445 lines
No EOL
25 KiB
JSON
445 lines
No EOL
25 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5de7883b-22bc-4264-995c-4d1f950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T13:43:04.000Z",
|
|
"modified": "2019-12-04T13:43:04.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5de7883b-22bc-4264-995c-4d1f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T13:43:04.000Z",
|
|
"modified": "2019-12-04T13:43:04.000Z",
|
|
"name": "Malicious PyPI packages",
|
|
"published": "2019-12-04T13:43:10Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--5de78960-6df8-4e53-8db2-4f31950d210f",
|
|
"x-misp-attribute--5de78990-431c-448b-a460-4da1950d210f",
|
|
"observed-data--5de78c7c-6d88-48c2-98d0-47a0950d210f",
|
|
"file--5de78c7c-6d88-48c2-98d0-47a0950d210f",
|
|
"indicator--5de7889b-eb5c-4934-b531-483b950d210f",
|
|
"indicator--5de788c9-2964-40a3-8c7b-44ac950d210f",
|
|
"observed-data--5de788fd-e140-45b5-ac4b-47f2950d210f",
|
|
"url--5de788fd-e140-45b5-ac4b-47f2950d210f",
|
|
"observed-data--5de78919-6560-4e2d-80b6-4ecd950d210f",
|
|
"url--5de78919-6560-4e2d-80b6-4ecd950d210f",
|
|
"indicator--5de789bc-ea08-4bf7-9688-4ce8950d210f",
|
|
"indicator--5de789d2-0f30-41e3-bcd5-45df950d210f",
|
|
"indicator--5de78b13-9320-49f1-abff-420a950d210f",
|
|
"indicator--5de78bdc-b330-495c-94b0-43dc950d210f",
|
|
"indicator--5de78ce3-9f74-4f4b-a05b-4b15950d210f",
|
|
"relationship--4a61d6f8-47ff-4828-b7fe-c05ac108a1d0",
|
|
"relationship--3b393c91-10cf-48b8-b44b-763c3c650442",
|
|
"relationship--6e90b41a-fadb-4be5-bb36-655d4a3be6cf",
|
|
"relationship--ead0e501-14a9-4454-b463-bbfea370e8f3",
|
|
"relationship--4b1eda4d-84d6-4a87-9e91-318b2a22d309",
|
|
"relationship--66cb6995-bf3e-4a9e-a957-45c62ad226d5",
|
|
"relationship--e9a01192-38a7-43a2-9a95-b10449a02aee",
|
|
"relationship--1d1fc980-5262-4bb8-945b-6bd1e3048be1",
|
|
"relationship--21054621-affe-42c8-b8bd-45a11bfb9fe0",
|
|
"relationship--f6855de8-a99b-42b9-ae05-b9913caa27cf"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\"",
|
|
"misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Other Network Medium - T1011\"",
|
|
"misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"osint:source-type=\"source-code-repository\"",
|
|
"osint:certainty=\"100\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5de78960-6df8-4e53-8db2-4f31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T10:25:30.000Z",
|
|
"modified": "2019-12-04T10:25:30.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Other\""
|
|
],
|
|
"x_misp_category": "Other",
|
|
"x_misp_comment": "Name of the malicious package",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "python3-dateutil"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5de78990-431c-448b-a460-4da1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T10:25:20.000Z",
|
|
"modified": "2019-12-04T10:25:20.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Other\""
|
|
],
|
|
"x_misp_category": "Other",
|
|
"x_misp_comment": "Name of the malicious package",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "jeIlyfish"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5de78c7c-6d88-48c2-98d0-47a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T11:03:00.000Z",
|
|
"modified": "2019-12-04T11:03:00.000Z",
|
|
"first_observed": "2019-12-04T11:03:00Z",
|
|
"last_observed": "2019-12-04T11:03:00Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5de78c7c-6d88-48c2-98d0-47a0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5de78c7c-6d88-48c2-98d0-47a0950d210f",
|
|
"name": "Downloads/ITDS-2018-10-15-DRACO_SRV1-362.pfx"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5de7889b-eb5c-4934-b531-483b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T10:51:37.000Z",
|
|
"modified": "2019-12-04T10:51:37.000Z",
|
|
"pattern": "[url:value = 'https://gitlab.com/olgired2017/aeg_wandoo_dag_m3/raw/master/hashsum']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-04T10:51:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5de788c9-2964-40a3-8c7b-44ac950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T10:22:01.000Z",
|
|
"modified": "2019-12-04T10:22:01.000Z",
|
|
"pattern": "[url:value = 'http://bitly.com/25VZxUbmkr']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-04T10:22:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5de788fd-e140-45b5-ac4b-47f2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T13:22:14.000Z",
|
|
"modified": "2019-12-04T13:22:14.000Z",
|
|
"first_observed": "2019-12-04T13:22:14Z",
|
|
"last_observed": "2019-12-04T13:22:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5de788fd-e140-45b5-ac4b-47f2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"False\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5de788fd-e140-45b5-ac4b-47f2950d210f",
|
|
"value": "https://github.com/dateutil/dateutil/issues/984"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5de78919-6560-4e2d-80b6-4ecd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T13:22:37.000Z",
|
|
"modified": "2019-12-04T13:22:37.000Z",
|
|
"first_observed": "2019-12-04T13:22:37Z",
|
|
"last_observed": "2019-12-04T13:22:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5de78919-6560-4e2d-80b6-4ecd950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"False\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5de78919-6560-4e2d-80b6-4ecd950d210f",
|
|
"value": "https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5de789bc-ea08-4bf7-9688-4ce8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T10:56:50.000Z",
|
|
"modified": "2019-12-04T10:56:50.000Z",
|
|
"pattern": "[url:value = 'https://pypi.org/project/python3-dateutil/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-04T10:56:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5de789d2-0f30-41e3-bcd5-45df950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T10:56:29.000Z",
|
|
"modified": "2019-12-04T10:56:29.000Z",
|
|
"pattern": "[url:value = 'https://pypi.org/project/jeIlyfish/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-04T10:56:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5de78b13-9320-49f1-abff-420a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T10:51:06.000Z",
|
|
"modified": "2019-12-04T10:51:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = '132fafca98f58aa3c39b2b6f168c5a9b' AND file:hashes.SHA1 = '47bddd8311cc683a401eacce51c5f7df49170fc7' AND file:hashes.SHA256 = 'e8ec763a658519d9a11284f4e000f4be41e86b5c726904b6d178824eefd738da' AND file:name = 'hashsum' AND file:size = '2987' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAPhThE+gjToZwgYAAKsLAAAgABwAMTMyZmFmY2E5OGY1OGFhM2MzOWIyYjZmMTY4YzVhOWJVVAkAAxOL510Ti+dddXgLAAEEIQAAAAQhAAAADyw4SDhBMwmGCAIZiIm23DZ+r6Y6n2DKo9vNppRtndVcm1cDJxt4pxRYqlVN/oA1SZtLjSDlR0HnfEM5dzFkSXOOYgOovyS7bNy4go8qkCKfnWYsM7UhPLAvwc5q3ZUFq+wgB+OQP9e7XAMzLIWDww/uArI+loWgqo5ndCk3VuNp/sstVv6VqfNSh0Igcc+SRu5aZzvgnJN1/JmvJlnMPxohRt7LRjV1ERMMhaNwqnAlz2LiY4GkSNOdWMJBppJtFlnwwBcZVuU54nZ6xwy+Ow4kolEjjVp57lFySx46MpJNe1wtr/huUSWIaIvikJ4740XmU3zck+CE1oQlMqjJ/NpdX7TA4Q0zzWe66ICMq+NjYOZ0GEi2ILP5Pw1QmK2Fcamy0kKV6EntVDWqq5/72BMfhVqGfySpNH0pTNoFrpIjaQjUeINeLvsnN1jbIWpLJNozCi90hlJltwmQxPo1zU+X3oZ+2JUsOWpGAcA+Op3xdqSS6aV6UxXURLE/oybRK0chqH8+30ewJojF1FwRFCI251t36L4paBJ3AH1JKDppBbjy1l0hrWaa5C7SVoqd36WXTNsZOggUNr5qL57qoEBMgPeQHXBTGQOMONMDxerxTnr1cEyA8zJAg+Qxd1Gb50ux4NUVwW1Wx0YxmY1lDDFw68F4nx/ULYQGRmmzKTlpCC8gj5keNX3nz5CyWgWmb9k1wQ2UKUUVeyb3EVHKfAwKVef901yRx5YJfkrroVc9FiXYJ4UGtkB6k+aLdnzO2MeliwfgLUTFK9H4krezzo0kxjKWTMTXscYJzq91tYI8+zrkR3TRpEafeDDTvphwTsRF77zFcFMq7bDUDBrr9y8qsqtEbc6CGgSJQ5NqBKq5MvN8dAp+G4QwkEowfLbRc68M0Rr4NBHmKaOhLa44Tuc6WeQZAaw4m6zQNb+EwuZpWeKvqvLYpEbtMrZWSua4GVNTHQbr7hWK6DAdmF66GJqlT9oLwid56uHq111Ofg2T+siZjbocmjbHtPrnF9hrq0Vzmpf8++A6F8CLgnSoyzhbH/sEbZ+AO2POEAY7l/Hx+K6q8qJwJY5pkeO3tkkBQB1p6pES5JRQAj8cLU6yLke84JuZaIEO2rqrQ+Tf+7asWEpxpE7HHM2PN31NeOXVbc338mdopKDd+L9RaRQ65SfbGy8hxgoXM6Hv1c5L4qOfHbmnXL055TrXdbyYCxgbxeZLmEDSnD6oEs8O0ij6yB+8JVPJ6TIduIiS6XNm6F+zNov0vwUfMBQJiLf4C5Yo1LLsmljkCk2O2aKU5f2n5R+K7wHE7IeMm2kibBft08rbJTT4M3eLl04H0zNMEY0F+ZxFXVs+8pgHnpRLcYQXVDnyZzyUfXbtITqKq4vuYfImSFhCDtadBe75Q2BR09zxt1Q4o1tjxcqD1fH0l8BsMfwAmPnPR7LiuHUBXXVo4C3VTm418rMcWNHgBd8wEhwJp6zUMFr/NwlkGP1fdIMwiYjRBijUWL+R041avp6ouJ7BxK9pXOqmaBd135hPrOaQxT6cGrfxkR1t4ioWd6jVNhc324W8VqS86i2CoottklxEHAO10LvW4BsNDVGCyjhXklji8CcqfyrRblfaNB9eoufG6V66mAOchNpa7JTZQez2HLwcUKxWY97GUj5tY+wDgTBvL6X5H02ZyPfg4sqoMa3QPWf4XUN9Pof3GFgmguA/TuWms7EL8XtE5cSFTAgh3hLRutS567UUS5AHM58TSMT0bnL9XGV8XCk0TXAtEJ3gCJ3P0mhqE7pyA4HpkxkpJfHOsdlSovSmUX1vY2JRygTX+aIj/46bbvt90a7Bi1f1HjX+b1+2o4R7AW4UDfJeqHdNbuN9ijNYL1UcyySXAtqnomnSK/vUaEpCb1nC4pszjtRSSNt1HG9N7i6lutIRoW0uQKwcdYvN3fBgD/As/ksT9QQEJbzt6h/xb6IdU8JyG35yOkdlJjZrg9+jOjpxYCAI0SzVWSTUk7zWrmxQjn/mujL+DB0wvyrlPjLHEj8PhlAM8ItZuVxXDS25GezgObmZSg/BS/Uf6EetUXxmBSemS9HZ03HSe/vBMMZFeQgeA/Bc2vS9JNGDXUyJt8x2e8pIIWDKqCog6GlEyFjB5MzGkk3hEcCc189alAj/bWrtS+cxt9ya/gK19pz7UdEpJT8bCZO/ENieSmBfHDghFs+eGYK4jwsdosJ2qdulRmHgXi7jkPA8DFJ8nkeYPtztQnbbkixSFrJgEHWJtk4Gnsgj2MdCDvBOuUnOXmQWR35VSw0b3XDOStc4hYiQhpRqMMpQSwcIoI06GcIGAACrCwAAUEsDBAoACQAAAPhThE+vAoGREwAAAAcAAAAtABwAMTMyZmFmY2E5OGY1OGFhM2MzOWIyYjZmMTY4YzVhOWIuZmlsZW5hbWUudHh0VVQJAAMTi+ddE4vnXXV4CwABBCEAAAAEIQAAAOAT4Gvlk6cv5HU9d9Tku8uLrXlQSwcIrwKBkRMAAAAHAAAAUEsBAh4DFAAJAAgA+FOET6CNOhnCBgAAqwsAACAAGAAAAAAAAQAAAKSBAAAAADEzMmZhZmNhOThmNThhYTNjMzliMmI2ZjE2OGM1YTliVVQFAAMTi+dddXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA+FOET68CgZETAAAABwAAAC0AGAAAAAAAAQAAAKSBLAcAADEzMmZhZmNhOThmNThhYTNjMzliMmI2ZjE2OGM1YTliLmZpbGVuYW1lLnR4dFVUBQADE4vnXXV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAC2BwAAAAA=' AND file:content_ref.x_misp_filename = 'hashsum' AND file:content_ref.hashes.MD5 = '132fafca98f58aa3c39b2b6f168c5a9b' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-04T10:51:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5de78bdc-b330-495c-94b0-43dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T10:55:47.000Z",
|
|
"modified": "2019-12-04T10:55:47.000Z",
|
|
"description": "file unpack",
|
|
"pattern": "[file:hashes.MD5 = 'a5ce34545c5b06e98f60c93c0db14be5' AND file:hashes.SHA1 = '015fb194428fe47cdf3a2c8eefc5b6518ed1a135' AND file:hashes.SHA256 = 'e4c356b41fe198da888eb9e4964b92883384d3a7070c51d622911f2b7b5947a9' AND file:name = 'workfile' AND file:size = '3971' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAGRUhE8iCGicpgUAAIMPAAAgABwAYTVjZTM0NTQ1YzViMDZlOThmNjBjOTNjMGRiMTRiZTVVVAkAA9yL513ci+dddXgLAAEEIQAAAAQhAAAAq/Of/EYMXqQBEOliyLKgWAHuAor4s8XGusnt8O1xokRyL/TcFVixsmPwyVuTlnGGvZvUTJlOMAuvXUBirzWbp05ZkINjv1RVVguGwCRHvukLKqgCgUrb+8izwv5oNZhEehide7oI3T+VblZSKGhElAeNhN+ZY6NlrLTd9ZfYMryN8szapPX4nSxImABtLq64OHQy5ZW3Bf3rBiIm7wEVRiy0tCMw8rNOd72YyHQWqPMAXv3Xn83Jywp9FoTopnliU4ttUc+vfRaggu8Di1RG1QaCiMkHnj2GzXBDZboLbTzy9RbN8Hp/XIcxmlItoxvWZV4Gve/1DWu+LA7gl66e/XfVSmHNOt25OqBXEzllZYfg1GMw6kjwmMCy/C634UmzKXQrqoT2EezQxBw2kdoTuaK68twy4qYYSDWQtpdYuxfWzOlA0tRxDEHCopETNg6nkslNmbXCDPg5DN2YNvY2Lx2t+vXqnWGmUHrwmmI2LeLzHTfjYd99/n/72q6bJOiC38FgKGf4t5VjIqvP2eQUS1Fgf26KdU2eyy1MrywU/OHK5fwonNeX9rM7VBl/IbXBOZ7Gvq3F5Xi8PX6BDc5hTdd4NnOABxJIOz9WZo1qokWJ/yqp4COv8kb5zA842Tbkdc4rFGhIeV/odhC3NNfQdMd7cBhFwXyG4K2uKy2Z8xQcwUyfp6AEKCHFrlIj/fKEgzI6iaOQUjYwTCrLXvByOL3HJsbk0Nrn3UL4ycknyDCqCGGYlkqP88dO/kmeLFd3kzrerJKo6/eBP5JEQmHY450pCA81/A0a/jg1/CJHdKtmd8C90+C94Akun5A/HA4+L932X87PPSAYHM0eB1DTh7VDRM7Byt2dVU5h9t3CZKPWGRvAKF1rppWlciJGMqSr9gBhMJl7/pxfULhErnN01kzgcoHaAhW+3T4acWVkvmy4IagjA9Kgh5vH/suIRIY8vKvqaHH15z/9sK6RuAiClqtWYYwEI1dbjHwTj3138062N96FJCjqXsTQ37mSJ+lNPuHG/d5rkzwnTbPG/9zZ+g9Jt/Bw7RDUopkL8I03HcWuyqQMPGmxsX6lZ1G5iVwhj0paPPTHw709c+YJ+dbyCJEcILVUsE/aCPMZU/0e5v5IIKxVjmKLfumqphqQjvIo/AX4Bm0JvvwosYT99lTkRlLeZpyEdTp9An79FS1JFgrCRAWqGgq2bHcIw+Qmbia4Sn5R9hpvDEBQ9BhhNJermMR+saOoV0imioS4mPaTEv3TmZBz4y5HkvrntChCToEZNPKL0jhjEoCtXCQE79dydhl88RAjhn0E2rcBiwyetEqcD97F4dXY6tq4+VH6s5rIudoC/oq0BbFDt5HstXIY/949SzBNZA+nIpN7Ki6p5YxDu6o2sist8rwKWSHjLGtmOUjLh6yL4NN0wivTPvQjbf+QJTTb2K7EU+bOoqJP+lrpoQ5JoO5rsGt7RVDBPIoHoo4keHhY6r/z9de8mumLgmAy9a6EXu+lM932nWGYugxhGxru/xGrovBnvN7vUQV0hxSF40BcmjlUx7k/zrT6qqsp33ccmFLVlQu2ogdKSlZlaniA6X1GihTCHieXZm+jCw2Cxa7K32lPxdmgWOHxyhLzs+oJHfpkkwpj4wYzn3SNuFTkfsN+46UgS2Wbl9O+YGVZuDDD8AsaSER5RvQfBP0GsolEFfZiRJanVdvUuCaytlPIayhkCSZUir2bgxxdekhp4oJTReL2fSd38viWkte2AJOATUTCSXrepEAk4Lx30AdX1j8txqQYhrjCb3Ke3RA7Giyq5HxnNyLKWhNIMCJ9/At5xO2xcdXaIVDLq5Y0wzvwg6LO9VUQ+bKTgVpWaze+dGRtj6b7JYWxDhy4MLMW6TJIoIe198XL5TVRjujwPImT2rdETNa6oXJDFLwWSqYZxtdTUEsHCCIIaJymBQAAgw8AAFBLAwQKAAkAAABkVIRPdniauxQAAAAIAAAALQAcAGE1Y2UzNDU0NWM1YjA2ZTk4ZjYwYzkzYzBkYjE0YmU1LmZpbGVuYW1lLnR4dFVUCQAD3IvnXdyL5111eAsAAQQhAAAABCEAAACuBmmFqn8V2tn8MeGTVzBc+cKrvVBLBwh2eJq7FAAAAAgAAABQSwECHgMUAAkACABkVIRPIghonKYFAACDDwAAIAAYAAAAAAABAAAApIEAAAAAYTVjZTM0NTQ1YzViMDZlOThmNjBjOTNjMGRiMTRiZTVVVAUAA9yL5111eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABkVIRPdniauxQAAAAIAAAALQAYAAAAAAABAAAApIEQBgAAYTVjZTM0NTQ1YzViMDZlOThmNjBjOTNjMGRiMTRiZTUuZmlsZW5hbWUudHh0VVQFAAPci+dddXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAJsGAAAAAA==' AND file:content_ref.x_misp_filename = 'workfile' AND file:content_ref.hashes.MD5 = 'a5ce34545c5b06e98f60c93c0db14be5' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-04T10:55:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5de78ce3-9f74-4f4b-a05b-4b15950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-04T10:39:31.000Z",
|
|
"modified": "2019-12-04T10:39:31.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://68.183.212.246:32258' AND url:x_misp_host = '68.183.212.246' AND url:x_misp_port = '32258']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-04T10:39:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"url\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4a61d6f8-47ff-4828-b7fe-c05ac108a1d0",
|
|
"created": "2019-12-04T10:51:37.000Z",
|
|
"modified": "2019-12-04T10:51:37.000Z",
|
|
"relationship_type": "downloaded-from",
|
|
"source_ref": "indicator--5de7889b-eb5c-4934-b531-483b950d210f",
|
|
"target_ref": "indicator--5de788c9-2964-40a3-8c7b-44ac950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3b393c91-10cf-48b8-b44b-763c3c650442",
|
|
"created": "2019-12-04T10:48:45.000Z",
|
|
"modified": "2019-12-04T10:48:45.000Z",
|
|
"relationship_type": "downloads",
|
|
"source_ref": "indicator--5de789bc-ea08-4bf7-9688-4ce8950d210f",
|
|
"target_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6e90b41a-fadb-4be5-bb36-655d4a3be6cf",
|
|
"created": "2019-12-04T10:56:49.000Z",
|
|
"modified": "2019-12-04T10:56:49.000Z",
|
|
"relationship_type": "is-in-relation-with",
|
|
"source_ref": "indicator--5de789bc-ea08-4bf7-9688-4ce8950d210f",
|
|
"target_ref": "x-misp-attribute--5de78960-6df8-4e53-8db2-4f31950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ead0e501-14a9-4454-b463-bbfea370e8f3",
|
|
"created": "2019-12-04T10:47:56.000Z",
|
|
"modified": "2019-12-04T10:47:56.000Z",
|
|
"relationship_type": "downloads",
|
|
"source_ref": "indicator--5de789d2-0f30-41e3-bcd5-45df950d210f",
|
|
"target_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4b1eda4d-84d6-4a87-9e91-318b2a22d309",
|
|
"created": "2019-12-04T10:56:29.000Z",
|
|
"modified": "2019-12-04T10:56:29.000Z",
|
|
"relationship_type": "abuses",
|
|
"source_ref": "indicator--5de789d2-0f30-41e3-bcd5-45df950d210f",
|
|
"target_ref": "x-misp-attribute--5de78990-431c-448b-a460-4da1950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--66cb6995-bf3e-4a9e-a957-45c62ad226d5",
|
|
"created": "2019-12-04T10:45:43.000Z",
|
|
"modified": "2019-12-04T10:45:43.000Z",
|
|
"relationship_type": "downloads",
|
|
"source_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f",
|
|
"target_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e9a01192-38a7-43a2-9a95-b10449a02aee",
|
|
"created": "2019-12-04T10:51:06.000Z",
|
|
"modified": "2019-12-04T10:51:06.000Z",
|
|
"relationship_type": "downloaded-from",
|
|
"source_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f",
|
|
"target_ref": "indicator--5de7889b-eb5c-4934-b531-483b950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1d1fc980-5262-4bb8-945b-6bd1e3048be1",
|
|
"created": "2019-12-04T10:50:31.000Z",
|
|
"modified": "2019-12-04T10:50:31.000Z",
|
|
"relationship_type": "extracted-from",
|
|
"source_ref": "indicator--5de78bdc-b330-495c-94b0-43dc950d210f",
|
|
"target_ref": "indicator--5de78b13-9320-49f1-abff-420a950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--21054621-affe-42c8-b8bd-45a11bfb9fe0",
|
|
"created": "2019-12-04T10:52:17.000Z",
|
|
"modified": "2019-12-04T10:52:17.000Z",
|
|
"relationship_type": "exfiltrates-to",
|
|
"source_ref": "indicator--5de78bdc-b330-495c-94b0-43dc950d210f",
|
|
"target_ref": "indicator--5de78ce3-9f74-4f4b-a05b-4b15950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f6855de8-a99b-42b9-ae05-b9913caa27cf",
|
|
"created": "2019-12-04T10:55:47.000Z",
|
|
"modified": "2019-12-04T10:55:47.000Z",
|
|
"relationship_type": "uploads",
|
|
"source_ref": "indicator--5de78bdc-b330-495c-94b0-43dc950d210f",
|
|
"target_ref": "observed-data--5de78c7c-6d88-48c2-98d0-47a0950d210f"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |