4446 lines
No EOL
200 KiB
JSON
4446 lines
No EOL
200 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--174f7375-c811-4c4a-81e0-1d41582f340d",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:58:38.000Z",
|
|
"modified": "2021-03-26T11:58:38.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--174f7375-c811-4c4a-81e0-1d41582f340d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:58:38.000Z",
|
|
"modified": "2021-03-26T11:58:38.000Z",
|
|
"name": "OSINT - Analyzing attacks taking advantage of the Exchange Server vulnerabilities",
|
|
"published": "2021-03-26T11:59:57Z",
|
|
"object_refs": [
|
|
"indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3",
|
|
"indicator--0507d917-2bfd-418a-9c91-65edfe6df45f",
|
|
"indicator--27883473-9495-4bdc-84e1-8898c13d1f52",
|
|
"indicator--222418c5-b7f1-494e-9044-bfb11f195703",
|
|
"indicator--fb9b415d-0c5f-4bc2-a966-8f2de3e6b5ad",
|
|
"indicator--d3418d73-07c0-4c8e-887e-1c0ef132491c",
|
|
"indicator--30133a6e-5b42-4d43-b14e-14c0ce5c48fd",
|
|
"indicator--1b11e7b2-b5d3-49ce-a2e4-67b4b733805c",
|
|
"indicator--09c6e13b-9ee3-4d11-91c7-2934ce6214a5",
|
|
"indicator--90d44c63-36d4-4adb-94ae-477475eeba3e",
|
|
"indicator--ca05457f-042b-4300-9c5e-52a335f989ef",
|
|
"indicator--6a2ad2ef-58be-4303-b7cf-41a1caaab335",
|
|
"indicator--6a380c0c-1f8f-4f16-92c7-631f398034e9",
|
|
"indicator--e50aa7c3-ae00-4429-91d7-7962db057e92",
|
|
"indicator--5ac9bd59-8ee3-44c0-a842-128312afcb41",
|
|
"indicator--53c5263a-7e99-412a-83ca-bed51b063a7c",
|
|
"indicator--1c8b9c11-d832-4d3a-aa72-6f20a40e9ce6",
|
|
"indicator--eb98ccd1-b6c2-459f-877c-6fc9cb5682ed",
|
|
"indicator--ec22d510-f3af-4807-b40d-0e9a84073347",
|
|
"indicator--5b9913c1-e277-4947-a05d-52a3528c82ad",
|
|
"indicator--a1f758e0-7568-4ed1-ab37-a8ee02e22359",
|
|
"indicator--a7c061b6-8737-4833-9bfb-7dc7a9877edc",
|
|
"indicator--e8ef454d-3103-4a3c-9660-115baf72420d",
|
|
"indicator--58eddb96-5c84-408e-9a47-11034fd78da8",
|
|
"indicator--2d57e2fe-cd02-4ccf-b1fd-d14398c8cff4",
|
|
"indicator--d3143632-5173-4516-9327-8e22f0deb6e6",
|
|
"indicator--9eefe9a8-57b4-4af0-9e46-a5ecc756d2a2",
|
|
"indicator--1eb9c95a-aca6-4e17-95d8-85eb5580f05b",
|
|
"indicator--151610f0-2fb7-46d6-b3e1-b3b627878ada",
|
|
"indicator--eecf9939-d3d5-443a-ade5-374142e5bef8",
|
|
"indicator--637ef6c0-1d6c-4a0e-97a7-8c29d3a272ec",
|
|
"indicator--fecb1042-b6de-46ee-b3b8-e9b2a7d2e30c",
|
|
"indicator--e2526249-0422-4096-8b1e-7c189aea6270",
|
|
"indicator--7f7b791d-774d-4852-9456-2e5cbb6f47f8",
|
|
"indicator--1f505bb0-aa2c-41c5-bce0-b30cc941a94d",
|
|
"indicator--741ebe5a-d450-44ba-989d-98b2164a8591",
|
|
"indicator--debe77bb-8d18-4911-9726-a46c85d44795",
|
|
"indicator--a011b404-9097-48e4-a602-1372b238d3b3",
|
|
"indicator--3b0ce211-02ae-466d-9390-cf91f7c73014",
|
|
"indicator--493ab996-5d1b-4bcf-932d-2305a6541f26",
|
|
"indicator--a7e87b24-f989-402d-8673-d8741bc08184",
|
|
"indicator--fd66b672-274f-4bd0-9de6-04b1d46fd965",
|
|
"indicator--94aecbb8-5189-4e6e-9356-0172dcc89638",
|
|
"indicator--140c1e65-1d74-4e0f-9306-0690d7c91fed",
|
|
"indicator--fe58049f-d796-48a7-b572-0256fb1c719f",
|
|
"indicator--68db0c1e-4c28-43a4-96db-e85fe0dc2e53",
|
|
"indicator--e26ca02c-6819-4602-bbb8-ce6534aed660",
|
|
"indicator--411617df-f081-4b02-92fa-6374ee8b0f59",
|
|
"x-misp-attribute--9749a54a-4be5-4059-acbf-033d614dee7d",
|
|
"x-misp-attribute--a4071d67-2ea4-49d1-9c9b-0ee81234d809",
|
|
"x-misp-attribute--0178d543-9d09-4643-b5b6-ef0d2ea32e37",
|
|
"x-misp-attribute--3e1c27bd-054d-4e1c-a7f6-b1d0aae91db7",
|
|
"x-misp-attribute--77f83632-b74c-4bfd-a23d-c1cf3221bbf4",
|
|
"x-misp-attribute--3d8a57d8-98ae-427a-ab43-ff07a8971b36",
|
|
"x-misp-attribute--eb8743cd-6e7e-40b3-a6c6-b6270ad1dba0",
|
|
"x-misp-attribute--59e6151f-accb-40b8-b1a4-884ec8c14134",
|
|
"x-misp-attribute--669a2dc2-269d-4a5d-8025-21151208a7d3",
|
|
"x-misp-attribute--b0de41c7-ec23-491d-a31f-3dce62abf9af",
|
|
"x-misp-attribute--a09f91d6-2103-422c-bf5b-6451f4a1acdc",
|
|
"x-misp-attribute--1315cf20-b279-490f-aded-5ae5c53ba9d3",
|
|
"x-misp-attribute--368c532e-2cfb-4946-b88f-8c0fea358d20",
|
|
"x-misp-attribute--7a16683b-3e4a-49dc-941f-13299d77d90a",
|
|
"x-misp-object--c96a5a0f-a2d4-4072-8eb2-e85fdf0632fb",
|
|
"indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac",
|
|
"x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8",
|
|
"indicator--a195cd72-0b3b-4c16-a185-1dbba192b089",
|
|
"x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91",
|
|
"indicator--9e5710ce-d800-4726-b66b-0a2f6568a769",
|
|
"x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09",
|
|
"indicator--98476378-a729-4dc9-8381-460968f44e41",
|
|
"x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba",
|
|
"indicator--16eab987-8119-482e-81ca-637d7ab2027a",
|
|
"x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7",
|
|
"indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a",
|
|
"x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530",
|
|
"indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90",
|
|
"x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44",
|
|
"indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe",
|
|
"x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769",
|
|
"indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5",
|
|
"x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda",
|
|
"indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881",
|
|
"x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98",
|
|
"indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016",
|
|
"x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d",
|
|
"indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48",
|
|
"x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4",
|
|
"indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427",
|
|
"x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d",
|
|
"indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e",
|
|
"x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3",
|
|
"indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c",
|
|
"x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28",
|
|
"indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7",
|
|
"x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f",
|
|
"indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d",
|
|
"x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac",
|
|
"indicator--5b361066-2b82-4c80-b4ae-690998433d3c",
|
|
"x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996",
|
|
"indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67",
|
|
"x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5",
|
|
"indicator--606c37d3-7072-49e9-ba9a-f091642c58b6",
|
|
"x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c",
|
|
"indicator--833d3f3f-8273-4951-b714-6706bc1347d0",
|
|
"x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8",
|
|
"indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e",
|
|
"x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930",
|
|
"indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de",
|
|
"x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66",
|
|
"indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3",
|
|
"x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d",
|
|
"indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8",
|
|
"x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777",
|
|
"indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04",
|
|
"x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9",
|
|
"indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230",
|
|
"x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59",
|
|
"indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643",
|
|
"x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532",
|
|
"indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461",
|
|
"x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd",
|
|
"indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247",
|
|
"x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d",
|
|
"indicator--0737e5f5-f011-41ba-aa2d-17120ee75143",
|
|
"x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548",
|
|
"indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026",
|
|
"x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b",
|
|
"indicator--bcb634ef-c629-450c-a194-3197dcac08bf",
|
|
"x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7",
|
|
"indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6",
|
|
"x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c",
|
|
"indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd",
|
|
"x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a",
|
|
"indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5",
|
|
"x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078",
|
|
"x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325",
|
|
"x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67",
|
|
"x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95",
|
|
"relationship--9f662ab6-d39f-45dd-8258-5e5f4b856322",
|
|
"relationship--5b52f790-03a7-426b-9732-c71673ecd11f",
|
|
"relationship--855c5bd5-5f02-44c6-821a-d102b07ba0f5",
|
|
"relationship--b564aa36-c861-4c8b-8ad7-4785bbf9894c",
|
|
"relationship--ca8c3b24-853e-4ec2-b2db-5ccdd3b9d02f",
|
|
"relationship--95a39e53-8809-485a-bfb9-6d6f5b0bd5d3",
|
|
"relationship--5e86cee2-67c2-4635-aa21-14313ebf268f",
|
|
"relationship--cd91204a-1767-44cd-b59f-7fefbcdc3dee",
|
|
"relationship--a6a6c195-890d-4eee-8953-7f52dad09f72",
|
|
"relationship--5aae4221-f3f1-4c7c-abc0-42e6ab7ce3a6",
|
|
"relationship--2f544349-09f2-44ce-a30c-d2a041abbf61",
|
|
"relationship--6455dc32-0d82-408d-b8c3-8e661e88697c",
|
|
"relationship--5724355b-237f-460a-83ce-cb732b591cee",
|
|
"relationship--abef0590-af21-4bc8-acf7-8563be17767b",
|
|
"relationship--72d80d6e-988c-4f1d-9a48-875c16be854f",
|
|
"relationship--0fb9ba74-50a3-4358-95f3-384e04ebe892",
|
|
"relationship--f99710b7-088f-4559-952a-4ca8dd0a7bbd",
|
|
"relationship--c8ddac49-842c-48f0-99ba-0cdaf62955d0",
|
|
"relationship--455562c9-9bb7-4b3f-a866-577e7c1e754b",
|
|
"relationship--5c34ad83-b302-40a1-88ad-f9dd1804097d",
|
|
"relationship--d792fa18-0181-4cd2-8176-181cbd8cfa0a",
|
|
"relationship--c5486d7a-ed88-4080-a91b-dd088dbd1ed1",
|
|
"relationship--4e1154e2-3bf3-4181-b03d-9b0295d8f82b",
|
|
"relationship--1e7ce089-99ab-4e1b-9a86-dd4a5b340d09",
|
|
"relationship--b22e8312-6607-4c2b-9036-c2fd98612eec",
|
|
"relationship--1229e038-5362-4303-af8f-0f99e3900fa4",
|
|
"relationship--74fd83bf-7ac3-47fb-86cf-1583217b5789",
|
|
"relationship--36e6adbb-9342-4fa0-9600-d60777f54a27",
|
|
"relationship--e225006c-8bb3-4092-b811-12af8ea1b62a",
|
|
"relationship--0c0115ea-4d42-41bf-89f4-904c8e39146e",
|
|
"relationship--54776b96-3e34-4d85-a9b0-858c64e75d02",
|
|
"relationship--7ddf484e-2a66-4cfc-b70f-603cf130b934",
|
|
"relationship--b08e4f13-8eec-4023-99b7-506111ed32f1",
|
|
"relationship--fe429e20-5652-4b44-9380-83ff9b11fb23",
|
|
"relationship--776a22e2-eb30-4da4-bb17-e40e2199a813",
|
|
"relationship--fc05a2de-fbf9-4313-b5af-d6bfcfe4c1ed",
|
|
"relationship--9865045d-a7b4-4f90-aca5-459648a1ed0d",
|
|
"relationship--f3662099-fe73-4d2c-ba1d-82d623af3627",
|
|
"relationship--24b1c633-9634-4840-a112-7fb5b49ac813"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:50:34.000Z",
|
|
"modified": "2021-03-26T10:50:34.000Z",
|
|
"description": "Domains abused by Lemon Duck:",
|
|
"pattern": "[domain-name:value = 'down.sqlnetcat.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:50:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0507d917-2bfd-418a-9c91-65edfe6df45f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:50:34.000Z",
|
|
"modified": "2021-03-26T10:50:34.000Z",
|
|
"description": "Domains abused by Lemon Duck:",
|
|
"pattern": "[domain-name:value = 't.sqlnetcat.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:50:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--27883473-9495-4bdc-84e1-8898c13d1f52",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:50:34.000Z",
|
|
"modified": "2021-03-26T10:50:34.000Z",
|
|
"description": "Domains abused by Lemon Duck:",
|
|
"pattern": "[domain-name:value = 't.netcatkit.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:50:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--222418c5-b7f1-494e-9044-bfb11f195703",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:07.000Z",
|
|
"modified": "2021-03-26T10:51:07.000Z",
|
|
"description": "Pydomer DGA network indicators:",
|
|
"pattern": "[url:value = 'uiiuui.com/search/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fb9b415d-0c5f-4bc2-a966-8f2de3e6b5ad",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:07.000Z",
|
|
"modified": "2021-03-26T10:51:07.000Z",
|
|
"description": "Pydomer DGA network indicators:",
|
|
"pattern": "[url:value = 'yuuuuu43.com/vpn-service/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d3418d73-07c0-4c8e-887e-1c0ef132491c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:07.000Z",
|
|
"modified": "2021-03-26T10:51:07.000Z",
|
|
"description": "Pydomer DGA network indicators:",
|
|
"pattern": "[url:value = 'yuuuuu44.com/vpn-service/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--30133a6e-5b42-4d43-b14e-14c0ce5c48fd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:07.000Z",
|
|
"modified": "2021-03-26T10:51:07.000Z",
|
|
"description": "Pydomer DGA network indicators:",
|
|
"pattern": "[url:value = 'yuuuuu46.com/search/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1b11e7b2-b5d3-49ce-a2e4-67b4b733805c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:33.000Z",
|
|
"modified": "2021-03-26T10:51:33.000Z",
|
|
"description": "Pydomer associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--09c6e13b-9ee3-4d11-91c7-2934ce6214a5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:34.000Z",
|
|
"modified": "2021-03-26T10:51:34.000Z",
|
|
"description": "Pydomer associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--90d44c63-36d4-4adb-94ae-477475eeba3e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:34.000Z",
|
|
"modified": "2021-03-26T10:51:34.000Z",
|
|
"description": "Pydomer associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ca05457f-042b-4300-9c5e-52a335f989ef",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:34.000Z",
|
|
"modified": "2021-03-26T10:51:34.000Z",
|
|
"description": "Pydomer associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6a2ad2ef-58be-4303-b7cf-41a1caaab335",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:34.000Z",
|
|
"modified": "2021-03-26T10:51:34.000Z",
|
|
"description": "Pydomer associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6a380c0c-1f8f-4f16-92c7-631f398034e9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:34.000Z",
|
|
"modified": "2021-03-26T10:51:34.000Z",
|
|
"description": "Pydomer associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e50aa7c3-ae00-4429-91d7-7962db057e92",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:34.000Z",
|
|
"modified": "2021-03-26T10:51:34.000Z",
|
|
"description": "Pydomer associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ac9bd59-8ee3-44c0-a842-128312afcb41",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--53c5263a-7e99-412a-83ca-bed51b063a7c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1c8b9c11-d832-4d3a-aa72-6f20a40e9ce6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eb98ccd1-b6c2-459f-877c-6fc9cb5682ed",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ec22d510-f3af-4807-b40d-0e9a84073347",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9913c1-e277-4947-a05d-52a3528c82ad",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a1f758e0-7568-4ed1-ab37-a8ee02e22359",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a7c061b6-8737-4833-9bfb-7dc7a9877edc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e8ef454d-3103-4a3c-9660-115baf72420d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58eddb96-5c84-408e-9a47-11034fd78da8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2d57e2fe-cd02-4ccf-b1fd-d14398c8cff4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'd8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d3143632-5173-4516-9327-8e22f0deb6e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9eefe9a8-57b4-4af0-9e46-a5ecc756d2a2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1eb9c95a-aca6-4e17-95d8-85eb5580f05b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--151610f0-2fb7-46d6-b3e1-b3b627878ada",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eecf9939-d3d5-443a-ade5-374142e5bef8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:51:49.000Z",
|
|
"modified": "2021-03-26T10:51:49.000Z",
|
|
"description": "Lemon Duck associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--637ef6c0-1d6c-4a0e-97a7-8c29d3a272ec",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:14.000Z",
|
|
"modified": "2021-03-26T10:52:14.000Z",
|
|
"description": "DoejoCrypt associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fecb1042-b6de-46ee-b3b8-e9b2a7d2e30c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:14.000Z",
|
|
"modified": "2021-03-26T10:52:14.000Z",
|
|
"description": "DoejoCrypt associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e2526249-0422-4096-8b1e-7c189aea6270",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:14.000Z",
|
|
"modified": "2021-03-26T10:52:14.000Z",
|
|
"description": "DoejoCrypt associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7f7b791d-774d-4852-9456-2e5cbb6f47f8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:14.000Z",
|
|
"modified": "2021-03-26T10:52:14.000Z",
|
|
"description": "DoejoCrypt associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = '904fbea2cd68383f32c5bc630d2227601dc52f94790fe7a6a7b6d44bfd904ff3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1f505bb0-aa2c-41c5-bce0-b30cc941a94d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:14.000Z",
|
|
"modified": "2021-03-26T10:52:14.000Z",
|
|
"description": "DoejoCrypt associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--741ebe5a-d450-44ba-989d-98b2164a8591",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:14.000Z",
|
|
"modified": "2021-03-26T10:52:14.000Z",
|
|
"description": "DoejoCrypt associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--debe77bb-8d18-4911-9726-a46c85d44795",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:14.000Z",
|
|
"modified": "2021-03-26T10:52:14.000Z",
|
|
"description": "DoejoCrypt associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a011b404-9097-48e4-a602-1372b238d3b3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:14.000Z",
|
|
"modified": "2021-03-26T10:52:14.000Z",
|
|
"description": "DoejoCrypt associated hashes",
|
|
"pattern": "[file:hashes.SHA256 = 'feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3b0ce211-02ae-466d-9390-cf91f7c73014",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:35.000Z",
|
|
"modified": "2021-03-26T10:52:35.000Z",
|
|
"description": "file hashes for some of the web shells observed during attacks",
|
|
"pattern": "[file:hashes.SHA256 = '201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--493ab996-5d1b-4bcf-932d-2305a6541f26",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:35.000Z",
|
|
"modified": "2021-03-26T10:52:35.000Z",
|
|
"description": "file hashes for some of the web shells observed during attacks",
|
|
"pattern": "[file:hashes.SHA256 = '2f0bc81c2ea269643cae307239124d1b6479847867b1adfe9ae712a1d5ef135e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a7e87b24-f989-402d-8673-d8741bc08184",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:35.000Z",
|
|
"modified": "2021-03-26T10:52:35.000Z",
|
|
"description": "file hashes for some of the web shells observed during attacks",
|
|
"pattern": "[file:hashes.SHA256 = '4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fd66b672-274f-4bd0-9de6-04b1d46fd965",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:35.000Z",
|
|
"modified": "2021-03-26T10:52:35.000Z",
|
|
"description": "file hashes for some of the web shells observed during attacks",
|
|
"pattern": "[file:hashes.SHA256 = '511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--94aecbb8-5189-4e6e-9356-0172dcc89638",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:35.000Z",
|
|
"modified": "2021-03-26T10:52:35.000Z",
|
|
"description": "file hashes for some of the web shells observed during attacks",
|
|
"pattern": "[file:hashes.SHA256 = '65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--140c1e65-1d74-4e0f-9306-0690d7c91fed",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:35.000Z",
|
|
"modified": "2021-03-26T10:52:35.000Z",
|
|
"description": "file hashes for some of the web shells observed during attacks",
|
|
"pattern": "[file:hashes.SHA256 = '811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fe58049f-d796-48a7-b572-0256fb1c719f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:35.000Z",
|
|
"modified": "2021-03-26T10:52:35.000Z",
|
|
"description": "file hashes for some of the web shells observed during attacks",
|
|
"pattern": "[file:hashes.SHA256 = '8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--68db0c1e-4c28-43a4-96db-e85fe0dc2e53",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:35.000Z",
|
|
"modified": "2021-03-26T10:52:35.000Z",
|
|
"description": "file hashes for some of the web shells observed during attacks",
|
|
"pattern": "[file:hashes.SHA256 = 'a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e26ca02c-6819-4602-bbb8-ce6534aed660",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:35.000Z",
|
|
"modified": "2021-03-26T10:52:35.000Z",
|
|
"description": "file hashes for some of the web shells observed during attacks",
|
|
"pattern": "[file:hashes.SHA256 = 'b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--411617df-f081-4b02-92fa-6374ee8b0f59",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:52:35.000Z",
|
|
"modified": "2021-03-26T10:52:35.000Z",
|
|
"description": "file hashes for some of the web shells observed during attacks",
|
|
"pattern": "[file:hashes.SHA256 = 'dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T10:52:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--9749a54a-4be5-4059-acbf-033d614dee7d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Behavior:Win32/Exmann"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--a4071d67-2ea4-49d1-9c9b-0ee81234d809",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Behavior:Win32/IISExchgSpawnEMS"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--0178d543-9d09-4643-b5b6-ef0d2ea32e37",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Exploit:ASP/CVE-2021-27065"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--3e1c27bd-054d-4e1c-a7f6-b1d0aae91db7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Exploit:Script/Exmann"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--77f83632-b74c-4bfd-a23d-c1cf3221bbf4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan:Win32/IISExchgSpawnCMD"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--3d8a57d8-98ae-427a-ab43-ff07a8971b36",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Behavior:Win32/IISExchgDropWebshellBackdoor:JS/Webshell"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--eb8743cd-6e7e-40b3-a6c6-b6270ad1dba0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Backdoor:PHP/Chopper"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--59e6151f-accb-40b8-b1a4-884ec8c14134",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Backdoor:ASP/Chopper"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--669a2dc2-269d-4a5d-8025-21151208a7d3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Backdoor:MSIL/Chopper"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--b0de41c7-ec23-491d-a31f-3dce62abf9af",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan:JS/Chopper"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--a09f91d6-2103-422c-bf5b-6451f4a1acdc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan:Win32/Chopper"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--1315cf20-b279-490f-aded-5ae5c53ba9d3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Behavior:Win32/WebShellTerminal"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--368c532e-2cfb-4946-b88f-8c0fea358d20",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan:PowerShell/LemonDuck"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--7a16683b-3e4a-49dc-941f-13299d77d90a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:53:22.000Z",
|
|
"modified": "2021-03-26T10:53:22.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan:Win32/LemonDuck"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c96a5a0f-a2d4-4072-8eb2-e85fdf0632fb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T10:50:13.000Z",
|
|
"modified": "2021-03-26T10:50:13.000Z",
|
|
"labels": [
|
|
"misp:name=\"report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/",
|
|
"category": "External analysis",
|
|
"uuid": "a0b6693c-59ff-4826-bb18-bf10284c3ac8"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "summary",
|
|
"value": "The first known attacks leveraging the Exchange Server vulnerabilities were by the nation-state actor HAFNIUM, which we detailed in this blog. In the three weeks after the Exchange server vulnerabilities were disclosed and the security updates were released, Microsoft saw numerous other attackers adopting the exploit into their toolkits. Attackers are known to rapidly work to reverse engineer patches and develop exploits. In the case of a remote code execution (RCE) vulnerability, the rewards are high for attackers who can gain access before an organization patches, as patching a system does not necessarily remove the access of the attacker.",
|
|
"category": "Other",
|
|
"uuid": "9d33109c-e0e3-480d-9e5d-451d5200837b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1e746f685711c3595bee0585c12f0527' AND file:hashes.SHA1 = '16154da1fa113cd1db105900fcc07b427002ffc3' AND file:hashes.SHA256 = '737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-23T04:27:01+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "2c14bc86-d2e7-421f-97fd-0111b11444ca"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4/detection/f-737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4-1616473621",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "16ade091-6021-4ba4-8743-5cb033d138d2"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/60",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "4be959d2-a3b2-423d-8071-9e27a3c5051c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a195cd72-0b3b-4c16-a185-1dbba192b089",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c6eeb14485d93f4e30fb79f3a57518fc' AND file:hashes.SHA1 = 'b7d99521348d319f57d2b2ba7045295fc99cf6a7' AND file:hashes.SHA256 = 'feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-22T07:29:43+00:00",
|
|
"category": "Other",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "869695b6-6123-41ec-b764-34b73b34cd86"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede/detection/f-feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede-1616398183",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "fe0b5dbb-63a9-42e7-9492-c8c45a3a86fd"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/69",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "f3726946-77f5-4753-a2cf-839b5a52ff81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9e5710ce-d800-4726-b66b-0a2f6568a769",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0e55ead3b8fd305d9a54f78c7b56741a' AND file:hashes.SHA1 = 'f7b084e581a8dcea450c2652f8058d93797413c3' AND file:hashes.SHA256 = '2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-25T17:09:24+00:00",
|
|
"category": "Other",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "e07381f9-9bee-4e66-894f-f2bbc781f4e8"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff/detection/f-2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff-1616692164",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "12e6d6a8-5382-49d6-a882-1c49a4fef03d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/69",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "3c8c05fb-53d5-4c0b-b55c-15c4b5e6867f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--98476378-a729-4dc9-8381-460968f44e41",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b2511bc215734adbdc43af963bdedb2c' AND file:hashes.SHA1 = 'b50cea98ed2a0704d076eaa4b6f1f2195ee86f5d' AND file:hashes.SHA256 = 'a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-02-18T08:41:32+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "d22cd8fe-d76c-48a3-9887-b9d52c902884"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85/detection/f-a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85-1613637692",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "c4d928fd-0a39-4333-a5c1-c949bed6ea2a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/60",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "d065c60f-6b99-488a-82c9-5283e1929633"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--16eab987-8119-482e-81ca-637d7ab2027a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a7e571312e05d547936aab18f0b30fbf' AND file:hashes.SHA1 = 'e0d643e759b2adf736b451aff9afa92811ab8a99' AND file:hashes.SHA256 = '027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-22T04:07:46+00:00",
|
|
"category": "Other",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "6c62d0c4-7948-4777-b360-0e0ca1f00c15"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27/detection/f-027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27-1616386066",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "c37add88-56ce-4830-b5b2-6e4956834b7b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/69",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "d37f4ba9-848b-4f9c-8aa7-a859dbddf418"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'faa5f4def7e037324f5f87239ddead2d' AND file:hashes.SHA1 = '00eb93b35a629ecbefca468fa5614c159b3becb9' AND file:hashes.SHA256 = '910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-26T06:32:11+00:00",
|
|
"category": "Other",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "779a7676-e85a-4eb5-b611-cf5015c61f2d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db/detection/f-910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db-1616740331",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "950b8e9d-341b-4f62-a28a-8f494f11e2e9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/71",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "1281a4ee-9000-485e-849a-eccb2e395abf"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c914cd653e0e3dedc050e182b04d0877' AND file:hashes.SHA1 = 'dcb9118569388375b855e965a587440f069e68c9' AND file:hashes.SHA256 = 'dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-23T04:27:02+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "ca8b61d9-7a2a-4f5e-ae87-83791af7778d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd/detection/f-dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd-1616473622",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "079d2673-59d0-4e8f-8fd8-a4551bf99f39"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/60",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "c9c9fe50-c187-4197-8af0-2caa64bf3880"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e294d6f427c64f77b5b61bb7b17dd12c' AND file:hashes.SHA1 = 'ccdae3ada854cc441106ec52c12823439bab6cba' AND file:hashes.SHA256 = '9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-09T04:36:07+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "fd566086-2351-4fcb-bb21-66e09063e930"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719/detection/f-9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719-1615264567",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "3038f774-92f5-4d00-8ce4-d0052950c231"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/60",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "7238d3f9-a1aa-4050-916a-faef0506f0c7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:35.000Z",
|
|
"modified": "2021-03-26T11:04:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7778e6a03a9bee17640353d3a11bb0b7' AND file:hashes.SHA1 = '119e1bca56f4d920ef6e2aa54c6f34534aba1182' AND file:hashes.SHA256 = '69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-15T04:27:09+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "ffde5223-08ca-47d2-85f6-90f96f98f06d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e/detection/f-69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e-1615782429",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "97356146-dfa8-4890-873a-55fa6db1a654"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/58",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "4d39fabd-788a-412c-ad6b-cdbe0c6a5e8b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9f05994819a3d8c1a3769352c7c39d1d' AND file:hashes.SHA1 = 'eb2457196e04dfdd54f70bd32ed02ae854d45bc0' AND file:hashes.SHA256 = '10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-17T12:54:53+00:00",
|
|
"category": "Other",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "4fcee4c5-8cc1-46bb-a02a-8aa51d1d80fa"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da/detection/f-10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da-1615985693",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "e04b13ea-7938-4f04-a85b-33cb3b46d734"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "d60fa16f-0465-4515-8225-9dfded930054"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '96c2f4acef5807b54ded4e0dae6ed79d' AND file:hashes.SHA1 = '3e93999954ce080a4dc2875638745a92c539bd50' AND file:hashes.SHA256 = 'c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-26T10:43:42+00:00",
|
|
"category": "Other",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "bf40e2d4-3f17-4de7-ba22-f2b175920607"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908/detection/f-c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908-1616755422",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "05e6b33a-5599-4596-a3e3-0ba912d7e913"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/71",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "45af6b9a-9266-4a2d-bcd7-2482ed300deb"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fe15fc6341baad2a111462854f96a2bc' AND file:hashes.SHA1 = '90cd4f920d48c05fd3cad8275223f596c6388cbd' AND file:hashes.SHA256 = 'a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-18T12:35:49+00:00",
|
|
"category": "Other",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "3e9b9f18-cf79-4cba-bf36-dd3aca92a364"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a/detection/f-a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a-1616070949",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "ce113efe-ce5c-4923-96f1-4af810a2ee65"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/59",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "ef51397f-7aea-4f59-ba77-0ad6496a261a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aef2ae9b36989bab8818696de5ccd5e7' AND file:hashes.SHA1 = 'f985022d7705d1ec575a1eef4ee32506d8b82871' AND file:hashes.SHA256 = '201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-26T03:50:32+00:00",
|
|
"category": "Other",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "12757096-d165-4389-af0f-6d799d73e476"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41/detection/f-201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41-1616730632",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "51934ad8-7c30-46c7-97a0-81f699bb9b23"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/58",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "13724e64-8624-4872-a693-ca8ecd923611"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a5f6b6e95ef8a26081259813ca18e17b' AND file:hashes.SHA1 = '242bc043057bb12e27a9fe4db20d6bdb953cbc11' AND file:hashes.SHA256 = '866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-25T06:49:59+00:00",
|
|
"category": "Other",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "e9085519-41c1-4fa7-8276-2e2cbb45ca85"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc/detection/f-866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc-1616654999",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "117b374e-1ab8-43b8-ade5-3bf3c701b3b1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/70",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "4266730a-eb89-4cad-9fa8-c5848d9bc3b9"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aa2efe290df3c38c26c70b1f40f69812' AND file:hashes.SHA1 = 'f6013bcaaa4f2df7c05ed2777bf845e844666297' AND file:hashes.SHA256 = 'a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-25T09:30:16+00:00",
|
|
"category": "Other",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "10c72310-3b26-4d22-9637-4f083d7abcbd"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287/detection/f-a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287-1616664616",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "33363245-a8b5-454e-a858-568492e1a9be"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/69",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "9588211c-a3d0-4083-967b-115f56cd2415"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aaed26520f0d31b13e8adf80a4e9effd' AND file:hashes.SHA1 = '2c5a683e8119345faf98fb0bb5f31a8cbfe0537e' AND file:hashes.SHA256 = '56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-12-03T14:02:35+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "3691a68a-97e7-40d1-96d5-279bdbb823fe"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c/detection/f-56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c-1607004155",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "db2973a4-4243-4bfb-a292-dc59b7d221a6"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/59",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "ee1570f1-abde-4958-ade7-c8937a7d2524"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'efcab2b28307300ee2c918b41f32cf91' AND file:hashes.SHA1 = 'bba0ad4f924e240f60e9a4a57e0d63c948023a6d' AND file:hashes.SHA256 = '9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-12-06T08:14:53+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "50c88681-8d74-4a69-b928-5795c7d17555"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd/detection/f-9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd-1607242493",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "69adb5ac-d9c3-448e-b037-855ef18f6276"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/60",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "442afd97-0df6-4e62-9930-0590d97ff0a3"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b361066-2b82-4c80-b4ae-690998433d3c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'db49b6f1f379122685be9553c5cc0f37' AND file:hashes.SHA1 = '45788a5c0c0d97d9bed9c0e6115eca1edbad8ba6' AND file:hashes.SHA256 = 'd8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-01-07T03:05:17+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "3de97867-9c81-4932-bf7a-a014dd32cb61"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09/detection/f-d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09-1609988717",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "6cee7b26-43d0-4d2c-b152-8cba5b80813a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "24/61",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "463b5e6d-e62f-45eb-a630-83e80c2e3c51"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b4b1c0f3183e3c3982f66d31690facaf' AND file:hashes.SHA1 = '0e0d4c62550e0cd384e29699e708ea23faa45306' AND file:hashes.SHA256 = 'fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:36.000Z",
|
|
"modified": "2021-03-26T11:04:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-15T04:27:09+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "7127659c-1f05-4542-9463-c60b3caa7361"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0/detection/f-fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0-1615782429",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "4fcd49cf-96d4-49de-b561-ba64e807bd8d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/59",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "fa4661b2-e1d8-4463-ba67-240b1caec5b5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--606c37d3-7072-49e9-ba9a-f091642c58b6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4271c75235072f7ee56f4ce16bd4d853' AND file:hashes.SHA1 = 'd184b29929d7f1aafba350d2782ec9dd87d1237d' AND file:hashes.SHA256 = 'bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-23T17:43:54+00:00",
|
|
"category": "Other",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "c311092c-9fd7-4b98-9331-5b30137dfefe"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748/detection/f-bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748-1616521434",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "e2500eff-8ca7-43e8-8204-7fe8ac52b6a1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "10/63",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "fe2dafe7-37c1-47ae-8f67-04193fd9e19c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--833d3f3f-8273-4951-b714-6706bc1347d0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6be28a4523984698e7154671f73361bf' AND file:hashes.SHA1 = 'b974375ef0f6dcb6ce30558df2ed8570bf1ad642' AND file:hashes.SHA256 = 'fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-25T17:11:43+00:00",
|
|
"category": "Other",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "a3e60ca7-e125-48d8-8980-e78a84afffc6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65/detection/f-fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65-1616692303",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "6e9e247d-ebe2-4145-a351-ab4d0d4700ff"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/69",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "d97605b6-c63f-49f0-8adf-68ec73a1f598"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5544ba9ad1b56101b5d52b5270421d4a' AND file:hashes.SHA1 = 'fc6f5ce56166d9b4516ba207f3a653b722e1a8df' AND file:hashes.SHA256 = '511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-25T17:44:24+00:00",
|
|
"category": "Other",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "8b7429ee-e68e-4bdf-8f49-639d1eb15d28"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1/detection/f-511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1-1616694264",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "0626fc1d-da91-4406-9f0d-e47bb57f4380"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "34/58",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "a92b2542-caa5-45b9-b6a9-bb2ee1daf6e7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4b3039cf227c611c45d2242d1228a121' AND file:hashes.SHA1 = '0ba9a76f55aaa495670d74d21850d0155ff5d6a5' AND file:hashes.SHA256 = 'b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-25T09:08:41+00:00",
|
|
"category": "Other",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "0c197ea2-c1df-4351-a387-bd4be90f2662"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0/detection/f-b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0-1616663321",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "182062ff-0869-47fb-ab25-9a1ab1e4757a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/59",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "b8a7520c-49cf-4bea-a8ed-d8418350286d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f8b604ca7aa304a479f2461d1b74e795' AND file:hashes.SHA1 = '0539c6df68e9ef15cbfa1f07daca8fd759fef874' AND file:hashes.SHA256 = 'b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-25T09:28:40+00:00",
|
|
"category": "Other",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "3415562e-3531-4526-ab5a-18e148b88458"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f/detection/f-b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f-1616664520",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "be3f7eea-6ce4-4649-a2cf-04a4e6dc38cf"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "a472f375-7e35-41c7-a008-50bf3c58b73b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '20e8e55625f68ed42a793d76d359a858' AND file:hashes.SHA1 = '7b7a1653030fd3ad4464b7f09d9ac401a5f691c9' AND file:hashes.SHA256 = 'c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-25T07:25:00+00:00",
|
|
"category": "Other",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "5fe7cddd-dc1e-49bd-b2a6-7863f6e2b18c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a/detection/f-c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a-1616657100",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "f0850dc7-1cfe-46ae-9180-7b25675af3cb"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/70",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "6c4d92c4-d849-4e24-849c-59d7ff0c9958"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '36d1edc364161e1446e015a8feec84c8' AND file:hashes.SHA1 = '995d12119b2ef37bcbbe097d0e520853ef1eb599' AND file:hashes.SHA256 = '3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-23T04:30:17+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "87f05b33-46ac-40a5-92ee-1b1de0a3bea9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec/detection/f-3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec-1616473817",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "24684a9d-9f35-4c32-b640-31095c647fbf"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/60",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "ca52efdb-5859-45cf-bc11-070769185f0c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8ccd905c0bbf09e76d19ea5de1455cb3' AND file:hashes.SHA1 = '9129fa215f3a35daa0179681c4c0177c5ff731ce' AND file:hashes.SHA256 = '7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-25T12:22:04+00:00",
|
|
"category": "Other",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "969ff01a-1fce-44e1-bcc1-9606b11364ef"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382/detection/f-7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382-1616674924",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "afea2cd9-f8e1-407b-8673-320db908bf88"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "22/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Pydomer associated hashes",
|
|
"uuid": "1e6bf9ec-f1e3-48d0-bc25-33ac307ed723"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f2e22df5e284587dc36f8041129af391' AND file:hashes.SHA1 = '6c9ec01e105f92727d6acee24a0db0f3ee54b02c' AND file:hashes.SHA256 = 'dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:37.000Z",
|
|
"modified": "2021-03-26T11:04:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-18T14:34:53+00:00",
|
|
"category": "Other",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "501b4cb9-9c77-42cf-bc67-a853dd21d69c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d/detection/f-dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d-1616078093",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "e50b4719-fbbe-4a2a-bf98-bede02cd0947"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "8/56",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "b5eabe27-cb81-4090-ae50-2548281d3124"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = '321df9000c3de177ad6b5544c621c73c' AND file:hashes.SHA1 = 'e273fdfe22553b5ab45c4775e66ae685ad9d9421' AND file:hashes.SHA256 = 'f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-23T04:33:43+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "5a7f6b6e-5620-42bc-8093-23ae31786bb5"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f/detection/f-f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f-1616474023",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "337fcab4-164c-4aa3-b464-50c420934d87"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/60",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "eebcb1d2-65a5-460c-be66-42b15829d872"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8a047f4917d75bb0bb6659e41569a9b7' AND file:hashes.SHA1 = '388ac00a76db82a0ac2434d1b4fb7420bab1a403' AND file:hashes.SHA256 = 'f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-01-13T04:56:42+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "7796fe41-cc68-488c-866a-72803ef21625"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501/detection/f-f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501-1610513802",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "29441525-7fa9-4f94-90b5-65ec62e47f84"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/60",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "8691f11a-d438-464a-a9c5-c28d06e4cc91"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0737e5f5-f011-41ba-aa2d-17120ee75143",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4ef04cba6bec2c3a164b9b755efbeb1c' AND file:hashes.SHA1 = '49644cbbb9d234bd4f7a47ed596c8bbfefd39065' AND file:hashes.SHA256 = '8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-23T11:33:56+00:00",
|
|
"category": "Other",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "02d6ff72-f9d1-4dda-b6b2-22b21f911cf1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc/detection/f-8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc-1616499236",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "33a391d1-534c-43d3-8b89-440a8966be9c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/59",
|
|
"category": "Payload delivery",
|
|
"comment": "file hashes for some of the web shells observed during attacks",
|
|
"uuid": "b412fd3b-24c9-407c-8550-b7a8c4ab8e66"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9e1545e5fe21f6d11c7151b7625b4dc2' AND file:hashes.SHA1 = 'b5c4b59a8073730e4001154f104c6e58fa0d69da' AND file:hashes.SHA256 = 'db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-01-15T23:37:13+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "1cedb96f-3b85-4286-abb6-bc4bd0135f90"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd/detection/f-db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd-1610753833",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "d5654fb2-f319-4492-b673-b2a46bf4e397"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/60",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "0b9df251-54d1-4c39-81c0-d1ae7dfc74b6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bcb634ef-c629-450c-a194-3197dcac08bf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3a9ff0529a0d9f0ddb3567d5e1faf1a0' AND file:hashes.SHA1 = '113ea510f7bda4da632e44f53743a158eae9d4f5' AND file:hashes.SHA256 = '893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-15T04:23:56+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "cc1a7dae-41f5-44c2-8276-80e1ae5c6a55"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e/detection/f-893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e-1615782236",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "06399175-7fa7-4c9e-80e9-659eda1fdeb0"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/58",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "c0d6686a-49c6-41f8-b9c6-b8682d1d7820"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cdda3913408c4c46a6c575421485fa5b' AND file:hashes.SHA1 = '56eec7392297e7301159094d7e461a696fe5b90f' AND file:hashes.SHA256 = 'e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-25T17:09:58+00:00",
|
|
"category": "Other",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "31a7ec95-06dd-45f2-b5c5-f697e268ff8d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6/detection/f-e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6-1616692198",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "70e4338c-3c35-46e4-89d0-31adb709c954"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "56/69",
|
|
"category": "Payload delivery",
|
|
"comment": "DoejoCrypt associated hashes",
|
|
"uuid": "622b1cbc-1cfa-45e4-876b-54850e42821c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0fa1e6af698aa1bac8a404bc39073165' AND file:hashes.SHA1 = '183d1c960d56b6b2c8d0e7a8d1133b2c1a68ab4f' AND file:hashes.SHA256 = '4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2021-03-17T06:38:46+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "77367d54-61d6-4838-8653-c88b6742386d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9/detection/f-4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9-1615963126",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "018861d0-77ec-4363-a736-166eb6cbfd14"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/60",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "66b6fa85-808c-4517-b5a2-0eebea469065"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:38.000Z",
|
|
"modified": "2021-03-26T11:04:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a54b9ccaaf2f66bc9492e2c574fe9be4' AND file:hashes.SHA1 = '60ef117443b1c8a07fd83ed9c44912a24b07539e' AND file:hashes.SHA256 = '0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2021-03-26T11:04:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-12-04T10:59:17+00:00",
|
|
"category": "Other",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "e3e47dbc-e35d-4bb4-865a-da00c5ce450b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc/detection/f-0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc-1607079557",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "df30a638-4dc5-4215-ae5c-bca49563c24f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/59",
|
|
"category": "Payload delivery",
|
|
"comment": "Lemon Duck associated hashes",
|
|
"uuid": "edd55caf-4550-435b-b94f-3b3c858ade5d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:57:05.000Z",
|
|
"modified": "2021-03-26T11:57:05.000Z",
|
|
"labels": [
|
|
"misp:name=\"passive-dns\"",
|
|
"misp:meta-category=\"network\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "rdata",
|
|
"value": "down.eatuo.com.",
|
|
"category": "Other",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com",
|
|
"uuid": "0bddeafa-7a6c-400d-9d17-c7aa61e801e8"
|
|
},
|
|
{
|
|
"type": "counter",
|
|
"object_relation": "count",
|
|
"value": "6928",
|
|
"category": "Other",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com",
|
|
"uuid": "d3a9ba89-5715-47c2-aaf3-112bd25dfdea"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "rrname",
|
|
"value": "down.sqlnetcat.com.",
|
|
"category": "Network activity",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com",
|
|
"uuid": "b9a5a870-8263-458d-a835-e59abaf32391"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "rrtype",
|
|
"value": "CNAME",
|
|
"category": "Network activity",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com",
|
|
"uuid": "743087e5-0cea-4a21-9235-1ddca94dcd29"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "bailiwick",
|
|
"value": "sqlnetcat.com.",
|
|
"category": "Other",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com",
|
|
"uuid": "f04a1396-21bb-4c5d-8d34-ad6dd4238355"
|
|
}
|
|
],
|
|
"x_misp_comment": "down.sqlnetcat.com: enriched via the farsight_passivedns module.",
|
|
"x_misp_meta_category": "network",
|
|
"x_misp_name": "passive-dns"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:57:11.000Z",
|
|
"modified": "2021-03-26T11:57:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"passive-dns\"",
|
|
"misp:meta-category=\"network\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "rdata",
|
|
"value": "cvc.7766.org.",
|
|
"category": "Other",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com",
|
|
"uuid": "2571e00a-31e2-44ab-bbf1-fb729c1bd1d9"
|
|
},
|
|
{
|
|
"type": "counter",
|
|
"object_relation": "count",
|
|
"value": "5851",
|
|
"category": "Other",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com",
|
|
"uuid": "459889b7-6a66-4e7f-81f8-b61a79b90bb9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "rrname",
|
|
"value": "t.sqlnetcat.com.",
|
|
"category": "Network activity",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com",
|
|
"uuid": "4eaea8f2-4d8d-466b-83ac-129b7bde1e93"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "rrtype",
|
|
"value": "CNAME",
|
|
"category": "Network activity",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com",
|
|
"uuid": "88047db8-d719-43a1-ab87-1f975c0d78ec"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "bailiwick",
|
|
"value": "sqlnetcat.com.",
|
|
"category": "Other",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com",
|
|
"uuid": "2b366322-44f6-456e-8e5c-b74974416de2"
|
|
}
|
|
],
|
|
"x_misp_comment": "t.sqlnetcat.com: enriched via the farsight_passivedns module.",
|
|
"x_misp_meta_category": "network",
|
|
"x_misp_name": "passive-dns"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2021-03-26T11:57:13.000Z",
|
|
"modified": "2021-03-26T11:57:13.000Z",
|
|
"labels": [
|
|
"misp:name=\"passive-dns\"",
|
|
"misp:meta-category=\"network\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "rdata",
|
|
"value": "cvc.7766.org.",
|
|
"category": "Other",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com",
|
|
"uuid": "ca77ccb5-20fe-4fd7-9fe3-af3a7808a75e"
|
|
},
|
|
{
|
|
"type": "counter",
|
|
"object_relation": "count",
|
|
"value": "8442",
|
|
"category": "Other",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com",
|
|
"uuid": "73584055-6503-49ff-b62b-4d9fb61c4bfa"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "rrname",
|
|
"value": "t.netcatkit.com.",
|
|
"category": "Network activity",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com",
|
|
"uuid": "0c57824d-8a0a-4bb7-b2bc-baccdb26f000"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "rrtype",
|
|
"value": "CNAME",
|
|
"category": "Network activity",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com",
|
|
"uuid": "ce08cee5-ee8f-4c0e-aae6-1dfca662707b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "bailiwick",
|
|
"value": "netcatkit.com.",
|
|
"category": "Other",
|
|
"comment": "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com",
|
|
"uuid": "d2ec7460-18fc-49f2-b6f9-5be19664dcdd"
|
|
}
|
|
],
|
|
"x_misp_comment": "t.netcatkit.com: enriched via the farsight_passivedns module.",
|
|
"x_misp_meta_category": "network",
|
|
"x_misp_name": "passive-dns"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9f662ab6-d39f-45dd-8258-5e5f4b856322",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac",
|
|
"target_ref": "x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5b52f790-03a7-426b-9732-c71673ecd11f",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a195cd72-0b3b-4c16-a185-1dbba192b089",
|
|
"target_ref": "x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--855c5bd5-5f02-44c6-821a-d102b07ba0f5",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9e5710ce-d800-4726-b66b-0a2f6568a769",
|
|
"target_ref": "x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b564aa36-c861-4c8b-8ad7-4785bbf9894c",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--98476378-a729-4dc9-8381-460968f44e41",
|
|
"target_ref": "x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ca8c3b24-853e-4ec2-b2db-5ccdd3b9d02f",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--16eab987-8119-482e-81ca-637d7ab2027a",
|
|
"target_ref": "x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--95a39e53-8809-485a-bfb9-6d6f5b0bd5d3",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a",
|
|
"target_ref": "x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5e86cee2-67c2-4635-aa21-14313ebf268f",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90",
|
|
"target_ref": "x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cd91204a-1767-44cd-b59f-7fefbcdc3dee",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe",
|
|
"target_ref": "x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a6a6c195-890d-4eee-8953-7f52dad09f72",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5",
|
|
"target_ref": "x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5aae4221-f3f1-4c7c-abc0-42e6ab7ce3a6",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881",
|
|
"target_ref": "x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2f544349-09f2-44ce-a30c-d2a041abbf61",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016",
|
|
"target_ref": "x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6455dc32-0d82-408d-b8c3-8e661e88697c",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48",
|
|
"target_ref": "x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5724355b-237f-460a-83ce-cb732b591cee",
|
|
"created": "2021-03-26T11:04:39.000Z",
|
|
"modified": "2021-03-26T11:04:39.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427",
|
|
"target_ref": "x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--abef0590-af21-4bc8-acf7-8563be17767b",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e",
|
|
"target_ref": "x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--72d80d6e-988c-4f1d-9a48-875c16be854f",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c",
|
|
"target_ref": "x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0fb9ba74-50a3-4358-95f3-384e04ebe892",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7",
|
|
"target_ref": "x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f99710b7-088f-4559-952a-4ca8dd0a7bbd",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d",
|
|
"target_ref": "x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c8ddac49-842c-48f0-99ba-0cdaf62955d0",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5b361066-2b82-4c80-b4ae-690998433d3c",
|
|
"target_ref": "x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--455562c9-9bb7-4b3f-a866-577e7c1e754b",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67",
|
|
"target_ref": "x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5c34ad83-b302-40a1-88ad-f9dd1804097d",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--606c37d3-7072-49e9-ba9a-f091642c58b6",
|
|
"target_ref": "x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d792fa18-0181-4cd2-8176-181cbd8cfa0a",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--833d3f3f-8273-4951-b714-6706bc1347d0",
|
|
"target_ref": "x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c5486d7a-ed88-4080-a91b-dd088dbd1ed1",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e",
|
|
"target_ref": "x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4e1154e2-3bf3-4181-b03d-9b0295d8f82b",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de",
|
|
"target_ref": "x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1e7ce089-99ab-4e1b-9a86-dd4a5b340d09",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3",
|
|
"target_ref": "x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b22e8312-6607-4c2b-9036-c2fd98612eec",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8",
|
|
"target_ref": "x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1229e038-5362-4303-af8f-0f99e3900fa4",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04",
|
|
"target_ref": "x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--74fd83bf-7ac3-47fb-86cf-1583217b5789",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230",
|
|
"target_ref": "x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--36e6adbb-9342-4fa0-9600-d60777f54a27",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643",
|
|
"target_ref": "x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e225006c-8bb3-4092-b811-12af8ea1b62a",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461",
|
|
"target_ref": "x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0c0115ea-4d42-41bf-89f4-904c8e39146e",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247",
|
|
"target_ref": "x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--54776b96-3e34-4d85-a9b0-858c64e75d02",
|
|
"created": "2021-03-26T11:04:40.000Z",
|
|
"modified": "2021-03-26T11:04:40.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0737e5f5-f011-41ba-aa2d-17120ee75143",
|
|
"target_ref": "x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7ddf484e-2a66-4cfc-b70f-603cf130b934",
|
|
"created": "2021-03-26T11:04:41.000Z",
|
|
"modified": "2021-03-26T11:04:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026",
|
|
"target_ref": "x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b08e4f13-8eec-4023-99b7-506111ed32f1",
|
|
"created": "2021-03-26T11:04:41.000Z",
|
|
"modified": "2021-03-26T11:04:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bcb634ef-c629-450c-a194-3197dcac08bf",
|
|
"target_ref": "x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fe429e20-5652-4b44-9380-83ff9b11fb23",
|
|
"created": "2021-03-26T11:04:41.000Z",
|
|
"modified": "2021-03-26T11:04:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6",
|
|
"target_ref": "x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--776a22e2-eb30-4da4-bb17-e40e2199a813",
|
|
"created": "2021-03-26T11:04:41.000Z",
|
|
"modified": "2021-03-26T11:04:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd",
|
|
"target_ref": "x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fc05a2de-fbf9-4313-b5af-d6bfcfe4c1ed",
|
|
"created": "2021-03-26T11:04:41.000Z",
|
|
"modified": "2021-03-26T11:04:41.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5",
|
|
"target_ref": "x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9865045d-a7b4-4f90-aca5-459648a1ed0d",
|
|
"created": "2021-03-26T11:57:10.000Z",
|
|
"modified": "2021-03-26T11:57:10.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325",
|
|
"target_ref": "indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f3662099-fe73-4d2c-ba1d-82d623af3627",
|
|
"created": "2021-03-26T11:57:11.000Z",
|
|
"modified": "2021-03-26T11:57:11.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67",
|
|
"target_ref": "indicator--0507d917-2bfd-418a-9c91-65edfe6df45f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--24b1c633-9634-4840-a112-7fb5b49ac813",
|
|
"created": "2021-03-26T11:57:13.000Z",
|
|
"modified": "2021-03-26T11:57:13.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95",
|
|
"target_ref": "indicator--27883473-9495-4bdc-84e1-8898c13d1f52"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |