866 lines
No EOL
37 KiB
JSON
866 lines
No EOL
37 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5d13bc95-ecbc-4af9-b684-423602de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:50:47.000Z",
|
|
"modified": "2019-06-26T18:50:47.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5d13bc95-ecbc-4af9-b684-423602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:50:47.000Z",
|
|
"modified": "2019-06-26T18:50:47.000Z",
|
|
"name": "Soft Cell case - guessed indicators (via Twitter discussion)",
|
|
"published": "2019-06-26T18:52:05Z",
|
|
"object_refs": [
|
|
"observed-data--5d13bca8-77cc-4742-90d0-4e1502de0b81",
|
|
"url--5d13bca8-77cc-4742-90d0-4e1502de0b81",
|
|
"indicator--5d13bce5-dd84-486e-a09b-415002de0b81",
|
|
"indicator--5d13bce6-acc4-4222-8d5d-4f7602de0b81",
|
|
"indicator--5d13bce6-80a8-4a42-a24d-462b02de0b81",
|
|
"indicator--5d13bce6-ee08-479c-a459-4e7b02de0b81",
|
|
"indicator--5d13bce6-c1c4-47f5-9dab-486e02de0b81",
|
|
"indicator--5d13bce6-ac00-4d05-9a1c-43a002de0b81",
|
|
"indicator--5d13bcfe-4314-4e44-b0c2-43c702de0b81",
|
|
"indicator--5d13bcfe-9fd8-4d8c-9b64-4c0c02de0b81",
|
|
"indicator--5d13bcfe-60e4-4863-82dc-412f02de0b81",
|
|
"indicator--5d13bd31-d2ac-4a2e-99e7-4e7902de0b81",
|
|
"indicator--5d13bd32-2c90-4102-b8b4-4ba602de0b81",
|
|
"observed-data--5d13bdd1-5c0c-49b8-8671-4b3302de0b81",
|
|
"url--5d13bdd1-5c0c-49b8-8671-4b3302de0b81",
|
|
"observed-data--5d13bde4-1b68-4c06-ae4c-5385e387cbd9",
|
|
"network-traffic--5d13bde4-1b68-4c06-ae4c-5385e387cbd9",
|
|
"ipv4-addr--5d13bde4-1b68-4c06-ae4c-5385e387cbd9",
|
|
"observed-data--5d13bde4-31ac-4368-922a-5385e387cbd9",
|
|
"network-traffic--5d13bde4-31ac-4368-922a-5385e387cbd9",
|
|
"ipv4-addr--5d13bde4-31ac-4368-922a-5385e387cbd9",
|
|
"observed-data--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9",
|
|
"network-traffic--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9",
|
|
"ipv4-addr--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9",
|
|
"indicator--a84950f4-4292-4648-a458-571a4adf25a9",
|
|
"x-misp-object--b5a0e459-5c77-470f-9237-ebbbc696c22d",
|
|
"indicator--f04d4630-aae5-4603-b43a-f905aacf83c5",
|
|
"x-misp-object--21e4d20a-add1-41f7-84c2-c38beaafd633",
|
|
"indicator--18448777-1668-45b1-a0d5-821d348e970c",
|
|
"x-misp-object--cf10a26e-de17-4073-9445-50f0519dce18",
|
|
"indicator--eceee0ff-b9ce-47fd-b34e-ee27ec26f394",
|
|
"x-misp-object--6cae530d-e8f6-4513-95e4-0ccddf9c7a84",
|
|
"indicator--9ab69867-6fa8-49ec-96f2-8276c622a426",
|
|
"x-misp-object--baca908c-f701-4c24-8c83-4b5840ba7558",
|
|
"relationship--5fbe657c-54fb-4e4f-81b0-95c32defd71d",
|
|
"relationship--0b59f14b-dd5d-4344-9e4d-4063d47c5fb9",
|
|
"relationship--3f49d907-e2cf-47a7-9485-e095f804b8cd",
|
|
"relationship--405251b4-1cde-475b-a4c2-0f7f00a4e79c",
|
|
"relationship--5b6b2677-c956-4997-862a-243c01046fe2"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5d13bca8-77cc-4742-90d0-4e1502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:42:48.000Z",
|
|
"modified": "2019-06-26T18:42:48.000Z",
|
|
"first_observed": "2019-06-26T18:42:48Z",
|
|
"last_observed": "2019-06-26T18:42:48Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5d13bca8-77cc-4742-90d0-4e1502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5d13bca8-77cc-4742-90d0-4e1502de0b81",
|
|
"value": "https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bce5-dd84-486e-a09b-415002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:43:49.000Z",
|
|
"modified": "2019-06-26T18:43:49.000Z",
|
|
"description": "A few C2s associated with the hashes Tom posted:",
|
|
"pattern": "[domain-name:value = 'asyspy256.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:43:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bce6-acc4-4222-8d5d-4f7602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:43:50.000Z",
|
|
"modified": "2019-06-26T18:43:50.000Z",
|
|
"description": "A few C2s associated with the hashes Tom posted:",
|
|
"pattern": "[domain-name:value = 'cvdfhjh1231.myftp.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:43:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bce6-80a8-4a42-a24d-462b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:43:50.000Z",
|
|
"modified": "2019-06-26T18:43:50.000Z",
|
|
"description": "A few C2s associated with the hashes Tom posted:",
|
|
"pattern": "[domain-name:value = 'dffwescwer4325.myftp.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:43:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bce6-ee08-479c-a459-4e7b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:43:50.000Z",
|
|
"modified": "2019-06-26T18:43:50.000Z",
|
|
"description": "A few C2s associated with the hashes Tom posted:",
|
|
"pattern": "[domain-name:value = 'hotkillmail9sddcc.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:43:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bce6-c1c4-47f5-9dab-486e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:43:50.000Z",
|
|
"modified": "2019-06-26T18:43:50.000Z",
|
|
"description": "A few C2s associated with the hashes Tom posted:",
|
|
"pattern": "[domain-name:value = 'rosaf112.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:43:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bce6-ac00-4d05-9a1c-43a002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:43:50.000Z",
|
|
"modified": "2019-06-26T18:43:50.000Z",
|
|
"description": "A few C2s associated with the hashes Tom posted:",
|
|
"pattern": "[domain-name:value = 'sz2016rose.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:43:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bcfe-4314-4e44-b0c2-43c702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:44:14.000Z",
|
|
"modified": "2019-06-26T18:44:14.000Z",
|
|
"description": "Based on the writeup, likely associated file",
|
|
"pattern": "[file:hashes.SHA256 = 'fa599fddd6b6df4b654e022fe7a91c82152f983e1ce0b97406eb27bb2fb4c3ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:44:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bcfe-9fd8-4d8c-9b64-4c0c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:44:14.000Z",
|
|
"modified": "2019-06-26T18:44:14.000Z",
|
|
"description": "Based on the writeup, likely associated file",
|
|
"pattern": "[file:hashes.SHA256 = '12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:44:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bcfe-60e4-4863-82dc-412f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:44:14.000Z",
|
|
"modified": "2019-06-26T18:44:14.000Z",
|
|
"description": "Based on the writeup, likely associated file",
|
|
"pattern": "[file:hashes.SHA256 = 'c81dd8dd3623181cbc117ca7255e6ea530f770c05624c6896362f03fbfc06280']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:44:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bd31-d2ac-4a2e-99e7-4e7902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:05.000Z",
|
|
"modified": "2019-06-26T18:45:05.000Z",
|
|
"description": "Adding two more hashes of mal-ssMUIDLL.dlls:",
|
|
"pattern": "[file:hashes.SHA256 = '5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:45:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d13bd32-2c90-4102-b8b4-4ba602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:06.000Z",
|
|
"modified": "2019-06-26T18:45:06.000Z",
|
|
"description": "Adding two more hashes of mal-ssMUIDLL.dlls:",
|
|
"pattern": "[file:hashes.SHA256 = '95817d8c742dd667225273847ea15f46445ab1439e634c05785084af7cb39a58']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:45:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5d13bdd1-5c0c-49b8-8671-4b3302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:47:45.000Z",
|
|
"modified": "2019-06-26T18:47:45.000Z",
|
|
"first_observed": "2019-06-26T18:47:45Z",
|
|
"last_observed": "2019-06-26T18:47:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5d13bdd1-5c0c-49b8-8671-4b3302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5d13bdd1-5c0c-49b8-8671-4b3302de0b81",
|
|
"value": "https://twitter.com/tlansec/status/1143451202736336896"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5d13bde4-1b68-4c06-ae4c-5385e387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:48:04.000Z",
|
|
"modified": "2019-06-26T18:48:04.000Z",
|
|
"first_observed": "2019-06-26T18:48:04Z",
|
|
"last_observed": "2019-06-26T18:48:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5d13bde4-1b68-4c06-ae4c-5385e387cbd9",
|
|
"ipv4-addr--5d13bde4-1b68-4c06-ae4c-5385e387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5d13bde4-1b68-4c06-ae4c-5385e387cbd9",
|
|
"src_ref": "ipv4-addr--5d13bde4-1b68-4c06-ae4c-5385e387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5d13bde4-1b68-4c06-ae4c-5385e387cbd9",
|
|
"value": "210.56.60.240"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5d13bde4-31ac-4368-922a-5385e387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:48:04.000Z",
|
|
"modified": "2019-06-26T18:48:04.000Z",
|
|
"first_observed": "2019-06-26T18:48:04Z",
|
|
"last_observed": "2019-06-26T18:48:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5d13bde4-31ac-4368-922a-5385e387cbd9",
|
|
"ipv4-addr--5d13bde4-31ac-4368-922a-5385e387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5d13bde4-31ac-4368-922a-5385e387cbd9",
|
|
"src_ref": "ipv4-addr--5d13bde4-31ac-4368-922a-5385e387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5d13bde4-31ac-4368-922a-5385e387cbd9",
|
|
"value": "45.121.48.106"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:48:04.000Z",
|
|
"modified": "2019-06-26T18:48:04.000Z",
|
|
"first_observed": "2019-06-26T18:48:04Z",
|
|
"last_observed": "2019-06-26T18:48:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9",
|
|
"ipv4-addr--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9",
|
|
"src_ref": "ipv4-addr--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9",
|
|
"value": "45.77.226.209"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a84950f4-4292-4648-a458-571a4adf25a9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:52.000Z",
|
|
"modified": "2019-06-26T18:45:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e435b961048c2fecc2e8e697dc9bd666' AND file:hashes.SHA1 = '5d17fd6904db389040767f8474ca88be4b43de07' AND file:hashes.SHA256 = 'fa599fddd6b6df4b654e022fe7a91c82152f983e1ce0b97406eb27bb2fb4c3ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:45:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b5a0e459-5c77-470f-9237-ebbbc696c22d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:53.000Z",
|
|
"modified": "2019-06-26T18:45:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-06-25T22:39:22",
|
|
"category": "Other",
|
|
"comment": "Based on the writeup, likely associated file",
|
|
"uuid": "6759f955-ea4a-4d4f-a238-5936eeed21a3"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/fa599fddd6b6df4b654e022fe7a91c82152f983e1ce0b97406eb27bb2fb4c3ab/analysis/1561502362/",
|
|
"category": "Payload delivery",
|
|
"comment": "Based on the writeup, likely associated file",
|
|
"uuid": "fdd7a321-97b2-4ce4-a4e7-ff904f5c71de"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/71",
|
|
"category": "Payload delivery",
|
|
"comment": "Based on the writeup, likely associated file",
|
|
"uuid": "c9f21984-4969-42ba-9260-08f63be6d4d2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f04d4630-aae5-4603-b43a-f905aacf83c5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:53.000Z",
|
|
"modified": "2019-06-26T18:45:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = '185ad2bfaa924571c492ee1d3f281bac' AND file:hashes.SHA1 = '722dc399e6048127e52843075fd652006b8c85a4' AND file:hashes.SHA256 = '95817d8c742dd667225273847ea15f46445ab1439e634c05785084af7cb39a58']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:45:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--21e4d20a-add1-41f7-84c2-c38beaafd633",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:53.000Z",
|
|
"modified": "2019-06-26T18:45:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-06-25T04:55:52",
|
|
"category": "Other",
|
|
"comment": "Adding two more hashes of mal-ssMUIDLL.dlls:",
|
|
"uuid": "42fed8da-db9b-4cce-9cae-f00f52b51482"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/95817d8c742dd667225273847ea15f46445ab1439e634c05785084af7cb39a58/analysis/1561438552/",
|
|
"category": "Payload delivery",
|
|
"comment": "Adding two more hashes of mal-ssMUIDLL.dlls:",
|
|
"uuid": "c0e15224-5bc2-4290-8766-dc9654b59d5c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "34/67",
|
|
"category": "Payload delivery",
|
|
"comment": "Adding two more hashes of mal-ssMUIDLL.dlls:",
|
|
"uuid": "2a6f9f10-9e74-4f1c-a56b-dd93c48c5faa"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--18448777-1668-45b1-a0d5-821d348e970c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:53.000Z",
|
|
"modified": "2019-06-26T18:45:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fb8c172c964e6740963eb223407a917c' AND file:hashes.SHA1 = '4448a3cd278d6c7b85987f0c9ba5dfeef7be8dad' AND file:hashes.SHA256 = '12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:45:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--cf10a26e-de17-4073-9445-50f0519dce18",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:53.000Z",
|
|
"modified": "2019-06-26T18:45:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-06-25T22:39:18",
|
|
"category": "Other",
|
|
"comment": "Based on the writeup, likely associated file",
|
|
"uuid": "1213473d-68a4-4940-a71b-9f786124f235"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71/analysis/1561502358/",
|
|
"category": "Payload delivery",
|
|
"comment": "Based on the writeup, likely associated file",
|
|
"uuid": "6a5f1012-9ec0-4c37-825d-28343f4b1bc3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/72",
|
|
"category": "Payload delivery",
|
|
"comment": "Based on the writeup, likely associated file",
|
|
"uuid": "94582d67-0fce-45f4-ba0b-96e6f7e46aaf"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eceee0ff-b9ce-47fd-b34e-ee27ec26f394",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:53.000Z",
|
|
"modified": "2019-06-26T18:45:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = '89d0cdd3617c118c6ba1a720e9f9bd62' AND file:hashes.SHA1 = 'b69594d1fc9d44bb89fa09cacfbf61723b7fe1bd' AND file:hashes.SHA256 = 'c81dd8dd3623181cbc117ca7255e6ea530f770c05624c6896362f03fbfc06280']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:45:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6cae530d-e8f6-4513-95e4-0ccddf9c7a84",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:53.000Z",
|
|
"modified": "2019-06-26T18:45:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-06-25T22:39:23",
|
|
"category": "Other",
|
|
"comment": "Based on the writeup, likely associated file",
|
|
"uuid": "4116418a-2b61-46a0-a3a2-f0a8519e5d9b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c81dd8dd3623181cbc117ca7255e6ea530f770c05624c6896362f03fbfc06280/analysis/1561502363/",
|
|
"category": "Payload delivery",
|
|
"comment": "Based on the writeup, likely associated file",
|
|
"uuid": "9f8cf8f5-392a-4d3e-aeed-d86554b90293"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/72",
|
|
"category": "Payload delivery",
|
|
"comment": "Based on the writeup, likely associated file",
|
|
"uuid": "3ba84440-48e6-4138-b1e2-b28e6bd10df8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9ab69867-6fa8-49ec-96f2-8276c622a426",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:53.000Z",
|
|
"modified": "2019-06-26T18:45:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9a97ddbb141d01ce0b1b994399cfb7dc' AND file:hashes.SHA1 = 'e841a63e47361a572db9a7334af459ddca11347a' AND file:hashes.SHA256 = '5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-26T18:45:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--baca908c-f701-4c24-8c83-4b5840ba7558",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-26T18:45:54.000Z",
|
|
"modified": "2019-06-26T18:45:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-02-14T01:23:14",
|
|
"category": "Other",
|
|
"comment": "Adding two more hashes of mal-ssMUIDLL.dlls:",
|
|
"uuid": "6e0656fd-9975-4200-b7f4-601aed707e4f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022/analysis/1550107394/",
|
|
"category": "Payload delivery",
|
|
"comment": "Adding two more hashes of mal-ssMUIDLL.dlls:",
|
|
"uuid": "03c6dda3-fceb-466b-a741-59590d4dd000"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/69",
|
|
"category": "Payload delivery",
|
|
"comment": "Adding two more hashes of mal-ssMUIDLL.dlls:",
|
|
"uuid": "779f1fd3-da3e-4e43-b7e7-580f9fbf9296"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5fbe657c-54fb-4e4f-81b0-95c32defd71d",
|
|
"created": "2019-06-26T18:45:54.000Z",
|
|
"modified": "2019-06-26T18:45:54.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a84950f4-4292-4648-a458-571a4adf25a9",
|
|
"target_ref": "x-misp-object--b5a0e459-5c77-470f-9237-ebbbc696c22d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0b59f14b-dd5d-4344-9e4d-4063d47c5fb9",
|
|
"created": "2019-06-26T18:45:54.000Z",
|
|
"modified": "2019-06-26T18:45:54.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f04d4630-aae5-4603-b43a-f905aacf83c5",
|
|
"target_ref": "x-misp-object--21e4d20a-add1-41f7-84c2-c38beaafd633"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3f49d907-e2cf-47a7-9485-e095f804b8cd",
|
|
"created": "2019-06-26T18:45:54.000Z",
|
|
"modified": "2019-06-26T18:45:54.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--18448777-1668-45b1-a0d5-821d348e970c",
|
|
"target_ref": "x-misp-object--cf10a26e-de17-4073-9445-50f0519dce18"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--405251b4-1cde-475b-a4c2-0f7f00a4e79c",
|
|
"created": "2019-06-26T18:45:54.000Z",
|
|
"modified": "2019-06-26T18:45:54.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--eceee0ff-b9ce-47fd-b34e-ee27ec26f394",
|
|
"target_ref": "x-misp-object--6cae530d-e8f6-4513-95e4-0ccddf9c7a84"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5b6b2677-c956-4997-862a-243c01046fe2",
|
|
"created": "2019-06-26T18:45:54.000Z",
|
|
"modified": "2019-06-26T18:45:54.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9ab69867-6fa8-49ec-96f2-8276c622a426",
|
|
"target_ref": "x-misp-object--baca908c-f701-4c24-8c83-4b5840ba7558"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |