1298 lines
No EOL
57 KiB
JSON
1298 lines
No EOL
57 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5bb61071-d0ac-4b8a-8bba-4dc8950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:15:09.000Z",
|
|
"modified": "2018-10-04T19:15:09.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5bb61071-d0ac-4b8a-8bba-4dc8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:15:09.000Z",
|
|
"modified": "2018-10-04T19:15:09.000Z",
|
|
"name": "OSINT - Persirai: New Internet of Things (IoT) Botnet Targets IP Cameras",
|
|
"published": "2018-10-04T19:15:15Z",
|
|
"object_refs": [
|
|
"observed-data--5bb610da-7840-4316-b213-4905950d210f",
|
|
"url--5bb610da-7840-4316-b213-4905950d210f",
|
|
"x-misp-attribute--5bb612ca-8a64-47a5-a459-485e950d210f",
|
|
"indicator--5bb61739-32dc-44d3-bcf5-4c6d950d210f",
|
|
"indicator--5bb6173a-5bc8-4746-a7fd-425f950d210f",
|
|
"indicator--5bb6173f-60ec-47c3-b5da-4bd0950d210f",
|
|
"indicator--5bb61740-c0f8-4087-9811-4f8b950d210f",
|
|
"indicator--5bb61a03-6aa4-4b22-9f78-4283950d210f",
|
|
"indicator--5bb61a04-0544-461d-9635-46d1950d210f",
|
|
"indicator--5bb61a04-a6d4-4105-aae4-43c6950d210f",
|
|
"indicator--5bb61a05-85f4-4a0e-92c5-4370950d210f",
|
|
"indicator--5bb61a05-8904-4c4f-8a5a-4942950d210f",
|
|
"indicator--5bb61a09-8e34-41ee-a78d-4e7e950d210f",
|
|
"indicator--5bb61a0c-14e8-4a85-ba0d-4311950d210f",
|
|
"indicator--5bb61a0d-1720-4ec2-a1f0-4b6a950d210f",
|
|
"indicator--5bb61a0d-0208-4bc2-959a-42e2950d210f",
|
|
"indicator--5bb61a0e-500c-4155-825b-452b950d210f",
|
|
"indicator--5bb61a0e-dd6c-4fa2-b250-42c4950d210f",
|
|
"indicator--5bb61a0f-b75c-4b10-b14b-4d3d950d210f",
|
|
"indicator--5bb61a0f-06f0-4fb1-82eb-4ab6950d210f",
|
|
"indicator--5bb61a10-ab00-4133-8296-4a96950d210f",
|
|
"indicator--5bb61a10-469c-473e-ba93-459b950d210f",
|
|
"indicator--f309283e-f9b3-4936-9534-ef6866f23c40",
|
|
"x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7",
|
|
"indicator--12ef2bb3-f2ac-4266-b693-27631eae3930",
|
|
"x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5",
|
|
"indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0",
|
|
"x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd",
|
|
"indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9",
|
|
"x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b",
|
|
"indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8",
|
|
"x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7",
|
|
"indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435",
|
|
"x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa",
|
|
"indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0",
|
|
"x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96",
|
|
"indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb",
|
|
"x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175",
|
|
"indicator--ed841816-818e-4245-b6dd-f2309f700681",
|
|
"x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d",
|
|
"indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8",
|
|
"x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b",
|
|
"relationship--5a7efaa0-2bf1-4346-a510-bbd44233a699",
|
|
"relationship--bb8c223a-6926-408e-8b87-fdda271bf6f9",
|
|
"relationship--c1c85353-840e-4292-811f-1291798ae861",
|
|
"relationship--4a1efdb2-4371-452d-a04e-7752534916ef",
|
|
"relationship--69b0ad67-2a15-4a49-bb6a-b208357623c6",
|
|
"relationship--2fc6d954-bfb2-415b-909c-7a79839cf3be",
|
|
"relationship--aedf0a70-fea1-4eba-a280-de1546d3cf26",
|
|
"relationship--62ade72b-7540-406a-865c-29ff3bc93539",
|
|
"relationship--050ffd37-ae36-4d43-81b5-83a0f1f27d09",
|
|
"relationship--f2281fb1-0d20-48fe-944a-96976ea7f520"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"malware_classification:malware-category=\"Botnet\"",
|
|
"\tmalware_classification:malware-category=\"Botnet\"",
|
|
"misp-galaxy:botnet=\"Persirai\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5bb610da-7840-4316-b213-4905950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:11:09.000Z",
|
|
"modified": "2018-10-04T13:11:09.000Z",
|
|
"first_observed": "2018-10-04T13:11:09Z",
|
|
"last_observed": "2018-10-04T13:11:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5bb610da-7840-4316-b213-4905950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5bb610da-7840-4316-b213-4905950d210f",
|
|
"value": "https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5bb612ca-8a64-47a5-a459-485e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:17:07.000Z",
|
|
"modified": "2018-10-04T13:17:07.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "A new Internet of Things (IoT) botnet called Persirai (Detected by Trend Micro as ELF_PERSIRAI.A) has been discovered targeting over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products. This development comes on the heels of Mirai\u00e2\u20ac\u201dan open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras\u00e2\u20ac\u201das well as the Hajime botnet.\r\n\r\nWe detected approximately 120,000 IP cameras that are vulnerable to ELF_PERSIRAI.A via Shodan. Many of these vulnerable users are unaware that their IP Cameras are exposed to the internet."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61739-32dc-44d3-bcf5-4c6d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:35:53.000Z",
|
|
"modified": "2018-10-04T13:35:53.000Z",
|
|
"description": "C&C server",
|
|
"pattern": "[domain-name:value = 'load.gtpnet.ir']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:35:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb6173a-5bc8-4746-a7fd-425f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:35:54.000Z",
|
|
"modified": "2018-10-04T13:35:54.000Z",
|
|
"description": "C&C server",
|
|
"pattern": "[domain-name:value = 'ntp.gtpnet.ir']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:35:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb6173f-60ec-47c3-b5da-4bd0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:35:59.000Z",
|
|
"modified": "2018-10-04T13:35:59.000Z",
|
|
"description": "C&C server",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.62.189.232']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:35:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61740-c0f8-4087-9811-4f8b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:36:00.000Z",
|
|
"modified": "2018-10-04T13:36:00.000Z",
|
|
"description": "C&C server",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.85.38.103']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:36:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a03-6aa4-4b22-9f78-4283950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:47.000Z",
|
|
"modified": "2018-10-04T13:47:47.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = 'd00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a04-0544-461d-9635-46d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:48.000Z",
|
|
"modified": "2018-10-04T13:47:48.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = 'f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a04-a6d4-4105-aae4-43c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:48.000Z",
|
|
"modified": "2018-10-04T13:47:48.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = 'af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a05-85f4-4a0e-92c5-4370950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:49.000Z",
|
|
"modified": "2018-10-04T13:47:49.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = 'aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a05-8904-4c4f-8a5a-4942950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:49.000Z",
|
|
"modified": "2018-10-04T13:47:49.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = '4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a09-8e34-41ee-a78d-4e7e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:53.000Z",
|
|
"modified": "2018-10-04T13:47:53.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = '44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a0c-14e8-4a85-ba0d-4311950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:56.000Z",
|
|
"modified": "2018-10-04T13:47:56.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = 'a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a0d-1720-4ec2-a1f0-4b6a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:57.000Z",
|
|
"modified": "2018-10-04T13:47:57.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = '7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a0d-0208-4bc2-959a-42e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:57.000Z",
|
|
"modified": "2018-10-04T13:47:57.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = '4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a0e-500c-4155-825b-452b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:58.000Z",
|
|
"modified": "2018-10-04T13:47:58.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = '264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a0e-dd6c-4fa2-b250-42c4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:58.000Z",
|
|
"modified": "2018-10-04T13:47:58.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = 'ff5db7bdb4de17a77bd4a552f50f0e5488281cedc934fc3707833f90484ef66c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a0f-b75c-4b10-b14b-4d3d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:59.000Z",
|
|
"modified": "2018-10-04T13:47:59.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = 'ec2c39f1dfb75e7b33daceaeda4dbadb8efd9015a9b7e41d595bb28d2cd0180f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a0f-06f0-4fb1-82eb-4ab6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:47:59.000Z",
|
|
"modified": "2018-10-04T13:47:59.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = 'f736948bb4575c10a3175f0078a2b5d36cce1aa4cd635307d03c826e305a7489']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:47:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a10-ab00-4133-8296-4a96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:48:00.000Z",
|
|
"modified": "2018-10-04T13:48:00.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = 'e0b5c9f874f260c840766eb23c1f69828545d7820f959c8601c41c024044f02c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:48:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bb61a10-469c-473e-ba93-459b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T13:48:00.000Z",
|
|
"modified": "2018-10-04T13:48:00.000Z",
|
|
"description": "Hash detected as ELF_PERSIRAI.A:",
|
|
"pattern": "[file:hashes.SHA256 = '35317971e346e5b2a8401b2e66b9e62e371ce9532f816cb313216c3647973c32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T13:48:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f309283e-f9b3-4936-9534-ef6866f23c40",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:11:58.000Z",
|
|
"modified": "2018-10-04T19:11:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2f6e964b3f63b13831314c28185bb51a' AND file:hashes.SHA1 = 'a63417b889491466c912dfbb6d2a34ad27f2bcfe' AND file:hashes.SHA256 = '7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T19:11:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:11:56.000Z",
|
|
"modified": "2018-10-04T19:11:56.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-10-04T00:29:01",
|
|
"category": "Other",
|
|
"uuid": "7815ca32-703b-430e-a06f-dfb802b2617c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0/analysis/1538612941/",
|
|
"category": "External analysis",
|
|
"uuid": "b872dfe2-e6a4-46be-93cb-d2d39c54e961"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/57",
|
|
"category": "Other",
|
|
"uuid": "b977ae27-2ed8-42ea-af35-31fa7d975feb"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--12ef2bb3-f2ac-4266-b693-27631eae3930",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:00.000Z",
|
|
"modified": "2018-10-04T19:12:00.000Z",
|
|
"pattern": "[file:hashes.MD5 = '428111c22627e1d4ee87705251704422' AND file:hashes.SHA1 = 'ccc90bd76af9d4b538aa88715027dd062f7c946d' AND file:hashes.SHA256 = '264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T19:12:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:11:59.000Z",
|
|
"modified": "2018-10-04T19:11:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-10-04T00:35:09",
|
|
"category": "Other",
|
|
"uuid": "836c2dac-1246-4175-a7ac-ad7a3246570e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc/analysis/1538613309/",
|
|
"category": "External analysis",
|
|
"uuid": "34afc7f8-f731-4458-bea0-0a620d0b2948"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/59",
|
|
"category": "Other",
|
|
"uuid": "42f732a2-5783-4fe1-bf28-a299f63a6f65"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:03.000Z",
|
|
"modified": "2018-10-04T19:12:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9584b6aec418a2af4efac24867a8c7ec' AND file:hashes.SHA1 = '22a8faf351768596500dbe6e27c05ad55744da1d' AND file:hashes.SHA256 = 'af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T19:12:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:01.000Z",
|
|
"modified": "2018-10-04T19:12:01.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-28T00:22:07",
|
|
"category": "Other",
|
|
"uuid": "28299833-823a-4fae-9d26-936806282829"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb/analysis/1535415727/",
|
|
"category": "External analysis",
|
|
"uuid": "a8b600ec-a940-4775-8d5a-da5e6fb40637"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/59",
|
|
"category": "Other",
|
|
"uuid": "6ab72e91-286a-4e59-aed6-7ba109b77661"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:05.000Z",
|
|
"modified": "2018-10-04T19:12:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5ebeff1f005804bb8afef91095aac1d9' AND file:hashes.SHA1 = 'c92e07faaad26b4ac98f9cc0c5a24e60dcb25b8a' AND file:hashes.SHA256 = '4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T19:12:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:04.000Z",
|
|
"modified": "2018-10-04T19:12:04.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-10-04T00:40:15",
|
|
"category": "Other",
|
|
"uuid": "8f277ab7-05c6-46f8-909c-f3381f65afbc"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b/analysis/1538613615/",
|
|
"category": "External analysis",
|
|
"uuid": "656ad417-eede-4da8-b924-d1ac777d5cbe"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/59",
|
|
"category": "Other",
|
|
"uuid": "6b003f1f-e035-40ad-8331-3e79a4f9ed2e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:11.000Z",
|
|
"modified": "2018-10-04T19:12:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f620fb57352e6f393477a65101a4612e' AND file:hashes.SHA1 = '93515d7442d0240272b8d813b300219c53e88dfd' AND file:hashes.SHA256 = 'a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T19:12:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:10.000Z",
|
|
"modified": "2018-10-04T19:12:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-19T23:46:42",
|
|
"category": "Other",
|
|
"uuid": "3feaaa6c-1944-4d54-b928-151e02b9ba75"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92/analysis/1534722402/",
|
|
"category": "External analysis",
|
|
"uuid": "4456021c-dde7-45e4-bb39-a42c628b0d31"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/58",
|
|
"category": "Other",
|
|
"uuid": "e23bb428-95e6-414a-a60f-e666d298495e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:17.000Z",
|
|
"modified": "2018-10-04T19:12:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = '912681f6be51afa8c5ab36e691b88e74' AND file:hashes.SHA1 = '227d1aa69da8250ddbf8898863799e59bdfeb516' AND file:hashes.SHA256 = 'f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T19:12:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:15.000Z",
|
|
"modified": "2018-10-04T19:12:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-28T00:21:20",
|
|
"category": "Other",
|
|
"uuid": "9da3df4d-2a97-4c0f-b9a8-4ee1e3bf41fa"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a/analysis/1535415680/",
|
|
"category": "External analysis",
|
|
"uuid": "791bd56a-7de3-419e-9984-b3b8f1126ec6"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/59",
|
|
"category": "Other",
|
|
"uuid": "620bf26e-ce72-408a-a9fb-29c061e257be"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:19.000Z",
|
|
"modified": "2018-10-04T19:12:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7e1c3834c38984c34b6fd4c741ae3a21' AND file:hashes.SHA1 = '02b850450fcbcdd6b13f03b2121f124543480d62' AND file:hashes.SHA256 = 'd00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T19:12:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:18.000Z",
|
|
"modified": "2018-10-04T19:12:18.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-10-04T00:51:35",
|
|
"category": "Other",
|
|
"uuid": "50679951-11f3-4163-bca3-c1a71fc25d9f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45/analysis/1538614295/",
|
|
"category": "External analysis",
|
|
"uuid": "6a957d87-5bf5-4e47-9901-533d3be74a57"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/58",
|
|
"category": "Other",
|
|
"uuid": "b95271c3-bd73-4a19-ac07-58509fbe8fc6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:22.000Z",
|
|
"modified": "2018-10-04T19:12:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b2b129d84723d0ba2f803a546c8b19ae' AND file:hashes.SHA1 = '7a0485e52aa09f63d41e471fd736584c06c3dab6' AND file:hashes.SHA256 = '44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T19:12:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:20.000Z",
|
|
"modified": "2018-10-04T19:12:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-18T19:47:01",
|
|
"category": "Other",
|
|
"uuid": "a6d21e1e-4762-45a8-8397-1e40b79d6f0a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778/analysis/1537300021/",
|
|
"category": "External analysis",
|
|
"uuid": "25405b32-6b81-42dc-a247-ebc03f770730"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/58",
|
|
"category": "Other",
|
|
"uuid": "85bba342-833d-452d-ae52-93ca69be210c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ed841816-818e-4245-b6dd-f2309f700681",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:24.000Z",
|
|
"modified": "2018-10-04T19:12:24.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cfb80e0b1e3927ebc1069b8fdc468072' AND file:hashes.SHA1 = '64bd5ba88d7e7104dc1a5586171e83825815362d' AND file:hashes.SHA256 = '4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T19:12:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:24.000Z",
|
|
"modified": "2018-10-04T19:12:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-10-01T16:00:37",
|
|
"category": "Other",
|
|
"uuid": "960ff2ae-bf7a-49c3-ab42-4134855d21d9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a/analysis/1538409637/",
|
|
"category": "External analysis",
|
|
"uuid": "146485a6-71f5-41d8-800b-4ac4f679f33b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/58",
|
|
"category": "Other",
|
|
"uuid": "b5bc8306-34a2-4eb6-9dd5-893115f7c124"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:28.000Z",
|
|
"modified": "2018-10-04T19:12:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '10d899e46e0df86ba6e6a4754de331d9' AND file:hashes.SHA1 = '29aabf21557507699503251e8e19ff77ee61f1bc' AND file:hashes.SHA256 = 'aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-04T19:12:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-04T19:12:26.000Z",
|
|
"modified": "2018-10-04T19:12:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-10-04T00:21:25",
|
|
"category": "Other",
|
|
"uuid": "0911b7f8-578a-470b-a17b-1d302ea16696"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61/analysis/1538612485/",
|
|
"category": "External analysis",
|
|
"uuid": "b3cc844b-5bf3-4cb8-b122-eee753b95a86"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/58",
|
|
"category": "Other",
|
|
"uuid": "dd676758-854f-4bee-b4b2-4942e2c6efc7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5a7efaa0-2bf1-4346-a510-bbd44233a699",
|
|
"created": "2018-10-04T19:12:27.000Z",
|
|
"modified": "2018-10-04T19:12:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f309283e-f9b3-4936-9534-ef6866f23c40",
|
|
"target_ref": "x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--bb8c223a-6926-408e-8b87-fdda271bf6f9",
|
|
"created": "2018-10-04T19:12:27.000Z",
|
|
"modified": "2018-10-04T19:12:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--12ef2bb3-f2ac-4266-b693-27631eae3930",
|
|
"target_ref": "x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c1c85353-840e-4292-811f-1291798ae861",
|
|
"created": "2018-10-04T19:12:27.000Z",
|
|
"modified": "2018-10-04T19:12:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0",
|
|
"target_ref": "x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4a1efdb2-4371-452d-a04e-7752534916ef",
|
|
"created": "2018-10-04T19:12:27.000Z",
|
|
"modified": "2018-10-04T19:12:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9",
|
|
"target_ref": "x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--69b0ad67-2a15-4a49-bb6a-b208357623c6",
|
|
"created": "2018-10-04T19:12:28.000Z",
|
|
"modified": "2018-10-04T19:12:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8",
|
|
"target_ref": "x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2fc6d954-bfb2-415b-909c-7a79839cf3be",
|
|
"created": "2018-10-04T19:12:28.000Z",
|
|
"modified": "2018-10-04T19:12:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435",
|
|
"target_ref": "x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--aedf0a70-fea1-4eba-a280-de1546d3cf26",
|
|
"created": "2018-10-04T19:12:28.000Z",
|
|
"modified": "2018-10-04T19:12:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0",
|
|
"target_ref": "x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--62ade72b-7540-406a-865c-29ff3bc93539",
|
|
"created": "2018-10-04T19:12:28.000Z",
|
|
"modified": "2018-10-04T19:12:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb",
|
|
"target_ref": "x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--050ffd37-ae36-4d43-81b5-83a0f1f27d09",
|
|
"created": "2018-10-04T19:12:28.000Z",
|
|
"modified": "2018-10-04T19:12:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ed841816-818e-4245-b6dd-f2309f700681",
|
|
"target_ref": "x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f2281fb1-0d20-48fe-944a-96976ea7f520",
|
|
"created": "2018-10-04T19:12:28.000Z",
|
|
"modified": "2018-10-04T19:12:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8",
|
|
"target_ref": "x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |