1897 lines
No EOL
81 KiB
JSON
1897 lines
No EOL
81 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5c4073ea-ed74-44e6-8965-d558950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T22:03:33.000Z",
|
|
"modified": "2019-01-19T22:03:33.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5c4073ea-ed74-44e6-8965-d558950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T22:03:33.000Z",
|
|
"modified": "2019-01-19T22:03:33.000Z",
|
|
"name": "OSINT - LoJax Command and Control Domains Still Active",
|
|
"published": "2019-01-19T22:03:45Z",
|
|
"object_refs": [
|
|
"indicator--5c4086be-64b8-4bd7-9bde-4133950d210f",
|
|
"indicator--5c4086ce-51f8-4166-8b3d-43ac950d210f",
|
|
"observed-data--5c418157-ea48-4d37-ac79-4481950d210f",
|
|
"url--5c418157-ea48-4d37-ac79-4481950d210f",
|
|
"x-misp-attribute--5c418171-9b1c-4e7a-91e3-4601950d210f",
|
|
"observed-data--5c418304-bb5c-496b-af6e-4746950d210f",
|
|
"url--5c418304-bb5c-496b-af6e-4746950d210f",
|
|
"indicator--5c4094e8-764c-4fa5-909a-4263950d210f",
|
|
"indicator--5c409623-7d0c-40d6-bbfa-783a950d210f",
|
|
"indicator--5c409669-d874-4dde-b084-4413950d210f",
|
|
"indicator--5c409690-eb24-4ed7-9432-4f30950d210f",
|
|
"indicator--5c4096b4-d72c-4d97-bd48-4340950d210f",
|
|
"indicator--5c4096eb-f478-4fc6-af0a-4d14950d210f",
|
|
"indicator--5c4096fe-83e8-44d5-a92f-448e950d210f",
|
|
"indicator--5c409b6f-80cc-4575-8014-40c6950d210f",
|
|
"indicator--5c409b8a-5a68-4627-aea2-4057950d210f",
|
|
"indicator--5c409ba2-faec-4cd9-a7a7-4b9d950d210f",
|
|
"indicator--5c409bb8-5928-456d-878a-4808950d210f",
|
|
"indicator--5c409bcc-c698-4676-aa91-4a50950d210f",
|
|
"indicator--5c409be0-0444-46ce-9a2f-4421950d210f",
|
|
"indicator--5c409bf6-d2ac-4b78-ba89-4a9f950d210f",
|
|
"indicator--5c409c07-4290-4f04-bca2-465c950d210f",
|
|
"indicator--5c409c18-82fc-4c1a-8ced-4a39950d210f",
|
|
"indicator--5c409c27-eb6c-434d-9470-4008950d210f",
|
|
"indicator--5c4181f3-26ac-4683-959c-4963950d210f",
|
|
"indicator--5c41820a-50ec-4e25-861c-4fca950d210f",
|
|
"indicator--5c418254-1fac-4e5f-893a-41f3950d210f",
|
|
"indicator--5c41826d-9dc4-4ca9-b59d-40bb950d210f",
|
|
"indicator--5c41828e-a950-4db9-b0f6-4ea6950d210f",
|
|
"indicator--5c41971d-0cb4-4c90-9796-492e950d210f",
|
|
"indicator--5c419736-a020-4a84-a00b-26fd950d210f",
|
|
"indicator--5c41999a-f5ac-4de9-9edf-464c950d210f",
|
|
"indicator--5c419ad9-24f8-4b94-920e-2700950d210f",
|
|
"indicator--5c419b2e-9cdc-4f87-8923-02cb950d210f",
|
|
"indicator--5c41a24d-e8e8-486f-93db-4bfe950d210f",
|
|
"indicator--5c41a285-adfc-4031-99e5-6eb9950d210f",
|
|
"indicator--5c41a2c5-f610-48d8-b15c-27c6950d210f",
|
|
"indicator--5c41a361-5930-4a1d-a159-27c6950d210f",
|
|
"indicator--5c41a486-5a90-4519-9fe5-75ce950d210f",
|
|
"indicator--5c41a49b-1494-45d9-9d6d-27c6950d210f",
|
|
"indicator--5c41a4ba-6a98-4960-924e-27c6950d210f",
|
|
"indicator--5c41a4ce-5638-4983-9617-2700950d210f",
|
|
"indicator--5c41a4e0-f510-48a0-aacc-448e950d210f",
|
|
"indicator--5c41a4f5-4c84-41ce-b59a-756f950d210f",
|
|
"indicator--5c41a545-6a00-406f-8ba8-26ef950d210f",
|
|
"indicator--0183a1ab-460b-4b88-a77f-e844353725b1",
|
|
"x-misp-object--e52fff61-4c9f-4e5b-bef9-f697a478674b",
|
|
"indicator--f838d196-f90e-42fd-8f07-0caa8ed78366",
|
|
"x-misp-object--8f8eddca-664b-4af0-b628-2baa269d7911",
|
|
"indicator--221467e7-185f-41ed-b996-bcf9a001244b",
|
|
"x-misp-object--5f175674-cade-4221-9b5d-563c30550687",
|
|
"indicator--888dea54-bd23-4759-8388-d3b260a9fcc9",
|
|
"x-misp-object--eff9a551-2cf3-4a87-a1a5-1eefe8443ed8",
|
|
"indicator--46c70090-aefb-45f3-ae55-1cb02dcf0c80",
|
|
"x-misp-object--224f53ae-d99c-4db9-866d-091b185ce68f",
|
|
"indicator--422bdf76-7fbd-480d-8a3d-b33a00a3a9a8",
|
|
"x-misp-object--1d4b1ead-461d-45b0-97b6-9f2db3b56e5b",
|
|
"indicator--7670c107-8e0d-401c-97ef-0a252fe1ee01",
|
|
"x-misp-object--b5189a36-b545-4b84-85bd-7fa1fcb7b2f6",
|
|
"indicator--f16b2940-fed0-4041-8c0e-b9f10c4852f5",
|
|
"x-misp-object--5b89a33f-92b9-463c-a8ee-a47928a0138a",
|
|
"indicator--47f69294-e7fc-43f7-ab84-03cd4378f8ee",
|
|
"x-misp-object--c7b36f6d-7074-4856-bed8-1d54355e070f",
|
|
"indicator--0ef6b9ac-e1f1-4137-b43c-e23b80bdc36a",
|
|
"x-misp-object--fdac57c6-b04e-49a1-a105-aa8b1554ecbe",
|
|
"indicator--3fae5084-db01-4e77-b90f-380ffcc7e226",
|
|
"x-misp-object--f37f274c-d13a-4f4c-a4ad-a17c70eaf778",
|
|
"relationship--d6584816-92bd-49eb-8925-74e5b63a7d3e",
|
|
"relationship--2ec36d7c-cff0-40d1-8aa1-156081f73cd5",
|
|
"relationship--b39ed0a3-268b-422f-8b45-a762358f1b29",
|
|
"relationship--b47dcfae-a037-4b1c-bbb4-ed330bc80897",
|
|
"relationship--ec0f7ba3-a589-4a8c-97d0-8ec04614a03d",
|
|
"relationship--e9c3dc4f-c06c-4e67-8d49-aba7367a7a60",
|
|
"relationship--5922d8da-ca05-45e8-a53c-ef5bf1c6ac4a",
|
|
"relationship--55738534-a63f-4006-b147-2a29dba76499",
|
|
"relationship--3ef86bda-b488-4f52-8d3e-de11e8a34a36",
|
|
"relationship--25e1f5cf-757c-4ba5-af15-ac349e1b7d41",
|
|
"relationship--274d1231-69b6-4d2e-8fc4-a41d589cc15e"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:tool=\"LoJax\"",
|
|
"malware_classification:malware-category=\"Rootkit\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4086be-64b8-4bd7-9bde-4133950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T13:44:30.000Z",
|
|
"modified": "2019-01-17T13:44:30.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.148.184']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T13:44:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4086ce-51f8-4166-8b3d-43ac950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T13:44:46.000Z",
|
|
"modified": "2019-01-17T13:44:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.113.131.103']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T13:44:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5c418157-ea48-4d37-ac79-4481950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T07:34:44.000Z",
|
|
"modified": "2019-01-18T07:34:44.000Z",
|
|
"first_observed": "2019-01-18T07:34:44Z",
|
|
"last_observed": "2019-01-18T07:34:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5c418157-ea48-4d37-ac79-4481950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5c418157-ea48-4d37-ac79-4481950d210f",
|
|
"value": "https://www.bleepingcomputer.com/news/security/lojax-command-and-control-domains-still-active/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5c418171-9b1c-4e7a-91e3-4601950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T07:34:45.000Z",
|
|
"modified": "2019-01-18T07:34:45.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Security researchers have uncovered new details about the infrastructure used by LoJax UEFI rootkit used in attacks from APT28. The analysis revealed two command and control (C2) servers were still active in early 2019.\r\n\r\nLoJax rootkit is based on LoJack, a legitimate software that tracks and locates laptop, smartphone, or tablet devices. Its campaigns likely started towards the end of 2016, according to new research.\r\n\r\nBecause it has persistence on the system, LoJack was modified by the threat actors - APT28, also known as Fancy Bear, Sednit, Strontium, and Sofacy, to report to their server."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5c418304-bb5c-496b-af6e-4746950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T07:41:08.000Z",
|
|
"modified": "2019-01-18T07:41:08.000Z",
|
|
"first_observed": "2019-01-18T07:41:08Z",
|
|
"last_observed": "2019-01-18T07:41:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5c418304-bb5c-496b-af6e-4746950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5c418304-bb5c-496b-af6e-4746950d210f",
|
|
"value": "https://asert.arbornetworks.com/lojax-fancy-since-2016/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4094e8-764c-4fa5-909a-4263950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T14:44:56.000Z",
|
|
"modified": "2019-01-17T14:44:56.000Z",
|
|
"pattern": "[domain-name:value = 'moldstream.md' AND domain-name:resolves_to_refs[*].value = '185.181.102.201']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T14:44:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409623-7d0c-40d6-bbfa-783a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T14:50:11.000Z",
|
|
"modified": "2019-01-17T14:50:11.000Z",
|
|
"pattern": "[domain-name:value = 'webstp.com' AND domain-name:resolves_to_refs[*].value = '185.94.191.65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T14:50:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409669-d874-4dde-b084-4413950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T14:51:21.000Z",
|
|
"modified": "2019-01-17T14:51:21.000Z",
|
|
"pattern": "[domain-name:value = 'oiagives.com' AND domain-name:resolves_to_refs[*].value = '162.208.10.66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T14:51:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409690-eb24-4ed7-9432-4f30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T14:52:00.000Z",
|
|
"modified": "2019-01-17T14:52:00.000Z",
|
|
"pattern": "[domain-name:value = 'elaxo.org' AND domain-name:resolves_to_refs[*].value = '86.106.131.54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T14:52:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4096b4-d72c-4d97-bd48-4340950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T14:52:36.000Z",
|
|
"modified": "2019-01-17T14:52:36.000Z",
|
|
"pattern": "[domain-name:value = 'peacefund.eu' AND domain-name:resolves_to_refs[*].value = '185.183.107.40']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T14:52:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4096eb-f478-4fc6-af0a-4d14950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T14:53:31.000Z",
|
|
"modified": "2019-01-17T14:53:31.000Z",
|
|
"pattern": "[domain-name:value = 'jflynci.com' AND domain-name:resolves_to_refs[*].value = '185.86.151.104']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T14:53:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4096fe-83e8-44d5-a92f-448e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T14:53:50.000Z",
|
|
"modified": "2019-01-17T14:53:50.000Z",
|
|
"pattern": "[domain-name:value = 'hp-apps.com' AND domain-name:resolves_to_refs[*].value = '185.86.149.116']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T14:53:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409b6f-80cc-4575-8014-40c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T15:12:47.000Z",
|
|
"modified": "2019-01-17T15:12:47.000Z",
|
|
"pattern": "[domain-name:value = 'vsnet.co' AND domain-name:resolves_to_refs[*].value = '46.21.147.76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T15:12:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409b8a-5a68-4627-aea2-4057950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T15:13:14.000Z",
|
|
"modified": "2019-01-17T15:13:14.000Z",
|
|
"pattern": "[domain-name:value = 'remotepx.net' AND domain-name:resolves_to_refs[*].value = '85.204.124.77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T15:13:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409ba2-faec-4cd9-a7a7-4b9d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T15:13:38.000Z",
|
|
"modified": "2019-01-17T15:13:38.000Z",
|
|
"pattern": "[domain-name:value = 'sysanalyticweb.com' AND domain-name:resolves_to_refs[*].value = '54.37.104.106']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T15:13:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409bb8-5928-456d-878a-4808950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T15:14:00.000Z",
|
|
"modified": "2019-01-17T15:14:00.000Z",
|
|
"pattern": "[domain-name:value = 'unigymboom.com' AND domain-name:resolves_to_refs[*].value = '185.86.151.2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T15:14:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409bcc-c698-4676-aa91-4a50950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T15:14:20.000Z",
|
|
"modified": "2019-01-17T15:14:20.000Z",
|
|
"pattern": "[domain-name:value = 'treckanalytics.com' AND domain-name:resolves_to_refs[*].value = '94.177.12.150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T15:14:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409be0-0444-46ce-9a2f-4421950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T15:14:40.000Z",
|
|
"modified": "2019-01-17T15:14:40.000Z",
|
|
"pattern": "[domain-name:value = 'msfontserver.com' AND domain-name:resolves_to_refs[*].value = '179.43.158.20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T15:14:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409bf6-d2ac-4b78-ba89-4a9f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T15:15:02.000Z",
|
|
"modified": "2019-01-17T15:15:02.000Z",
|
|
"pattern": "[domain-name:value = 'oiatribe.com' AND domain-name:resolves_to_refs[*].value = '162.208.10.66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T15:15:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409c07-4290-4f04-bca2-465c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T15:15:19.000Z",
|
|
"modified": "2019-01-17T15:15:19.000Z",
|
|
"pattern": "[domain-name:value = 'ntpstatistics.com' AND domain-name:resolves_to_refs[*].value = '169.239.128.133']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T15:15:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409c18-82fc-4c1a-8ced-4a39950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T15:15:36.000Z",
|
|
"modified": "2019-01-17T15:15:36.000Z",
|
|
"pattern": "[domain-name:value = 'regvirt.com' AND domain-name:resolves_to_refs[*].value = '46.21.147.71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T15:15:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c409c27-eb6c-434d-9470-4008950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-17T15:15:51.000Z",
|
|
"modified": "2019-01-17T15:15:51.000Z",
|
|
"pattern": "[domain-name:value = 'visualrates.com' AND domain-name:resolves_to_refs[*].value = '169.239.129.121']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-17T15:15:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4181f3-26ac-4683-959c-4963950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T07:36:19.000Z",
|
|
"modified": "2019-01-18T07:36:19.000Z",
|
|
"pattern": "[domain-name:value = 'unigymboom.com' AND domain-name:resolves_to_refs[*].value = '185.86.151.2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T07:36:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41820a-50ec-4e25-861c-4fca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T07:36:42.000Z",
|
|
"modified": "2019-01-18T07:36:42.000Z",
|
|
"pattern": "[domain-name:value = 'ntpstatistics.com' AND domain-name:resolves_to_refs[*].value = '169.239.128.133']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T07:36:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c418254-1fac-4e5f-893a-41f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T07:37:56.000Z",
|
|
"modified": "2019-01-18T07:37:56.000Z",
|
|
"description": "Last Seen: Fall 2018",
|
|
"pattern": "[domain-name:value = 'moldstream.md' AND domain-name:resolves_to_refs[*].value = '185.181.102.201']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T07:37:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41826d-9dc4-4ca9-b59d-40bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T07:38:21.000Z",
|
|
"modified": "2019-01-18T07:38:21.000Z",
|
|
"description": "Last Seen: Fall 2018",
|
|
"pattern": "[domain-name:value = 'vsnet.co' AND domain-name:resolves_to_refs[*].value = '46.21.147.76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T07:38:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41828e-a950-4db9-b0f6-4ea6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T07:38:54.000Z",
|
|
"modified": "2019-01-18T07:38:54.000Z",
|
|
"description": "Last Seen: Fall 2018",
|
|
"pattern": "[domain-name:value = 'visualrates.com' AND domain-name:resolves_to_refs[*].value = '169.239.129.121']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T07:38:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41971d-0cb4-4c90-9796-492e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T09:06:37.000Z",
|
|
"modified": "2019-01-18T09:06:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '89503b7935a05b1d26cb26ce3793a3fb' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T09:06:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c419736-a020-4a84-a00b-26fd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T09:07:02.000Z",
|
|
"modified": "2019-01-18T09:07:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cffcae5c5551b4b9489fec5d56269d84' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T09:07:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41999a-f5ac-4de9-9edf-464c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T09:17:14.000Z",
|
|
"modified": "2019-01-18T09:17:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9be30e2c2e185ccb6cdbbf585d368393' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T09:17:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c419ad9-24f8-4b94-920e-2700950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T09:22:33.000Z",
|
|
"modified": "2019-01-18T09:22:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bda5f83ee4a6d64d1057f19a2a1ef071' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T09:22:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c419b2e-9cdc-4f87-8923-02cb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T09:23:58.000Z",
|
|
"modified": "2019-01-18T09:23:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f3c6e16f0dd2b0e55a7dad365c3877d4' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T09:23:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a24d-e8e8-486f-93db-4bfe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T09:54:21.000Z",
|
|
"modified": "2019-01-18T09:54:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '89503b7935a05b1d26cb26ce3793a3fb' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T09:54:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a285-adfc-4031-99e5-6eb9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T09:55:17.000Z",
|
|
"modified": "2019-01-18T09:55:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6eaa1ff5f33df3169c209f98cc5012d0' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T09:55:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a2c5-f610-48d8-b15c-27c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T09:56:21.000Z",
|
|
"modified": "2019-01-18T09:56:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cffcae5c5551b4b9489fec5d56269d84' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T09:56:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a361-5930-4a1d-a159-27c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T09:58:57.000Z",
|
|
"modified": "2019-01-18T09:58:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f1df1a795eb784f7bfc3ba9a7e3b00ac' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T09:58:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a486-5a90-4519-9fe5-75ce950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T10:03:49.000Z",
|
|
"modified": "2019-01-18T10:03:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e5db592704f30d42537b1257e79ff223' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T10:03:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a49b-1494-45d9-9d6d-27c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T10:04:11.000Z",
|
|
"modified": "2019-01-18T10:04:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f336379bd4a129f0851a24ccea47b4ec' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T10:04:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a4ba-6a98-4960-924e-27c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T10:04:42.000Z",
|
|
"modified": "2019-01-18T10:04:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9be30e2c2e185ccb6cdbbf585d368393' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T10:04:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a4ce-5638-4983-9617-2700950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T10:05:02.000Z",
|
|
"modified": "2019-01-18T10:05:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bda5f83ee4a6d64d1057f19a2a1ef071' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T10:05:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a4e0-f510-48a0-aacc-448e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T10:05:20.000Z",
|
|
"modified": "2019-01-18T10:05:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f3c6e16f0dd2b0e55a7dad365c3877d4' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T10:05:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a4f5-4c84-41ce-b59a-756f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T10:05:41.000Z",
|
|
"modified": "2019-01-18T10:05:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '73ea983ec9c39fb820d086acdf439c95' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T10:05:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c41a545-6a00-406f-8ba8-26ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-18T10:07:01.000Z",
|
|
"modified": "2019-01-18T10:07:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9157f70faaedf66688fc11f4abca83e2' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-18T10:07:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0183a1ab-460b-4b88-a77f-e844353725b1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:29.000Z",
|
|
"modified": "2019-01-19T10:22:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e5db592704f30d42537b1257e79ff223' AND file:hashes.SHA1 = '8e138eecea8e9937a83bffe100d842d6381b6bb1' AND file:hashes.SHA256 = 'eb4e174db15646f71cb1d2c471e5794a8429ca29369c8eff6042122cc6dc6845']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e52fff61-4c9f-4e5b-bef9-f697a478674b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:31.000Z",
|
|
"modified": "2019-01-19T10:22:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T08:36:32",
|
|
"category": "Other",
|
|
"uuid": "a6704321-e290-4989-a308-9e605e3e0a4c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/eb4e174db15646f71cb1d2c471e5794a8429ca29369c8eff6042122cc6dc6845/analysis/1547800592/",
|
|
"category": "External analysis",
|
|
"uuid": "250629a1-e3ff-40b7-aae8-80414a97eae7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/70",
|
|
"category": "Other",
|
|
"uuid": "6adf8b2b-48f5-4b2a-8b1f-61e509c7c596"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f838d196-f90e-42fd-8f07-0caa8ed78366",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:32.000Z",
|
|
"modified": "2019-01-19T10:22:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f1df1a795eb784f7bfc3ba9a7e3b00ac' AND file:hashes.SHA1 = '1470995de2278ae79646d524e7c311dad29aee17' AND file:hashes.SHA256 = 'e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8f8eddca-664b-4af0-b628-2baa269d7911",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:34.000Z",
|
|
"modified": "2019-01-19T10:22:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T08:36:31",
|
|
"category": "Other",
|
|
"uuid": "9504e767-143b-4297-8514-a1debd3bbff9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200/analysis/1547800591/",
|
|
"category": "External analysis",
|
|
"uuid": "32b1d16b-45e3-4c5c-8ee1-658e9bd6965e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/69",
|
|
"category": "Other",
|
|
"uuid": "592422d2-0cdf-49a7-90bd-135408d67248"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--221467e7-185f-41ed-b996-bcf9a001244b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:35.000Z",
|
|
"modified": "2019-01-19T10:22:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f336379bd4a129f0851a24ccea47b4ec' AND file:hashes.SHA1 = 'e923ac79046ffa06f67d3f4c567e84a82dd7ff1b' AND file:hashes.SHA256 = 'a97b1a792f7b53929a1c01bad9fc2bd606a15e8e32755daa15570e356baa0112']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5f175674-cade-4221-9b5d-563c30550687",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:36.000Z",
|
|
"modified": "2019-01-19T10:22:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T08:36:32",
|
|
"category": "Other",
|
|
"uuid": "c6f87315-ab4f-48f0-86ef-9b61391d4273"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a97b1a792f7b53929a1c01bad9fc2bd606a15e8e32755daa15570e356baa0112/analysis/1547800592/",
|
|
"category": "External analysis",
|
|
"uuid": "ca93a1c9-c4b9-44eb-bd71-4bc63a45b236"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/70",
|
|
"category": "Other",
|
|
"uuid": "1d18c466-d3b0-42b8-8de2-ce33a96b6537"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--888dea54-bd23-4759-8388-d3b260a9fcc9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:38.000Z",
|
|
"modified": "2019-01-19T10:22:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f3c6e16f0dd2b0e55a7dad365c3877d4' AND file:hashes.SHA1 = '397d97e278110a48bd2cb11bb5632b99a9100dbd' AND file:hashes.SHA256 = 'fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--eff9a551-2cf3-4a87-a1a5-1eefe8443ed8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:39.000Z",
|
|
"modified": "2019-01-19T10:22:39.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T08:36:28",
|
|
"category": "Other",
|
|
"uuid": "9d437d48-b476-4942-a6e4-9459946936dc"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27/analysis/1547800588/",
|
|
"category": "External analysis",
|
|
"uuid": "f203ee74-3433-4e80-859d-718a11b5d4bd"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/71",
|
|
"category": "Other",
|
|
"uuid": "00fa7630-9f60-47da-94c6-3d1a367df48d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--46c70090-aefb-45f3-ae55-1cb02dcf0c80",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:41.000Z",
|
|
"modified": "2019-01-19T10:22:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9be30e2c2e185ccb6cdbbf585d368393' AND file:hashes.SHA1 = '0860356913ac9e88dbaa8a76a69d9986b8265f81' AND file:hashes.SHA256 = '06976912957d4c0c7f5d3a478fc8f3dc2ef1057537bc1548554d6569add2ba3d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--224f53ae-d99c-4db9-866d-091b185ce68f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:44.000Z",
|
|
"modified": "2019-01-19T10:22:44.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T03:08:09",
|
|
"category": "Other",
|
|
"uuid": "1ffd3174-875e-4f29-857b-46948e494ede"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/06976912957d4c0c7f5d3a478fc8f3dc2ef1057537bc1548554d6569add2ba3d/analysis/1547780889/",
|
|
"category": "External analysis",
|
|
"uuid": "21a4038c-8022-409b-9cfd-13bd2cdb8331"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/70",
|
|
"category": "Other",
|
|
"uuid": "f9f0d052-430c-485c-962d-b4fb8cd592ba"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--422bdf76-7fbd-480d-8a3d-b33a00a3a9a8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:45.000Z",
|
|
"modified": "2019-01-19T10:22:45.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bda5f83ee4a6d64d1057f19a2a1ef071' AND file:hashes.SHA1 = 'f90ccf57e75923812c2c1da9f56166b36d1482be' AND file:hashes.SHA256 = '539cdc37c34eebb28a74f0dceeee0331e6ac6f4682e55fddd69d6f9de7ab9b77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1d4b1ead-461d-45b0-97b6-9f2db3b56e5b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:46.000Z",
|
|
"modified": "2019-01-19T10:22:46.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T08:36:27",
|
|
"category": "Other",
|
|
"uuid": "22b4afe9-fcbc-4514-be9d-d03e6240559f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/539cdc37c34eebb28a74f0dceeee0331e6ac6f4682e55fddd69d6f9de7ab9b77/analysis/1547800587/",
|
|
"category": "External analysis",
|
|
"uuid": "ee16baeb-2063-4ae6-929b-435aa3cc5dcc"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/70",
|
|
"category": "Other",
|
|
"uuid": "16209b4b-4483-49f4-a827-787e7152f0b5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7670c107-8e0d-401c-97ef-0a252fe1ee01",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:47.000Z",
|
|
"modified": "2019-01-19T10:22:47.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cffcae5c5551b4b9489fec5d56269d84' AND file:hashes.SHA1 = 'd578667c9222e7f7835694193576b6554a0bca89' AND file:hashes.SHA256 = 'aa5b25c969234e5c9a8e3aa7aefb9444f2cc95247b5b52ef83bf4a68032980ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b5189a36-b545-4b84-85bd-7fa1fcb7b2f6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:49.000Z",
|
|
"modified": "2019-01-19T10:22:49.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T03:08:10",
|
|
"category": "Other",
|
|
"uuid": "7791139b-3270-4b18-9d5a-55c7a141e9ea"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/aa5b25c969234e5c9a8e3aa7aefb9444f2cc95247b5b52ef83bf4a68032980ae/analysis/1547780890/",
|
|
"category": "External analysis",
|
|
"uuid": "e1199483-4503-4ab5-88e0-1b068dfcb4b9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/69",
|
|
"category": "Other",
|
|
"uuid": "8b1777c9-9cec-4425-850f-a064c4cc6b93"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f16b2940-fed0-4041-8c0e-b9f10c4852f5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:50.000Z",
|
|
"modified": "2019-01-19T10:22:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6eaa1ff5f33df3169c209f98cc5012d0' AND file:hashes.SHA1 = '10d571d66d3ab7b9ddf6a850cb9b8e38b07623c0' AND file:hashes.SHA256 = '27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5b89a33f-92b9-463c-a8ee-a47928a0138a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:51.000Z",
|
|
"modified": "2019-01-19T10:22:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T08:36:30",
|
|
"category": "Other",
|
|
"uuid": "e8cf1f25-1f71-440f-b3f7-9ebb31ef9e8e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9/analysis/1547800590/",
|
|
"category": "External analysis",
|
|
"uuid": "4faa67b5-4107-4e81-84cd-1c2c85331549"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/70",
|
|
"category": "Other",
|
|
"uuid": "2f5c8b59-15d5-4cfa-85e2-ae5a1f0697ff"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--47f69294-e7fc-43f7-ab84-03cd4378f8ee",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:53.000Z",
|
|
"modified": "2019-01-19T10:22:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = '73ea983ec9c39fb820d086acdf439c95' AND file:hashes.SHA1 = '09d2e2c26247a4a908952fee36b56b360561984f' AND file:hashes.SHA256 = '37f15647c26d475db805048d6592aa153533ac5f4373145c75e24012a51ad9f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c7b36f6d-7074-4856-bed8-1d54355e070f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:54.000Z",
|
|
"modified": "2019-01-19T10:22:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T08:36:35",
|
|
"category": "Other",
|
|
"uuid": "95b5ee4d-049d-4caf-b44b-d789e0ebe197"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/37f15647c26d475db805048d6592aa153533ac5f4373145c75e24012a51ad9f8/analysis/1547800595/",
|
|
"category": "External analysis",
|
|
"uuid": "d9824b54-e08e-4702-a90f-5219b5b9c584"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/72",
|
|
"category": "Other",
|
|
"uuid": "cdea349b-8070-4ba1-b7e5-0df2b88add75"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0ef6b9ac-e1f1-4137-b43c-e23b80bdc36a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:55.000Z",
|
|
"modified": "2019-01-19T10:22:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9157f70faaedf66688fc11f4abca83e2' AND file:hashes.SHA1 = 'b818e7a8cb699cd0fa4afcac50b9b7d82c13fa0a' AND file:hashes.SHA256 = 'a6d83fb30af84c18edf829ae4cc29c8c1bfb5eaaf61f9579d2d79c27bd37db59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--fdac57c6-b04e-49a1-a105-aa8b1554ecbe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:57.000Z",
|
|
"modified": "2019-01-19T10:22:57.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T03:08:10",
|
|
"category": "Other",
|
|
"uuid": "6e3fc311-0b1a-4804-9797-fbcfcb17f369"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a6d83fb30af84c18edf829ae4cc29c8c1bfb5eaaf61f9579d2d79c27bd37db59/analysis/1547780890/",
|
|
"category": "External analysis",
|
|
"uuid": "ad3fd8d1-f35e-45a7-a286-f0ef2f785902"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/69",
|
|
"category": "Other",
|
|
"uuid": "8d2cc288-1115-44cc-92ce-f4703eed8a9a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3fae5084-db01-4e77-b90f-380ffcc7e226",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:22:59.000Z",
|
|
"modified": "2019-01-19T10:22:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = '89503b7935a05b1d26cb26ce3793a3fb' AND file:hashes.SHA1 = '5bc901e9267fa7bb7b14943f5f0299a84a7ef519' AND file:hashes.SHA256 = '6d626c7f661b8cc477569e8e89bfe578770fca332beefea1ee49c20def97226e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-19T10:22:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f37f274c-d13a-4f4c-a4ad-a17c70eaf778",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-01-19T10:23:01.000Z",
|
|
"modified": "2019-01-19T10:23:01.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-18T03:08:11",
|
|
"category": "Other",
|
|
"uuid": "f7f35623-cc54-4d52-818a-bf9b5761f2c2"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6d626c7f661b8cc477569e8e89bfe578770fca332beefea1ee49c20def97226e/analysis/1547780891/",
|
|
"category": "External analysis",
|
|
"uuid": "b6c4c28d-1f46-43b2-a18c-f2ce8f84223c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/72",
|
|
"category": "Other",
|
|
"uuid": "9cc4fe98-6468-439c-9c43-5729ce13e7da"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d6584816-92bd-49eb-8925-74e5b63a7d3e",
|
|
"created": "2019-01-19T10:23:02.000Z",
|
|
"modified": "2019-01-19T10:23:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0183a1ab-460b-4b88-a77f-e844353725b1",
|
|
"target_ref": "x-misp-object--e52fff61-4c9f-4e5b-bef9-f697a478674b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2ec36d7c-cff0-40d1-8aa1-156081f73cd5",
|
|
"created": "2019-01-19T10:23:03.000Z",
|
|
"modified": "2019-01-19T10:23:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f838d196-f90e-42fd-8f07-0caa8ed78366",
|
|
"target_ref": "x-misp-object--8f8eddca-664b-4af0-b628-2baa269d7911"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b39ed0a3-268b-422f-8b45-a762358f1b29",
|
|
"created": "2019-01-19T10:23:03.000Z",
|
|
"modified": "2019-01-19T10:23:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--221467e7-185f-41ed-b996-bcf9a001244b",
|
|
"target_ref": "x-misp-object--5f175674-cade-4221-9b5d-563c30550687"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b47dcfae-a037-4b1c-bbb4-ed330bc80897",
|
|
"created": "2019-01-19T10:23:03.000Z",
|
|
"modified": "2019-01-19T10:23:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--888dea54-bd23-4759-8388-d3b260a9fcc9",
|
|
"target_ref": "x-misp-object--eff9a551-2cf3-4a87-a1a5-1eefe8443ed8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ec0f7ba3-a589-4a8c-97d0-8ec04614a03d",
|
|
"created": "2019-01-19T10:23:03.000Z",
|
|
"modified": "2019-01-19T10:23:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--46c70090-aefb-45f3-ae55-1cb02dcf0c80",
|
|
"target_ref": "x-misp-object--224f53ae-d99c-4db9-866d-091b185ce68f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e9c3dc4f-c06c-4e67-8d49-aba7367a7a60",
|
|
"created": "2019-01-19T10:23:03.000Z",
|
|
"modified": "2019-01-19T10:23:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--422bdf76-7fbd-480d-8a3d-b33a00a3a9a8",
|
|
"target_ref": "x-misp-object--1d4b1ead-461d-45b0-97b6-9f2db3b56e5b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5922d8da-ca05-45e8-a53c-ef5bf1c6ac4a",
|
|
"created": "2019-01-19T10:23:03.000Z",
|
|
"modified": "2019-01-19T10:23:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7670c107-8e0d-401c-97ef-0a252fe1ee01",
|
|
"target_ref": "x-misp-object--b5189a36-b545-4b84-85bd-7fa1fcb7b2f6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--55738534-a63f-4006-b147-2a29dba76499",
|
|
"created": "2019-01-19T10:23:03.000Z",
|
|
"modified": "2019-01-19T10:23:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f16b2940-fed0-4041-8c0e-b9f10c4852f5",
|
|
"target_ref": "x-misp-object--5b89a33f-92b9-463c-a8ee-a47928a0138a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3ef86bda-b488-4f52-8d3e-de11e8a34a36",
|
|
"created": "2019-01-19T10:23:04.000Z",
|
|
"modified": "2019-01-19T10:23:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--47f69294-e7fc-43f7-ab84-03cd4378f8ee",
|
|
"target_ref": "x-misp-object--c7b36f6d-7074-4856-bed8-1d54355e070f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--25e1f5cf-757c-4ba5-af15-ac349e1b7d41",
|
|
"created": "2019-01-19T10:23:04.000Z",
|
|
"modified": "2019-01-19T10:23:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0ef6b9ac-e1f1-4137-b43c-e23b80bdc36a",
|
|
"target_ref": "x-misp-object--fdac57c6-b04e-49a1-a105-aa8b1554ecbe"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--274d1231-69b6-4d2e-8fc4-a41d589cc15e",
|
|
"created": "2019-01-19T10:23:04.000Z",
|
|
"modified": "2019-01-19T10:23:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3fae5084-db01-4e77-b90f-380ffcc7e226",
|
|
"target_ref": "x-misp-object--f37f274c-d13a-4f4c-a4ad-a17c70eaf778"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |