",
|
|
"description": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module",
|
|
"pattern": "[url:value = 'http://194.38.22.53/acb.xml']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:42:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--20430c3e-2aa4-4cf3-889e-6a75c4478738",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-11-22T15:42:18.000Z",
|
|
"modified": "2023-11-22T15:42:18.000Z",
|
|
"description": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module",
|
|
"pattern": "[file:hashes.MD5 = '0b882c863de5c302015c1a1cb8616bcd' AND file:hashes.SHA1 = 'b841db7fc24e59e60a9d7e158e3ef50236b605b4' AND file:hashes.SHA256 = 'd8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9' AND file:hashes.SSDEEP = '12:TMHdxXzY8id/73AC7ikxGWi2jLak9FFLWJLZ7UkWJ0nv:2dxXzY8kj/8Wi2jtQJLNUnJA' AND file:x_misp_tlsh = 't1b7f08b4ce2bccea109ddc692fab490184ad1a04b91f0a7d5f28d05357f00e4d2b6320d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-11-22T15:42:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--43e412ea-e5fe-4f7b-b562-6e92814bff37",
|
|
"created": "2023-11-22T15:37:09.000Z",
|
|
"modified": "2023-11-22T15:37:09.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "vulnerability--1423e354-7fb3-453f-8465-45dc2e660d79",
|
|
"target_ref": "vulnerability--a1b4fac8-86bc-4a56-a517-f620409aa985"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1398fd66-bf1e-4253-ad22-c6a6d8e70f23",
|
|
"created": "2023-11-22T15:37:09.000Z",
|
|
"modified": "2023-11-22T15:37:09.000Z",
|
|
"relationship_type": "weakened-by",
|
|
"source_ref": "vulnerability--1423e354-7fb3-453f-8465-45dc2e660d79",
|
|
"target_ref": "x-misp-object--4cac5b96-ce45-4fe8-b212-83d5620151ae"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8d8f0a08-831f-475b-877c-585296831e40",
|
|
"created": "2023-11-22T15:37:09.000Z",
|
|
"modified": "2023-11-22T15:37:09.000Z",
|
|
"relationship_type": "targeted-by",
|
|
"source_ref": "vulnerability--1423e354-7fb3-453f-8465-45dc2e660d79",
|
|
"target_ref": "attack-pattern--e9270a16-4ea3-465f-869c-6b667dde3350"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |