adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a7238f2-7ea4-499a-89f6-450b02de0b81.json

2377 lines
No EOL
104 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5a7238f2-7ea4-499a-89f6-450b02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-02T03:00:35.000Z",
"modified": "2018-02-02T03:00:35.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a7238f2-7ea4-499a-89f6-450b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-02T03:00:35.000Z",
"modified": "2018-02-02T03:00:35.000Z",
"name": "OSINT - Smominru Monero mining botnet making millions for operators",
"published": "2018-02-16T08:54:29Z",
"object_refs": [
"x-misp-attribute--5a723909-f0f0-4dfa-b8b7-44fe02de0b81",
"observed-data--5a723916-3788-47c7-a70a-432502de0b81",
"url--5a723916-3788-47c7-a70a-432502de0b81",
"vulnerability--5a723935-bf74-4ea6-ba45-ee7702de0b81",
"vulnerability--5a723955-5430-48e4-976e-465a02de0b81",
"indicator--5a72399d-8ba0-4d8e-bd4a-4d4102de0b81",
"indicator--5a72399d-0d98-4599-89c2-4c9e02de0b81",
"indicator--5a72399e-cd14-491a-bb01-4cde02de0b81",
"indicator--5a72399e-0cbc-46d1-8db9-4aad02de0b81",
"indicator--5a72399f-5eec-49b8-9e5b-497102de0b81",
"indicator--5a72399f-4114-48f0-bd34-4ce902de0b81",
"indicator--5a7239a0-9fbc-4402-afa4-437302de0b81",
"indicator--5a7239a0-9a04-48d4-854d-440602de0b81",
"indicator--5a7239a0-1728-4a2c-b7a8-49ac02de0b81",
"indicator--5a7239a1-3eb8-4e05-8a34-42f502de0b81",
"indicator--5a7239a1-df5c-4a4f-9230-4cc102de0b81",
"indicator--5a7239a2-b0c0-4de5-89c2-4aaa02de0b81",
"indicator--5a7239a2-8e18-403a-b976-46cf02de0b81",
"indicator--5a7239a2-72dc-4348-bb4f-499d02de0b81",
"indicator--5a7239a3-1900-4d9f-91ae-482f02de0b81",
"indicator--5a7239a3-66e4-4708-9a76-47a002de0b81",
"indicator--5a7239a4-e710-43bf-98dd-490d02de0b81",
"indicator--5a7239a4-4890-4892-a9db-40e102de0b81",
"indicator--5a7239a5-9d44-4b30-a5a7-4baf02de0b81",
"indicator--5a7239a5-224c-4629-bb56-4b8e02de0b81",
"indicator--5a7239a5-8f14-4b49-85f3-4eb502de0b81",
"indicator--5a7239a6-f020-4087-81a4-42fe02de0b81",
"indicator--5a7239a6-861c-4d25-a9fd-4c0c02de0b81",
"indicator--5a7239a7-2978-41cc-8885-428902de0b81",
"indicator--5a7239a7-9454-42de-b5ae-481102de0b81",
"indicator--5a723ae2-140c-452f-889f-4daa02de0b81",
"indicator--5a723ae2-c428-440c-9be4-4bb102de0b81",
"indicator--5a723ae3-8304-4789-91de-4b0b02de0b81",
"indicator--5a723ae3-feb8-4011-993a-493e02de0b81",
"indicator--5a723ae4-261c-4c19-b8cd-4cd602de0b81",
"indicator--5a723ae4-1520-45c3-b378-412002de0b81",
"indicator--5a723ae5-1970-44f3-bdbf-423e02de0b81",
"indicator--5a723ae5-64bc-4529-86ee-420e02de0b81",
"indicator--5a723b7b-b10c-4792-977a-411302de0b81",
"indicator--5a723b7c-92ec-49fd-be05-47b102de0b81",
"indicator--5a723b7c-f44c-442c-a15d-43f102de0b81",
"indicator--5a723b7d-5ee4-4b59-aae7-409102de0b81",
"indicator--5a723b7d-cf18-46da-b75d-42cb02de0b81",
"indicator--5a723b7d-39fc-4346-b8dc-4d2202de0b81",
"indicator--5a723b7e-8b04-4a40-862f-455402de0b81",
"indicator--5a723b7e-eab4-493f-ba7b-4dbe02de0b81",
"indicator--5a723b7f-97d8-449f-8ed6-489b02de0b81",
"x-misp-object--5a7239fe-2ec0-4295-a0f1-ee7702de0b81",
"x-misp-object--5a723a43-35dc-43c6-aebc-448102de0b81",
"x-misp-object--5a723a78-fa6c-4f56-b48b-41ff02de0b81",
"indicator--5a72dd50-62b4-49c8-ba81-b1ce950d210f",
"indicator--5a72e14f-c2c4-4a5b-b3b9-5bec950d210f",
"indicator--5a72e1ea-ce94-495a-ab42-7a86950d210f",
"indicator--5a72e248-e0fc-4718-8b49-8f0b950d210f",
"indicator--5a72e2d4-d378-4bfe-89bc-b1e2950d210f",
"indicator--5a72e33c-e520-40ad-991f-b1fb950d210f",
"indicator--5a72e4eb-bb78-4f19-ae51-b1db950d210f",
"indicator--5a72e941-384c-4ed5-8bb4-4b0a950d210f",
"indicator--5a72eb79-1514-4dc9-87d4-4763950d210f",
"indicator--5a72ecdc-ad08-41d6-b1cc-8f0b950d210f",
"indicator--5a72ed40-73e4-40d3-b0c0-b1fb950d210f",
"indicator--5a72ed5c-1854-41db-ac03-5bf2950d210f",
"indicator--5a72ed74-9234-4129-81bb-47f3950d210f",
"indicator--5a72edaa-8670-4ea1-a903-4e28950d210f",
"indicator--5a72ee09-c0b0-48d0-9a90-4d69950d210f",
"indicator--5a72ee50-f530-4793-8783-6767950d210f",
"indicator--5a72ee73-9cc0-4425-b60a-4260950d210f",
"indicator--5a72ee8d-cc5c-48e6-b05a-5bee950d210f",
"indicator--5a72eea1-0f08-4da7-a5a1-b1db950d210f",
"indicator--1e2fd26e-d1ec-406d-bb1b-b4d72f61d52f",
"x-misp-object--0b7e3026-09c1-4f49-af9a-07f5ceb0592b",
"indicator--b538582a-ca89-45a4-895c-35d517c9b279",
"x-misp-object--a804d5b1-7ca5-406d-9a56-e06577b0629d",
"indicator--c7f56e48-5ca3-4ab4-8a44-d508a7c3f1b5",
"x-misp-object--857bce07-e7e4-4cfb-a435-fbb587cf250a",
"indicator--994aa712-e77a-411f-bec0-cf4b547a61a1",
"x-misp-object--28763b93-461a-4389-8100-45731b4fcb27",
"indicator--fae35839-05f9-4c5d-86f2-0694b89e6be3",
"x-misp-object--38c84b61-e001-46f6-a99c-172c5e4e5d67",
"indicator--959bcddc-d26f-44f7-9a79-07df0acb6a95",
"x-misp-object--33bb45b6-d3bd-4cc1-bec6-84cb666c0c0d",
"indicator--eb0f9ec8-b388-422a-99dc-5d7a32e340b3",
"x-misp-object--c38c22d3-60e6-4336-94d4-f9772f9e56fe",
"indicator--055ccd02-bd02-4e47-9fd1-1e668f23f024",
"x-misp-object--1718834e-3131-4711-92e4-4fd9e25abcb7",
"relationship--a70a4285-1914-49ac-8f74-7a17fd9a8f2c",
"relationship--0a167bde-4cfe-4079-ae02-c6776e4c4782",
"relationship--19b02126-0de5-4007-8d3f-025e98c66f4b",
"relationship--4408f5a9-ee2e-4655-8d88-ff5768681fcb",
"relationship--0dcc9996-34d7-4cc2-9b58-07c060a20b47",
"relationship--42f535f7-22d4-4ecd-aa8c-eb93c9b66d02",
"relationship--94cfd06d-cfd7-4609-9588-360c9f8fd741",
"relationship--9096666b-2d3f-4428-b0d6-d25cb75f27a0"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a723909-f0f0-4dfa-b8b7-44fe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:01.000Z",
"modified": "2018-02-01T12:41:01.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Even with recent volatility in the price of most cryptocurrencies, especially Bitcoin, interest among mainstream users and the media remains high. At the same time, Bitcoin alternatives like Monero and Ethereum continue their overall upward trend in value (Figure 1), putting them squarely in the crosshairs of threat actors looking for quick profits and anonymous transactions. Because obtaining these cryptocurrencies through legitimate mining mechanisms is quite resource-intensive, cybercriminals are stealing them, demanding ransomware payments in them, and harnessing other computers to mine them for free. Recently, Proofpoint researchers have been tracking the massive Smominru botnet, the combined computing power of which had earned millions of dollars for its operators."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a723916-3788-47c7-a70a-432502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:02.000Z",
"modified": "2018-02-01T12:41:02.000Z",
"first_observed": "2018-02-01T12:41:02Z",
"last_observed": "2018-02-01T12:41:02Z",
"number_observed": 1,
"object_refs": [
"url--5a723916-3788-47c7-a70a-432502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a723916-3788-47c7-a70a-432502de0b81",
"value": "https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--5a723935-bf74-4ea6-ba45-ee7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:02.000Z",
"modified": "2018-02-01T12:41:02.000Z",
"name": "CVE-2017-0144",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2017-0144"
}
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--5a723955-5430-48e4-976e-465a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:03.000Z",
"modified": "2018-02-01T12:41:03.000Z",
"name": "CVE-2017-0176",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2017-0176"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72399d-8ba0-4d8e-bd4a-4d4102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:03.000Z",
"modified": "2018-02-01T12:41:03.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.34.114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72399d-0d98-4599-89c2-4c9e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:04.000Z",
"modified": "2018-02-01T12:41:04.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.81.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72399e-cd14-491a-bb01-4cde02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:04.000Z",
"modified": "2018-02-01T12:41:04.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.31.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72399e-0cbc-46d1-8db9-4aad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:05.000Z",
"modified": "2018-02-01T12:41:05.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.28.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72399f-5eec-49b8-9e5b-497102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:05.000Z",
"modified": "2018-02-01T12:41:05.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.12.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72399f-4114-48f0-bd34-4ce902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:06.000Z",
"modified": "2018-02-01T12:41:06.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.24.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a0-9fbc-4402-afa4-437302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:06.000Z",
"modified": "2018-02-01T12:41:06.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.13.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a0-9a04-48d4-854d-440602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:06.000Z",
"modified": "2018-02-01T12:41:06.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.38.78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a0-1728-4a2c-b7a8-49ac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:07.000Z",
"modified": "2018-02-01T12:41:07.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.22.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a1-3eb8-4e05-8a34-42f502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:07.000Z",
"modified": "2018-02-01T12:41:07.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.241.229.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a1-df5c-4a4f-9230-4cc102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:08.000Z",
"modified": "2018-02-01T12:41:08.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.39.186']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a2-b0c0-4de5-89c2-4aaa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:08.000Z",
"modified": "2018-02-01T12:41:08.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.14.246']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a2-8e18-403a-b976-46cf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:09.000Z",
"modified": "2018-02-01T12:41:09.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.31.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a2-72dc-4348-bb4f-499d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:09.000Z",
"modified": "2018-02-01T12:41:09.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.27.198']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a3-1900-4d9f-91ae-482f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:10.000Z",
"modified": "2018-02-01T12:41:10.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.25.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a3-66e4-4708-9a76-47a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:10.000Z",
"modified": "2018-02-01T12:41:10.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.1.46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a4-e710-43bf-98dd-490d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:11.000Z",
"modified": "2018-02-01T12:41:11.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.36.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a4-4890-4892-a9db-40e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:11.000Z",
"modified": "2018-02-01T12:41:11.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.21.186']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a5-9d44-4b30-a5a7-4baf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:12.000Z",
"modified": "2018-02-01T12:41:12.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.12.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a5-224c-4629-bb56-4b8e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:12.000Z",
"modified": "2018-02-01T12:41:12.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.24.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a5-8f14-4b49-85f3-4eb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:13.000Z",
"modified": "2018-02-01T12:41:13.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.44.46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a6-f020-4087-81a4-42fe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:13.000Z",
"modified": "2018-02-01T12:41:13.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.11.222']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a6-861c-4d25-a9fd-4c0c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:14.000Z",
"modified": "2018-02-01T12:41:14.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.29.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a7-2978-41cc-8885-428902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:14.000Z",
"modified": "2018-02-01T12:41:14.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.153.8.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a7239a7-9454-42de-b5ae-481102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:14.000Z",
"modified": "2018-02-01T12:41:14.000Z",
"description": "Attacking IP (via EB)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.52.1.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723ae2-140c-452f-889f-4daa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:53:38.000Z",
"modified": "2018-01-31T21:53:38.000Z",
"description": "ups.rar",
"pattern": "[file:hashes.SHA256 = 'da3b2e4da23aae505bf991cb68833d01d0c5b75645d246dfa9b6e403be1798c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:53:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723ae2-c428-440c-9be4-4bb102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:53:38.000Z",
"modified": "2018-01-31T21:53:38.000Z",
"description": "EternalBlue dropped",
"pattern": "[file:hashes.SHA256 = '8ceb370e5f32dd732809c827f8eda38cc9b746d40adea3dca33b8c27ee38eb6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:53:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723ae3-8304-4789-91de-4b0b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:53:39.000Z",
"modified": "2018-01-31T21:53:39.000Z",
"description": "EternalBlue dropped",
"pattern": "[file:hashes.SHA256 = '5e15c97546a19759a8397e51e98a2d8168e6e27aff4dc518220459ed3184e4e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:53:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723ae3-feb8-4011-993a-493e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:53:39.000Z",
"modified": "2018-01-31T21:53:39.000Z",
"description": "64.rar",
"pattern": "[file:hashes.SHA256 = '2e3f534bd6b7d1cf18dc727820124faed92fb28f1d4626c9658587b9b3c09509']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:53:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723ae4-261c-4c19-b8cd-4cd602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:53:40.000Z",
"modified": "2018-01-31T21:53:40.000Z",
"description": "0107.rar (Smominru - Coin Miner)",
"pattern": "[file:hashes.SHA256 = 'b7f8b5cb8fc7bd5c14105fde118f5ac7a808e590e52f16c70128b4bd28aa4b5a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:53:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723ae4-1520-45c3-b378-412002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:53:40.000Z",
"modified": "2018-01-31T21:53:40.000Z",
"description": "0121.rar (Smominru Coin Miner)",
"pattern": "[file:hashes.SHA256 = '32e0712ff24e5f9ab8ee682a53514c501486f0836ef24125503335d86bd10a4e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:53:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723ae5-1970-44f3-bdbf-423e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:53:41.000Z",
"modified": "2018-01-31T21:53:41.000Z",
"description": "0126.rar (Smominru Coin Miner)",
"pattern": "[file:hashes.SHA256 = '3b1824b41f3853376e21153d9125781dbb57b820d8a9a6cc037f82ea87f50973']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:53:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723ae5-64bc-4529-86ee-420e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:53:41.000Z",
"modified": "2018-01-31T21:53:41.000Z",
"description": "0114.rar (Smominru - Coin Miner)",
"pattern": "[file:hashes.SHA256 = 'f1c36aebdcd92a04fd689d31944e5388e7e9b9421063ec4c98804ac7a04e6b0d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:53:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723b7b-b10c-4792-977a-411302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:56:11.000Z",
"modified": "2018-01-31T21:56:11.000Z",
"description": "Smominru C&C (Binary Server)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.58.186.145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:56:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723b7c-92ec-49fd-be05-47b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:56:12.000Z",
"modified": "2018-01-31T21:56:12.000Z",
"description": "Smominru C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.29.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:56:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723b7c-f44c-442c-a15d-43f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:56:12.000Z",
"modified": "2018-01-31T21:56:12.000Z",
"description": "Smominru C&C (WMI call)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.58.140.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:56:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723b7d-5ee4-4b59-aae7-409102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:56:12.000Z",
"modified": "2018-01-31T21:56:12.000Z",
"description": "Smominru C&C (binary server)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '170.178.171.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:56:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723b7d-cf18-46da-b75d-42cb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:56:13.000Z",
"modified": "2018-01-31T21:56:13.000Z",
"description": "Smominru C&C (WMI call) Sinkholed domain",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.30.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723b7d-39fc-4346-b8dc-4d2202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:56:13.000Z",
"modified": "2018-01-31T21:56:13.000Z",
"description": "Smominru binary server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.64.166.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723b7e-8b04-4a40-862f-455402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:56:14.000Z",
"modified": "2018-01-31T21:56:14.000Z",
"description": "Smominru binary server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.255.79.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:56:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723b7e-eab4-493f-ba7b-4dbe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:15.000Z",
"modified": "2018-02-01T12:41:15.000Z",
"description": "Smominru C&C",
"pattern": "[file:name = 'down.my0709.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a723b7f-97d8-449f-8ed6-489b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:56:15.000Z",
"modified": "2018-01-31T21:56:15.000Z",
"description": "Smominru C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.148.80.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-31T21:56:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a7239fe-2ec0-4295-a0f1-ee7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:49:50.000Z",
"modified": "2018-01-31T21:49:50.000Z",
"labels": [
"misp:name=\"coin-address\"",
"misp:meta-category=\"financial\""
],
"x_misp_attributes": [
{
"type": "btc",
"object_relation": "address",
"value": "43Lm9q14s7GhMLpUsiXY3MH6G67Sn81B5DqmN46u8WnBXNvJmC6FwH3ZMwAmkEB1nHSrujgthFPQeQCFPCwwE7m7TpspYBd",
"category": "Financial fraud",
"to_ids": true,
"uuid": "5a7239ff-8b94-41dd-91e0-ee7702de0b81"
},
{
"type": "text",
"object_relation": "symbol",
"value": "XMR",
"category": "Other",
"uuid": "5a7239ff-9bcc-43f2-8e1f-ee7702de0b81"
},
{
"type": "text",
"object_relation": "text",
"value": "used after 2018-01-14",
"category": "Other",
"uuid": "5a723a00-2378-4cb9-8c44-ee7702de0b81"
}
],
"x_misp_meta_category": "financial",
"x_misp_name": "coin-address"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a723a43-35dc-43c6-aebc-448102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:50:59.000Z",
"modified": "2018-01-31T21:50:59.000Z",
"labels": [
"misp:name=\"coin-address\"",
"misp:meta-category=\"financial\""
],
"x_misp_attributes": [
{
"type": "btc",
"object_relation": "address",
"value": "47Tscy1QuJn1fxHiBRjWFtgHmvqkW71YZCQL33LeunfH4rsGEHx5UGTPdfXNJtMMATMz8bmaykGVuDFGWP3KyufBSdzxBb2",
"category": "Financial fraud",
"to_ids": true,
"uuid": "5a723a44-1f80-459f-ab1f-4f7b02de0b81"
},
{
"type": "text",
"object_relation": "symbol",
"value": "XMR",
"category": "Other",
"uuid": "5a723a44-3498-4397-9114-49b602de0b81"
},
{
"type": "text",
"object_relation": "text",
"value": "used from before 2017/05 till 2017/09\r\n\r\n \r\n\r\nMined 2000 Monero",
"category": "Other",
"uuid": "5a723a45-3cb4-4b1b-80a1-4d6102de0b81"
}
],
"x_misp_meta_category": "financial",
"x_misp_name": "coin-address"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a723a78-fa6c-4f56-b48b-41ff02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-31T21:51:52.000Z",
"modified": "2018-01-31T21:51:52.000Z",
"labels": [
"misp:name=\"coin-address\"",
"misp:meta-category=\"financial\""
],
"x_misp_attributes": [
{
"type": "btc",
"object_relation": "address",
"value": "45bbP2muiJHD8Fd5tZyPAfC2RsajyEcsRVVMZ7Tm5qJjdTMprexz6yQ5DVQ1BbmjkMYm9nMid2QSbiGLvvfau7At5V18FzQ",
"category": "Financial fraud",
"to_ids": true,
"uuid": "5a723a78-bfe8-4820-84b5-4a5602de0b81"
},
{
"type": "text",
"object_relation": "symbol",
"value": "XMR",
"category": "Other",
"uuid": "5a723a78-7cb8-482c-baf0-447e02de0b81"
},
{
"type": "text",
"object_relation": "text",
"value": "from 2017/09 till 2018-01-13\r\n\r\nMined around 6800 Monero",
"category": "Other",
"uuid": "5a723a79-95e4-426e-9a91-4ee402de0b81"
}
],
"x_misp_meta_category": "financial",
"x_misp_name": "coin-address"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72dd50-62b4-49c8-ba81-b1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T09:44:03.000Z",
"modified": "2018-02-01T09:44:03.000Z",
"description": "Smominru C&C",
"pattern": "[domain-name:value = 'down.down0116.info' AND domain-name:resolves_to_refs[*].value = '198.148.80.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T09:44:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72e14f-c2c4-4a5b-b3b9-5bec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T09:43:43.000Z",
"modified": "2018-02-01T09:43:43.000Z",
"description": "Smominru C&C (Binary Server)",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.58.186.145') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'down.oo000oo.club') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T09:43:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72e1ea-ce94-495a-ab42-7a86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T09:46:18.000Z",
"modified": "2018-02-01T09:46:18.000Z",
"description": "Smominru C&C",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.29.8') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'www.cyg2016.xyz') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T09:46:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72e248-e0fc-4718-8b49-8f0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T09:47:52.000Z",
"modified": "2018-02-01T09:47:52.000Z",
"description": "Smominru C&C (Binary Server)",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.29.8') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'down.mys2016.info') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T09:47:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72e2d4-d378-4bfe-89bc-b1e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T09:50:12.000Z",
"modified": "2018-02-01T09:50:12.000Z",
"description": "Smominru C&C (WMI call)",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.58.140.194') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'wmi.mykings.top.info') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T09:50:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72e33c-e520-40ad-991f-b1fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T09:51:56.000Z",
"modified": "2018-02-01T09:51:56.000Z",
"description": "Smominru C&C (WMI call)",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.58.140.194') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'wmi.oo000oo.club') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T09:51:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72e4eb-bb78-4f19-ae51-b1db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T09:59:07.000Z",
"modified": "2018-02-01T09:59:07.000Z",
"description": "Smominru C&C",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.58.140.194') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'xmr.5b6b7b.ru') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T09:59:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72e941-384c-4ed5-8bb4-4b0a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:17:37.000Z",
"modified": "2018-02-01T10:17:37.000Z",
"description": "Smominru C&C (binary server)",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '170.178.171.162') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = '64.myxmr.pw') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:17:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72eb79-1514-4dc9-87d4-4763950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:27:05.000Z",
"modified": "2018-02-01T10:27:05.000Z",
"description": "Smominru C&C (WMI call) - Sinkholed domain",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.30.26') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'wmi.my0709.xyz') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72ecdc-ad08-41d6-b1cc-8f0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:33:00.000Z",
"modified": "2018-02-01T10:33:00.000Z",
"description": "Smominru binary server",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.64.166.82') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'ftp.ruisgood.ru') AND network-traffic:dst_port = '21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:33:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72ed40-73e4-40d3-b0c0-b1fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:34:40.000Z",
"modified": "2018-02-01T10:34:40.000Z",
"description": "Smominru binary server",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.64.166.82') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'ftp.oo000oo.me') AND network-traffic:dst_port = '21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:34:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72ed5c-1854-41db-ac03-5bf2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:35:08.000Z",
"modified": "2018-02-01T10:35:08.000Z",
"description": "Smominru binary server",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.64.166.82') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'ftp.ftp0118.info') AND network-traffic:dst_port = '21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:35:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72ed74-9234-4129-81bb-47f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:35:32.000Z",
"modified": "2018-02-01T10:35:32.000Z",
"description": "Smominru binary server",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.255.79.151') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'js.mys2016.info') AND network-traffic:dst_port = '280']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:35:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72edaa-8670-4ea1-a903-4e28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:36:26.000Z",
"modified": "2018-02-01T10:36:26.000Z",
"description": "Smominru C&C (Binary Server)",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '170.178.171.162') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = '64.mymyxmra.ru') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72ee09-c0b0-48d0-9a90-4d69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:38:01.000Z",
"modified": "2018-02-01T10:38:01.000Z",
"description": "Smominru C&C",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.58.140.194') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'xmr.xmr5b.ru') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:38:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72ee50-f530-4793-8783-6767950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:39:12.000Z",
"modified": "2018-02-01T10:39:12.000Z",
"description": "Smominru C&C",
"pattern": "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'js.my0115.ru') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:39:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72ee73-9cc0-4425-b60a-4260950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:39:47.000Z",
"modified": "2018-02-01T10:39:47.000Z",
"description": "Smominru C&C (WMI call)",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.30.26') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'wmi.my0115.ru') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:39:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72ee8d-cc5c-48e6-b05a-5bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:40:13.000Z",
"modified": "2018-02-01T10:40:13.000Z",
"description": "Smominru C&C (Binary Server)",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.95.30.26') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'down.my0115.ru') AND network-traffic:dst_port = '8888']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:40:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a72eea1-0f08-4da7-a5a1-b1db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T10:40:33.000Z",
"modified": "2018-02-01T10:40:33.000Z",
"description": "Smominru C&C",
"pattern": "[domain-name:value = 'down.my0709.xyz' AND domain-name:resolves_to_refs[*].value = '103.95.30.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T10:40:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1e2fd26e-d1ec-406d-bb1b-b4d72f61d52f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:19.000Z",
"modified": "2018-02-01T12:41:19.000Z",
"pattern": "[file:hashes.MD5 = '1487e2b148f7a4869c212f78cb28d682' AND file:hashes.SHA1 = 'a56c110dcf859d83aa1fa5ad455e94539dfa8d12' AND file:hashes.SHA256 = '8ceb370e5f32dd732809c827f8eda38cc9b746d40adea3dca33b8c27ee38eb6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0b7e3026-09c1-4f49-af9a-07f5ceb0592b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:17.000Z",
"modified": "2018-02-01T12:41:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8ceb370e5f32dd732809c827f8eda38cc9b746d40adea3dca33b8c27ee38eb6f/analysis/1517456055/",
"category": "External analysis",
"comment": "EternalBlue dropped",
"uuid": "5a730aed-3e50-42bb-927c-450902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/65",
"category": "Other",
"comment": "EternalBlue dropped",
"uuid": "5a730aee-fe60-4ff3-a8a3-428102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-02-01T03:34:15",
"category": "Other",
"comment": "EternalBlue dropped",
"uuid": "5a730aee-cf3c-4a4b-b699-434c02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b538582a-ca89-45a4-895c-35d517c9b279",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:22.000Z",
"modified": "2018-02-01T12:41:22.000Z",
"pattern": "[file:hashes.MD5 = 'ff604679b2e12040dea81f6ecffd5ea2' AND file:hashes.SHA1 = 'd789b6b33d739810cab2e3f5a55933dd16721823' AND file:hashes.SHA256 = 'b7f8b5cb8fc7bd5c14105fde118f5ac7a808e590e52f16c70128b4bd28aa4b5a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a804d5b1-7ca5-406d-9a56-e06577b0629d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:20.000Z",
"modified": "2018-02-01T12:41:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b7f8b5cb8fc7bd5c14105fde118f5ac7a808e590e52f16c70128b4bd28aa4b5a/analysis/1517457171/",
"category": "External analysis",
"comment": "0107.rar (Smominru - Coin Miner)",
"uuid": "5a730af0-28d8-461f-8bc1-48eb02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/66",
"category": "Other",
"comment": "0107.rar (Smominru - Coin Miner)",
"uuid": "5a730af1-ebd8-4440-a145-46e502de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-02-01T03:52:51",
"category": "Other",
"comment": "0107.rar (Smominru - Coin Miner)",
"uuid": "5a730af1-2a48-4e30-b9dc-468602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c7f56e48-5ca3-4ab4-8a44-d508a7c3f1b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:25.000Z",
"modified": "2018-02-01T12:41:25.000Z",
"pattern": "[file:hashes.MD5 = '0224b573793d1780e3fec22739526c8f' AND file:hashes.SHA1 = '6ca9bc55382736c6fb173afb789318ee7067f206' AND file:hashes.SHA256 = '3b1824b41f3853376e21153d9125781dbb57b820d8a9a6cc037f82ea87f50973']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--857bce07-e7e4-4cfb-a435-fbb587cf250a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:23.000Z",
"modified": "2018-02-01T12:41:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3b1824b41f3853376e21153d9125781dbb57b820d8a9a6cc037f82ea87f50973/analysis/1517153840/",
"category": "External analysis",
"comment": "0126.rar (Smominru Coin Miner)",
"uuid": "5a730af3-4578-439d-b113-485d02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/66",
"category": "Other",
"comment": "0126.rar (Smominru Coin Miner)",
"uuid": "5a730af4-2254-4135-a0e4-4ed602de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-28T15:37:20",
"category": "Other",
"comment": "0126.rar (Smominru Coin Miner)",
"uuid": "5a730af4-9a70-46ec-b537-492902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--994aa712-e77a-411f-bec0-cf4b547a61a1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:28.000Z",
"modified": "2018-02-01T12:41:28.000Z",
"pattern": "[file:hashes.MD5 = '6ca24e8ae6988ee1187be72c777e7397' AND file:hashes.SHA1 = '53accdd58a67fe7bc7fbcaefa1e2b65c13aba9ff' AND file:hashes.SHA256 = '2e3f534bd6b7d1cf18dc727820124faed92fb28f1d4626c9658587b9b3c09509']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--28763b93-461a-4389-8100-45731b4fcb27",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:27.000Z",
"modified": "2018-02-01T12:41:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2e3f534bd6b7d1cf18dc727820124faed92fb28f1d4626c9658587b9b3c09509/analysis/1517457638/",
"category": "External analysis",
"comment": "64.rar",
"uuid": "5a730af7-d48c-4b0b-be0c-452702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/64",
"category": "Other",
"comment": "64.rar",
"uuid": "5a730af7-12c8-4405-af2c-47c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-02-01T04:00:38",
"category": "Other",
"comment": "64.rar",
"uuid": "5a730af8-d5c4-4360-b181-4c4002de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fae35839-05f9-4c5d-86f2-0694b89e6be3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:31.000Z",
"modified": "2018-02-01T12:41:31.000Z",
"pattern": "[file:hashes.MD5 = 'ebdc2be63b2fcb8fe22845c75850c9e6' AND file:hashes.SHA1 = 'c788a27c9f18f1e732e34e60a73b83ccdcfd9a29' AND file:hashes.SHA256 = '32e0712ff24e5f9ab8ee682a53514c501486f0836ef24125503335d86bd10a4e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--38c84b61-e001-46f6-a99c-172c5e4e5d67",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:30.000Z",
"modified": "2018-02-01T12:41:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/32e0712ff24e5f9ab8ee682a53514c501486f0836ef24125503335d86bd10a4e/analysis/1517399898/",
"category": "External analysis",
"comment": "0121.rar (Smominru Coin Miner)",
"uuid": "5a730afa-b5b4-4ef0-9030-4a5302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/66",
"category": "Other",
"comment": "0121.rar (Smominru Coin Miner)",
"uuid": "5a730afa-eb88-472e-9db8-491e02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-31T11:58:18",
"category": "Other",
"comment": "0121.rar (Smominru Coin Miner)",
"uuid": "5a730afb-ff20-49ea-8d61-439d02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--959bcddc-d26f-44f7-9a79-07df0acb6a95",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:34.000Z",
"modified": "2018-02-01T12:41:34.000Z",
"pattern": "[file:hashes.MD5 = 'f63e34b172bc6c88c002a2d25c738ea9' AND file:hashes.SHA1 = '368ef0af957492ad0b55ce1351da1b44f67dbcb8' AND file:hashes.SHA256 = '5e15c97546a19759a8397e51e98a2d8168e6e27aff4dc518220459ed3184e4e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--33bb45b6-d3bd-4cc1-bec6-84cb666c0c0d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:33.000Z",
"modified": "2018-02-01T12:41:33.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5e15c97546a19759a8397e51e98a2d8168e6e27aff4dc518220459ed3184e4e2/analysis/1517462947/",
"category": "External analysis",
"comment": "EternalBlue dropped",
"uuid": "5a730afd-5ae4-4e1d-976f-4e1e02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/63",
"category": "Other",
"comment": "EternalBlue dropped",
"uuid": "5a730afd-1514-4e7f-8862-49ae02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-02-01T05:29:07",
"category": "Other",
"comment": "EternalBlue dropped",
"uuid": "5a730afe-2ad4-4d85-af66-4a4702de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb0f9ec8-b388-422a-99dc-5d7a32e340b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:37.000Z",
"modified": "2018-02-01T12:41:37.000Z",
"pattern": "[file:hashes.MD5 = '822b8150022ba179560ac42384ff997e' AND file:hashes.SHA1 = 'b8a53e651be77914428f6a3cefc797041ff3df51' AND file:hashes.SHA256 = 'f1c36aebdcd92a04fd689d31944e5388e7e9b9421063ec4c98804ac7a04e6b0d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c38c22d3-60e6-4336-94d4-f9772f9e56fe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:36.000Z",
"modified": "2018-02-01T12:41:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f1c36aebdcd92a04fd689d31944e5388e7e9b9421063ec4c98804ac7a04e6b0d/analysis/1517332171/",
"category": "External analysis",
"comment": "0114.rar (Smominru - Coin Miner)",
"uuid": "5a730b00-d828-4158-99c6-4f4702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/65",
"category": "Other",
"comment": "0114.rar (Smominru - Coin Miner)",
"uuid": "5a730b00-cfac-4258-a9b1-4f4202de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-30T17:09:31",
"category": "Other",
"comment": "0114.rar (Smominru - Coin Miner)",
"uuid": "5a730b01-39ac-4f84-93b3-498602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--055ccd02-bd02-4e47-9fd1-1e668f23f024",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:40.000Z",
"modified": "2018-02-01T12:41:40.000Z",
"pattern": "[file:hashes.MD5 = '6b13994f83dad0d45764911a88564a7b' AND file:hashes.SHA1 = '0b5616228f6556b320ac0d2f586504538abb638e' AND file:hashes.SHA256 = 'da3b2e4da23aae505bf991cb68833d01d0c5b75645d246dfa9b6e403be1798c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-01T12:41:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1718834e-3131-4711-92e4-4fd9e25abcb7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-01T12:41:39.000Z",
"modified": "2018-02-01T12:41:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/da3b2e4da23aae505bf991cb68833d01d0c5b75645d246dfa9b6e403be1798c8/analysis/1517457719/",
"category": "External analysis",
"comment": "ups.rar",
"uuid": "5a730b03-589c-47de-a519-4d8702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/64",
"category": "Other",
"comment": "ups.rar",
"uuid": "5a730b03-0afc-42a7-a1b0-48e002de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-02-01T04:01:59",
"category": "Other",
"comment": "ups.rar",
"uuid": "5a730b04-ae70-4fab-b15f-48c602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a70a4285-1914-49ac-8f74-7a17fd9a8f2c",
"created": "2018-02-16T08:54:28.000Z",
"modified": "2018-02-16T08:54:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1e2fd26e-d1ec-406d-bb1b-b4d72f61d52f",
"target_ref": "x-misp-object--0b7e3026-09c1-4f49-af9a-07f5ceb0592b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0a167bde-4cfe-4079-ae02-c6776e4c4782",
"created": "2018-02-16T08:54:28.000Z",
"modified": "2018-02-16T08:54:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b538582a-ca89-45a4-895c-35d517c9b279",
"target_ref": "x-misp-object--a804d5b1-7ca5-406d-9a56-e06577b0629d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--19b02126-0de5-4007-8d3f-025e98c66f4b",
"created": "2018-02-16T08:54:28.000Z",
"modified": "2018-02-16T08:54:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c7f56e48-5ca3-4ab4-8a44-d508a7c3f1b5",
"target_ref": "x-misp-object--857bce07-e7e4-4cfb-a435-fbb587cf250a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4408f5a9-ee2e-4655-8d88-ff5768681fcb",
"created": "2018-02-16T08:54:28.000Z",
"modified": "2018-02-16T08:54:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--994aa712-e77a-411f-bec0-cf4b547a61a1",
"target_ref": "x-misp-object--28763b93-461a-4389-8100-45731b4fcb27"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0dcc9996-34d7-4cc2-9b58-07c060a20b47",
"created": "2018-02-16T08:54:28.000Z",
"modified": "2018-02-16T08:54:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fae35839-05f9-4c5d-86f2-0694b89e6be3",
"target_ref": "x-misp-object--38c84b61-e001-46f6-a99c-172c5e4e5d67"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--42f535f7-22d4-4ecd-aa8c-eb93c9b66d02",
"created": "2018-02-16T08:54:28.000Z",
"modified": "2018-02-16T08:54:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--959bcddc-d26f-44f7-9a79-07df0acb6a95",
"target_ref": "x-misp-object--33bb45b6-d3bd-4cc1-bec6-84cb666c0c0d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--94cfd06d-cfd7-4609-9588-360c9f8fd741",
"created": "2018-02-16T08:54:28.000Z",
"modified": "2018-02-16T08:54:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--eb0f9ec8-b388-422a-99dc-5d7a32e340b3",
"target_ref": "x-misp-object--c38c22d3-60e6-4336-94d4-f9772f9e56fe"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9096666b-2d3f-4428-b0d6-d25cb75f27a0",
"created": "2018-02-16T08:54:29.000Z",
"modified": "2018-02-16T08:54:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--055ccd02-bd02-4e47-9fd1-1e668f23f024",
"target_ref": "x-misp-object--1718834e-3131-4711-92e4-4fd9e25abcb7"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink