991 lines
No EOL
41 KiB
JSON
991 lines
No EOL
41 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--e6d2f7c9-c183-43c9-bd3c-3dcfbb34665c",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:48:11.000Z",
|
|
"modified": "2020-12-15T08:48:11.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--e6d2f7c9-c183-43c9-bd3c-3dcfbb34665c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:48:11.000Z",
|
|
"modified": "2020-12-15T08:48:11.000Z",
|
|
"name": "OSINT Threat Advisory: SolarWinds supply chain attack",
|
|
"published": "2020-12-15T08:48:30Z",
|
|
"object_refs": [
|
|
"indicator--c07901d2-ca25-4986-84c4-f45a3d4f9937",
|
|
"indicator--16bb46e1-e3ee-41a5-b1d4-b0adff96a433",
|
|
"indicator--432b2d64-6a64-404c-adf6-4bba616cbc7b",
|
|
"indicator--c2c90e65-9240-4223-92b1-5cdf29b413e6",
|
|
"indicator--b2f7c60c-95e0-41a0-94f6-a07b3aeb7ba3",
|
|
"indicator--c8dd6cd6-2013-4ca2-9662-bf47ec8fabe4",
|
|
"indicator--35eb0eb7-c945-41f5-85f2-ee28e4b088e6",
|
|
"indicator--a576de5e-3459-4748-abf7-e524283a2097",
|
|
"indicator--3889ee21-49be-459b-8c01-064532e02b75",
|
|
"indicator--00645cce-0a90-454f-bffa-42c82953f638",
|
|
"indicator--ea49694a-96f1-430d-b809-e4026a06db8c",
|
|
"indicator--ea94b805-134d-45b9-95e7-e35ac94579a7",
|
|
"indicator--4494738b-8193-49b7-9765-f594448319fb",
|
|
"indicator--b82f53a3-007d-44cc-ae1d-58b717e46126",
|
|
"indicator--70aa6792-60ef-41b3-972f-4d3ec5c3f717",
|
|
"indicator--cdff90cd-9e2e-4f54-929f-1836956a914c",
|
|
"indicator--d760f240-4654-4bb3-8bf5-9d33763e7c0f",
|
|
"indicator--ecd50b7b-338a-4e92-8531-6c99094f3de7",
|
|
"indicator--aff00f43-175b-4c0f-b347-fc140c8a8e87",
|
|
"indicator--64c1e9eb-0647-4333-9a10-f4bca1232aef",
|
|
"indicator--d108c2c1-5063-43da-b244-13b578932877",
|
|
"indicator--cbe65ce5-1942-493c-a528-d3a84ac0997f",
|
|
"indicator--23fe01ed-a5b5-419b-add3-4c69d41e2a96",
|
|
"observed-data--2d2d112b-d8d6-4402-b4e7-65e76744e1a1",
|
|
"url--2d2d112b-d8d6-4402-b4e7-65e76744e1a1",
|
|
"indicator--a20fef59-369c-49a0-8e44-90f88f0b4026",
|
|
"x-misp-object--f8629dcd-1aac-4818-a9ab-491c2344c795",
|
|
"indicator--094b634a-771e-4086-a212-7d72fb6b3989",
|
|
"x-misp-object--3fc73855-0ef4-4a27-8fc5-83b812d489eb",
|
|
"indicator--37dbabfb-262e-4835-889e-2e5595f7c0e4",
|
|
"x-misp-object--1b572e2c-d1ce-4cdf-a083-130a37e2db24",
|
|
"indicator--15a9eca3-03a5-49b3-ba45-63f381932aad",
|
|
"x-misp-object--1f475208-7094-488e-805e-9c3fdc643171",
|
|
"indicator--2daa2208-4a80-4d53-9e40-43714e196dc2",
|
|
"x-misp-object--3e830e40-5537-4262-8890-6662846770c8",
|
|
"relationship--ae10ee49-42b4-46e5-a0ea-bee32a94e9f9",
|
|
"relationship--109d480f-af8c-46f2-8207-9371e7616176",
|
|
"relationship--8c01bb76-1380-4143-b999-5845faf4dfcc",
|
|
"relationship--e22a6d3d-85b1-4cf0-b097-b3545527a30d",
|
|
"relationship--e4c94da8-c860-4b32-82b3-74b724b09f04"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c07901d2-ca25-4986-84c4-f45a3d4f9937",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'avsvmcloud.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--16bb46e1-e3ee-41a5-b1d4-b0adff96a433",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'zupertech.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--432b2d64-6a64-404c-adf6-4bba616cbc7b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'panhardware.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c2c90e65-9240-4223-92b1-5cdf29b413e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'databasegalore.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b2f7c60c-95e0-41a0-94f6-a07b3aeb7ba3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'incomeupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c8dd6cd6-2013-4ca2-9662-bf47ec8fabe4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'highdatabase.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--35eb0eb7-c945-41f5-85f2-ee28e4b088e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'websitetheme.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a576de5e-3459-4748-abf7-e524283a2097",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'freescanonline.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3889ee21-49be-459b-8c01-064532e02b75",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'virtualdataserver.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--00645cce-0a90-454f-bffa-42c82953f638",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'deftsecurity.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ea49694a-96f1-430d-b809-e4026a06db8c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'thedoccloud.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ea94b805-134d-45b9-95e7-e35ac94579a7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'digitalcollege.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4494738b-8193-49b7-9765-f594448319fb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'globalnetworkissues.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b82f53a3-007d-44cc-ae1d-58b717e46126",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'seobundlekit.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--70aa6792-60ef-41b3-972f-4d3ec5c3f717",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:20.000Z",
|
|
"modified": "2020-12-15T08:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'virtualwebdata.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cdff90cd-9e2e-4f54-929f-1836956a914c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:35.000Z",
|
|
"modified": "2020-12-15T08:16:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d760f240-4654-4bb3-8bf5-9d33763e7c0f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:35.000Z",
|
|
"modified": "2020-12-15T08:16:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ecd50b7b-338a-4e92-8531-6c99094f3de7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:35.000Z",
|
|
"modified": "2020-12-15T08:16:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ac1b2b89e60707a20e9eb1ca480bc3410ead40643b386d624c5d21b47c02917c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--aff00f43-175b-4c0f-b347-fc140c8a8e87",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:35.000Z",
|
|
"modified": "2020-12-15T08:16:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c09040d35630d75dfef0f804f320f8b3d16a481071076918e9b236a321c1ea77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--64c1e9eb-0647-4333-9a10-f4bca1232aef",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:35.000Z",
|
|
"modified": "2020-12-15T08:16:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d108c2c1-5063-43da-b244-13b578932877",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:35.000Z",
|
|
"modified": "2020-12-15T08:16:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cbe65ce5-1942-493c-a528-d3a84ac0997f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:35.000Z",
|
|
"modified": "2020-12-15T08:16:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--23fe01ed-a5b5-419b-add3-4c69d41e2a96",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:16:35.000Z",
|
|
"modified": "2020-12-15T08:16:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--2d2d112b-d8d6-4402-b4e7-65e76744e1a1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:17:01.000Z",
|
|
"modified": "2020-12-15T08:17:01.000Z",
|
|
"first_observed": "2020-12-15T08:17:01Z",
|
|
"last_observed": "2020-12-15T08:17:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--2d2d112b-d8d6-4402-b4e7-65e76744e1a1"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--2d2d112b-d8d6-4402-b4e7-65e76744e1a1",
|
|
"value": "https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a20fef59-369c-49a0-8e44-90f88f0b4026",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:18:26.000Z",
|
|
"modified": "2020-12-15T08:18:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = '02af7cec58b9a5da1c542b5a32151ba1' AND file:hashes.SHA1 = '1b476f58ca366b54f34d714ffce3fd73cc30db1a' AND file:hashes.SHA256 = 'd0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f8629dcd-1aac-4818-a9ab-491c2344c795",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:18:26.000Z",
|
|
"modified": "2020-12-15T08:18:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-12-15T08:08:23+00:00",
|
|
"category": "Other",
|
|
"uuid": "4b114d22-6e88-4edd-a380-447c957f6b00"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600/detection/f-d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600-1608019703",
|
|
"category": "Payload delivery",
|
|
"uuid": "3cc15b9f-7b5d-4772-947e-21f2deab16d6"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "6/48",
|
|
"category": "Payload delivery",
|
|
"uuid": "b0daaf8c-4ba1-464b-9dbe-e23adf6bbc9a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--094b634a-771e-4086-a212-7d72fb6b3989",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:18:26.000Z",
|
|
"modified": "2020-12-15T08:18:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2c4a910a1299cdae2a4e55988a2f102e' AND file:hashes.SHA1 = '2f1a5a7411d015d01aaee4535835400191645023' AND file:hashes.SHA256 = '019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3fc73855-0ef4-4a27-8fc5-83b812d489eb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:18:26.000Z",
|
|
"modified": "2020-12-15T08:18:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-12-15T08:07:29+00:00",
|
|
"category": "Other",
|
|
"uuid": "aabd4c40-51c2-44db-aff9-e22d42ff8073"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134/detection/f-019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134-1608019649",
|
|
"category": "Payload delivery",
|
|
"uuid": "2bd19d5b-2579-46b2-83e2-802aeb053746"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/69",
|
|
"category": "Payload delivery",
|
|
"uuid": "49603f27-23c5-47da-8b0c-d467bfaec90d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--37dbabfb-262e-4835-889e-2e5595f7c0e4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:18:26.000Z",
|
|
"modified": "2020-12-15T08:18:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = '56ceb6d0011d87b6e4d7023d7ef85676' AND file:hashes.SHA1 = '75af292f34789a1c782ea36c7127bf6106f595e8' AND file:hashes.SHA256 = 'c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1b572e2c-d1ce-4cdf-a083-130a37e2db24",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:18:26.000Z",
|
|
"modified": "2020-12-15T08:18:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-12-15T08:02:48+00:00",
|
|
"category": "Other",
|
|
"uuid": "6cc5b161-ca94-401a-ac7e-c88c80c83535"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71/detection/f-c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71-1608019368",
|
|
"category": "Payload delivery",
|
|
"uuid": "9e33a77b-2ac6-4575-89ff-6a8b4267ed01"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "39/68",
|
|
"category": "Payload delivery",
|
|
"uuid": "8aa4bec2-67e3-4f3b-979e-6ddc36335eeb"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--15a9eca3-03a5-49b3-ba45-63f381932aad",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:18:26.000Z",
|
|
"modified": "2020-12-15T08:18:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b91ce2fa41029f6955bff20079468448' AND file:hashes.SHA1 = '76640508b1e7759e548771a5359eaed353bf1eec' AND file:hashes.SHA256 = '32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1f475208-7094-488e-805e-9c3fdc643171",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:18:26.000Z",
|
|
"modified": "2020-12-15T08:18:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-12-15T08:06:06+00:00",
|
|
"category": "Other",
|
|
"uuid": "9f9f7467-bb1e-487e-a310-a356bbbba48c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77/detection/f-32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77-1608019566",
|
|
"category": "Payload delivery",
|
|
"uuid": "adaee742-60b7-4662-92b3-54c2ac7f0aa0"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/66",
|
|
"category": "Payload delivery",
|
|
"uuid": "6ac308e3-251a-40b6-9cd9-b0611bdfa5ab"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2daa2208-4a80-4d53-9e40-43714e196dc2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:18:26.000Z",
|
|
"modified": "2020-12-15T08:18:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = '846e27a652a5e1bfbd0ddd38a16dc865' AND file:hashes.SHA1 = 'd130bd75645c2433f88ac03e73395fba172ef676' AND file:hashes.SHA256 = 'ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-12-15T08:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3e830e40-5537-4262-8890-6662846770c8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-12-15T08:18:26.000Z",
|
|
"modified": "2020-12-15T08:18:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-12-15T08:11:50+00:00",
|
|
"category": "Other",
|
|
"uuid": "21cb4f65-7f18-4e2e-b9b7-c504ccb796c4"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/gui/file/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6/detection/f-ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6-1608019910",
|
|
"category": "Payload delivery",
|
|
"uuid": "47343bb3-e08d-48d2-b02d-e505db8558d9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/70",
|
|
"category": "Payload delivery",
|
|
"uuid": "b9305874-956b-4547-b2e2-75b94c05d537"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ae10ee49-42b4-46e5-a0ea-bee32a94e9f9",
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a20fef59-369c-49a0-8e44-90f88f0b4026",
|
|
"target_ref": "x-misp-object--f8629dcd-1aac-4818-a9ab-491c2344c795"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--109d480f-af8c-46f2-8207-9371e7616176",
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--094b634a-771e-4086-a212-7d72fb6b3989",
|
|
"target_ref": "x-misp-object--3fc73855-0ef4-4a27-8fc5-83b812d489eb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8c01bb76-1380-4143-b999-5845faf4dfcc",
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--37dbabfb-262e-4835-889e-2e5595f7c0e4",
|
|
"target_ref": "x-misp-object--1b572e2c-d1ce-4cdf-a083-130a37e2db24"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e22a6d3d-85b1-4cf0-b097-b3545527a30d",
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--15a9eca3-03a5-49b3-ba45-63f381932aad",
|
|
"target_ref": "x-misp-object--1f475208-7094-488e-805e-9c3fdc643171"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e4c94da8-c860-4b32-82b3-74b724b09f04",
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2daa2208-4a80-4d53-9e40-43714e196dc2",
|
|
"target_ref": "x-misp-object--3e830e40-5537-4262-8890-6662846770c8"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |