675 lines
No EOL
105 KiB
JSON
675 lines
No EOL
105 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5c4a2972-fd10-4470-936d-4d2a02de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:10:13.000Z",
|
|
"modified": "2019-01-24T21:10:13.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5c4a2972-fd10-4470-936d-4d2a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:10:13.000Z",
|
|
"modified": "2019-01-24T21:10:13.000Z",
|
|
"name": "IOCs Associated with DNS Infrastructure Tampering",
|
|
"published": "2019-01-24T21:10:52Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--95924852-631e-42e7-aa8b-c6a33b8b6f55",
|
|
"indicator--e0bc1d90-2009-11e9-82a3-d89ef344f46d",
|
|
"indicator--e0bc1d93-2009-11e9-88e3-d89ef344f46d",
|
|
"indicator--e0bc1d96-2009-11e9-9efa-d89ef344f46d",
|
|
"indicator--e0bc1d99-2009-11e9-9294-d89ef344f46d",
|
|
"indicator--e0bc1d9c-2009-11e9-af0f-d89ef344f46d",
|
|
"indicator--e0bc1d9f-2009-11e9-8bc6-d89ef344f46d",
|
|
"indicator--e0bc1da2-2009-11e9-9b93-d89ef344f46d",
|
|
"indicator--e0bc1db7-2009-11e9-b508-d89ef344f46d",
|
|
"indicator--e0bc1da5-2009-11e9-b493-d89ef344f46d",
|
|
"indicator--e0bc1da8-2009-11e9-b8b3-d89ef344f46d",
|
|
"indicator--e0bc1db1-2009-11e9-8d13-d89ef344f46d",
|
|
"indicator--e0bc1dab-2009-11e9-9492-d89ef344f46d",
|
|
"indicator--e0bc1dae-2009-11e9-881a-d89ef344f46d",
|
|
"indicator--e0bc1db4-2009-11e9-a9d7-d89ef344f46d",
|
|
"indicator--e0bc1dba-2009-11e9-babc-d89ef344f46d",
|
|
"indicator--e0be6782-2009-11e9-b60b-d89ef344f46d",
|
|
"indicator--e0be6785-2009-11e9-9867-d89ef344f46d",
|
|
"indicator--e0be6788-2009-11e9-9b1e-d89ef344f46d",
|
|
"x-misp-object--5c4a2973-421c-4138-9787-4b8902de0b81",
|
|
"x-misp-object--1b2a8dae-f9e6-4d7a-bb5a-e5e27d5966e0",
|
|
"x-misp-object--a576549e-7bae-4dd1-a5f3-4e0a66209a64",
|
|
"x-misp-object--d6bc7998-9cad-4353-851f-f31860ed8366",
|
|
"relationship--dd436e09-57f1-4e45-aa7b-2ae3248e884b",
|
|
"relationship--f21764d3-63f7-43d5-9621-1ae2eaf5e6d3",
|
|
"relationship--1425af7f-a963-43ee-8787-26bda3897b4e"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--95924852-631e-42e7-aa8b-c6a33b8b6f55",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"Other\""
|
|
],
|
|
"x_misp_category": "Other",
|
|
"x_misp_comment": "Imported from STIX header description",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization\u00e2\u20ac\u2122s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization\u00e2\u20ac\u2122s domain names, enabling man-in-the-middle attacks."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1d90-2009-11e9-82a3-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[url:value = 'http://hr-suncor.com/Suncor_employment_form.doc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1d93-2009-11e9-88e3-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[url:value = 'http://hr-wipro.com/Wipro_Working_Conditions.doc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1d96-2009-11e9-9efa-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[domain-name:value = 'hr-wipro.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1d99-2009-11e9-9294-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[domain-name:value = 'hr-suncor.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1d9c-2009-11e9-af0f-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[domain-name:value = '0ffice36o.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1d9f-2009-11e9-8bc6-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.20.184.138']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1da2-2009-11e9-9b93-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.161.211.72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1db7-2009-11e9-b508-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.161.23.204']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1da5-2009-11e9-b493-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.20.187.8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1da8-2009-11e9-b8b3-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.174.101.168']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1db1-2009-11e9-8d13-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.187.200']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1dab-2009-11e9-9492-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.161.211.79']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1dae-2009-11e9-881a-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.236.78.63']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1db4-2009-11e9-a9d7-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.141.38.71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0bc1dba-2009-11e9-babc-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9c8507a1fd7d2579777723b53fee1f3e' AND file:hashes.SHA1 = '48b620df71087bd333284c91e52f0cfed1f2d00e' AND file:hashes.SHA256 = '82285b6743cc5e3545d8e67740a4d04c5aed138d9f31d7c16bd11188a2042969']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0be6782-2009-11e9-b60b-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:49.000Z",
|
|
"modified": "2019-01-24T21:09:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '807482efce3397ece64a1ded3d436139' AND file:hashes.SHA1 = '9ea865e000e3e15cec15efc466801bb181ba40a1' AND file:hashes.SHA256 = '9ea577a4b3faaf04a3bddbfcb934c9752bed0d0fc579f2152751c5f6923f7e14' AND file:hashes.SSDEEP = '6144:2LOUuU4uDIOjsHFtXwIUPgTiN13sh/2xWoV/hGkWC92Vr3Lu19RmAMZQzm18IBHf:tU4jdltXwnQ01txj4kB257qmJkm1ldU' AND file:name = 'Suncor_employment_form.doc' AND file:size = '623616']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0be6785-2009-11e9-9867-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:49.000Z",
|
|
"modified": "2019-01-24T21:09:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c00c9f6ebf2979292d524acff19dd306' AND file:hashes.SHA1 = '1022620da25db2497dc237adedb53755e6b859e3' AND file:hashes.SHA256 = '45a9edb24d4174592c69d9d37a534a518fbe2a88d3817fc0cc739e455883b8ff' AND file:hashes.SSDEEP = '3072:t3zwUAyRvKFnQStbQQYZrmQC2mCe0t4zu9Cv/QQ3TFnDSF0bNg0+B0tguKtEfT5s:dydXtbiktzu96QItD46NgjA0mFs' AND file:size = '368640']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0be6788-2009-11e9-9b1e-d89ef344f46d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:49.000Z",
|
|
"modified": "2019-01-24T21:09:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd2052cb9016dab6592c532d5ea47cb7e' AND file:hashes.SHA1 = '1c1fbda6ffc4d19be63a630bd2483f3d2f7aa1f5' AND file:hashes.SHA256 = '2010f38ef300be4349e7bc287e720b1ecec678cacbf0ea0556bcf765f6e073ec' AND file:hashes.SSDEEP = '3072:OL1w0Cyf/TYsq6wjRbQC2mCr2v4Q/DfvBgLCOledbqIyWu0jPhVyWxg/MB/RzS:Oz4xI1Q/DxWleNqgu0jpjZS' AND file:size = '372736']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-24T21:09:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5c4a2973-421c-4138-9787-4b8902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:07.000Z",
|
|
"modified": "2019-01-24T21:09:07.000Z",
|
|
"labels": [
|
|
"misp:name=\"original-imported-file\"",
|
|
"misp:meta-category=\"file\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "attachment",
|
|
"object_relation": "imported-sample",
|
|
"value": "AA19-024_IOCs.stix.xml",
|
|
"category": "External analysis",
|
|
"uuid": "5c4a2974-2724-4cc3-a3f4-44a402de0b81",
|
|
"data": ""
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "format",
|
|
"value": "STIX 1.1",
|
|
"category": "Other",
|
|
"uuid": "5c4a2974-7748-4706-8091-4c4802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "file",
|
|
"x_misp_name": "original-imported-file"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1b2a8dae-f9e6-4d7a-bb5a-e5e27d5966e0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:49.000Z",
|
|
"modified": "2019-01-24T21:09:49.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-12-21T08:26:28",
|
|
"category": "Other",
|
|
"uuid": "cfe9477f-3ede-4bce-8564-222ef3d4cda5"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2010f38ef300be4349e7bc287e720b1ecec678cacbf0ea0556bcf765f6e073ec/analysis/1545380788/",
|
|
"category": "External analysis",
|
|
"uuid": "f20424f6-7426-4b05-888f-29ecb1ba2442"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/69",
|
|
"category": "Other",
|
|
"uuid": "255ad5e5-bbea-4778-9210-91b1f6dc2b55"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a576549e-7bae-4dd1-a5f3-4e0a66209a64",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:50.000Z",
|
|
"modified": "2019-01-24T21:09:50.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-24T11:12:00",
|
|
"category": "Other",
|
|
"uuid": "a7fc880f-5658-46fb-93f5-d846f65d468b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/45a9edb24d4174592c69d9d37a534a518fbe2a88d3817fc0cc739e455883b8ff/analysis/1548328320/",
|
|
"category": "External analysis",
|
|
"uuid": "8565d497-f3c7-4a33-9e07-9188424467be"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/68",
|
|
"category": "Other",
|
|
"uuid": "949483e4-f6f1-423e-8a7a-1401a5ff37a4"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d6bc7998-9cad-4353-851f-f31860ed8366",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-24T21:09:50.000Z",
|
|
"modified": "2019-01-24T21:09:50.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-12-22T03:41:06",
|
|
"category": "Other",
|
|
"uuid": "7fb9f7c7-be46-49b9-a7c3-f8138f713052"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9ea577a4b3faaf04a3bddbfcb934c9752bed0d0fc579f2152751c5f6923f7e14/analysis/1545450066/",
|
|
"category": "External analysis",
|
|
"uuid": "ccb14e9f-f755-496f-be9a-ec2bbb0f74e4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/60",
|
|
"category": "Other",
|
|
"uuid": "6777c875-4914-40a7-a8ab-1e0d02b1f494"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--dd436e09-57f1-4e45-aa7b-2ae3248e884b",
|
|
"created": "2019-01-24T21:09:50.000Z",
|
|
"modified": "2019-01-24T21:09:50.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e0be6782-2009-11e9-b60b-d89ef344f46d",
|
|
"target_ref": "x-misp-object--d6bc7998-9cad-4353-851f-f31860ed8366"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f21764d3-63f7-43d5-9621-1ae2eaf5e6d3",
|
|
"created": "2019-01-24T21:09:50.000Z",
|
|
"modified": "2019-01-24T21:09:50.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e0be6785-2009-11e9-9867-d89ef344f46d",
|
|
"target_ref": "x-misp-object--a576549e-7bae-4dd1-a5f3-4e0a66209a64"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1425af7f-a963-43ee-8787-26bda3897b4e",
|
|
"created": "2019-01-24T21:09:50.000Z",
|
|
"modified": "2019-01-24T21:09:50.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e0be6788-2009-11e9-9b1e-d89ef344f46d",
|
|
"target_ref": "x-misp-object--1b2a8dae-f9e6-4d7a-bb5a-e5e27d5966e0"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |