misp-circl-feed/feeds/circl/stix-2.1/c65578dd-3d7d-4a1a-bc30-7d12af38a59a.json

1481 lines
No EOL
66 KiB
JSON

{
"type": "bundle",
"id": "bundle--c65578dd-3d7d-4a1a-bc30-7d12af38a59a",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-26T12:41:41.000Z",
"modified": "2022-04-26T12:41:41.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--c65578dd-3d7d-4a1a-bc30-7d12af38a59a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-26T12:41:41.000Z",
"modified": "2022-04-26T12:41:41.000Z",
"name": "TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies",
"published": "2022-04-26T12:42:10Z",
"object_refs": [
"indicator--bef467b3-a40a-484e-8fac-584f89269376",
"indicator--d8c0898f-7080-4e0c-9123-a1367e5768e9",
"indicator--48f87cce-d1ae-4528-b79e-dd4d4af035f8",
"indicator--dfba1891-cafd-4e65-814e-4db59c605a60",
"indicator--a4e63ba8-1cbd-4b30-86f9-22b6851302f0",
"indicator--a04f7f74-353a-4f19-a2ee-090fbef4f822",
"indicator--9e42ca78-1f94-40b6-b1e3-6ee048876256",
"indicator--da9de2c1-f2c4-4ede-bd4e-da81f03e6fb0",
"indicator--1ddaa545-11cd-49e0-8317-bee3120287c6",
"indicator--6cab3b7e-1447-4726-949f-898c87e7c18b",
"x-misp-object--9d986458-d101-4d91-ab66-b816e8792399",
"x-misp-object--6cc1e464-ec29-4afe-b1f9-e8138c727897",
"x-misp-object--41e9d90b-e711-4aa0-9e1c-510b4f855676",
"indicator--8cd4bdf7-8e71-4050-9e6e-59060698995d",
"x-misp-object--1b49f54e-f1de-4a1e-adfc-13f0818a5dff",
"indicator--9c16e38d-9ed1-44ea-a0fd-ea38a3bcbc4e",
"x-misp-object--a1066dc5-5c75-4035-acf4-643cd96ea21e",
"x-misp-object--adfafb8a-eb2c-4bd5-b1d4-bb9cf711342e",
"x-misp-object--0a070868-4064-49db-bc1a-688d3c1f6efb",
"x-misp-object--dbfe3bba-4188-4b9c-b915-71c8d4b445cd",
"x-misp-object--a32c592d-4ce5-4a96-b07b-2d7b5c6295fc",
"x-misp-object--bc9564b4-dd65-421d-9c54-5b64f933d3d8",
"x-misp-object--f0fa541a-29fe-4f0a-843a-fa2fe6f8bb84",
"x-misp-object--cad8a940-22fd-493e-a0b9-0e4f6417fb06",
"x-misp-object--e1cfd50f-b31a-4f23-b06b-8e933d5a89aa",
"x-misp-object--6d206f7e-bc5f-43da-b4d2-59157bda25d4",
"x-misp-object--8c6bab7d-636a-4058-bfee-578349146569",
"indicator--5b5c5304-c4af-4b1b-9aa3-348ae3b2bdbb",
"indicator--77e77def-eabe-4b15-9847-89fde8e88d13",
"indicator--5a974b38-5306-4776-a12d-77d21ca8b308",
"indicator--935f9ebe-0659-4366-9f48-7bb9ec391f39",
"indicator--7c6189ad-0027-4195-a229-bb2634e3d22a",
"indicator--9bb8cbfe-8716-4a9c-8d74-0e36970f8117",
"indicator--90e4e6f4-36ac-40cc-8eb7-34286e6c5ba1",
"indicator--1862b701-6f4f-498e-9578-8c2e1d253ad2",
"indicator--d5da3fba-461f-443e-a526-391509a94868",
"observed-data--466312bb-59e2-4c4a-bfa0-329721097360",
"user-account--466312bb-59e2-4c4a-bfa0-329721097360",
"relationship--b92304e7-4796-4e47-ab4b-2199e54888e4",
"relationship--5f5c69a4-6b92-4348-9aaa-9f2e63e0fff2",
"relationship--34ce4a35-385d-41ba-a4c1-2cc53b5a1557",
"relationship--d01f8f61-fccd-4461-95ef-d33d5a57e17e",
"relationship--797d58be-b37c-4d23-9ea2-3a845a9bd138",
"relationship--374b1fb6-1c3c-42f5-8658-69eda21aa00a",
"relationship--a7063514-9df0-4cf2-8fa3-d1e35da38c12",
"relationship--a6b8c323-537b-44db-9b64-32a6f6958d22",
"relationship--f1863e0a-9652-46f6-a9d8-c2d02c66d124",
"relationship--14b631c2-89f4-4c58-b2bc-d45ecc14c322",
"relationship--530eea79-20b7-47ab-994e-60fbcb045008"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"",
"misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\"",
"misp-galaxy:threat-actor=\"Lazarus Group\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bef467b3-a40a-484e-8fac-584f89269376",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T06:42:30.000Z",
"modified": "2022-04-25T06:42:30.000Z",
"description": "C2 Endpoints",
"pattern": "[url:value = 'https://greenvideo.nl/wp\u2010content/themes/top.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T06:42:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d8c0898f-7080-4e0c-9123-a1367e5768e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T06:42:05.000Z",
"modified": "2022-04-25T06:42:05.000Z",
"description": "C2 Endpoints",
"pattern": "[url:value = 'https://dafnefonseca.com/wp\u2010content/themes/top.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T06:42:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--48f87cce-d1ae-4528-b79e-dd4d4af035f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T06:42:18.000Z",
"modified": "2022-04-25T06:42:18.000Z",
"description": "C2 Endpoints",
"pattern": "[url:value = 'https://haciendadeclarevot.com/wp\u2010content/top.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T06:42:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dfba1891-cafd-4e65-814e-4db59c605a60",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T06:41:24.000Z",
"modified": "2022-04-25T06:41:24.000Z",
"description": "C2 Endpoints",
"pattern": "[url:value = 'https://sche\u2010eg.org/plugins/top.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T06:41:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a4e63ba8-1cbd-4b30-86f9-22b6851302f0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T06:41:39.000Z",
"modified": "2022-04-25T06:41:39.000Z",
"description": "C2 Endpoints",
"pattern": "[url:value = 'https://www.vinoymas.ch/wp\u2010content/plugins/top.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T06:41:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a04f7f74-353a-4f19-a2ee-090fbef4f822",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T06:41:53.000Z",
"modified": "2022-04-25T06:41:53.000Z",
"description": "C2 Endpoints",
"pattern": "[url:value = 'https://infodigitalnew.com/wp\u2010content/plugins/top.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T06:41:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e42ca78-1f94-40b6-b1e3-6ee048876256",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T06:47:09.000Z",
"modified": "2022-04-25T06:47:09.000Z",
"description": "DAFOM purports to be a \u201ccryptocurrency portfolio application.\u201d A Mach-O binary packaged within the Electron application was signed by an Apple digital signature issued for the Apple Developer Team W58CYKFH67. The certificate associated with Apple Developer Team W58CYKFH67 has been revoked. A metadata file packaged in the DAFOM application provided the URL hxxps://github[.]com/dafomdev for bug reports. As of April 2022, this page was unavailable.",
"pattern": "[url:value = 'https://github.com/dafomdev']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T06:47:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--da9de2c1-f2c4-4ede-bd4e-da81f03e6fb0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T07:41:50.000Z",
"modified": "2022-04-25T07:41:50.000Z",
"pattern": "[url:value = 'https://www.esilet.com/update/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T07:41:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1ddaa545-11cd-49e0-8317-bee3120287c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T07:44:09.000Z",
"modified": "2022-04-25T07:44:09.000Z",
"pattern": "[url:value = 'https://www.alticgo.com/update/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T07:44:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6cab3b7e-1447-4726-949f-898c87e7c18b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T08:16:50.000Z",
"modified": "2022-04-25T08:16:50.000Z",
"pattern": "[url:value = 'https://aideck.net/board.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T08:16:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9d986458-d101-4d91-ab66-b816e8792399",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-21T13:40:44.000Z",
"modified": "2022-04-21T13:40:44.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.cisa.gov/uscert/ncas/alerts/aa22-108a",
"category": "External analysis",
"uuid": "666d4cda-30fa-4ee7-a590-9929d28cc2e8"
},
{
"type": "text",
"object_relation": "summary",
"value": "The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima.",
"category": "Other",
"uuid": "7cbe8d65-d0da-43e3-9aec-427f2c3559b4"
},
{
"type": "text",
"object_relation": "type",
"value": "Alert",
"category": "Other",
"uuid": "798eac89-cc08-4216-85e0-fe0d82abfc11"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6cc1e464-ec29-4afe-b1f9-e8138c727897",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-21T13:41:29.000Z",
"modified": "2022-04-21T13:41:29.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.cisa.gov/uscert/sites/default/files/publications/AA22-108A-TraderTraitor-North_Korea_APT_Targets_Blockchain_Companies.pdf",
"category": "External analysis",
"uuid": "eeacdb73-959f-4ec3-85c3-c8ef7bf14114"
},
{
"type": "text",
"object_relation": "summary",
"value": "The Federal Bureau of Investigation (FBI), the\r\nCybersecurity and Infrastructure Security Agency (CISA),\r\nand the U.S. Treasury Department (Treasury) are issuing\r\nthis joint Cybersecurity Advisory (CSA) to highlight the\r\ncyber threat associated with cryptocurrency thefts and\r\ntactics used by a North Korean state-sponsored advanced\r\npersistent threat (APT) group since at least 2020. This\r\ngroup is commonly tracked by the cybersecurity industry as\r\nLazarus Group, APT38, BlueNoroff, and Stardust Chollima.",
"category": "Other",
"uuid": "413f0a14-1401-420d-9bba-2eb729a63ccc"
},
{
"type": "text",
"object_relation": "type",
"value": "Report",
"category": "Other",
"uuid": "b946fe5e-af1b-4329-b49b-96691c17b66c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--41e9d90b-e711-4aa0-9e1c-510b4f855676",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T11:40:12.000Z",
"modified": "2022-04-22T11:40:12.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "NameCheap, Inc.",
"category": "Attribution",
"uuid": "7248dd49-076d-424d-95fb-eea15f059c66"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2022-02-07T00:00:00+00:00",
"category": "Other",
"uuid": "e773ff50-8d6f-4d9f-839f-c75f9091a1ab"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2023-02-07T00:00:00+00:00",
"category": "Other",
"uuid": "c98cd471-756b-4907-af53-5681012f5c8d"
},
{
"type": "domain",
"object_relation": "domain",
"value": "dafom.dev",
"category": "Network activity",
"to_ids": true,
"uuid": "555fff5c-5470-4d90-a74f-88dad35a7c77"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "45.14.227.58",
"category": "Network activity",
"to_ids": true,
"uuid": "bc0a8097-76a1-47dd-8a6d-543a4b0d9b6c"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8cd4bdf7-8e71-4050-9e6e-59060698995d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T07:11:41.000Z",
"modified": "2022-04-25T07:11:41.000Z",
"pattern": "[file:hashes.MD5 = 'c2ea5011a91cd59d0396eb4fa8da7d21' AND file:hashes.SHA1 = 'b2d9ca7b6d1bbbe4864ea11dfca343b7e15597d8' AND file:hashes.SHA256 = '60b3cfe2ec3100caf4afde734cfd5147f78acf58ab17d4480196831db4aa5f18' AND file:hashes.SSDEEP = '1572864:LGLBnolF9kPEiKOabR2QEs1B1/LuUQrbecE6Xwijkca/pzpfaLtIP:LGVnoT9kPZK9tVEwBxWbecR5Faxzpf0M' AND file:name = 'DAFOM-1.0.0.dmg' AND file:size = '92182575' AND file:x_misp_text = 'dropper macos']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T07:11:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1b49f54e-f1de-4a1e-adfc-13f0818a5dff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T12:37:11.000Z",
"modified": "2022-04-22T12:37:11.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "NameCheap, Inc.",
"category": "Attribution",
"uuid": "259206a8-507c-45e4-a3cb-4ee45a100912"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2022-01-27T00:00:00+00:00",
"category": "Other",
"uuid": "ccb0c2b0-91eb-4621-b9cf-c973ef955a34"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2023-01-27T00:00:00+00:00",
"category": "Other",
"uuid": "5179f51b-3d07-4639-bc82-2a6e4e915fbd"
},
{
"type": "domain",
"object_relation": "domain",
"value": "tokenais.com",
"category": "Network activity",
"to_ids": true,
"uuid": "9893fdad-3a79-4c57-94ac-1d4016da4d00"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "199.188.103.115",
"category": "Network activity",
"to_ids": true,
"uuid": "af0bb875-fa99-4c9e-8a23-25771914f1c0"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9c16e38d-9ed1-44ea-a0fd-ea38a3bcbc4e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T13:22:47.000Z",
"modified": "2022-04-22T13:22:47.000Z",
"pattern": "[file:hashes.MD5 = '930f6f729e5c4d5fb52189338e549e5e' AND file:hashes.SHA1 = '8e67006585e49f51db96604487138e688df732d3' AND file:hashes.SHA256 = '5b40b73934c1583144f41d8463e227529fa7157e26e6012babd062e3fd7e0b03' AND file:hashes.SSDEEP = '3145728:aMFJlKVvw4+zLruAsHrmo5Vvw4+zLruAsHrmob0dC/E:aUlKtw4+/r2HNtw4+/r2HnMCM' AND file:name = 'TokenAIS.app.zip' AND file:size = '123728267' AND file:x_misp_text = 'dropper macos']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-22T13:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a1066dc5-5c75-4035-acf4-643cd96ea21e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T13:29:08.000Z",
"modified": "2022-04-22T13:29:08.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "NameCheap, Inc.",
"category": "Attribution",
"uuid": "e5215eae-2308-4a08-959b-30d36c098ab7"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2021-08-02T00:00:00+00:00",
"category": "Other",
"uuid": "6f035f4a-c7de-4b95-a3b6-dedc0b6a01c4"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2022-08-02T00:00:00+00:00",
"category": "Other",
"uuid": "2ff40a31-e72f-47eb-b774-8964a2c86c1b"
},
{
"type": "domain",
"object_relation": "domain",
"value": "cryptais.com",
"category": "Network activity",
"to_ids": true,
"uuid": "de3d03c2-f24d-4153-83e1-9956ef53c646"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "82.102.31.14",
"category": "Network activity",
"to_ids": true,
"uuid": "50089c9e-9c02-4bc5-a7f3-debe99cd8a3f"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--adfafb8a-eb2c-4bd5-b1d4-bb9cf711342e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T13:30:05.000Z",
"modified": "2022-04-22T13:30:05.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "NetEarth One Inc.",
"category": "Attribution",
"uuid": "bcbe2fd4-8340-4a00-863f-8cd965346992"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2020-08-08T00:00:00+00:00",
"category": "Other",
"uuid": "207b593c-1ec8-407f-915a-6b1cdd459ece"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2021-08-08T00:00:00+00:00",
"category": "Other",
"uuid": "99d0e027-0e5a-402c-abdd-3cddffc4b0d6"
},
{
"type": "domain",
"object_relation": "domain",
"value": "alticgo.com",
"category": "Network activity",
"to_ids": true,
"uuid": "b830fe6a-3295-4593-af06-d5c99dd5e664"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "108.170.55.202",
"category": "Network activity",
"to_ids": true,
"uuid": "69d2c8e1-f371-49f2-a2a7-2010bcd4a0d3"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0a070868-4064-49db-bc1a-688d3c1f6efb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T13:31:00.000Z",
"modified": "2022-04-22T13:31:00.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "NameSilo, LLC",
"category": "Attribution",
"uuid": "46022fac-7d31-42e8-8e77-4478f7ab9f2c"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2020-06-12T00:00:00+00:00",
"category": "Other",
"uuid": "3a3f99a5-f54f-4b5a-8a09-6702c96b76d3"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2021-06-12T00:00:00+00:00",
"category": "Other",
"uuid": "2c48ff87-2a39-468c-bd51-8a106b905f86"
},
{
"type": "domain",
"object_relation": "domain",
"value": "esilet.com",
"category": "Network activity",
"to_ids": true,
"uuid": "8604e6f1-c42f-4974-888e-21e13aedf3ef"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "104.168.98.156",
"category": "Network activity",
"to_ids": true,
"uuid": "5ef84766-ba12-402f-b724-2c85011a040c"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dbfe3bba-4188-4b9c-b915-71c8d4b445cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T08:02:50.000Z",
"modified": "2022-04-25T08:02:50.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "Flexwebhosting",
"category": "Attribution",
"uuid": "18fd11c3-0928-488f-8bb2-a3d3e4e8d983"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2018-02-26T00:00:00+00:00",
"category": "Other",
"uuid": "f2565e00-6e26-4dce-b7d0-cb0879f5bfa3"
},
{
"type": "domain",
"object_relation": "domain",
"value": "greenvideo.nl",
"category": "Network activity",
"to_ids": true,
"uuid": "bbf0013a-b716-45a4-933b-228bb9074d47"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "62.84.240.140",
"category": "Network activity",
"to_ids": true,
"uuid": "6e461f1e-ea91-4df2-9fa1-a3dfb6fc45ea"
}
],
"x_misp_comment": "Likely legitimate but compromised",
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a32c592d-4ce5-4a96-b07b-2d7b5c6295fc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T08:03:14.000Z",
"modified": "2022-04-25T08:03:14.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "PublicDomainRegistry",
"category": "Attribution",
"uuid": "290f6b0e-a9a2-42bb-9a09-3296feed6140"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2019-08-27T00:00:00+00:00",
"category": "Other",
"uuid": "3f8437eb-c383-4944-ac82-b253d0fa0b8d"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2022-08-27T00:00:00+00:00",
"category": "Other",
"uuid": "1904d841-8b3d-41c8-b094-f2f9fd7ded9c"
},
{
"type": "domain",
"object_relation": "domain",
"value": "dafnefonseca.com",
"category": "Network activity",
"to_ids": true,
"uuid": "92f61960-d374-475b-b471-b65311fd673d"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "151.101.64.119",
"category": "Network activity",
"to_ids": true,
"uuid": "2313640f-744c-4c29-9f28-9e6f69ce5a8b"
}
],
"x_misp_comment": "Likely legitimate but compromised",
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bc9564b4-dd65-421d-9c54-5b64f933d3d8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T08:04:13.000Z",
"modified": "2022-04-25T08:04:13.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "cdmon,10DENCEHISPAHARD, S.L.",
"category": "Attribution",
"uuid": "65cf6ef0-c2ab-4e1f-8402-d779c00e6b66"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2005-03-02T00:00:00+00:00",
"category": "Other",
"uuid": "d647e11d-ef59-4fe4-bd1e-2b33353d18ee"
},
{
"type": "domain",
"object_relation": "domain",
"value": "haciendadeclarevot.com",
"category": "Network activity",
"to_ids": true,
"uuid": "192cc0e0-2063-4a37-8a74-12dea79a0961"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "185.66.41.17",
"category": "Network activity",
"to_ids": true,
"uuid": "5ecd9215-512b-4582-a351-b2126b63d691"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2023-03-02T00:00:00+00:00",
"category": "Other",
"uuid": "8678266c-110d-42ee-958b-b0eef353b02d"
}
],
"x_misp_comment": "Likely legitimate but compromised",
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f0fa541a-29fe-4f0a-843a-fa2fe6f8bb84",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T08:04:46.000Z",
"modified": "2022-04-25T08:04:46.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "GoDaddy.com, LLC",
"category": "Attribution",
"uuid": "31ddd7b8-aeca-4074-8b94-c53afc66d931"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2019-06-01T00:00:00+00:00",
"category": "Other",
"uuid": "5995bcb1-e3a1-4e73-a2cf-64e2aa557915"
},
{
"type": "domain",
"object_relation": "domain",
"value": "sche-eg.org",
"category": "Network activity",
"to_ids": true,
"uuid": "e5043128-6668-45c1-ab45-e8e9d0c29926"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "160.153.235.20",
"category": "Network activity",
"to_ids": true,
"uuid": "cf41f55a-b200-4ed7-9436-5e65049f0e43"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2022-06-01T00:00:00+00:00",
"category": "Other",
"uuid": "718de351-1a41-4c07-a629-ae4e85e4e2bb"
}
],
"x_misp_comment": "Likely legitimate but compromised",
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cad8a940-22fd-493e-a0b9-0e4f6417fb06",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T08:09:45.000Z",
"modified": "2022-04-25T08:09:45.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "cdmon, 10DENCEHISPAHARD, S.L.",
"category": "Attribution",
"uuid": "aee1e34b-4e55-44ab-a916-8dd6e837f193"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2010-01-24T00:00:00+00:00",
"category": "Other",
"uuid": "fcf188a4-1b66-4733-833a-b22a64ecc51e"
},
{
"type": "domain",
"object_relation": "domain",
"value": "www.vinoymas.ch",
"category": "Network activity",
"to_ids": true,
"uuid": "3de7de18-dd95-440e-a6e2-c3a5a53edf33"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "46.16.62.238",
"category": "Network activity",
"to_ids": true,
"uuid": "54da1952-ec7b-4dae-b567-7abaa87c11b2"
}
],
"x_misp_comment": "Likely legitimate but compromised",
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e1cfd50f-b31a-4f23-b06b-8e933d5a89aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T08:10:33.000Z",
"modified": "2022-04-25T08:10:33.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "PublicDomainRegistry",
"category": "Attribution",
"uuid": "70f511c7-eb7f-41a8-b210-6b4e6ee876d5"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2020-06-20T00:00:00+00:00",
"category": "Other",
"uuid": "c7f9d129-df11-43db-a27b-e4624cff32a2"
},
{
"type": "domain",
"object_relation": "domain",
"value": "infodigitalnew.com",
"category": "Network activity",
"to_ids": true,
"uuid": "a15f7564-6bdb-4562-b027-a4b902122a00"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "107.154.160.132",
"category": "Network activity",
"to_ids": true,
"uuid": "7f79e9be-839b-42ee-a2aa-eed20d2d175b"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2022-06-20T00:00:00+00:00",
"category": "Other",
"uuid": "3bb4fbea-677c-47ee-99c8-dca056a8499a"
}
],
"x_misp_comment": "Likely legitimate but compromised",
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6d206f7e-bc5f-43da-b4d2-59157bda25d4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T13:39:12.000Z",
"modified": "2022-04-22T13:39:12.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "NameCheap, Inc.",
"category": "Attribution",
"uuid": "61d7c950-c0ba-4d4c-8c0d-e3e35cd2169a"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2020-03-09T00:00:00+00:00",
"category": "Other",
"uuid": "1c1075a4-0756-48e0-b32d-06fb7fbb8126"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2021-03-09T00:00:00+00:00",
"category": "Other",
"uuid": "25479b66-75a5-4130-9362-ceab806a322a"
},
{
"type": "domain",
"object_relation": "domain",
"value": "creaideck.com",
"category": "Network activity",
"to_ids": true,
"uuid": "47183aa2-6db5-4a9a-af4f-7604fc9df93e"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "38.132.124.161",
"category": "Network activity",
"to_ids": true,
"uuid": "a0c1efc6-07d4-4369-b7ff-cdddc7b04883"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8c6bab7d-636a-4058-bfee-578349146569",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T13:41:10.000Z",
"modified": "2022-04-22T13:41:10.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrar",
"object_relation": "registrar",
"value": "NameCheap, Inc.",
"category": "Attribution",
"uuid": "7c5e32f2-f753-41cf-8bbc-536bf771f151"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2020-06-22T00:00:00+00:00",
"category": "Other",
"uuid": "d7b7001b-270d-47a5-b09f-0084838077fa"
},
{
"type": "datetime",
"object_relation": "expiration-date",
"value": "2021-06-22T00:00:00+00:00",
"category": "Other",
"uuid": "a34c0bd0-5c0f-45cb-ac6b-2e7b94570e98"
},
{
"type": "domain",
"object_relation": "domain",
"value": "aideck.net",
"category": "Network activity",
"to_ids": true,
"uuid": "f1dda6f9-c665-4431-bc3f-0b1b66808f7a"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "89.45.4.151",
"category": "Network activity",
"to_ids": true,
"uuid": "c050be45-dfaf-4f98-8c07-7c345d1199a8"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b5c5304-c4af-4b1b-9aa3-348ae3b2bdbb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T13:42:15.000Z",
"modified": "2022-04-22T13:42:15.000Z",
"pattern": "[file:hashes.MD5 = '4e5ebbecd22c939f0edf1d16d68e8490' AND file:hashes.SHA1 = 'f1606d4d374d7e2ba756bdd4df9b780748f6dc98' AND file:hashes.SHA256 = 'f0e8c29e3349d030a97f4a8673387c2e21858cccd1fb9ebbf9009b27743b2e5b' AND file:hashes.SSDEEP = '1572864:jx9QOwiLDCUrJXsKMoGTwiCcKFI8jmrvGqjL2hX6QklBmrZgkZjMz+dPSpR0Xcpk:F9QOTPCUrdsKEw3coIg2Or6XBmrZgkZw' AND file:name = 'CryptAIS[.]dmg' AND file:size = '84259810' AND file:x_misp_text = 'dropper macos']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-22T13:42:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--77e77def-eabe-4b15-9847-89fde8e88d13",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T13:43:23.000Z",
"modified": "2022-04-22T13:43:23.000Z",
"pattern": "[file:hashes.MD5 = '8397ea747d2ab50da4f876a36d673272' AND file:hashes.SHA1 = '48a6d5141e25b6c63ad8da20b954b56afe589031' AND file:hashes.SHA256 = '89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957' AND file:hashes.SSDEEP = '49152:KIH1kEh7zIXlDYwVhb26hRKtRwwfs62sRAdNhEJNDvOL3OXl5zpF+FqBNihzTvff:KIH1kEhI1LOJtm2spB' AND file:name = 'darwin64.bin' AND file:size = '6757832' AND file:x_misp_text = 'trojan macho']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-22T13:43:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a974b38-5306-4776-a12d-77d21ca8b308",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T08:23:39.000Z",
"modified": "2022-04-25T08:23:39.000Z",
"pattern": "[file:hashes.MD5 = '5d43baf1c9e9e3a939e5defd8f8fbd8d' AND file:hashes.SHA1 = 'd5ff73c043f3bb75dd749636307500b60a436550' AND file:hashes.SHA256 = '867c8b49d29ae1f6e4a7cd31b6fe7e278753a1ba03d4be338ed11fd1efc7dd36' AND file:hashes.SSDEEP = '24576:y3SY+/2M3BMr7cdgSLBjbr4nzzy95VV7cEXV:ESZ2ESrHSV3D95oA' AND file:name = 'win32.bin' AND file:size = '2198684' AND file:x_misp_text = 'trojan peexe' AND file:x_misp_compilation_timestamp = '2020-06-23T06:06:35+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T08:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--935f9ebe-0659-4366-9f48-7bb9ec391f39",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T07:59:34.000Z",
"modified": "2022-04-25T07:59:34.000Z",
"pattern": "[file:hashes.MD5 = '1c7d0ae1c4d2c0b70f75eab856327956' AND file:hashes.SHA1 = 'f3263451f8988a9b02268f0fb6893f7c41b906d9' AND file:hashes.SHA256 = '765a79d22330098884e0f7ce692d61c40dfcf288826342f33d976d8314cfd819' AND file:hashes.SSDEEP = '786432:optZmVDkD1mZ1FggTqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yVPUXi7:opzKDginspAU6JXnJ46X+eC6cySihWVX' AND file:name = 'AlticGO.exe' AND file:size = '45656474' AND file:x_misp_text = 'dropper peexe nsis' AND file:x_misp_compilation_timestamp = '2018-12-15T22:26:14+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T07:59:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7c6189ad-0027-4195-a229-bb2634e3d22a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T07:43:45.000Z",
"modified": "2022-04-25T07:43:45.000Z",
"pattern": "[file:hashes.MD5 = '855b2f4c910602f895ee3c94118e979a' AND file:hashes.SHA1 = 'ff17bd5abe9f4939918f27afbe0072c18df6db37' AND file:hashes.SHA256 = 'e3d98cc4539068ce335f1240deb1d72a0b57b9ca5803254616ea4999b66703ad' AND file:hashes.SSDEEP = '786432:LptZmVDkD1mQIiXUBkRbWGtqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yH:LpzKDgzRpWGwpAU6JXnJ46X+eC6cySiI' AND file:name = 'AlticGO_R.exe' AND file:size = '46745505' AND file:x_misp_text = 'dropper peexe nsis' AND file:x_misp_compilation_timestamp = '2020-02-12T16:15:17+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T07:43:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9bb8cbfe-8716-4a9c-8d74-0e36970f8117",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T07:59:20.000Z",
"modified": "2022-04-25T07:59:20.000Z",
"pattern": "[file:hashes.MD5 = '9a6307362e3331459d350a201ad66cd9' AND file:hashes.SHA1 = '3f2c1e60b5fac4cf1013e3e1fc688be490d71a84' AND file:hashes.SHA256 = '8acd7c2708eb1119ba64699fd702ebd96c0d59a66cba5059f4e089f4b0914925' AND file:hashes.SSDEEP = '786432:AptZmVDkD1mjPNDeuxOTKQqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yV7:ApzKDgqPxeuLpAU6JXnJ46X+eC6cySiG' AND file:name = 'AlticGO.exe' AND file:size = '46745644' AND file:x_misp_text = 'dropper peexe nsis' AND file:x_misp_compilation_timestamp = '2020-02-12T16:15:17+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-25T07:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--90e4e6f4-36ac-40cc-8eb7-34286e6c5ba1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T13:55:10.000Z",
"modified": "2022-04-22T13:55:10.000Z",
"pattern": "[file:hashes.MD5 = '53d9af8829a9c7f6f177178885901c01' AND file:hashes.SHA1 = 'ae9f4e39c576555faadee136c6c3b2d358ad90b9' AND file:hashes.SHA256 = '9ba02f8a985ec1a99ab7b78fa678f26c0273d91ae7cbe45b814e6775ec477598' AND file:hashes.SSDEEP = '1572864:lffyoUnp5xmHVUTd+GgNPjFvp4YEbRU7h8cvjmUAm4Du73X0unpXkU:lfqHBmHo+BPj9CYEshLqcuAX0I0' AND file:name = 'Esilet.dmg' AND file:size = '81688694' AND file:x_misp_text = 'dropper macos']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-22T13:55:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1862b701-6f4f-498e-9578-8c2e1d253ad2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T14:01:17.000Z",
"modified": "2022-04-22T14:01:17.000Z",
"pattern": "[file:hashes.MD5 = '1ca31319721740ecb79f4b9ee74cd9b0' AND file:hashes.SHA1 = '41f855b54bf3db621b340b7c59722fb493ba39a5' AND file:hashes.SHA256 = '9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa' AND file:hashes.SSDEEP = '6144:wAulcT94T94T97zDj1I/BkjhkbjZ8bZ87ZMSj71obV/7NobNo7NZTb7hMT5ETZ8I:wDskT1UBg2lirFbpR9mJGpmN' AND file:name = 'Esilet-tmpzpsb3' AND file:size = '522620' AND file:x_misp_text = 'trojan macho']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-22T14:01:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d5da3fba-461f-443e-a526-391509a94868",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-22T14:07:31.000Z",
"modified": "2022-04-22T14:07:31.000Z",
"pattern": "[file:hashes.MD5 = '9578c2be6437dcc8517e78a5de1fa975' AND file:hashes.SHA1 = 'd2a77c31c3e169bec655068e96cf4e7fc52e77b8' AND file:hashes.SHA256 = 'dced1acbbe11db2b9e7ae44a617f3c12d6613a8188f6a1ece0451e4cd4205156' AND file:hashes.SSDEEP = '384:sdaWs0fDTmKnY4FPk6hTyQUitnI/kmCgr7lUryESll4yg9RpEwrUifJ8ttJOdy:sdayCkY4Fei9mhy/L9RBrny6y' AND file:name = 'Esilet-tmpg7lpp' AND file:size = '39156' AND file:x_misp_text = 'trojan macho']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-22T14:07:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--466312bb-59e2-4c4a-bfa0-329721097360",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-25T07:08:25.000Z",
"modified": "2022-04-25T07:08:25.000Z",
"first_observed": "2022-04-25T07:08:25Z",
"last_observed": "2022-04-25T07:08:25Z",
"number_observed": 1,
"object_refs": [
"user-account--466312bb-59e2-4c4a-bfa0-329721097360"
],
"labels": [
"misp:name=\"github-user\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"False\""
]
},
{
"type": "user-account",
"spec_version": "2.1",
"id": "user-account--466312bb-59e2-4c4a-bfa0-329721097360",
"account_login": "dafomdev",
"account_type": "github"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b92304e7-4796-4e47-ab4b-2199e54888e4",
"created": "2022-04-25T07:11:41.000Z",
"modified": "2022-04-25T07:11:41.000Z",
"relationship_type": "mentions",
"source_ref": "indicator--8cd4bdf7-8e71-4050-9e6e-59060698995d",
"target_ref": "observed-data--466312bb-59e2-4c4a-bfa0-329721097360"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5f5c69a4-6b92-4348-9aaa-9f2e63e0fff2",
"created": "2022-04-25T08:23:39.000Z",
"modified": "2022-04-25T08:23:39.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--5a974b38-5306-4776-a12d-77d21ca8b308",
"target_ref": "indicator--6cab3b7e-1447-4726-949f-898c87e7c18b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--34ce4a35-385d-41ba-a4c1-2cc53b5a1557",
"created": "2022-04-25T07:59:34.000Z",
"modified": "2022-04-25T07:59:34.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--935f9ebe-0659-4366-9f48-7bb9ec391f39",
"target_ref": "indicator--1ddaa545-11cd-49e0-8317-bee3120287c6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d01f8f61-fccd-4461-95ef-d33d5a57e17e",
"created": "2022-04-25T07:43:45.000Z",
"modified": "2022-04-25T07:43:45.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--7c6189ad-0027-4195-a229-bb2634e3d22a",
"target_ref": "indicator--da9de2c1-f2c4-4ede-bd4e-da81f03e6fb0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--797d58be-b37c-4d23-9ea2-3a845a9bd138",
"created": "2022-04-25T07:59:20.000Z",
"modified": "2022-04-25T07:59:20.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--9bb8cbfe-8716-4a9c-8d74-0e36970f8117",
"target_ref": "indicator--1ddaa545-11cd-49e0-8317-bee3120287c6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--374b1fb6-1c3c-42f5-8658-69eda21aa00a",
"created": "2022-04-22T14:00:26.000Z",
"modified": "2022-04-22T14:00:26.000Z",
"relationship_type": "linked-to",
"source_ref": "indicator--1862b701-6f4f-498e-9578-8c2e1d253ad2",
"target_ref": "indicator--bef467b3-a40a-484e-8fac-584f89269376"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a7063514-9df0-4cf2-8fa3-d1e35da38c12",
"created": "2022-04-22T14:00:54.000Z",
"modified": "2022-04-22T14:00:54.000Z",
"relationship_type": "linked-to",
"source_ref": "indicator--1862b701-6f4f-498e-9578-8c2e1d253ad2",
"target_ref": "indicator--d8c0898f-7080-4e0c-9123-a1367e5768e9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a6b8c323-537b-44db-9b64-32a6f6958d22",
"created": "2022-04-22T14:01:17.000Z",
"modified": "2022-04-22T14:01:17.000Z",
"relationship_type": "linked-to",
"source_ref": "indicator--1862b701-6f4f-498e-9578-8c2e1d253ad2",
"target_ref": "indicator--48f87cce-d1ae-4528-b79e-dd4d4af035f8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f1863e0a-9652-46f6-a9d8-c2d02c66d124",
"created": "2022-04-22T14:06:02.000Z",
"modified": "2022-04-22T14:06:02.000Z",
"relationship_type": "linked-to",
"source_ref": "indicator--d5da3fba-461f-443e-a526-391509a94868",
"target_ref": "indicator--dfba1891-cafd-4e65-814e-4db59c605a60"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--14b631c2-89f4-4c58-b2bc-d45ecc14c322",
"created": "2022-04-22T14:07:05.000Z",
"modified": "2022-04-22T14:07:05.000Z",
"relationship_type": "linked-to",
"source_ref": "indicator--d5da3fba-461f-443e-a526-391509a94868",
"target_ref": "indicator--a4e63ba8-1cbd-4b30-86f9-22b6851302f0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--530eea79-20b7-47ab-994e-60fbcb045008",
"created": "2022-04-22T14:07:31.000Z",
"modified": "2022-04-22T14:07:31.000Z",
"relationship_type": "linked-to",
"source_ref": "indicator--d5da3fba-461f-443e-a526-391509a94868",
"target_ref": "indicator--a04f7f74-353a-4f19-a2ee-090fbef4f822"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}