5506 lines
No EOL
232 KiB
JSON
5506 lines
No EOL
232 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--fb6f4727-4993-4cc0-a177-56e37a0eddde",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:42:36.000Z",
|
|
"modified": "2023-08-29T14:42:36.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--fb6f4727-4993-4cc0-a177-56e37a0eddde",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:42:36.000Z",
|
|
"modified": "2023-08-29T14:42:36.000Z",
|
|
"name": "Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)",
|
|
"published": "2023-08-29T14:42:45Z",
|
|
"object_refs": [
|
|
"vulnerability--e64a605d-e4da-4ef8-b09e-e5c58d12f46d",
|
|
"indicator--c788f6f3-5cf3-411b-a4a9-73d224e648d1",
|
|
"indicator--eeb68e61-05de-43c9-a5a6-34059c3ed391",
|
|
"indicator--5d6b902a-31a1-4bae-a3c3-e789c6575993",
|
|
"indicator--facf8545-17bf-4151-959c-aed6b886bcbf",
|
|
"indicator--6670d014-c7b8-4a3f-8c18-1bd3015a855c",
|
|
"indicator--2ad363c3-014f-46f1-825d-2dbbe51bc126",
|
|
"indicator--901154ed-1118-4b76-8e09-57edb5718cc0",
|
|
"indicator--ed6108db-7421-4efd-88d6-06ae9346b33f",
|
|
"indicator--f9684317-16a4-405a-9e52-9ee63f7825ce",
|
|
"indicator--b9cb0f1f-6de7-4712-8422-5ffcca6168c1",
|
|
"indicator--b54981c3-680f-40c7-b455-67e6d6266b99",
|
|
"indicator--595545a7-2469-4f70-9ca9-7a14afdc1816",
|
|
"indicator--91df94e4-5b5a-411e-a7f2-69555a6d7e35",
|
|
"indicator--13bbbce5-7102-46d0-9e5f-bc5f7ead3849",
|
|
"indicator--f9c25be4-1be3-4f7c-b6b2-dfd767bb88a3",
|
|
"indicator--c1e68466-7b6a-4aa6-8659-dbc04db88cdb",
|
|
"indicator--0747eadc-506e-4a7b-bddd-c13e1bbc1fff",
|
|
"indicator--85f31b6d-49cd-48a7-b419-8e45671129e6",
|
|
"indicator--c2fdab36-eba3-4986-9dd8-181bd1b98206",
|
|
"indicator--d7447132-9c21-404c-8a2b-90b4241792a7",
|
|
"indicator--cfa840bf-08fd-40ef-96b5-16f36703b838",
|
|
"indicator--96b8a63a-56a0-4d04-8c75-70a1efe889e6",
|
|
"indicator--bcd1cc19-856a-4ace-bc31-23c217fd0b51",
|
|
"indicator--6fe23dfa-550a-4adc-ab47-88dcd914f823",
|
|
"indicator--8350b8e6-a61e-45fe-8b29-122ab89c28e5",
|
|
"indicator--0d9fc40d-4913-4675-b73c-f8dea156505f",
|
|
"indicator--1a40ad14-30b5-4553-9348-dc835204c0e4",
|
|
"indicator--531c2e53-c4c8-4f37-80f7-25dd7b4350eb",
|
|
"indicator--e256fe78-f182-46a3-858c-a8b231e62af7",
|
|
"indicator--9efa1b2c-6175-4bdd-b9dc-d03eefb098e8",
|
|
"indicator--d977152f-7746-4dda-9ab7-a17385fc7aaf",
|
|
"indicator--c63f42c8-62f4-4729-b2fa-94c69dc70b36",
|
|
"indicator--74970883-9d52-4fc4-8707-ac4e6c96dcd1",
|
|
"indicator--2d0b8cfa-2f1a-4c3d-8527-f901f2c7d2b6",
|
|
"indicator--6f206b1a-423c-44d8-b615-f691d2f1535e",
|
|
"indicator--b8be7a4f-1114-4fa9-973c-45db45e6d073",
|
|
"indicator--99d94dd0-a415-487b-9287-fe7e3cbf837a",
|
|
"indicator--0933d1c3-488e-4920-bc87-147100cda758",
|
|
"indicator--c0648e83-d1f1-44ee-8d1e-71e4120b7ea0",
|
|
"indicator--dc33551b-e20f-4a96-8012-45d15d19cc84",
|
|
"indicator--63c960ea-d646-4534-b8da-028e3187b37a",
|
|
"indicator--5f383d76-f286-441f-b0c4-8b9f2972e4ff",
|
|
"indicator--f18913c9-8a76-4749-a215-b990a25a46c9",
|
|
"indicator--6aad1dc7-093a-4403-93bd-a001af8e6163",
|
|
"indicator--c7f9ab97-97cc-4032-8141-cfb6738cb094",
|
|
"indicator--e51bafb5-b9f3-4ac4-b553-0998925205d4",
|
|
"indicator--5c3e4d65-8505-4913-b912-d9383db1a570",
|
|
"indicator--db2aca51-e1c5-449b-bcee-999dda593324",
|
|
"indicator--a6f25945-1696-47e8-9e3d-873b4dd03c2a",
|
|
"indicator--404dcc6a-111c-4ee9-8845-a23ee70399c0",
|
|
"indicator--4b8ce974-2ce0-4b65-9c94-7438496a0c44",
|
|
"indicator--03002ffd-0042-49b0-8446-fa8c0332a8b5",
|
|
"indicator--18e86c69-7938-401f-b84d-6615bbe7941b",
|
|
"indicator--184525c4-5b33-453c-a2b6-f822118acac4",
|
|
"indicator--4fcdb10c-097a-481c-892e-134908cba1ba",
|
|
"indicator--7415f818-bee2-4390-98b7-8179dbfc70c3",
|
|
"indicator--b72f6b33-ca46-4c7c-b1c4-c0450cb3cc67",
|
|
"indicator--e4a2c491-941e-472e-8996-2a168be1e13c",
|
|
"indicator--9d4dac97-0824-4c5e-9920-2996b2d717d0",
|
|
"indicator--ee252760-55b4-48f9-bee1-856f43ff298e",
|
|
"indicator--124c0048-5a03-4a18-a395-b954917851af",
|
|
"indicator--c9955f62-f180-4d14-b292-7b7a5ff6c6d0",
|
|
"indicator--152940d3-07a3-408e-b46a-a50e9728b454",
|
|
"indicator--247c601f-e5fd-4488-b7f8-1e85110d11a6",
|
|
"indicator--e908a854-5dfc-428d-8ff1-98effd44c8f2",
|
|
"indicator--e55d5332-9279-4424-85af-2eae1108cd57",
|
|
"indicator--3d26ea32-d797-4bfc-8a7f-c6a00173ac46",
|
|
"indicator--c17c91c8-1ea0-47f9-9178-319bb20b903c",
|
|
"indicator--a3838ddf-a0db-427d-bac1-191bc6b3f8e3",
|
|
"indicator--7e3bce53-e915-4613-88c5-a230692f97f4",
|
|
"indicator--b2df3347-ec09-461f-8a2c-0496d3fd9cf1",
|
|
"indicator--618de5bb-0a26-4e4a-b3dc-45546d7c796d",
|
|
"indicator--a5c45604-9fb3-4504-b917-debdb6833a45",
|
|
"indicator--867d530e-8b02-4899-b42b-634430b0859d",
|
|
"indicator--9e1249f4-47f0-46a8-9bc8-7ec6f1e68523",
|
|
"indicator--2ae50bf0-0584-4e55-bd44-60a064f4dbcc",
|
|
"indicator--c703a034-b85f-47d7-9b0f-bc6864f7a7e3",
|
|
"indicator--75791ef3-5776-4768-9b36-bc25813922d6",
|
|
"indicator--c57c99c2-5fd9-4660-b405-55b500f62895",
|
|
"indicator--3dd07c43-3201-4be1-ab90-13d96856e91b",
|
|
"indicator--37aa88ae-4530-42e4-8184-a7a45cf28051",
|
|
"indicator--4550d920-aa8c-45a6-82c1-e0e6a5bcebc3",
|
|
"indicator--5f03f85c-bb19-43b5-a6b3-1e1dc12baa31",
|
|
"indicator--f84fdb1d-4aa4-4b63-bdd9-fdf9686b6932",
|
|
"indicator--289754b6-d860-4856-970a-67070c0b2693",
|
|
"indicator--15cbde66-a68e-486b-b608-48dad7201897",
|
|
"indicator--a069d4f8-37f7-4270-b940-50d924d18bda",
|
|
"indicator--6f7427b7-8338-425d-b124-44caf17f030f",
|
|
"indicator--b78cf259-d528-41ed-9cfe-8ef8ac931f6e",
|
|
"indicator--5ce871a3-ce7c-4607-910d-89a0b02d108c",
|
|
"indicator--a4a86ace-9fed-4080-bfbf-fc3ceec342d9",
|
|
"indicator--37173c58-429a-4d43-be35-7ff25194c5fd",
|
|
"indicator--b131cc38-30af-4023-a364-f9742f30528a",
|
|
"indicator--89b92189-d9b2-4f37-a4ef-5ac940d49f34",
|
|
"indicator--981a043c-85d1-4d1b-a049-fdac0c7f7a7c",
|
|
"indicator--7e457276-5cde-45cb-9ff2-3eff5d006eeb",
|
|
"indicator--cc13b0ba-9d0e-4b0d-84ec-5415569a8039",
|
|
"indicator--9e665dd2-3030-49d3-b646-f8370be0ade3",
|
|
"indicator--66556cd6-01a3-4015-b758-15de6236c944",
|
|
"indicator--02b2bdcf-e1b6-4e96-83b2-83e66fb61843",
|
|
"indicator--f8d26253-99fb-45e2-923d-a972aa25bfda",
|
|
"indicator--b1729fa2-8bda-49c9-ac62-96e50ccce88c",
|
|
"indicator--4dbd8e69-25b0-4dc9-86ee-5b45293c3e67",
|
|
"indicator--de3161fc-6fc5-48c5-936f-dfddc737629b",
|
|
"indicator--c10dc11f-08de-4b53-99a3-bc0e6ccb59dd",
|
|
"indicator--0f806798-38b6-4cfa-a32e-df6af0dfc01d",
|
|
"indicator--58da2b50-6848-4a07-940c-d07a2f8ac193",
|
|
"indicator--07d0405c-bd55-468b-8e59-a4d914eb4980",
|
|
"indicator--51b6b126-7d3a-4daf-8e63-7df30ee0bb8a",
|
|
"indicator--1413b1d0-b3c2-4af2-96f8-e8c4b309536c",
|
|
"indicator--beb3615c-5095-4125-899b-3329dd32a772",
|
|
"indicator--9910a355-a046-443d-aff0-a166e33c88d9",
|
|
"indicator--941639bd-4edd-45b4-8605-d4fd3280bd28",
|
|
"indicator--16bcc327-b84c-4c1c-b6cd-95a3a3626044",
|
|
"indicator--13233137-0f08-4415-a878-3a14236042ef",
|
|
"indicator--cfb38d3b-497e-42d9-b53f-5c6c420db2a4",
|
|
"indicator--2bc394e4-38d6-4220-bfc4-0cd3941fc432",
|
|
"indicator--f44b97de-7f19-4839-8325-612325e8f2ed",
|
|
"indicator--a489f343-c9b6-414b-acf8-a19bed631ffc",
|
|
"indicator--47b56fc5-e3e8-4399-abbb-99b08c49a2fd",
|
|
"indicator--04076570-e6bd-4e4b-97bc-04ed6110add9",
|
|
"indicator--e03f2dff-282d-416f-9faa-cf49589b92d1",
|
|
"indicator--b5b30a0b-db72-4276-8978-c65713c6923b",
|
|
"indicator--7357ce1a-8941-40b4-87da-945313dfb213",
|
|
"indicator--3c328ff5-9226-4897-aaec-bb5359e2b300",
|
|
"indicator--828a6ecb-dc5f-45e1-9f7e-005df55d9375",
|
|
"indicator--b814c666-d923-43ac-b260-f497283dfc29",
|
|
"indicator--5ab3a032-f45c-452b-ab3a-663e14bb58c1",
|
|
"indicator--13b3bf28-d798-4f3f-8663-2c4b3821bce5",
|
|
"indicator--885817e0-1aff-4854-b422-392534ebfa1f",
|
|
"indicator--85006e83-8391-4d9b-be15-f4070abe4a05",
|
|
"indicator--6a2ee5d7-88e7-4c2e-90f2-4fb298038a24",
|
|
"indicator--29ebdf20-9bbd-4015-bb1c-09549ac03475",
|
|
"indicator--6371a9a6-dfe4-4305-9b0d-580d3a3ad5d9",
|
|
"indicator--e64deb9a-a700-4b9e-acb7-5deab31ba3dd",
|
|
"indicator--4ded66f9-b695-49fb-9f72-0eec1baaa1a2",
|
|
"indicator--fadbd8fa-a60b-4671-ab5a-8e59ab55a1fc",
|
|
"indicator--8e0f3516-5f05-4b52-ba47-a03f1b6cb38c",
|
|
"indicator--2ec5514e-12fe-4631-801f-8d76c1413549",
|
|
"indicator--6dc86285-f2c2-4d14-aa71-64ae456e53d0",
|
|
"indicator--1996ac85-850a-451c-995b-8feeb206fe3e",
|
|
"indicator--67d325b7-82b2-48e4-be21-251f7452b6d6",
|
|
"indicator--c8e32c32-4484-42a8-8d73-dc20a21787f4",
|
|
"indicator--765fed35-c153-49ab-b194-749e2639f436",
|
|
"indicator--f60c0aed-a009-4f11-908e-d90973649fc4",
|
|
"indicator--9d28bdd7-5adf-4f99-b7be-771be3292077",
|
|
"indicator--d0864c55-ab8b-494e-87ad-657c092b8871",
|
|
"indicator--d3bc42f4-fc5d-4965-ad47-ca3db8db26e1",
|
|
"indicator--5f2944ff-6fb0-4a8a-8e1f-b54063581752",
|
|
"indicator--9eecf434-e3e5-4228-a3f3-a25b8da63dd8",
|
|
"indicator--218c223b-8f42-4e24-a5bd-31b96b7d957e",
|
|
"indicator--966bce73-d129-4e1d-b4e8-d828e341d8a1",
|
|
"indicator--1357984f-9dd0-497b-8b77-3019f1cc6289",
|
|
"indicator--91ac6986-f782-4de6-b14e-8b1670ddb38e",
|
|
"indicator--c6aa41f0-d95f-4b5a-b659-de9e016917ae",
|
|
"indicator--3fd55fd9-0656-47ea-8e1a-381e46d751bf",
|
|
"indicator--03efb5c6-341e-48ed-9f01-46b082c0c6e7",
|
|
"indicator--8f2359cf-2b50-4d0d-8ffe-a9d992d64ec0",
|
|
"indicator--cc60a905-3bbd-4193-8123-5c6cde89d308",
|
|
"indicator--c28886db-06b6-4435-b51e-e7239153c6e4",
|
|
"indicator--71b9a6b2-3fb4-4b48-bd00-4f07b0db20ab",
|
|
"indicator--4bc9def4-1ce3-48c5-8e79-a1c1a965d476",
|
|
"indicator--bca7ae47-07e2-4542-9587-5a7195a3667e",
|
|
"indicator--ad41583d-4869-4439-9ccf-641132896ad3",
|
|
"indicator--ff52ee81-a69e-4f26-a89f-44ef8ca03a53",
|
|
"indicator--13837e0d-f327-48a5-94df-141df571d521",
|
|
"indicator--538a9bf8-88ce-4961-b38b-b15490c84e53",
|
|
"indicator--8409ff1d-a08b-4049-bdbc-2a4fcdbae59d",
|
|
"indicator--d1b7661f-73b0-44be-b3d5-1f0c6a9a1b46",
|
|
"indicator--2efe3f66-2a70-4870-8023-63992a46778d",
|
|
"indicator--353de357-e59a-4efc-b70b-b055aa9bbfe3",
|
|
"indicator--67d73541-7d6c-4db8-a64b-d6be13db2c68",
|
|
"indicator--a62e401c-8041-4804-90ae-a50f6cd46be9",
|
|
"indicator--9a2b70f2-c3e1-4f89-b9a0-21df0af1a33c",
|
|
"indicator--25d0ffcb-c4bf-4852-bd17-71f7d5c14151",
|
|
"indicator--90903693-8f31-4e3a-9a57-e3eba5082b75",
|
|
"indicator--1b466a01-a081-437e-bd54-9eeac579bce3",
|
|
"indicator--43424abd-46b0-4b01-be46-2068f5311908",
|
|
"indicator--a8ad335d-4498-4d34-a3bf-0d3f75c517e6",
|
|
"indicator--e1284b8c-e9dc-4f29-b36f-047e3d908f56",
|
|
"indicator--f9d5343e-6daf-45ab-bc34-8b87b79ef275",
|
|
"indicator--6cac3809-e452-4fb6-97ef-1c664abf6203",
|
|
"indicator--fd1fbf50-6190-4ab7-a5a7-a1ae60a9c4af",
|
|
"indicator--7c41b89e-f3a6-41ac-8b0e-de5ca1a2b967",
|
|
"indicator--688e8ffd-c888-4e8b-bd1b-b71a298d133a",
|
|
"indicator--d55faacf-a5b4-497c-a31c-8b908e30b085",
|
|
"indicator--6d0697b6-4fba-47a4-a938-f12179ac7665",
|
|
"indicator--9251b17d-1cd6-4b0a-9cee-f22c94ef42ae",
|
|
"indicator--cb4b5c1a-63c2-4d8e-adf0-5fa44b2b3a5a",
|
|
"indicator--dd387971-5888-406d-ab51-898537c150a8",
|
|
"indicator--bdf5b5cc-15fb-409a-ac01-9cd9bee153c2",
|
|
"indicator--e5f88c47-5d12-40f8-84b2-5b04c6f77e7c",
|
|
"indicator--668cf012-2bf5-481c-956b-666d1b7886b4",
|
|
"indicator--eca75a7c-0489-4e3b-bda2-170d9313e3cf",
|
|
"indicator--bfeb8c6a-4d43-4f71-89dd-e718500104db",
|
|
"indicator--69b7985c-973c-4011-8ab5-c58da0b05a74",
|
|
"indicator--4acf3577-604b-40a3-b5d3-a9c053ace055",
|
|
"indicator--63acbb1a-421c-44d6-b8f0-4aa72b412cd8",
|
|
"indicator--0f4b7ecd-4636-41f2-a391-46443c5f2f0e",
|
|
"indicator--6eebb0b5-e77f-4940-abf0-8d06c814327f",
|
|
"indicator--13ebfaa0-7e1f-4e0b-a37b-d9def279a5ec",
|
|
"indicator--6a4ca93c-fcc8-4222-9aca-757734c49e40",
|
|
"indicator--fdfed1c2-e01c-44a8-9b63-03346756a639",
|
|
"indicator--b892e95a-cfee-47b3-a026-ceddb4ad3a35",
|
|
"vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"x-misp-object--5c800bda-3077-4b2d-8061-15a5246b657b",
|
|
"attack-pattern--b2c94688-63b9-4a1b-a21f-1813d1a65025",
|
|
"attack-pattern--696f71a9-90c1-48d8-8ee0-bc3914686f9b",
|
|
"attack-pattern--2b259e85-01f8-4187-9cc2-be0333e79f98",
|
|
"attack-pattern--de326282-1b7d-4f7d-a632-c7d1e5831c4e",
|
|
"attack-pattern--17e84b86-f7e2-4c6d-995a-448882b9cc9a",
|
|
"attack-pattern--18368ec6-7372-4ae7-8eb0-8139226162d9",
|
|
"attack-pattern--360355d9-c188-4499-8d87-f35c1a7b5ea9",
|
|
"attack-pattern--0ef23600-e781-4b03-a224-387f65a7a68e",
|
|
"x-misp-object--91510de6-7d7e-417b-8b02-d18e997e551d",
|
|
"relationship--805f0114-5a78-4fbe-8b48-468b7986e1cc",
|
|
"relationship--947a37a0-0999-4d01-b545-cf0eca32d74b",
|
|
"relationship--71068d98-7b73-4d77-a14e-612a8f714dd4",
|
|
"relationship--14758ee3-8ae7-457a-86ae-581b99c9b5b4",
|
|
"relationship--37783c2b-d59b-49f8-a591-9d66ead024bb",
|
|
"relationship--42edc619-34e1-4ac4-865a-2b890e9948c8",
|
|
"relationship--cf71680c-3a1b-4d3c-8a28-afabe88465ab",
|
|
"relationship--c8947bf8-b6f8-487d-9a5b-8031ad811d48",
|
|
"relationship--ab5db207-50cf-4e8d-91ad-76e58ca4a29f",
|
|
"relationship--8a9d024e-e5d6-40b0-843d-9ab5553b2084"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\"",
|
|
"tlp:clear"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--e64a605d-e4da-4ef8-b09e-e5c58d12f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:26.000Z",
|
|
"modified": "2023-08-29T14:37:26.000Z",
|
|
"name": "CVE-2023-2868",
|
|
"labels": [
|
|
"misp:type=\"vulnerability\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2023-2868"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c788f6f3-5cf3-411b-a4a9-73d224e648d1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:22.000Z",
|
|
"modified": "2023-08-29T14:38:22.000Z",
|
|
"pattern": "[domain-name:value = 'xxl17z.dnslog.cn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eeb68e61-05de-43c9-a5a6-34059c3ed391",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:22.000Z",
|
|
"modified": "2023-08-29T14:38:22.000Z",
|
|
"pattern": "[domain-name:value = 'mx01.bestfindthetruth.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d6b902a-31a1-4bae-a3c3-e789c6575993",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:22.000Z",
|
|
"modified": "2023-08-29T14:38:22.000Z",
|
|
"pattern": "[domain-name:value = 'troublendsef.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--facf8545-17bf-4151-959c-aed6b886bcbf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:22.000Z",
|
|
"modified": "2023-08-29T14:38:22.000Z",
|
|
"pattern": "[domain-name:value = 'togetheroffway.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6670d014-c7b8-4a3f-8c18-1bd3015a855c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:22.000Z",
|
|
"modified": "2023-08-29T14:38:22.000Z",
|
|
"pattern": "[domain-name:value = 'singnode.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2ad363c3-014f-46f1-825d-2dbbe51bc126",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:22.000Z",
|
|
"modified": "2023-08-29T14:38:22.000Z",
|
|
"pattern": "[domain-name:value = 'singamofing.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--901154ed-1118-4b76-8e09-57edb5718cc0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:22.000Z",
|
|
"modified": "2023-08-29T14:38:22.000Z",
|
|
"pattern": "[domain-name:value = 'goldenunder.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ed6108db-7421-4efd-88d6-06ae9346b33f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:22.000Z",
|
|
"modified": "2023-08-29T14:38:22.000Z",
|
|
"pattern": "[domain-name:value = 'gesturefavour.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f9684317-16a4-405a-9e52-9ee63f7825ce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:23.000Z",
|
|
"modified": "2023-08-29T14:38:23.000Z",
|
|
"pattern": "[domain-name:value = 'fessionalwork.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b9cb0f1f-6de7-4712-8422-5ffcca6168c1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:23.000Z",
|
|
"modified": "2023-08-29T14:38:23.000Z",
|
|
"pattern": "[domain-name:value = 'bestfindthetruth.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b54981c3-680f-40c7-b455-67e6d6266b99",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.176.7.59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--595545a7-2469-4f70-9ca9-7a14afdc1816",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.176.4.234']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--91df94e4-5b5a-411e-a7f2-69555a6d7e35",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.91.79.17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--13bbbce5-7102-46d0-9e5f-bc5f7ead3849",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.154.253.154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f9c25be4-1be3-4f7c-b6b2-dfd767bb88a3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.154.253.153']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c1e68466-7b6a-4aa6-8659-dbc04db88cdb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.148.16.46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0747eadc-506e-4a7b-bddd-c13e1bbc1fff",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.148.16.42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--85f31b6d-49cd-48a7-b419-8e45671129e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '38.60.254.165']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c2fdab36-eba3-4986-9dd8-181bd1b98206",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '38.54.113.205']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d7447132-9c21-404c-8a2b-90b4241792a7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '38.54.1.82']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cfa840bf-08fd-40ef-96b5-16f36703b838",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.9.35.217']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--96b8a63a-56a0-4d04-8c75-70a1efe889e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.224.78.134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bcd1cc19-856a-4ace-bc31-23c217fd0b51",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.224.78.133']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6fe23dfa-550a-4adc-ab47-88dcd914f823",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.224.78.132']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8350b8e6-a61e-45fe-8b29-122ab89c28e5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.224.78.131']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0d9fc40d-4913-4675-b73c-f8dea156505f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.224.78.130']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1a40ad14-30b5-4553-9348-dc835204c0e4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.224.42.29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--531c2e53-c4c8-4f37-80f7-25dd7b4350eb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.238.112.82']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e256fe78-f182-46a3-858c-a8b231e62af7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.156.153.34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9efa1b2c-6175-4bdd-b9dc-d03eefb098e8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.247.23.80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d977152f-7746-4dda-9ab7-a17385fc7aaf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.2.254.223']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c63f42c8-62f4-4729-b2fa-94c69dc70b36",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.2.254.222']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--74970883-9d52-4fc4-8707-ac4e6c96dcd1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.2.254.221']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2d0b8cfa-2f1a-4c3d-8527-f901f2c7d2b6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.2.254.220']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6f206b1a-423c-44d8-b615-f691d2f1535e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.2.254.219']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b8be7a4f-1114-4fa9-973c-45db45e6d073",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.234.82.132']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--99d94dd0-a415-487b-9287-fe7e3cbf837a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.74.254.229']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0933d1c3-488e-4920-bc87-147100cda758",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.74.226.142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c0648e83-d1f1-44ee-8d1e-71e4120b7ea0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.243.41.209']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dc33551b-e20f-4a96-8012-45d15d19cc84",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '182.239.114.254']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--63c960ea-d646-4534-b8da-028e3187b37a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '155.94.160.95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5f383d76-f286-441f-b0c4-8b9f2972e4ff",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.84.227.9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f18913c9-8a76-4749-a215-b990a25a46c9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.78.66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6aad1dc7-093a-4403-93bd-a001af8e6163",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.60.253']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c7f9ab97-97cc-4032-8141-cfb6738cb094",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.60.252']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e51bafb5-b9f3-4ac4-b553-0998925205d4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.53.218']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c3e4d65-8505-4913-b912-d9383db1a570",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.53.170']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--db2aca51-e1c5-449b-bcee-999dda593324",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.53.17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a6f25945-1696-47e8-9e3d-873b4dd03c2a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.51.147']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--404dcc6a-111c-4ee9-8845-a23ee70399c0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.30.86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4b8ce974-2ce0-4b65-9c94-7438496a0c44",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.30.36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--03002ffd-0042-49b0-8446-fa8c0332a8b5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.28.251']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--18e86c69-7938-401f-b84d-6615bbe7941b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.175.19.25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--184525c4-5b33-453c-a2b6-f822118acac4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.52.106.3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4fcdb10c-097a-481c-892e-134908cba1ba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.148.223.196']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7415f818-bee2-4390-98b7-8179dbfc70c3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.148.219.55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b72f6b33-ca46-4c7c-b1c4-c0450cb3cc67",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.148.219.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e4a2c491-941e-472e-8996-2a168be1e13c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.148.219.227']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9d4dac97-0824-4c5e-9920-2996b2d717d0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.223.20.222']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ee252760-55b4-48f9-bee1-856f43ff298e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.93.78.142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--124c0048-5a03-4a18-a395-b954917851af",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.77.192.13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c9955f62-f180-4d14-b292-7b7a5ff6c6d0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.27.108.62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--152940d3-07a3-408e-b46a-a50e9728b454",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:38:53.000Z",
|
|
"modified": "2023-08-29T14:38:53.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.229.146.218']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:38:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--247c601f-e5fd-4488-b7f8-1e85110d11a6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f289b565839794fe4f450ed0c9343b8fb699f97544d9af2a60851abc8b4656e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e908a854-5dfc-428d-8ff1-98effd44c8f2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'caab341a35badbc65046bd02efa9ad2fe2671eb80ece0f2fa9cf70f5d7f4bedc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e55d5332-9279-4424-85af-2eae1108cd57",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ca72fa64ed0a9c22d341a557c6e7c1b6a7264b0c4de0b6f717dd44bddf550bca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3d26ea32-d797-4bfc-8a7f-c6a00173ac46",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9f04525835f998d454ed68cfc7fcb6b0907f2130ae6c6ab7495d41aa36ad8ccf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c17c91c8-1ea0-47f9-9178-319bb20b903c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9bb7addd96f99a29658aca9800b66046823c5ef0755e29012983db6f06a999cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a3838ddf-a0db-427d-bac1-191bc6b3f8e3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '949d4b01f31256e5e9c2b04e557dcca0a25fc2f6aa3618936befc7525e1df788']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7e3bce53-e915-4613-88c5-a230692f97f4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '8c5c8e7b3f8ab6651b906356535bf45992d6984d8ed8bd600a1a056a00e5afcb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b2df3347-ec09-461f-8a2c-0496d3fd9cf1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '8849a3273e0362c45b4928375d196714224ec22cb1d2df5d029bf57349860347']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--618de5bb-0a26-4e4a-b3dc-45546d7c796d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '83ca636253fd1eb898b244855838e2281f257bbe8ead428b69528fc50b60ae9c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a5c45604-9fb3-4504-b917-debdb6833a45",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '601f44cc102ae5a113c0b5fe5d18350db8a24d780c0ff289880cc45de28e2b80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--867d530e-8b02-4899-b42b-634430b0859d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '56e8066bf83ff6fe0cec92aede90f6722260e0a3f169fc163ed88589bffd7451']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9e1249f4-47f0-46a8-9bc8-7ec6f1e68523",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '4028eadf4c27b4007930606551e3a32b2af23d746d5b866cc1c6587e7fd0d776']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2ae50bf0-0584-4e55-bd44-60a064f4dbcc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3ff3250e07ad74fa419e4a8d6564357b22683d152cd8e9f106c8da3751ea9ff3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c703a034-b85f-47d7-9b0f-bc6864f7a7e3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3f26a13f023ad0dcd7f2aa4e7771bba74910ee227b4b36ff72edc5f07336f115']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--75791ef3-5776-4768-9b36-bc25813922d6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2a5de691243f2b91f164c3021c157fbd783b4f3e7d5f5950182e52ec868cd40b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c57c99c2-5fd9-4660-b405-55b500f62895",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:08.000Z",
|
|
"modified": "2023-08-29T14:39:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1c6cad0ed66cf8fd438974e1eac0bc6dd9119f84892930cb71cb56a5e985f0a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3dd07c43-3201-4be1-ab90-13d96856e91b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'fda9dfa7b41a05c6ae32f71f2b31a5d56d7eca9b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--37aa88ae-4530-42e4-8184-a7a45cf28051",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'dc5841d8ed9ab8a5f3496f2258eafb1e0cedf4d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4550d920-aa8c-45a6-82c1-e0e6a5bcebc3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'cf22082532d4d6387ea1c9bc4dc5b255aa7a0290']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5f03f85c-bb19-43b5-a6b3-1e1dc12baa31",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'c71d363472d927cf13674e95b79d4d38b3fed754']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f84fdb1d-4aa4-4b63-bdd9-fdf9686b6932",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'c637a9ce65083b21c834e7a68bd1bc51b412fa11']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--289754b6-d860-4856-970a-67070c0b2693",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '87df97d6214aecb5c395d84c3a35f359a90ad716']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--15cbde66-a68e-486b-b608-48dad7201897",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '77b1864c489affe0ac2284135050373951b7987e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a069d4f8-37f7-4270-b940-50d924d18bda",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '6505513ca06db10b17f6d4792c30a53733309231']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6f7427b7-8338-425d-b124-44caf17f030f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '5ce46efc6b28bd94955138833dc97916957dbde1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b78cf259-d528-41ed-9cfe-8ef8ac931f6e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '290e5cb4d32f97963bdc95ef2cc4b44a4de5666d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ce871a3-ce7c-4607-910d-89a0b02d108c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '254b6bcbc5f60e30c596c263b8a4f393badbf1aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a4a86ace-9fed-4080-bfbf-fc3ceec342d9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '1cca66cb1f4527eaffbcfeb2237922c93b332d64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--37173c58-429a-4d43-be35-7ff25194c5fd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '191e16b564c66b3db67f837e1dc5eac98ff9b9ef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b131cc38-30af-4023-a364-f9742f30528a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '1903a3553bcb291579206b39e7818c77e2c07054']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--89b92189-d9b2-4f37-a4ef-5ac940d49f34",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '10b621c5e07648bd7a7391e569aa62a510be82f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--981a043c-85d1-4d1b-a049-fdac0c7f7a7c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:23.000Z",
|
|
"modified": "2023-08-29T14:39:23.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '0ea36676bd7169bcbf432f721c4edb5fde0a46a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7e457276-5cde-45cb-9ff2-3eff5d006eeb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ff005f1ff98ec1cd678785baa0386bd1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cc13b0ba-9d0e-4b0d-84ec-5415569a8039",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fe1e2d676c91f899b706682b70176983']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9e665dd2-3030-49d3-b646-f8370be0ade3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fe031a93c84aa3d01e2223a6bb988fa0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--66556cd6-01a3-4015-b758-15de6236c944",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f6857841a255b3b4e4eded7a66438696']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--02b2bdcf-e1b6-4e96-83b2-83e66fb61843",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f667939000c941e5b9dc91303c98b7fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f8d26253-99fb-45e2-923d-a972aa25bfda",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f5ab04a920302931a8bd063f27b745cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b1729fa2-8bda-49c9-ac62-96e50ccce88c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ef00c92fa005c2f61ec23d5278a8fa25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4dbd8e69-25b0-4dc9-86ee-5b45293c3e67",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ed648c366b6e564fc636c072bbcac907']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--de3161fc-6fc5-48c5-936f-dfddc737629b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ec0d46b2aa7adfdff10a671a77aeb2ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c10dc11f-08de-4b53-99a3-bc0e6ccb59dd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e80a85250263d58cc1a1dc39d6cf3942']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0f806798-38b6-4cfa-a32e-df6af0dfc01d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:48.000Z",
|
|
"modified": "2023-08-29T14:39:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e68cd991777118d76e7bce163d8a2bc1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58da2b50-6848-4a07-940c-d07a2f8ac193",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e52871d82de01b7e7f134c776703f696']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--07d0405c-bd55-468b-8e59-a4d914eb4980",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e4e86c273a2b67a605f5d4686783e0cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--51b6b126-7d3a-4daf-8e63-7df30ee0bb8a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'dde2d3347b76070fff14f6c0412f95ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1413b1d0-b3c2-4af2-96f8-e8c4b309536c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'db4c48921537d67635bb210a9cb5bb52']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--beb3615c-5095-4125-899b-3329dd32a772",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'da06e7c32f070a9bb96b720ef332b50b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9910a355-a046-443d-aff0-a166e33c88d9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd8e748b1b609d376f57343b2bde94b29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--941639bd-4edd-45b4-8605-d4fd3280bd28",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd81263e6872cc805e6cf4ca05d86df4e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--16bcc327-b84c-4c1c-b6cd-95a3a3626044",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd1392095086c07bd8d2ef174cb5f6ca8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--13233137-0f08-4415-a878-3a14236042ef",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd098fe9674b6b4cb540699c5eb452cb5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cfb38d3b-497e-42d9-b53f-5c6c420db2a4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ce67bb99bc1e26f6cb1f968bc1b1ec21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2bc394e4-38d6-4220-bfc4-0cd3941fc432",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cd2813f0260d63ad5adf0446253c2576']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f44b97de-7f19-4839-8325-612325e8f2ed",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cd2813f0260d63ad5adf0446253c2172']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a489f343-c9b6-414b-acf8-a19bed631ffc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cb0f7f216e8965f40a724bc15db7510b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--47b56fc5-e3e8-4399-abbb-99b08c49a2fd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c9ae8bfd08f57d955465f23a5f1c09a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--04076570-e6bd-4e4b-97bc-04ed6110add9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c979e8651c1f40d685be2f66e8c2c610']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e03f2dff-282d-416f-9faa-cf49589b92d1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c7a89a215e74104682880def469d4758']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b5b30a0b-db72-4276-8978-c65713c6923b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c5c93ba36e079892c1123fe9dffd660f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7357ce1a-8941-40b4-87da-945313dfb213",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c56d7b86e59c5c737ee7537d7cf13df1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3c328ff5-9226-4897-aaec-bb5359e2b300",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c528b6398c86f8bdcfa3f9de7837ebfe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--828a6ecb-dc5f-45e1-9f7e-005df55d9375",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c2e577c71d591999ad5c581e49343093']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b814c666-d923-43ac-b260-f497283dfc29",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bef722484288e24258dd33922b1a7148']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ab3a032-f45c-452b-ab3a-663e14bb58c1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ba7af4f98d85e5847c08cf6cefdf35dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--13b3bf28-d798-4f3f-8663-2c4b3821bce5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b860198feca7398bc79a8ec69afc65ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--885817e0-1aff-4854-b422-392534ebfa1f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b745626b36b841ed03eddfb08e6bb061']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--85006e83-8391-4d9b-be15-f4070abe4a05",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b601fce4181b275954e3f35b18996c92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6a2ee5d7-88e7-4c2e-90f2-4fb298038a24",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b354111afc9c6c26c1475e761d347144']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--29ebdf20-9bbd-4015-bb1c-09549ac03475",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ad1dc51a66201689d442499f70b78dea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6371a9a6-dfe4-4305-9b0d-580d3a3ad5d9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ac4fb6d0bfc871be6f68bfa647fc0125']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e64deb9a-a700-4b9e-acb7-5deab31ba3dd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a45ca19435c2976a29300128dc410fd4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4ded66f9-b695-49fb-9f72-0eec1baaa1a2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a28de396aa91b7faca35e861b634c502']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fadbd8fa-a60b-4671-ab5a-8e59ab55a1fc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a08a99e5224e1baf569fda816c991045']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8e0f3516-5f05-4b52-ba47-a03f1b6cb38c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9bc6d6af590e7d94869dee1d33cc1cae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2ec5514e-12fe-4631-801f-8d76c1413549",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9aa90d767ba0a3f057653aadcb75e579']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6dc86285-f2c2-4d14-aa71-64ae456e53d0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '94b6f76da938ef855a91011f16252d59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1996ac85-850a-451c-995b-8feeb206fe3e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9033dc5bac76542b9b752064a56c6ee4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--67d325b7-82b2-48e4-be21-251f7452b6d6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8fdf3b7dc6d88594b8b5173c1aa2bc82']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c8e32c32-4484-42a8-8d73-dc20a21787f4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8fc03800c1179a18fbd58d746596fa7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--765fed35-c153-49ab-b194-749e2639f436",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8f1c40bd3ab33d517839ca17591d8666']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f60c0aed-a009-4f11-908e-d90973649fc4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '881b7846f8384c12c7481b23011d8e45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9d28bdd7-5adf-4f99-b7be-771be3292077",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '878cf1de91f3ae543fd290c31adcbda4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d0864c55-ab8b-494e-87ad-657c092b8871",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '87847445f9524671022d70f2a812728f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d3bc42f4-fc5d-4965-ad47-ca3db8db26e1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '85c5b6c408e4bdb87da6764a75008adf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5f2944ff-6fb0-4a8a-8e1f-b54063581752",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '858174c8f4a45e9564382d4480831c6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9eecf434-e3e5-4228-a3f3-a25b8da63dd8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8406f74ac2c57807735a9b86f61da9f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--218c223b-8f42-4e24-a5bd-31b96b7d957e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '831d41ba2a0036540536c2f884d089f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--966bce73-d129-4e1d-b4e8-d828e341d8a1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '830fca78440780aef448c862eee2a8ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1357984f-9dd0-497b-8b77-3019f1cc6289",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '82eaf69de710abdc5dea7cd5cb56cf04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--91ac6986-f782-4de6-b14e-8b1670ddb38e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '827d507aa3bde0ef903ca5dec60cdec8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c6aa41f0-d95f-4b5a-b659-de9e016917ae",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '806250c466824a027e3e85461dc672db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3fd55fd9-0656-47ea-8e1a-381e46d751bf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7ebd5f3e800dcd0510cfcbe2351d3838']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--03efb5c6-341e-48ed-9f01-46b082c0c6e7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7d7fd05b262342a9e8237ce14ec41c3b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8f2359cf-2b50-4d0d-8ffe-a9d992d64ec0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '76811232ede58de2faf6aca8395f8427']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cc60a905-3bbd-4193-8123-5c6cde89d308",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '724079649f690ca1ee80b8b3125b58b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c28886db-06b6-4435-b51e-e7239153c6e4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6f79ef58b354fd33824c96625590c244']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--71b9a6b2-3fb4-4b48-bd00-4f07b0db20ab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '69ef9a9e8d0506d957248e983d22b0d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4bc9def4-1ce3-48c5-8e79-a1c1a965d476",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '694cdb49879f1321abb4605adf634935']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bca7ae47-07e2-4542-9587-5a7195a3667e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '683acdb559bbc7fb64431d1f579a8104']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ad41583d-4869-4439-9ccf-641132896ad3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '67a4556b021578e0a421fdc251f07e04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ff52ee81-a69e-4f26-a89f-44ef8ca03a53",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '666da297066a2596cacb13b3da9572bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--13837e0d-f327-48a5-94df-141df571d521",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '64c690f175a2d2fe38d3d7c0d0ddbb6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--538a9bf8-88ce-4961-b38b-b15490c84e53",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '61514ac639721a51e98c47f2ac3afe81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8409ff1d-a08b-4049-bdbc-2a4fcdbae59d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5fdee67c82f5480edfa54afc5a9dc834']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d1b7661f-73b0-44be-b3d5-1f0c6a9a1b46",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5d6cba7909980a7b424b133fbac634ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2efe3f66-2a70-4870-8023-63992a46778d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5392fb400bd671d4b185fb35a9b23fd3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--353de357-e59a-4efc-b70b-b055aa9bbfe3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4ec4ceda84c580054f191caa09916c68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--67d73541-7d6c-4db8-a64b-d6be13db2c68",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4cd0f3219e98ac2e9021b06af70ed643']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a62e401c-8041-4804-90ae-a50f6cd46be9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4ca4f582418b2cc0626700511a6315c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9a2b70f2-c3e1-4f89-b9a0-21df0af1a33c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4c1c2db989e0e881232c7748593d291e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--25d0ffcb-c4bf-4852-bd17-71f7d5c14151",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4b511567cfa8dbaa32e11baf3268f074']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--90903693-8f31-4e3a-9a57-e3eba5082b75",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '479315620c9a5a62a745ab586ba7b78c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1b466a01-a081-437e-bd54-9eeac579bce3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '45b79949276c9cb9cf5dc72597dc1006']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--43424abd-46b0-4b01-be46-2068f5311908",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4495cb72708f486b734de6b6c6402aba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a8ad335d-4498-4d34-a3bf-0d3f75c517e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '446f3d71591afa37bbd604e2e400ae8b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e1284b8c-e9dc-4f29-b36f-047e3d908f56",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '436587bad5e061a7e594f9971d89c468']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f9d5343e-6daf-45ab-bc34-8b87b79ef275",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '42722b7d04f58dcb8bd80fe41c7ea09e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6cac3809-e452-4fb6-97ef-1c664abf6203",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '407738e565b4e9dafb07b782ebcf46b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fd1fbf50-6190-4ab7-a5a7-a1ae60a9c4af",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3e3f72f99062255d6320d5e686f0e212']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7c41b89e-f3a6-41ac-8b0e-de5ca1a2b967",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:49.000Z",
|
|
"modified": "2023-08-29T14:39:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3c20617f089fe5cc9ba12c43c6c072f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--688e8ffd-c888-4e8b-bd1b-b71a298d133a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3b93b524db66f8bb3df8279a141734bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d55faacf-a5b4-497c-a31c-8b908e30b085",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '35cf6faf442d325961935f660e2ab5a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6d0697b6-4fba-47a4-a938-f12179ac7665",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '35a432e40da597c7ab63ff16b09d19d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9251b17d-1cd6-4b0a-9cee-f22c94ef42ae",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '349ca242bc6d2652d84146f5f91c3dbb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cb4b5c1a-63c2-4d8e-adf0-5fa44b2b3a5a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '336c12441b7a678280562729c974a840']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dd387971-5888-406d-ab51-898537c150a8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '32ffe48d1a8ced49c53033eb65eff6f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bdf5b5cc-15fb-409a-ac01-9cd9bee153c2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3273a29d15334efddd8276af53c317fb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e5f88c47-5d12-40f8-84b2-5b04c6f77e7c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2e30520f8536a27dd59eabbcb8e3532a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--668cf012-2bf5-481c-956b-666d1b7886b4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2d841cb153bebcfdee5c54472b017af2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eca75a7c-0489-4e3b-bda2-170d9313e3cf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2ccb9759800154de817bf779a52d48f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bfeb8c6a-4d43-4f71-89dd-e718500104db",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:39:50.000Z",
|
|
"modified": "2023-08-29T14:39:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '23f4f604f1a05c4abf2ac02f976b746b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--69b7985c-973c-4011-8ab5-c58da0b05a74",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:40:10.000Z",
|
|
"modified": "2023-08-29T14:40:10.000Z",
|
|
"description": "Scanning host",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.63.76.67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4acf3577-604b-40a3-b5d3-a9c053ace055",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:40:10.000Z",
|
|
"modified": "2023-08-29T14:40:10.000Z",
|
|
"description": "Scanning host",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '155.94.160.72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--63acbb1a-421c-44d6-b8f0-4aa72b412cd8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:40:10.000Z",
|
|
"modified": "2023-08-29T14:40:10.000Z",
|
|
"description": "Scanning host",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.173.62.158']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0f4b7ecd-4636-41f2-a391-46443c5f2f0e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:40:10.000Z",
|
|
"modified": "2023-08-29T14:40:10.000Z",
|
|
"description": "Scanning host",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.148.219.54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6eebb0b5-e77f-4940-abf0-8d06c814327f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:40:10.000Z",
|
|
"modified": "2023-08-29T14:40:10.000Z",
|
|
"description": "Scanning host",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.156.229.226']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--13ebfaa0-7e1f-4e0b-a37b-d9def279a5ec",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:40:10.000Z",
|
|
"modified": "2023-08-29T14:40:10.000Z",
|
|
"description": "Scanning host",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.77.192.88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6a4ca93c-fcc8-4222-9aca-757734c49e40",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:40:10.000Z",
|
|
"modified": "2023-08-29T14:40:10.000Z",
|
|
"description": "Scanning host",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.146.179.101']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fdfed1c2-e01c-44a8-9b63-03346756a639",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:40:10.000Z",
|
|
"modified": "2023-08-29T14:40:10.000Z",
|
|
"description": "Scanning host",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '182.239.114.135']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b892e95a-cfee-47b3-a026-ceddb4ad3a35",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:40:10.000Z",
|
|
"modified": "2023-08-29T14:40:10.000Z",
|
|
"description": "Scanning host",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.148.149.156']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2023-08-29T14:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:37.000Z",
|
|
"modified": "2023-08-29T14:37:37.000Z",
|
|
"name": "CVE-2023-2868",
|
|
"description": "A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives).\u00a0The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl\\'s qx operator with the privileges of the Email Security Gateway product.\u00a0This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2023-2868"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://status.barracuda.com/incidents/34kx82j5n4q9"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://www.barracuda.com/company/legal/esg-vulnerability"
|
|
}
|
|
],
|
|
"x_misp_cvss_score": "9.8",
|
|
"x_misp_cvss_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"x_misp_modified": "2023-06-01T20:14:00+00:00",
|
|
"x_misp_published": "2023-05-24T19:15:00+00:00",
|
|
"x_misp_state": "Published",
|
|
"x_misp_vulnerable_configuration": [
|
|
"cpe:2.3:o:barracuda:email_security_gateway_300_firmware:*:*:*:*:*:*:*:*",
|
|
"cpe:2.3:h:barracuda:email_security_gateway_300:-:*:*:*:*:*:*:*",
|
|
"cpe:2.3:o:barracuda:email_security_gateway_400_firmware:*:*:*:*:*:*:*:*",
|
|
"cpe:2.3:h:barracuda:email_security_gateway_400:-:*:*:*:*:*:*:*",
|
|
"cpe:2.3:o:barracuda:email_security_gateway_600_firmware:*:*:*:*:*:*:*:*",
|
|
"cpe:2.3:h:barracuda:email_security_gateway_600:-:*:*:*:*:*:*:*",
|
|
"cpe:2.3:o:barracuda:email_security_gateway_800_firmware:*:*:*:*:*:*:*:*",
|
|
"cpe:2.3:h:barracuda:email_security_gateway_800:-:*:*:*:*:*:*:*",
|
|
"cpe:2.3:o:barracuda:email_security_gateway_900_firmware:*:*:*:*:*:*:*:*",
|
|
"cpe:2.3:h:barracuda:email_security_gateway_900:-:*:*:*:*:*:*:*"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5c800bda-3077-4b2d-8061-15a5246b657b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:37.000Z",
|
|
"modified": "2023-08-29T14:37:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"weakness\"",
|
|
"misp:meta-category=\"vulnerability\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "weakness",
|
|
"object_relation": "id",
|
|
"value": "CWE-77",
|
|
"category": "External analysis",
|
|
"uuid": "ff748f9f-6a39-41ec-bf4d-35d04db7d359"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "name",
|
|
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
|
"category": "Other",
|
|
"uuid": "1b1ef625-616d-48ed-a2d3-2bead052611d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "status",
|
|
"value": "Draft",
|
|
"category": "Other",
|
|
"uuid": "a9548554-f910-4923-b2d5-fae9e0e579c4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "weakness-abs",
|
|
"value": "Class",
|
|
"category": "Other",
|
|
"uuid": "deafb93d-6242-4256-807f-2ad887a5a845"
|
|
}
|
|
],
|
|
"x_misp_comment": "CVE-2023-2868: Enriched via the cve_advanced module",
|
|
"x_misp_meta_category": "vulnerability",
|
|
"x_misp_name": "weakness"
|
|
},
|
|
{
|
|
"type": "attack-pattern",
|
|
"spec_version": "2.1",
|
|
"id": "attack-pattern--b2c94688-63b9-4a1b-a21f-1813d1a65025",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:37.000Z",
|
|
"modified": "2023-08-29T14:37:37.000Z",
|
|
"name": "Manipulating Web Input to File System Calls",
|
|
"description": "An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "vulnerability"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"attack-pattern\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "capec",
|
|
"external_id": "CAPEC-76"
|
|
}
|
|
],
|
|
"x_misp_prerequisites": "Program must allow for user controlled variables to be applied directly to the filesystem",
|
|
"x_misp_related_weakness": [
|
|
"CWE-15",
|
|
"CWE-22",
|
|
"CWE-23",
|
|
"CWE-264",
|
|
"CWE-272",
|
|
"CWE-285",
|
|
"CWE-346",
|
|
"CWE-348",
|
|
"CWE-59",
|
|
"CWE-715",
|
|
"CWE-73",
|
|
"CWE-74",
|
|
"CWE-77"
|
|
],
|
|
"x_misp_solutions": "Design: Enforce principle of least privilege. Design: Ensure all input is validated, and does not contain file system commands Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands. Design: For interactive user applications, consider if direct file system interface is necessary, instead consider having the application proxy communication. Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables."
|
|
},
|
|
{
|
|
"type": "attack-pattern",
|
|
"spec_version": "2.1",
|
|
"id": "attack-pattern--696f71a9-90c1-48d8-8ee0-bc3914686f9b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:37.000Z",
|
|
"modified": "2023-08-29T14:37:37.000Z",
|
|
"name": "Command Injection",
|
|
"description": "An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "vulnerability"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"attack-pattern\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "capec",
|
|
"external_id": "CAPEC-248"
|
|
}
|
|
],
|
|
"x_misp_prerequisites": "The target application must accept input from the user and then use this input in the construction of commands to be executed. In virtually all cases, this is some form of string input that is concatenated to a constant string defined by the application to form the full command to be executed.",
|
|
"x_misp_related_weakness": "CWE-77",
|
|
"x_misp_solutions": "All user-controllable input should be validated and filtered for potentially unwanted characters. Using an allowlist for input is desired, but if use of a denylist approach is necessary, then focusing on command related terms and delimiters is necessary. Input should be encoded prior to use in commands to make sure command related characters are not treated as part of the command. For example, quotation characters may need to be encoded so that the application does not treat the quotation as a delimiter. Input should be parameterized, or restricted to data sections of a command, thus removing the chance that the input will be treated as part of the command itself."
|
|
},
|
|
{
|
|
"type": "attack-pattern",
|
|
"spec_version": "2.1",
|
|
"id": "attack-pattern--2b259e85-01f8-4187-9cc2-be0333e79f98",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"name": "Manipulating Writeable Terminal Devices",
|
|
"description": "This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "vulnerability"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"attack-pattern\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "capec",
|
|
"external_id": "CAPEC-40"
|
|
}
|
|
],
|
|
"x_misp_prerequisites": "User terminals must have a permissive access control such as world writeable that allows normal users to control data on other user\\'s terminals.",
|
|
"x_misp_related_weakness": "CWE-77",
|
|
"x_misp_solutions": "Design: Ensure that terminals are only writeable by named owner user and/or administrator Design: Enforce principle of least privilege"
|
|
},
|
|
{
|
|
"type": "attack-pattern",
|
|
"spec_version": "2.1",
|
|
"id": "attack-pattern--de326282-1b7d-4f7d-a632-c7d1e5831c4e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"name": "Exploiting Multiple Input Interpretation Layers",
|
|
"description": "An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a \\\\\"layer\\\\\" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "vulnerability"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"attack-pattern\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "capec",
|
|
"external_id": "CAPEC-43"
|
|
}
|
|
],
|
|
"x_misp_prerequisites": "User input is used to construct a command to be executed on the target system or as part of the file name. Multiple parser passes are performed on the data supplied by the user.",
|
|
"x_misp_related_weakness": [
|
|
"CWE-171",
|
|
"CWE-179",
|
|
"CWE-181",
|
|
"CWE-183",
|
|
"CWE-184",
|
|
"CWE-20",
|
|
"CWE-697",
|
|
"CWE-707",
|
|
"CWE-74",
|
|
"CWE-77",
|
|
"CWE-78"
|
|
],
|
|
"x_misp_solutions": "An iterative approach to input validation may be required to ensure that no dangerous characters are present. It may be necessary to implement redundant checking across different input validation layers. Ensure that invalid data is rejected as soon as possible and do not continue to work with it. Make sure to perform input validation on canonicalized data (i.e. data that is data in its most standard form). This will help avoid tricky encodings getting past the filters. Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist would not be permitted to enter into the system."
|
|
},
|
|
{
|
|
"type": "attack-pattern",
|
|
"spec_version": "2.1",
|
|
"id": "attack-pattern--17e84b86-f7e2-4c6d-995a-448882b9cc9a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"name": "LDAP Injection",
|
|
"description": "An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "vulnerability"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"attack-pattern\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "capec",
|
|
"external_id": "CAPEC-136"
|
|
}
|
|
],
|
|
"x_misp_prerequisites": "The target application must accept a string as user input, fail to sanitize characters that have a special meaning in LDAP queries in the user input, and insert the user-supplied string in an LDAP query which is then processed.",
|
|
"x_misp_related_weakness": [
|
|
"CWE-20",
|
|
"CWE-77",
|
|
"CWE-90"
|
|
],
|
|
"x_misp_solutions": "Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as LDAP content. Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the LDAP or application."
|
|
},
|
|
{
|
|
"type": "attack-pattern",
|
|
"spec_version": "2.1",
|
|
"id": "attack-pattern--18368ec6-7372-4ae7-8eb0-8139226162d9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"name": "Command Delimiters",
|
|
"description": "An attack of this type exploits a programs\\' vulnerabilities that allows an attacker\\'s commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "vulnerability"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"attack-pattern\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "capec",
|
|
"external_id": "CAPEC-15"
|
|
}
|
|
],
|
|
"x_misp_prerequisites": "Software\\'s input validation or filtering must not detect and block presence of additional malicious command.",
|
|
"x_misp_related_weakness": [
|
|
"CWE-138",
|
|
"CWE-140",
|
|
"CWE-146",
|
|
"CWE-154",
|
|
"CWE-157",
|
|
"CWE-184",
|
|
"CWE-185",
|
|
"CWE-697",
|
|
"CWE-713",
|
|
"CWE-77",
|
|
"CWE-78",
|
|
"CWE-93"
|
|
],
|
|
"x_misp_solutions": "Design: Perform allowlist validation against a positive specification for command length, type, and parameters. Design: Limit program privileges, so if commands circumvent program input validation or filter routines then commands do not running under a privileged account Implementation: Perform input validation for all remote content. Implementation: Use type conversions such as JDBC prepared statements."
|
|
},
|
|
{
|
|
"type": "attack-pattern",
|
|
"spec_version": "2.1",
|
|
"id": "attack-pattern--360355d9-c188-4499-8d87-f35c1a7b5ea9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"name": "IMAP/SMTP Command Injection",
|
|
"description": "An attacker exploits weaknesses in input validation on IMAP/SMTP servers to execute commands on the server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "vulnerability"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"attack-pattern\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "capec",
|
|
"external_id": "CAPEC-183"
|
|
}
|
|
],
|
|
"x_misp_prerequisites": "The target environment must consist of a web-mail server that the attacker can query and a back-end mail server. The back-end mail server need not be directly accessible to the attacker. The web-mail server must fail to adequately sanitize fields received from users and passed on to the back-end mail server. The back-end mail server must not be adequately secured against receiving malicious commands from the web-mail server.",
|
|
"x_misp_related_weakness": "CWE-77"
|
|
},
|
|
{
|
|
"type": "attack-pattern",
|
|
"spec_version": "2.1",
|
|
"id": "attack-pattern--0ef23600-e781-4b03-a224-387f65a7a68e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"name": "Manipulating Writeable Configuration Files",
|
|
"description": "Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers\\' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "vulnerability"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"attack-pattern\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "capec",
|
|
"external_id": "CAPEC-75"
|
|
}
|
|
],
|
|
"x_misp_prerequisites": "Configuration files must be modifiable by the attacker",
|
|
"x_misp_related_weakness": [
|
|
"CWE-346",
|
|
"CWE-349",
|
|
"CWE-353",
|
|
"CWE-354",
|
|
"CWE-713",
|
|
"CWE-77",
|
|
"CWE-99"
|
|
],
|
|
"x_misp_solutions": "Design: Enforce principle of least privilege Design: Backup copies of all configuration files Implementation: Integrity monitoring for configuration files Implementation: Enforce audit logging on code and configuration promotion procedures. Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--91510de6-7d7e-417b-8b02-d18e997e551d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2023-08-29T14:40:43.000Z",
|
|
"modified": "2023-08-29T14:40:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation",
|
|
"category": "External analysis",
|
|
"uuid": "b4fa2a08-6159-4801-b1e1-873e8917d8d9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "type",
|
|
"value": "Blog",
|
|
"category": "Other",
|
|
"uuid": "b4242597-9f66-468d-a6d6-b384cb55ffbf"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--805f0114-5a78-4fbe-8b48-468b7986e1cc",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"target_ref": "vulnerability--e64a605d-e4da-4ef8-b09e-e5c58d12f46d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--947a37a0-0999-4d01-b545-cf0eca32d74b",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"relationship_type": "weakened-by",
|
|
"source_ref": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"target_ref": "x-misp-object--5c800bda-3077-4b2d-8061-15a5246b657b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--71068d98-7b73-4d77-a14e-612a8f714dd4",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"relationship_type": "targeted-by",
|
|
"source_ref": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"target_ref": "attack-pattern--b2c94688-63b9-4a1b-a21f-1813d1a65025"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--14758ee3-8ae7-457a-86ae-581b99c9b5b4",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"relationship_type": "targeted-by",
|
|
"source_ref": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"target_ref": "attack-pattern--696f71a9-90c1-48d8-8ee0-bc3914686f9b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--37783c2b-d59b-49f8-a591-9d66ead024bb",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"relationship_type": "targeted-by",
|
|
"source_ref": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"target_ref": "attack-pattern--2b259e85-01f8-4187-9cc2-be0333e79f98"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--42edc619-34e1-4ac4-865a-2b890e9948c8",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"relationship_type": "targeted-by",
|
|
"source_ref": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"target_ref": "attack-pattern--de326282-1b7d-4f7d-a632-c7d1e5831c4e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cf71680c-3a1b-4d3c-8a28-afabe88465ab",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"relationship_type": "targeted-by",
|
|
"source_ref": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"target_ref": "attack-pattern--17e84b86-f7e2-4c6d-995a-448882b9cc9a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c8947bf8-b6f8-487d-9a5b-8031ad811d48",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"relationship_type": "targeted-by",
|
|
"source_ref": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"target_ref": "attack-pattern--18368ec6-7372-4ae7-8eb0-8139226162d9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ab5db207-50cf-4e8d-91ad-76e58ca4a29f",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"relationship_type": "targeted-by",
|
|
"source_ref": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"target_ref": "attack-pattern--360355d9-c188-4499-8d87-f35c1a7b5ea9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8a9d024e-e5d6-40b0-843d-9ab5553b2084",
|
|
"created": "2023-08-29T14:37:38.000Z",
|
|
"modified": "2023-08-29T14:37:38.000Z",
|
|
"relationship_type": "targeted-by",
|
|
"source_ref": "vulnerability--3c1e7005-894c-4c69-b704-e39348712f22",
|
|
"target_ref": "attack-pattern--0ef23600-e781-4b03-a224-387f65a7a68e"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |