4351 lines
No EOL
186 KiB
JSON
4351 lines
No EOL
186 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5b6d858f-6cb0-4a06-b826-57f5950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:20:28.000Z",
|
|
"modified": "2018-10-03T11:20:28.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5b6d858f-6cb0-4a06-b826-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:20:28.000Z",
|
|
"modified": "2018-10-03T11:20:28.000Z",
|
|
"name": "OSINT - Skygofree: Following in the footsteps of HackingTeam",
|
|
"published": "2018-10-03T11:22:15Z",
|
|
"object_refs": [
|
|
"observed-data--5b6d869f-b8cc-460b-99fa-a199950d210f",
|
|
"url--5b6d869f-b8cc-460b-99fa-a199950d210f",
|
|
"x-misp-attribute--5b6d8769-acd4-435a-a6d6-7e1e950d210f",
|
|
"observed-data--5b6d8809-0244-4327-9791-7cfd950d210f",
|
|
"url--5b6d8809-0244-4327-9791-7cfd950d210f",
|
|
"indicator--5b6d8916-d718-4b4a-8a41-57f5950d210f",
|
|
"indicator--5b6d8917-bcbc-4524-b1bc-57f5950d210f",
|
|
"indicator--5b6d8917-1438-4e0f-8fd5-57f5950d210f",
|
|
"indicator--5b6d8918-3c0c-4fca-a73b-57f5950d210f",
|
|
"indicator--5b6d8918-9248-4584-902d-57f5950d210f",
|
|
"indicator--5b6d8919-3f18-4f18-9ba5-57f5950d210f",
|
|
"indicator--5b6d8919-a254-4b06-b0ab-57f5950d210f",
|
|
"indicator--5b6d891a-f264-4f58-bab4-57f5950d210f",
|
|
"indicator--5b6d891a-c58c-46e2-8cc5-57f5950d210f",
|
|
"indicator--5b6d891a-3414-4db2-bca9-57f5950d210f",
|
|
"indicator--5b6d891b-ad98-4150-85ad-57f5950d210f",
|
|
"indicator--5b6d891c-2734-4ee8-9fc0-57f5950d210f",
|
|
"indicator--5b6d891e-fdc4-42d3-ba1a-57f5950d210f",
|
|
"indicator--5b6d891f-558c-4449-864e-57f5950d210f",
|
|
"indicator--5b6d8920-9a20-4b37-9365-57f5950d210f",
|
|
"indicator--5b6d8921-5af0-41ca-b69f-57f5950d210f",
|
|
"indicator--5b6d8923-6370-4714-ba67-57f5950d210f",
|
|
"indicator--5b6d8924-b234-44da-a068-57f5950d210f",
|
|
"indicator--5b6d8925-2c00-4026-82e3-57f5950d210f",
|
|
"indicator--5b6d8d91-1b94-4522-8633-cbfc950d210f",
|
|
"indicator--5b6d90f1-3bf4-4746-a265-4d62950d210f",
|
|
"indicator--5b6d9fab-3cf0-4839-8421-cc8c950d210f",
|
|
"indicator--5b6da192-aa4c-4141-9993-b712950d210f",
|
|
"indicator--5b6da23b-5980-40d9-b40e-fc18950d210f",
|
|
"indicator--5b6da2c9-e668-4985-a4c1-a1dd950d210f",
|
|
"indicator--5b6da343-5348-45c3-88f4-4756950d210f",
|
|
"indicator--5b6da485-3f88-4f5a-90e6-4750950d210f",
|
|
"indicator--5b6da4fd-d71c-4b44-883c-b711950d210f",
|
|
"indicator--5b6da52c-53d8-4052-832e-7cfd950d210f",
|
|
"indicator--5b6da574-aeb4-4d95-af75-7d0f950d210f",
|
|
"indicator--5b6da5a9-55e4-4e73-b66d-e737950d210f",
|
|
"indicator--5b6da5da-1b0c-41b0-b0d9-a198950d210f",
|
|
"indicator--5b6da61e-8dd4-4656-ba3b-cbf1950d210f",
|
|
"indicator--5b7e9771-afcc-4953-9591-a3d0950d210f",
|
|
"indicator--5b7ea118-b9ec-4598-b96a-49b7950d210f",
|
|
"indicator--5b7ea243-31a0-4e2b-bb58-4fbe950d210f",
|
|
"indicator--5b8d3a80-f2b8-475d-8b6d-4d87950d210f",
|
|
"indicator--5b8d3a82-73ec-481e-b96e-4136950d210f",
|
|
"indicator--5b8d3a86-ad44-4523-8f8a-49a7950d210f",
|
|
"indicator--5b8d3a8a-a3cc-42f1-8c76-4b5a950d210f",
|
|
"indicator--5b8d3a8f-57dc-43f8-87db-466b950d210f",
|
|
"indicator--5b8d3a93-9ca4-4dee-8a6d-4b53950d210f",
|
|
"indicator--5b8d3a98-2cf4-4a25-a3a9-4d8d950d210f",
|
|
"indicator--5b8d3a9c-86d4-4eab-afab-46a4950d210f",
|
|
"indicator--5b8d3aa0-c450-4c78-a711-4162950d210f",
|
|
"indicator--5b8d3aa5-59f8-40ba-bcfd-461a950d210f",
|
|
"indicator--5b8d3aa9-402c-476e-8a8f-41b7950d210f",
|
|
"indicator--5b8d3aad-c6b0-4bf4-b585-46e3950d210f",
|
|
"indicator--5b8d3ab2-e240-442e-b612-4ac6950d210f",
|
|
"indicator--5b8d3ab6-a73c-4f1d-982c-4590950d210f",
|
|
"indicator--5b8d3aba-54d0-4e0a-8721-42ce950d210f",
|
|
"observed-data--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9",
|
|
"network-traffic--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9",
|
|
"ipv4-addr--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9",
|
|
"observed-data--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9",
|
|
"network-traffic--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9",
|
|
"ipv4-addr--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9",
|
|
"observed-data--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9",
|
|
"network-traffic--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9",
|
|
"ipv4-addr--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9",
|
|
"observed-data--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9",
|
|
"network-traffic--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9",
|
|
"ipv4-addr--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9",
|
|
"observed-data--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9",
|
|
"network-traffic--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9",
|
|
"ipv4-addr--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9",
|
|
"observed-data--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9",
|
|
"network-traffic--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9",
|
|
"ipv4-addr--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9",
|
|
"observed-data--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9",
|
|
"network-traffic--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9",
|
|
"ipv4-addr--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9",
|
|
"observed-data--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9",
|
|
"network-traffic--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9",
|
|
"ipv4-addr--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9",
|
|
"observed-data--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9",
|
|
"network-traffic--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9",
|
|
"ipv4-addr--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9",
|
|
"indicator--5b6d8b20-12a8-4910-aeae-57f5950d210f",
|
|
"indicator--5b6d8bac-aa38-4fd7-b277-7d0f950d210f",
|
|
"indicator--5b6d8c99-441c-4305-9431-4a6f950d210f",
|
|
"observed-data--5b6d908d-7b7c-48a2-9f5d-cc41950d210f",
|
|
"file--5b6d908d-7b7c-48a2-9f5d-cc41950d210f",
|
|
"directory--5b7e9b4a-76d0-4f5e-9f37-fc04950d210f",
|
|
"indicator--5b6d923b-1720-4be7-a432-cc41950d210f",
|
|
"indicator--5b6d92d3-3150-429c-8aaa-b711950d210f",
|
|
"indicator--5b6d9322-cf1c-4259-bed4-a179950d210f",
|
|
"indicator--5b6d9345-e134-4ff7-ae7d-cd92950d210f",
|
|
"indicator--5b6d93f0-8528-4aa3-b1ea-4666950d210f",
|
|
"indicator--5b6d942f-1c14-47ff-92c6-cc71950d210f",
|
|
"indicator--5b6d9459-7168-46b5-b31c-cc71950d210f",
|
|
"indicator--5b6d9480-6300-4946-a56c-cc54950d210f",
|
|
"indicator--5b6d94ae-15c4-4c52-a4b0-a1de950d210f",
|
|
"indicator--5b6d94fd-4258-4009-9aaf-cc71950d210f",
|
|
"indicator--5b6d952c-48a4-4f24-8b5f-7cfd950d210f",
|
|
"indicator--5b6d956a-4d40-426d-baaa-a197950d210f",
|
|
"indicator--5b6d9595-20e0-4fe6-add9-cc54950d210f",
|
|
"indicator--5b6d9b83-f57c-49d1-8d6e-cc8c950d210f",
|
|
"indicator--5b6d9c4f-7290-45f0-ac9e-cbf1950d210f",
|
|
"indicator--5b6d9d0f-9fbc-47c4-b8ef-fc06950d210f",
|
|
"indicator--5b6d9d6d-1848-48ca-8d1c-cd99950d210f",
|
|
"indicator--5b6d9e03-619c-4049-9557-7cfd950d210f",
|
|
"indicator--5b6d9e59-14a8-4925-a9c1-cc8c950d210f",
|
|
"indicator--5b6d9e85-048c-4c1a-ace7-fc06950d210f",
|
|
"indicator--5b6d9eae-1e14-48eb-95ae-e737950d210f",
|
|
"indicator--5b6d9ed4-4744-46d8-bf6b-cd92950d210f",
|
|
"indicator--5b6d9ef9-33e0-49f8-afc4-a1dd950d210f",
|
|
"indicator--5b6d9f15-302c-4528-b5b7-e737950d210f",
|
|
"observed-data--5b6da0bc-5908-45f0-a3cb-7d2f950d210f",
|
|
"file--5b6da0bc-5908-45f0-a3cb-7d2f950d210f",
|
|
"directory--5b7e9b99-3d00-433e-b666-441e950d210f",
|
|
"observed-data--5b6da202-2654-49e0-93dd-a1dd950d210f",
|
|
"file--5b6da202-2654-49e0-93dd-a1dd950d210f",
|
|
"observed-data--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f",
|
|
"file--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f",
|
|
"directory--5b7e9bd8-8ef0-40c5-b985-4835950d210f",
|
|
"observed-data--5b6da326-0c08-44a0-90be-fc18950d210f",
|
|
"file--5b6da326-0c08-44a0-90be-fc18950d210f",
|
|
"directory--5b7e99bd-a06c-44b8-85de-4dbd950d210f",
|
|
"vulnerability--5b7141f1-ca14-400c-879d-8bd7950d210f",
|
|
"indicator--5b7ea077-cfbc-4059-9ac0-4554950d210f",
|
|
"vulnerability--5b8d2e5e-fd90-47bd-941d-4e98950d210f",
|
|
"vulnerability--5b8d306d-ed34-4a9c-9350-49ca950d210f",
|
|
"vulnerability--5b8d34d9-a7ac-407e-8faf-4357950d210f",
|
|
"vulnerability--5b8d38fc-abb0-4860-8182-73ee950d210f",
|
|
"indicator--ef468365-addd-40d5-a24d-543722f12e93",
|
|
"x-misp-object--68dc24db-7625-4d35-b6d3-c6fb1283bf18",
|
|
"indicator--6ccf462a-1c20-452a-be71-cfe9936ed3ba",
|
|
"x-misp-object--d2f2004d-2309-4a22-99cd-031a09bde2f1",
|
|
"indicator--7d3abf61-6c8e-47c1-93eb-d9f5103a9d5e",
|
|
"x-misp-object--b822f813-8192-409c-8ccc-27c368ce781a",
|
|
"indicator--cacbd9c4-03d0-435d-ad3c-a31a568e8d8e",
|
|
"x-misp-object--60d09241-1457-4f27-8c62-a010c19eeb21",
|
|
"indicator--93f7c2d4-3eda-4a19-aba6-b3bdb34be6c6",
|
|
"x-misp-object--fa8c321e-5cde-45bb-a01c-7e2a2a09b969",
|
|
"indicator--6bf27c78-9d3b-4926-9c37-ec97cf90fee5",
|
|
"x-misp-object--22999236-217f-4117-ae67-135d962de74e",
|
|
"indicator--a4995eaf-38d1-4aed-a189-061d8ad9eb5b",
|
|
"x-misp-object--28a0ab9f-4372-42ba-bea6-9a437f2c55e6",
|
|
"indicator--19019d95-d653-45c4-a76a-e1d0514ea188",
|
|
"x-misp-object--a6f536ba-7227-4404-a445-3859005c2d85",
|
|
"indicator--dddd50b2-9d97-476a-864e-021d7986d6fb",
|
|
"x-misp-object--497f5b93-ac74-4869-b34e-e18258a06405",
|
|
"indicator--f43d2055-c298-4014-b16c-cb31bb84171b",
|
|
"x-misp-object--f9620a5e-f529-47ca-b57b-52959ee91051",
|
|
"indicator--aa457e4c-9f49-4f78-84ec-5d60a7c157a2",
|
|
"x-misp-object--8af76320-edcc-4b95-bdbd-bf638bd1e369",
|
|
"indicator--790fef27-93cc-4a9f-803a-b320db0dee95",
|
|
"x-misp-object--f234144d-1765-4cf4-b8ad-6d6f1a2b6472",
|
|
"indicator--6ff856c9-fa6e-454c-ba8c-0fc21d5cc864",
|
|
"x-misp-object--41755892-e078-4a46-87e8-1f5e2677e25c",
|
|
"indicator--09391239-3536-4168-8f87-72ae9d533bef",
|
|
"x-misp-object--d85d218a-03c1-40d8-9b3f-b88bb3f6e132",
|
|
"indicator--bd4d9903-64a2-48b5-9aca-8daaf2bcc0ee",
|
|
"x-misp-object--57bf09f8-10dd-40e1-b635-be7748f76773",
|
|
"indicator--1e7e2181-e880-4274-9ddf-f8daa44549c7",
|
|
"x-misp-object--084b441e-ce8b-4086-ad6c-0ef1e2b2c78b",
|
|
"indicator--43892c3f-9a1b-466c-9bee-8e397cfe7d99",
|
|
"x-misp-object--d57f6827-03ab-40da-9465-a87640bda410",
|
|
"relationship--a97497b8-7a83-4a47-a5e8-e4eff10d1e7a",
|
|
"relationship--5bd58753-f32d-4252-a2af-c3ec89c13add",
|
|
"relationship--7e6f345c-fe5a-4592-a548-65062c1877b9",
|
|
"relationship--80f29524-944c-4a23-95ba-cd5717d8b25d",
|
|
"relationship--acc4351d-b80e-4d1a-871a-f8bf46b5d43f",
|
|
"relationship--f2a95e94-0190-49d3-93c1-a0e6f5227a77",
|
|
"relationship--22521344-bb3a-45b0-b53d-0ddb465300bf",
|
|
"relationship--12b7af8b-34ec-4d11-aa66-a45a835380f5",
|
|
"relationship--a81b4b36-ee65-4f97-9144-e495c9101a5a",
|
|
"relationship--c2190276-b5c2-4a60-8584-75363511be51",
|
|
"relationship--40a87a6b-db91-4520-8e8f-c133ffacaf6e",
|
|
"relationship--8dd7f160-5ae3-4698-bb0b-ca659a6a03a3",
|
|
"relationship--9aa80da9-b1f0-4130-aff4-76f8b25b5ae0",
|
|
"relationship--382cd718-fe8f-4e31-a5fc-f8bf4600b123",
|
|
"relationship--3be94ff5-92d1-493a-9b3b-327875409c17",
|
|
"relationship--19b86e35-4e49-4b44-be00-6cf45c7d9768",
|
|
"relationship--af26ba1f-943c-4726-a8fb-6b7d8af73c43",
|
|
"relationship--5ebf4fa1-ca09-4070-b91d-66162de0469d",
|
|
"relationship--822bb641-ac05-476a-9d71-1899a61bd4cd",
|
|
"relationship--6911bfbc-e02e-4849-9274-25699dfcd560",
|
|
"relationship--430ebdb0-51d7-49cf-a098-309ab774063b",
|
|
"relationship--7d8f6d90-b6ba-436f-8c18-f37991ac9a56",
|
|
"relationship--cfb48e7b-f238-46cc-9482-6e38b1d9d0a5",
|
|
"relationship--3495e346-8dcf-4156-9608-4c18d962ae9f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"misp-galaxy:android=\"Skygofree\"",
|
|
"Android Malware",
|
|
"ms-caro-malware:malware-platform=\"AndroidOS\"",
|
|
"ms-caro-malware-full:malware-platform=\"AndroidOS\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5b6d869f-b8cc-460b-99fa-a199950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:39:40.000Z",
|
|
"modified": "2018-08-10T12:39:40.000Z",
|
|
"first_observed": "2018-08-10T12:39:40Z",
|
|
"last_observed": "2018-08-10T12:39:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5b6d869f-b8cc-460b-99fa-a199950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5b6d869f-b8cc-460b-99fa-a199950d210f",
|
|
"value": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5b6d8769-acd4-435a-a6d6-7e1e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:39:56.000Z",
|
|
"modified": "2018-08-10T12:39:56.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago \u00e2\u20ac\u201c at the end of 2014. Since then, the implant\u00e2\u20ac\u2122s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals.\r\nWe observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active. The activities continue: the most recently observed domain was registered on October 31, 2017. Based on our KSN statistics, there are several infected individuals, exclusively in Italy.\r\nMoreover, as we dived deeper into the investigation, we discovered several spyware tools for Windows that form an implant for exfiltrating sensitive data on a targeted machine. The version we found was built at the beginning of 2017, and at the moment we are not sure whether this implant has been used in the wild.We named the malware Skygofree, because we found the word in one of the domains*"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5b6d8809-0244-4327-9791-7cfd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:42:12.000Z",
|
|
"modified": "2018-08-10T12:42:12.000Z",
|
|
"first_observed": "2018-08-10T12:42:12Z",
|
|
"last_observed": "2018-08-10T12:42:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5b6d8809-0244-4327-9791-7cfd950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"technical-report\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5b6d8809-0244-4327-9791-7cfd950d210f",
|
|
"value": "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07164028/Skygofree_appendix_eng.pdf"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8916-d718-4b4a-8a41-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:14.000Z",
|
|
"modified": "2018-08-10T12:46:14.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = '119.network']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8917-bcbc-4524-b1bc-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:15.000Z",
|
|
"modified": "2018-08-10T12:46:15.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = '119.business']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8917-1438-4e0f-8fd5-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:15.000Z",
|
|
"modified": "2018-08-10T12:46:15.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'timbox.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8918-3c0c-4fca-a73b-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:16.000Z",
|
|
"modified": "2018-08-10T12:46:16.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'vodafoneinfinity.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8918-9248-4584-902d-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:16.000Z",
|
|
"modified": "2018-08-10T12:46:16.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'vodafone.press']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8919-3f18-4f18-9ba5-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:17.000Z",
|
|
"modified": "2018-08-10T12:46:17.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'voda.mobi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8919-a254-4b06-b0ab-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:17.000Z",
|
|
"modified": "2018-08-10T12:46:17.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = '190.network']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d891a-f264-4f58-bab4-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:18.000Z",
|
|
"modified": "2018-08-10T12:46:18.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'tre.support']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d891a-c58c-46e2-8cc5-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:18.000Z",
|
|
"modified": "2018-08-10T12:46:18.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = '3g.mobi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d891a-3414-4db2-bca9-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:18.000Z",
|
|
"modified": "2018-08-10T12:46:18.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'h3g.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d891b-ad98-4150-85ad-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:19.000Z",
|
|
"modified": "2018-08-10T12:46:19.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'h3g.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d891c-2734-4ee8-9fc0-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:20.000Z",
|
|
"modified": "2018-08-10T12:46:20.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = '155wind.mobi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d891e-fdc4-42d3-ba1a-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:22.000Z",
|
|
"modified": "2018-08-10T12:46:22.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'wind.support']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d891f-558c-4449-864e-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:23.000Z",
|
|
"modified": "2018-08-10T12:46:23.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'windupdate.serveftp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8920-9a20-4b37-9365-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:24.000Z",
|
|
"modified": "2018-08-10T12:46:24.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'skygofree.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8921-5af0-41ca-b69f-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:25.000Z",
|
|
"modified": "2018-08-10T12:46:25.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'digimobil.mobi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8923-6370-4714-ba67-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:27.000Z",
|
|
"modified": "2018-08-10T12:46:27.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'kenamobile.mobi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8924-b234-44da-a068-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:28.000Z",
|
|
"modified": "2018-08-10T12:46:28.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'lycamobile.mobi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8925-2c00-4026-82e3-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:46:29.000Z",
|
|
"modified": "2018-08-10T12:46:29.000Z",
|
|
"description": "Domains related to distribution campaign",
|
|
"pattern": "[domain-name:value = 'postemobile.help']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:46:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8d91-1b94-4522-8633-cbfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:05:21.000Z",
|
|
"modified": "2018-08-10T13:05:21.000Z",
|
|
"description": "Platform Android, Comment and Control Server",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.13.133']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:05:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d90f1-3bf4-4746-a265-4d62950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:14:23.000Z",
|
|
"modified": "2018-10-03T11:14:23.000Z",
|
|
"pattern": "[mutex:name = 'mutex_var_AU']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-03T11:14:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9fab-3cf0-4839-8421-cc8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:14:23.000Z",
|
|
"modified": "2018-10-03T11:14:23.000Z",
|
|
"pattern": "[mutex:name = 'mutex_var_K']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-03T11:14:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da192-aa4c-4141-9993-b712950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:14:23.000Z",
|
|
"modified": "2018-10-03T11:14:23.000Z",
|
|
"pattern": "[mutex:name = 'mutex_var_xboz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-03T11:14:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da23b-5980-40d9-b40e-fc18950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:14:23.000Z",
|
|
"modified": "2018-10-03T11:14:23.000Z",
|
|
"pattern": "[mutex:name = 'mutex_var_SE']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-03T11:14:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da2c9-e668-4985-a4c1-a1dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:14:23.000Z",
|
|
"modified": "2018-10-03T11:14:23.000Z",
|
|
"pattern": "[mutex:name = 'mutex_var_scren']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-03T11:14:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da343-5348-45c3-88f4-4756950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:14:23.000Z",
|
|
"modified": "2018-10-03T11:14:23.000Z",
|
|
"pattern": "[mutex:name = 'mutex_var_Re_v_5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-10-03T11:14:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da485-3f88-4f5a-90e6-4750950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:44:11.000Z",
|
|
"modified": "2018-08-10T14:44:11.000Z",
|
|
"description": "Platform Android, Comment and Control Server",
|
|
"pattern": "[domain-name:value = 'url.plus']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:44:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da4fd-d71c-4b44-883c-b711950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:45:17.000Z",
|
|
"modified": "2018-08-10T14:45:17.000Z",
|
|
"description": "Platform Android, Comment and Control Server",
|
|
"pattern": "[domain-name:value = 'negg.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:45:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da52c-53d8-4052-832e-7cfd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:46:35.000Z",
|
|
"modified": "2018-08-10T14:46:35.000Z",
|
|
"description": "Platform Android, Comment and Control Server",
|
|
"pattern": "[domain-name:value = 'negg1.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:46:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da574-aeb4-4d95-af75-7d0f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:47:16.000Z",
|
|
"modified": "2018-08-10T14:47:16.000Z",
|
|
"description": "Platform Android, Comment and Control Server",
|
|
"pattern": "[domain-name:value = 'negg2.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:47:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da5a9-55e4-4e73-b66d-e737950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:48:09.000Z",
|
|
"modified": "2018-08-10T14:48:09.000Z",
|
|
"description": "Platform Android, Comment and Control Server",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.3.197.89']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:48:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da5da-1b0c-41b0-b0d9-a198950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:48:58.000Z",
|
|
"modified": "2018-08-10T14:48:58.000Z",
|
|
"description": "Platforms Android and Windows, Comment and Control Server",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.67.109.199']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:48:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6da61e-8dd4-4656-ba3b-cbf1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:50:06.000Z",
|
|
"modified": "2018-08-10T14:50:06.000Z",
|
|
"description": "Platform Windows, Comment and Control Server",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.21.172.8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:50:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b7e9771-afcc-4953-9591-a3d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-23T11:16:01.000Z",
|
|
"modified": "2018-08-23T11:16:01.000Z",
|
|
"description": "Address to download the parser payload",
|
|
"pattern": "[url:value = 'http://url.plus/Updates/tt/parser.apk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-23T11:16:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b7ea118-b9ec-4598-b96a-49b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-23T11:57:44.000Z",
|
|
"modified": "2018-08-23T11:57:44.000Z",
|
|
"description": "After launch of skype_sync2.exe it downloads a codec for MP3 encoding directly from this address.",
|
|
"pattern": "[url:value = 'http://54.67.109.199/skype_resource/libmp3lame.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-23T11:57:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b7ea243-31a0-4e2b-bb58-4fbe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-23T12:03:08.000Z",
|
|
"modified": "2018-08-23T12:03:08.000Z",
|
|
"description": "The skype_sync2.exe module has the following PDB string:",
|
|
"pattern": "[file:name = '\\\\\\\\vmware-host\\\\Shared Folders\\\\dati\\\\Backup\\\\Projects\\\\REcodin_2\\\\REcodin_2\\\\obj\\\\x86\\\\Release\\\\REcodin_2.pdb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-23T12:03:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3a80-f2b8-475d-8b6d-4d87950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:43:28.000Z",
|
|
"modified": "2018-09-03T13:43:28.000Z",
|
|
"pattern": "[url:value = 'http://217.194.13.133/tre/internet/Configuratore_3.apk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:43:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3a82-73ec-481e-b96e-4136950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:43:30.000Z",
|
|
"modified": "2018-09-03T13:43:30.000Z",
|
|
"pattern": "[url:value = 'http://217.194.13.133/tre/internet/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:43:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3a86-ad44-4523-8f8a-49a7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:43:34.000Z",
|
|
"modified": "2018-09-03T13:43:34.000Z",
|
|
"pattern": "[url:value = 'http://217.194.13.133/appPro_AC.apk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:43:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3a8a-a3cc-42f1-8c76-4b5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:43:38.000Z",
|
|
"modified": "2018-09-03T13:43:38.000Z",
|
|
"pattern": "[url:value = 'http://217.194.13.133/190/configurazione/vodafone/smartphone/VODAFONE\\\\%20Configuratore\\\\%20v5_4_2.apk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:43:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3a8f-57dc-43f8-87db-466b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:43:43.000Z",
|
|
"modified": "2018-09-03T13:43:43.000Z",
|
|
"pattern": "[url:value = 'http://217.194.13.133/190/configurazione/vodafone/smartphone/index.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:43:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3a93-9ca4-4dee-8a6d-4b53950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:43:47.000Z",
|
|
"modified": "2018-09-03T13:43:47.000Z",
|
|
"pattern": "[url:value = 'http://217.194.13.133/190/configurazione/vodafone/smartphone/Vodafone\\\\%20Configuratore.apk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:43:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3a98-2cf4-4a25-a3a9-4d8d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:43:52.000Z",
|
|
"modified": "2018-09-03T13:43:52.000Z",
|
|
"pattern": "[url:value = 'http://vodafoneinfinity.sytes.net/tim/internet/Configuratore_TIM.apk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:43:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3a9c-86d4-4eab-afab-46a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:43:56.000Z",
|
|
"modified": "2018-09-03T13:43:56.000Z",
|
|
"pattern": "[url:value = 'http://vodafoneinfinity.sytes.net/tim/internet/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:43:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3aa0-c450-4c78-a711-4162950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:44:00.000Z",
|
|
"modified": "2018-09-03T13:44:00.000Z",
|
|
"pattern": "[url:value = 'http://vodafoneinfinity.sytes.net/190/configurazione/vodafone/smartphone/VODAFONE\\\\%20Configuratore\\\\%20v5_4_2.apk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:44:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3aa5-59f8-40ba-bcfd-461a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:44:05.000Z",
|
|
"modified": "2018-09-03T13:44:05.000Z",
|
|
"pattern": "[url:value = 'http://vodafoneinfinity.sytes.net/190/configurazione/vodafone/smartphone/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:44:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3aa9-402c-476e-8a8f-41b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:44:09.000Z",
|
|
"modified": "2018-09-03T13:44:09.000Z",
|
|
"pattern": "[url:value = 'http://windupdate.serveftp.com/wind/LTE/WIND\\\\%20Configuratore\\\\%20v5_4_2.apk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:44:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3aad-c6b0-4bf4-b585-46e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:44:13.000Z",
|
|
"modified": "2018-09-03T13:44:13.000Z",
|
|
"pattern": "[url:value = 'http://windupdate.serveftp.com/wind/LTE/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:44:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3ab2-e240-442e-b612-4ac6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:44:18.000Z",
|
|
"modified": "2018-09-03T13:44:18.000Z",
|
|
"pattern": "[url:value = 'http://119.network/lte/Internet-TIM-4G-LTE.apk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:44:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3ab6-a73c-4f1d-982c-4590950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:44:22.000Z",
|
|
"modified": "2018-09-03T13:44:22.000Z",
|
|
"pattern": "[url:value = 'http://119.network/lte/download.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:44:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b8d3aba-54d0-4e0a-8721-42ce950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:44:26.000Z",
|
|
"modified": "2018-09-03T13:44:26.000Z",
|
|
"pattern": "[url:value = 'http://119.network/lte/Configuratore_TIM.apk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-03T13:44:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:15:14.000Z",
|
|
"modified": "2018-10-03T11:15:14.000Z",
|
|
"first_observed": "2018-10-03T11:15:14Z",
|
|
"last_observed": "2018-10-03T11:15:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9",
|
|
"ipv4-addr--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9",
|
|
"src_ref": "ipv4-addr--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9",
|
|
"value": "52.88.53.237"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:15:16.000Z",
|
|
"modified": "2018-10-03T11:15:16.000Z",
|
|
"first_observed": "2018-10-03T11:15:16Z",
|
|
"last_observed": "2018-10-03T11:15:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9",
|
|
"ipv4-addr--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9",
|
|
"src_ref": "ipv4-addr--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9",
|
|
"value": "184.168.221.13"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:15:17.000Z",
|
|
"modified": "2018-10-03T11:15:17.000Z",
|
|
"first_observed": "2018-10-03T11:15:17Z",
|
|
"last_observed": "2018-10-03T11:15:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9",
|
|
"ipv4-addr--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9",
|
|
"src_ref": "ipv4-addr--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9",
|
|
"value": "184.168.221.21"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:15:21.000Z",
|
|
"modified": "2018-10-03T11:15:21.000Z",
|
|
"first_observed": "2018-10-03T11:15:21Z",
|
|
"last_observed": "2018-10-03T11:15:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9",
|
|
"ipv4-addr--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9",
|
|
"src_ref": "ipv4-addr--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9",
|
|
"value": "184.168.221.12"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:15:22.000Z",
|
|
"modified": "2018-10-03T11:15:22.000Z",
|
|
"first_observed": "2018-10-03T11:15:22Z",
|
|
"last_observed": "2018-10-03T11:15:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9",
|
|
"ipv4-addr--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9",
|
|
"src_ref": "ipv4-addr--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9",
|
|
"value": "208.109.232.108"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:15:23.000Z",
|
|
"modified": "2018-10-03T11:15:23.000Z",
|
|
"first_observed": "2018-10-03T11:15:23Z",
|
|
"last_observed": "2018-10-03T11:15:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9",
|
|
"ipv4-addr--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9",
|
|
"src_ref": "ipv4-addr--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9",
|
|
"value": "184.168.221.61"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:15:23.000Z",
|
|
"modified": "2018-10-03T11:15:23.000Z",
|
|
"first_observed": "2018-10-03T11:15:23Z",
|
|
"last_observed": "2018-10-03T11:15:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9",
|
|
"ipv4-addr--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9",
|
|
"src_ref": "ipv4-addr--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9",
|
|
"value": "50.63.202.56"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:15:24.000Z",
|
|
"modified": "2018-10-03T11:15:24.000Z",
|
|
"first_observed": "2018-10-03T11:15:24Z",
|
|
"last_observed": "2018-10-03T11:15:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9",
|
|
"ipv4-addr--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9",
|
|
"src_ref": "ipv4-addr--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9",
|
|
"value": "184.168.221.23"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:15:25.000Z",
|
|
"modified": "2018-10-03T11:15:25.000Z",
|
|
"first_observed": "2018-10-03T11:15:25Z",
|
|
"last_observed": "2018-10-03T11:15:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9",
|
|
"ipv4-addr--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9",
|
|
"src_ref": "ipv4-addr--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9",
|
|
"value": "144.217.82.94"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8b20-12a8-4910-aeae-57f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:54:56.000Z",
|
|
"modified": "2018-08-10T12:54:56.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = '0bc28ac5f2cadd524e7f443e06ad2a2b' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:54:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8bac-aa38-4fd7-b277-7d0f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T12:57:16.000Z",
|
|
"modified": "2018-08-10T12:57:16.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = '39fca709b416d8da592de3a3f714dce8' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T12:57:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d8c99-441c-4305-9431-4a6f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:01:13.000Z",
|
|
"modified": "2018-08-10T13:01:13.000Z",
|
|
"description": "Android payload",
|
|
"pattern": "[file:hashes.MD5 = '6964866106c0a353a7b91b580933c5d6' AND file:name = 'update_reb.zip' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:01:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5b6d908d-7b7c-48a2-9f5d-cc41950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-23T11:32:29.000Z",
|
|
"modified": "2018-08-23T11:32:29.000Z",
|
|
"first_observed": "2018-08-23T11:32:29Z",
|
|
"last_observed": "2018-08-23T11:32:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5b6d908d-7b7c-48a2-9f5d-cc41950d210f",
|
|
"directory--5b7e9b4a-76d0-4f5e-9f37-fc04950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"False\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5b6d908d-7b7c-48a2-9f5d-cc41950d210f",
|
|
"name": "system.exe",
|
|
"parent_directory_ref": "directory--5b7e9b4a-76d0-4f5e-9f37-fc04950d210f",
|
|
"x_misp_state": "Malicious"
|
|
},
|
|
{
|
|
"type": "directory",
|
|
"spec_version": "2.1",
|
|
"id": "directory--5b7e9b4a-76d0-4f5e-9f37-fc04950d210f",
|
|
"path": "%APPDATA%/myupd/aud/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d923b-1720-4be7-a432-cc41950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:25:15.000Z",
|
|
"modified": "2018-08-10T13:25:15.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = '70a937b2504b3ad6c623581424c7e53d' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:25:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d92d3-3150-429c-8aaa-b711950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:27:47.000Z",
|
|
"modified": "2018-08-10T13:27:47.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = 'c091489a82263899d02b363b289a37f6' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:27:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9322-cf1c-4259-bed4-a179950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:29:06.000Z",
|
|
"modified": "2018-08-10T13:29:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e12b9af5df1c638ef5a099961ffbe344' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:29:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9345-e134-4ff7-ae7d-cd92950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:29:41.000Z",
|
|
"modified": "2018-08-10T13:29:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '708445b8d358c254e861effffd4f819b' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:29:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d93f0-8528-4aa3-b1ea-4666950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:32:32.000Z",
|
|
"modified": "2018-08-10T13:32:32.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = '3f0e8a3ad9fab04377b8e9a57a26f972' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:32:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d942f-1c14-47ff-92c6-cc71950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:33:35.000Z",
|
|
"modified": "2018-08-10T13:33:35.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = 'd574d0049f797611589803643a8aa3c3' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:33:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9459-7168-46b5-b31c-cc71950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:34:17.000Z",
|
|
"modified": "2018-08-10T13:34:17.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = '6414f4bfbdd08d70c40b107e86276dbb' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:34:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9480-6300-4946-a56c-cc54950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:34:56.000Z",
|
|
"modified": "2018-08-10T13:34:56.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = '90f26adb324a8b36d2cafdd755aa1e61' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:34:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d94ae-15c4-4c52-a4b0-a1de950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:35:42.000Z",
|
|
"modified": "2018-08-10T13:35:42.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = 'a2a8e8ac6f5fa5801395252e11afb356' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:35:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d94fd-4258-4009-9aaf-cc71950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:37:01.000Z",
|
|
"modified": "2018-08-10T13:37:01.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = 'ce241b48377ca216d8f2017991c1cef0' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:37:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d952c-48a4-4f24-8b5f-7cfd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:37:48.000Z",
|
|
"modified": "2018-08-10T13:37:48.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = '0be2b5394dafb76efc54bd6113ac8689' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:37:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d956a-4d40-426d-baaa-a197950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:38:50.000Z",
|
|
"modified": "2018-08-10T13:38:50.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = 'd99a3c4348c88cdfa59e90d1b3b94fc3' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:38:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9595-20e0-4fe6-add9-cc54950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T13:39:33.000Z",
|
|
"modified": "2018-08-10T13:39:33.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = 'a287a434a0d40833d3ebf5808950b858' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T13:39:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9b83-f57c-49d1-8d6e-cc8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:08:42.000Z",
|
|
"modified": "2018-08-10T14:08:42.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = '7e6cb66a3623258444639d1fc2fd533f' AND file:name = 'update_set.zip' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9c4f-7290-45f0-ac9e-cbf1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:08:15.000Z",
|
|
"modified": "2018-08-10T14:08:15.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = 'd9c7349e807e0f12eaa67b2de522954f' AND file:name = 'update_set.zip' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:08:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9d0f-9fbc-47c4-b8ef-fc06950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:11:27.000Z",
|
|
"modified": "2018-08-10T14:11:27.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = '2c21f61a8df19d07fd0f42b631151517' AND file:name = 'update_dev.zip' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:11:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9d6d-1848-48ca-8d1c-cd99950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:13:01.000Z",
|
|
"modified": "2018-08-10T14:13:01.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = '4f76bdfc40529984bf8e8a05d665cef8' AND file:name = 'parser.apk' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:13:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9e03-619c-4049-9557-7cfd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:15:31.000Z",
|
|
"modified": "2018-08-10T14:15:31.000Z",
|
|
"description": "Android",
|
|
"pattern": "[file:hashes.MD5 = 'e2d6f1263000086e3146d5b5a3b78038' AND file:name = 'startup.arm64-v8a.zip' AND file:name = 'startup.armeabi.zip' AND file:name = 'startup.armeabi-v7a.zip' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:15:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9e59-14a8-4925-a9c1-cc8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-23T11:19:46.000Z",
|
|
"modified": "2018-08-23T11:19:46.000Z",
|
|
"description": "Windows",
|
|
"pattern": "[file:hashes.MD5 = '55fb01048b6287eadcbd9a0f86d21adf' AND file:name = 'msconf.exe' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-23T11:19:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9e85-048c-4c1a-ace7-fc06950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:17:41.000Z",
|
|
"modified": "2018-08-10T14:17:41.000Z",
|
|
"description": "Windows",
|
|
"pattern": "[file:hashes.MD5 = 'f673bb1d519138ced7659484c0b66c5b' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:17:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9eae-1e14-48eb-95ae-e737950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:18:22.000Z",
|
|
"modified": "2018-08-10T14:18:22.000Z",
|
|
"description": "Windows",
|
|
"pattern": "[file:hashes.MD5 = 'd3baa45ed342fbc5a56d974d36d5f73f' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:18:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9ed4-4744-46d8-bf6b-cd92950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:19:00.000Z",
|
|
"modified": "2018-08-10T14:19:00.000Z",
|
|
"description": "Windows",
|
|
"pattern": "[file:hashes.MD5 = '395f9f87df728134b5e3c1ca4d48e9fa' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:19:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9ef9-33e0-49f8-afc4-a1dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:19:37.000Z",
|
|
"modified": "2018-08-10T14:19:37.000Z",
|
|
"description": "Windows",
|
|
"pattern": "[file:hashes.MD5 = '16311b16fd48c1c87c6476a455093e7a' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:19:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b6d9f15-302c-4528-b5b7-e737950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:20:05.000Z",
|
|
"modified": "2018-08-10T14:20:05.000Z",
|
|
"description": "Windows",
|
|
"pattern": "[file:hashes.MD5 = '6bcc3559d7405f25ea403317353d905f' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-10T14:20:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5b6da0bc-5908-45f0-a3cb-7d2f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-23T11:33:47.000Z",
|
|
"modified": "2018-08-23T11:33:47.000Z",
|
|
"first_observed": "2018-08-23T11:33:47Z",
|
|
"last_observed": "2018-08-23T11:33:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5b6da0bc-5908-45f0-a3cb-7d2f950d210f",
|
|
"directory--5b7e9b99-3d00-433e-b666-441e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"False\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5b6da0bc-5908-45f0-a3cb-7d2f950d210f",
|
|
"name": "update.exe",
|
|
"parent_directory_ref": "directory--5b7e9b99-3d00-433e-b666-441e950d210f",
|
|
"x_misp_state": "Malicious"
|
|
},
|
|
{
|
|
"type": "directory",
|
|
"spec_version": "2.1",
|
|
"id": "directory--5b7e9b99-3d00-433e-b666-441e950d210f",
|
|
"path": "%APPDATA%/myupd/txt/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5b6da202-2654-49e0-93dd-a1dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-10T14:34:20.000Z",
|
|
"modified": "2018-08-10T14:34:20.000Z",
|
|
"first_observed": "2018-08-10T14:34:20Z",
|
|
"last_observed": "2018-08-10T14:34:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5b6da202-2654-49e0-93dd-a1dd950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"False\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5b6da202-2654-49e0-93dd-a1dd950d210f",
|
|
"name": "network.exe",
|
|
"x_misp_state": "Malicious"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-23T11:34:50.000Z",
|
|
"modified": "2018-08-23T11:34:50.000Z",
|
|
"first_observed": "2018-08-23T11:34:50Z",
|
|
"last_observed": "2018-08-23T11:34:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f",
|
|
"directory--5b7e9bd8-8ef0-40c5-b985-4835950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"False\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f",
|
|
"name": "wow.exe",
|
|
"parent_directory_ref": "directory--5b7e9bd8-8ef0-40c5-b985-4835950d210f",
|
|
"x_misp_state": "Malicious"
|
|
},
|
|
{
|
|
"type": "directory",
|
|
"spec_version": "2.1",
|
|
"id": "directory--5b7e9bd8-8ef0-40c5-b985-4835950d210f",
|
|
"path": "%APPDATA%/myupd/scr/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5b6da326-0c08-44a0-90be-fc18950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-23T11:25:51.000Z",
|
|
"modified": "2018-08-23T11:25:51.000Z",
|
|
"first_observed": "2018-08-23T11:25:51Z",
|
|
"last_observed": "2018-08-23T11:25:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5b6da326-0c08-44a0-90be-fc18950d210f",
|
|
"directory--5b7e99bd-a06c-44b8-85de-4dbd950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"False\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5b6da326-0c08-44a0-90be-fc18950d210f",
|
|
"name": "msconf.exe",
|
|
"parent_directory_ref": "directory--5b7e99bd-a06c-44b8-85de-4dbd950d210f",
|
|
"x_misp_state": "Malicious"
|
|
},
|
|
{
|
|
"type": "directory",
|
|
"spec_version": "2.1",
|
|
"id": "directory--5b7e99bd-a06c-44b8-85de-4dbd950d210f",
|
|
"path": "%APPDATA%/myupd/gen/"
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5b7141f1-ca14-400c-879d-8bd7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-10-03T11:18:33.000Z",
|
|
"modified": "2018-10-03T11:18:33.000Z",
|
|
"name": "CVE-2013-2094",
|
|
"description": "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2013-2094"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://cve.circl.lu/cve/CVE-2013-2094"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
|
|
}
|
|
],
|
|
"x_misp_cvss_score": "7.2",
|
|
"x_misp_modified": "2017-01-06T21:59:00",
|
|
"x_misp_published": "2013-05-14T16:55:00",
|
|
"x_misp_state": "Published",
|
|
"x_misp_vulnerable_configuration": "Linux Kernel 3.8.8\r\nLinux Kernel 3.8.4\r\nLinux Kernel 3.8.1\r\nLinux Kernel 3.8.0\r\nLinux Kernel 3.8.2"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b7ea077-cfbc-4059-9ac0-4554950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-08-23T11:58:58.000Z",
|
|
"modified": "2018-08-23T11:58:58.000Z",
|
|
"description": "Main purpose of this module is to exfiltrate Skype call recordings. Written in .Net. ",
|
|
"pattern": "[file:hashes.MD5 = '6bcc3559d7405f25ea403317353d905f' AND file:name = 'skype_sync2.exe' AND file:parent_directory_ref.path = '\\\\%APPDATA\\\\%/myupd/skype/' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-08-23T11:58:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5b8d2e5e-fd90-47bd-941d-4e98950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T12:51:42.000Z",
|
|
"modified": "2018-09-03T12:51:42.000Z",
|
|
"name": "CVE-2013-2595",
|
|
"description": "The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application.",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2013-2595"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://www.codeaurora.org/projects/security-advisories/uncontrolled-memory-mapping-camera-driver-cve-2013-2595"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://cve.circl.lu/cve/CVE-2013-2595"
|
|
}
|
|
],
|
|
"x_misp_cvss_score": "7.2",
|
|
"x_misp_cvss_string": "7.2 (as of 02-09-2014 - 14:41)",
|
|
"x_misp_modified": "2014-02-09T14:41:00",
|
|
"x_misp_published": "2014-08-31T06:55:00",
|
|
"x_misp_state": "Published"
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5b8d306d-ed34-4a9c-9350-49ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:00:29.000Z",
|
|
"modified": "2018-09-03T13:00:29.000Z",
|
|
"name": "CVE-2013-6282",
|
|
"description": "Linux Kernel < 3.4.5 - Local Root Exploit (ARM - Android 4.2.2 / 4.4) Local exploit for arm platform",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2013-6282"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8404663f81d212918ff85f493649a7991209fa04"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.openwall.com/lists/oss-security/2013/11/14/11"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.securityfocus.com/bid/63734"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.ubuntu.com/usn/USN-2067-1"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://github.com/torvalds/linux/commit/8404663f81d212918ff85f493649a7991209fa04"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://www.exploit-db.com/exploits/40975/"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://cve.circl.lu/cve/CVE-2013-6282"
|
|
}
|
|
],
|
|
"x_misp_cvss_score": "7.2",
|
|
"x_misp_cvss_string": "7.2 (as of 20-11-2013 - 10:35)",
|
|
"x_misp_modified": "2017-02-09T21:29:00",
|
|
"x_misp_published": "2013-11-20T08:19:00",
|
|
"x_misp_state": "Published",
|
|
"x_misp_summary": "The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013."
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5b8d34d9-a7ac-407e-8faf-4357950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:23:41.000Z",
|
|
"modified": "2018-09-03T13:23:41.000Z",
|
|
"name": "CVE-2014-3153",
|
|
"description": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2014-3153"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://openwall.com/lists/oss-security/2014/06/05/24"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://openwall.com/lists/oss-security/2014/06/06/20"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.debian.org/security/2014/dsa-2949"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.exploit-db.com/exploits/35370"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.securityfocus.com/bid/67906"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.securitytracker.com/id/1030451"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.ubuntu.com/usn/USN-2237-1"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.ubuntu.com/usn/USN-2240-1"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://cve.circl.lu/cve/CVE-2014-3153"
|
|
}
|
|
],
|
|
"x_misp_cvss_score": "7.2",
|
|
"x_misp_modified": "2017-12-28T21:29:00",
|
|
"x_misp_published": "2014-07-06T10:55:00",
|
|
"x_misp_state": "Published",
|
|
"x_misp_vulnerable_configuration": [
|
|
"Linux Kernel 3.14",
|
|
"Linux Kernel 3.14 release candidate 1 cpe:2.3:o:linux:linux_kernel:3.14:rc1",
|
|
"Linux Kernel 3.14 release candidate 2 cpe:2.3:o:linux:linux_kernel:3.14:rc2",
|
|
"Linux Kernel 3.14 release candidate 3 cpe:2.3:o:linux:linux_kernel:3.14:rc3",
|
|
"Linux Kernel 3.14 release candidate 4 cpe:2.3:o:linux:linux_kernel:3.14:rc4",
|
|
"Linux Kernel 3.14 release candidate 5 cpe:2.3:o:linux:linux_kernel:3.14:rc5",
|
|
"Linux Kernel 3.14 release candidate 6 cpe:2.3:o:linux:linux_kernel:3.14:rc6",
|
|
"Linux Kernel 3.14 release candidate 7 cpe:2.3:o:linux:linux_kernel:3.14:rc7",
|
|
"Linux Kernel 3.14 release candidate 8 cpe:2.3:o:linux:linux_kernel:3.14:rc8",
|
|
"Linux Kernel 3.14.1 cpe:2.3:o:linux:linux_kernel:3.14.1",
|
|
"Linux Kernel 3.14.2 cpe:2.3:o:linux:linux_kernel:3.14.2",
|
|
"Linux Kernel 3.14.3 cpe:2.3:o:linux:linux_kernel:3.14.3",
|
|
"Linux Kernel 3.14.4 cpe:2.3:o:linux:linux_kernel:3.14.4",
|
|
"Linux Kernel 3.14.5 cpe:2.3:o:linux:linux_kernel:3.14.5",
|
|
"RedHat Enterprise MRG 2.0 cpe:2.3:a:redhat:enterprise_mrg:2.0",
|
|
"Red Hat Enterprise Linux 6 cpe:2.3:o:redhat:enterprise_linux:6"
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5b8d38fc-abb0-4860-8182-73ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-03T13:37:00.000Z",
|
|
"modified": "2018-09-03T13:37:00.000Z",
|
|
"name": "CVE-2015-3636",
|
|
"description": "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2015-3636"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-1583.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-1643.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.debian.org/security/2015/dsa-3290"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.openwall.com/lists/oss-security/2015/05/02/5"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.securityfocus.com/bid/74450"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.securitytracker.com/id/1033186"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.ubuntu.com/usn/USN-2631-1"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.ubuntu.com/usn/USN-2632-1"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.ubuntu.com/usn/USN-2633-1"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.ubuntu.com/usn/USN-2634-1"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://cve.circl.lu/cve/CVE-2015-3636"
|
|
}
|
|
],
|
|
"x_misp_cvss_score": "4.9",
|
|
"x_misp_cvss_string": "4.9 (as of 21-06-2016 - 15:09)",
|
|
"x_misp_modified": "2018-04-01T21:30:00",
|
|
"x_misp_published": "2015-05-08T21:59:00",
|
|
"x_misp_state": "Published",
|
|
"x_misp_vulnerable_configuration": [
|
|
"Linux Kernel 4.0.2 cpe:2.3:o:linux:linux_kernel:4.0.2",
|
|
"Debian Linux 7.0 cpe:2.3:o:debian:debian_linux:7.0",
|
|
"Red Hat Enterprise Linux 6 cpe:2.3:o:redhat:enterprise_linux:6",
|
|
"Canonical Ubuntu Linux 12.04 LTS cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ef468365-addd-40d5-a24d-543722f12e93",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:15:47.000Z",
|
|
"modified": "2018-09-04T07:15:47.000Z",
|
|
"pattern": "[file:hashes.MD5 = '16311b16fd48c1c87c6476a455093e7a' AND file:hashes.SHA1 = 'b467ff02b2a3ed5c902a8e76316527ae79dd80fe' AND file:hashes.SHA256 = '5f567844bd0da47426d14426d8acbfefad6426c1139648969e3b0dd5352d3ed5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:15:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--68dc24db-7625-4d35-b6d3-c6fb1283bf18",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:15:46.000Z",
|
|
"modified": "2018-09-04T07:15:46.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-10T04:22:44",
|
|
"category": "Other",
|
|
"uuid": "2866c689-6723-4b41-90d7-9ca6b8550254"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5f567844bd0da47426d14426d8acbfefad6426c1139648969e3b0dd5352d3ed5/analysis/1533874964/",
|
|
"category": "External analysis",
|
|
"uuid": "5fed8734-d371-4581-88cd-f6fd4e8d47a4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/67",
|
|
"category": "Other",
|
|
"uuid": "e92dcd5e-0717-4da4-97fc-f503e9efb0a6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6ccf462a-1c20-452a-be71-cfe9936ed3ba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:15:50.000Z",
|
|
"modified": "2018-09-04T07:15:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6964866106c0a353a7b91b580933c5d6' AND file:hashes.SHA1 = 'dbfcd7c45371a6bcbfe1e570b9fa4f0480c24796' AND file:hashes.SHA256 = '943e1c57294a3163fb77235122143c05919baad0b93cc74c52210b90c9d0d0c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:15:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d2f2004d-2309-4a22-99cd-031a09bde2f1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:15:48.000Z",
|
|
"modified": "2018-09-04T07:15:48.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-07-18T23:58:40",
|
|
"category": "Other",
|
|
"uuid": "f5e87f4e-d258-4a0e-ad5c-45867585d02b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/943e1c57294a3163fb77235122143c05919baad0b93cc74c52210b90c9d0d0c9/analysis/1531958320/",
|
|
"category": "External analysis",
|
|
"uuid": "a82685eb-fbba-4863-b744-6b35093d87d4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "15/61",
|
|
"category": "Other",
|
|
"uuid": "457681d3-47a8-4c88-b363-e89ce44576bd"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7d3abf61-6c8e-47c1-93eb-d9f5103a9d5e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:15:53.000Z",
|
|
"modified": "2018-09-04T07:15:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f673bb1d519138ced7659484c0b66c5b' AND file:hashes.SHA1 = 'deec3985f31f5372ce314e581154450bb51037a3' AND file:hashes.SHA256 = '012966cc1b714531790dd3f5f6cc040b2232fea98b0dbe56a24b13ae72160be5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:15:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b822f813-8192-409c-8ccc-27c368ce781a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:15:52.000Z",
|
|
"modified": "2018-09-04T07:15:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-10T04:25:00",
|
|
"category": "Other",
|
|
"uuid": "faf32260-f5de-46e2-a4e6-3f38108b822f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/012966cc1b714531790dd3f5f6cc040b2232fea98b0dbe56a24b13ae72160be5/analysis/1533875100/",
|
|
"category": "External analysis",
|
|
"uuid": "af58aa64-2487-4d3c-9c28-b4e889a1bd73"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "39/68",
|
|
"category": "Other",
|
|
"uuid": "68eaf88d-92e3-4bd5-8784-d8ed85864f53"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cacbd9c4-03d0-435d-ad3c-a31a568e8d8e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:15:56.000Z",
|
|
"modified": "2018-09-04T07:15:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd574d0049f797611589803643a8aa3c3' AND file:hashes.SHA1 = '6cd604721a280103938173420ff6164896ac51c9' AND file:hashes.SHA256 = 'f241af9ba7501e28974729c229b445ee709a7ef438448b6e9f88ff7ff7228cb2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:15:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--60d09241-1457-4f27-8c62-a010c19eeb21",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:15:55.000Z",
|
|
"modified": "2018-09-04T07:15:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-19T10:25:00",
|
|
"category": "Other",
|
|
"uuid": "c532b896-fa38-417d-b84d-34e261beca8c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f241af9ba7501e28974729c229b445ee709a7ef438448b6e9f88ff7ff7228cb2/analysis/1516357500/",
|
|
"category": "External analysis",
|
|
"uuid": "c387dc9e-3e90-48cd-9864-0b0816f6208c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/60",
|
|
"category": "Other",
|
|
"uuid": "0217ee93-1f1c-46c9-b098-75007bc65581"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--93f7c2d4-3eda-4a19-aba6-b3bdb34be6c6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:15:59.000Z",
|
|
"modified": "2018-09-04T07:15:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a287a434a0d40833d3ebf5808950b858' AND file:hashes.SHA1 = '0068a8e61fe75213738ecf9ad4927cb7a533886b' AND file:hashes.SHA256 = 'bf20c17881ff3c4b0bf121cc56c6e79d2ce8ecb4c08cc719e5835e6c74f339a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:15:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--fa8c321e-5cde-45bb-a01c-7e2a2a09b969",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:15:57.000Z",
|
|
"modified": "2018-09-04T07:15:57.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-25T04:39:04",
|
|
"category": "Other",
|
|
"uuid": "6fcb1e6c-ec15-4884-88db-247a51dfc5b0"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/bf20c17881ff3c4b0bf121cc56c6e79d2ce8ecb4c08cc719e5835e6c74f339a0/analysis/1516855144/",
|
|
"category": "External analysis",
|
|
"uuid": "e0465689-cbe2-4691-bab3-95b3b960ec31"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/60",
|
|
"category": "Other",
|
|
"uuid": "76f4af1a-a82f-42e4-ac27-526c258e1f50"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6bf27c78-9d3b-4926-9c37-ec97cf90fee5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:01.000Z",
|
|
"modified": "2018-09-04T07:16:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a2a8e8ac6f5fa5801395252e11afb356' AND file:hashes.SHA1 = '640b42bc0b054458631877c8de46028528e4ac3e' AND file:hashes.SHA256 = '91fa0d2414e029c042eb78d4f53010c3af161edb815e97a021c24f8a03033a07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--22999236-217f-4117-ae67-135d962de74e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:00.000Z",
|
|
"modified": "2018-09-04T07:16:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-07-04T09:04:20",
|
|
"category": "Other",
|
|
"uuid": "051f2ef5-b025-4238-9141-06d9400fe8d2"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/91fa0d2414e029c042eb78d4f53010c3af161edb815e97a021c24f8a03033a07/analysis/1530695060/",
|
|
"category": "External analysis",
|
|
"uuid": "731ed6fb-d0ab-4ebe-abf1-1795a4be554a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/58",
|
|
"category": "Other",
|
|
"uuid": "be591f16-c971-48ba-bb88-67faee3866c8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a4995eaf-38d1-4aed-a189-061d8ad9eb5b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:04.000Z",
|
|
"modified": "2018-09-04T07:16:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3f0e8a3ad9fab04377b8e9a57a26f972' AND file:hashes.SHA1 = '018085fac80c537ec80c292e2b10f48259d4764a' AND file:hashes.SHA256 = '2d087d89364b22d180a7e8e923a6dca5fd6d131dad12db9dd2a2ae5c4b9d9675']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--28a0ab9f-4372-42ba-bea6-9a437f2c55e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:02.000Z",
|
|
"modified": "2018-09-04T07:16:02.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-07-27T15:55:19",
|
|
"category": "Other",
|
|
"uuid": "1345557f-678e-446a-ad9e-ead4683b8e06"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2d087d89364b22d180a7e8e923a6dca5fd6d131dad12db9dd2a2ae5c4b9d9675/analysis/1532706919/",
|
|
"category": "External analysis",
|
|
"uuid": "5ce5ac4b-a328-43de-9a26-772f3d643fe7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/62",
|
|
"category": "Other",
|
|
"uuid": "181a8e99-3d23-4157-ac33-803c5fd7b2c6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--19019d95-d653-45c4-a76a-e1d0514ea188",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:06.000Z",
|
|
"modified": "2018-09-04T07:16:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = '70a937b2504b3ad6c623581424c7e53d' AND file:hashes.SHA1 = '23912d8a28324ae6c5fe5acd518045a2cf4d339f' AND file:hashes.SHA256 = '9722d16ec5d19edca0c6f53ba7d5ca2df650fd6892ed5c2a7b279b2299487b0a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a6f536ba-7227-4404-a445-3859005c2d85",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:05.000Z",
|
|
"modified": "2018-09-04T07:16:05.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-07-02T19:56:42",
|
|
"category": "Other",
|
|
"uuid": "b857d04b-c991-4d6e-8b5c-66e76a7ee423"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9722d16ec5d19edca0c6f53ba7d5ca2df650fd6892ed5c2a7b279b2299487b0a/analysis/1530561402/",
|
|
"category": "External analysis",
|
|
"uuid": "06527aee-c15a-45f2-8952-2a9ed26ae858"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/56",
|
|
"category": "Other",
|
|
"uuid": "bf5444cf-5f02-4ea6-af87-9a085f8fdde0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dddd50b2-9d97-476a-864e-021d7986d6fb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:09.000Z",
|
|
"modified": "2018-09-04T07:16:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6bcc3559d7405f25ea403317353d905f' AND file:hashes.SHA1 = '5e7a6a62db26fe16be4e0851d5801397d591bed6' AND file:hashes.SHA256 = 'c74108a74a9afd47eee894921784fd1ea26a80627afd2fe2103b388abafdc2cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--497f5b93-ac74-4869-b34e-e18258a06405",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:07.000Z",
|
|
"modified": "2018-09-04T07:16:07.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-10T13:16:08",
|
|
"category": "Other",
|
|
"uuid": "0f6adb2c-3165-41f9-a980-917261bfebe1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c74108a74a9afd47eee894921784fd1ea26a80627afd2fe2103b388abafdc2cc/analysis/1533906968/",
|
|
"category": "External analysis",
|
|
"uuid": "75510a63-1046-43b6-8e41-66d6d4de0375"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/68",
|
|
"category": "Other",
|
|
"uuid": "4456fe6b-aff2-4621-9265-61ed1523a5ff"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f43d2055-c298-4014-b16c-cb31bb84171b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:11.000Z",
|
|
"modified": "2018-09-04T07:16:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '39fca709b416d8da592de3a3f714dce8' AND file:hashes.SHA1 = '90320997c7dac34d4261eb38eb548910efc2b983' AND file:hashes.SHA256 = 'e6aba7629608a525b020f4e76e4694d6d478dd9561d934813004b6903d66e44c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f9620a5e-f529-47ca-b57b-52959ee91051",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:10.000Z",
|
|
"modified": "2018-09-04T07:16:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-18T09:47:32",
|
|
"category": "Other",
|
|
"uuid": "26e7365b-c650-4b23-9ac4-d76ed6016811"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e6aba7629608a525b020f4e76e4694d6d478dd9561d934813004b6903d66e44c/analysis/1534585652/",
|
|
"category": "External analysis",
|
|
"uuid": "e63f2789-3b7b-421f-bff5-dbc2cc417ab5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "37/62",
|
|
"category": "Other",
|
|
"uuid": "104d1f87-4293-4bf5-85f7-9dcb05ddcbd4"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--aa457e4c-9f49-4f78-84ec-5d60a7c157a2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:14.000Z",
|
|
"modified": "2018-09-04T07:16:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '708445b8d358c254e861effffd4f819b' AND file:hashes.SHA1 = 'd190b480942ac732f282c61a540e9138a3e764b5' AND file:hashes.SHA256 = 'af848999a4b8df0e33f5a05a618c83d1f3052d4026ab77b2acf66def71df754e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8af76320-edcc-4b95-bdbd-bf638bd1e369",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:12.000Z",
|
|
"modified": "2018-09-04T07:16:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-25T12:52:29",
|
|
"category": "Other",
|
|
"uuid": "76c45898-d592-4b3b-98f7-f21727ec10d7"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/af848999a4b8df0e33f5a05a618c83d1f3052d4026ab77b2acf66def71df754e/analysis/1535201549/",
|
|
"category": "External analysis",
|
|
"uuid": "8da17835-8e60-4ffa-92b6-7da88f623d95"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/60",
|
|
"category": "Other",
|
|
"uuid": "d782b423-3f90-48ee-8600-3b6502d59692"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--790fef27-93cc-4a9f-803a-b320db0dee95",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:16.000Z",
|
|
"modified": "2018-09-04T07:16:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd9c7349e807e0f12eaa67b2de522954f' AND file:hashes.SHA1 = '5f37de1ced07e35444ce4ea015084b92bc1baabf' AND file:hashes.SHA256 = '255be8e830c9b43928b11a8e1b531a94826d30919e7f739a5ed07141d6a70bb7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f234144d-1765-4cf4-b8ad-6d6f1a2b6472",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:15.000Z",
|
|
"modified": "2018-09-04T07:16:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-07-19T00:11:55",
|
|
"category": "Other",
|
|
"uuid": "88e2183e-9edb-463f-ae3c-a86be7e7ae59"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/255be8e830c9b43928b11a8e1b531a94826d30919e7f739a5ed07141d6a70bb7/analysis/1531959115/",
|
|
"category": "External analysis",
|
|
"uuid": "f0445432-dab0-46e8-a8f5-455d9a6645d3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/61",
|
|
"category": "Other",
|
|
"uuid": "a030e69a-a20f-475f-b2c1-066595ff0684"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6ff856c9-fa6e-454c-ba8c-0fc21d5cc864",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:19.000Z",
|
|
"modified": "2018-09-04T07:16:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '395f9f87df728134b5e3c1ca4d48e9fa' AND file:hashes.SHA1 = 'ab0debc27d171ac15a235910847faee6ae1f053d' AND file:hashes.SHA256 = '48477ffcc2cf57e34fbc45599efa830620dc18139dbbb8dfe59d56fd87728b25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--41755892-e078-4a46-87e8-1f5e2677e25c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:17.000Z",
|
|
"modified": "2018-09-04T07:16:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-10T04:37:28",
|
|
"category": "Other",
|
|
"uuid": "40fcc649-7ce9-4874-a2a6-98fb47cab457"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/48477ffcc2cf57e34fbc45599efa830620dc18139dbbb8dfe59d56fd87728b25/analysis/1533875848/",
|
|
"category": "External analysis",
|
|
"uuid": "1ab545b6-d270-4a3c-bc5d-95dcd354c48f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/68",
|
|
"category": "Other",
|
|
"uuid": "f4ed9f04-016d-486c-8992-a3d99bce65b5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--09391239-3536-4168-8f87-72ae9d533bef",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:21.000Z",
|
|
"modified": "2018-09-04T07:16:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0bc28ac5f2cadd524e7f443e06ad2a2b' AND file:hashes.SHA1 = '13c2cf52c2d97c50b5d10300911e15b52a9f5bc4' AND file:hashes.SHA256 = 'accd05c00951ef568594efebd5c30bdce2e63cee9b2cdd88cb705776e0a4ca70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d85d218a-03c1-40d8-9b3f-b88bb3f6e132",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:20.000Z",
|
|
"modified": "2018-09-04T07:16:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-24T10:54:09",
|
|
"category": "Other",
|
|
"uuid": "96807bd6-ba7b-436f-a02b-a2173383a39a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/accd05c00951ef568594efebd5c30bdce2e63cee9b2cdd88cb705776e0a4ca70/analysis/1516791249/",
|
|
"category": "External analysis",
|
|
"uuid": "b2059571-77ea-48f7-8cb2-6f05e670e267"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/60",
|
|
"category": "Other",
|
|
"uuid": "63871844-c633-4cb4-a641-c2ecd075c6e6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bd4d9903-64a2-48b5-9aca-8daaf2bcc0ee",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:24.000Z",
|
|
"modified": "2018-09-04T07:16:24.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7e6cb66a3623258444639d1fc2fd533f' AND file:hashes.SHA1 = '79741484c3c59e6b15b14be4853128edb7fd2f4a' AND file:hashes.SHA256 = 'e9722d22967068c74f4c149c29bc4988d6178dda7b15fd72f488bbefed4faf28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--57bf09f8-10dd-40e1-b635-be7748f76773",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:22.000Z",
|
|
"modified": "2018-09-04T07:16:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-17T07:52:11",
|
|
"category": "Other",
|
|
"uuid": "b3ea6da3-525d-4014-83f7-b0b4e482b79e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e9722d22967068c74f4c149c29bc4988d6178dda7b15fd72f488bbefed4faf28/analysis/1516175531/",
|
|
"category": "External analysis",
|
|
"uuid": "439ccd4e-59c1-49ff-8d89-5c34f9bb064b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "15/60",
|
|
"category": "Other",
|
|
"uuid": "c30149ef-276a-48cc-8e0b-c497bd7a2f62"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1e7e2181-e880-4274-9ddf-f8daa44549c7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:26.000Z",
|
|
"modified": "2018-09-04T07:16:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd3baa45ed342fbc5a56d974d36d5f73f' AND file:hashes.SHA1 = '54f88d82f3468bde37abeb6c209348401de02999' AND file:hashes.SHA256 = '74b1d9c27313dd8a266bf3011896cc9673653a84c2475bed483fa72a1dfb9361']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--084b441e-ce8b-4086-ad6c-0ef1e2b2c78b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:25.000Z",
|
|
"modified": "2018-09-04T07:16:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-10T04:42:30",
|
|
"category": "Other",
|
|
"uuid": "f16ae11a-12b4-4626-b5ac-96166c0d8f99"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/74b1d9c27313dd8a266bf3011896cc9673653a84c2475bed483fa72a1dfb9361/analysis/1533876150/",
|
|
"category": "External analysis",
|
|
"uuid": "b30e9b63-6c0d-4eb2-a712-2c27f8886e82"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/68",
|
|
"category": "Other",
|
|
"uuid": "1856e87d-a719-48f9-9c0b-d57b633eb969"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--43892c3f-9a1b-466c-9bee-8e397cfe7d99",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '55fb01048b6287eadcbd9a0f86d21adf' AND file:hashes.SHA1 = 'd7e22fdecd2cc533852b5a662039dfcb99a13487' AND file:hashes.SHA256 = '7a35a20bb3fc5d879b99a71d9c5c5475752b900a3082aa5c4f2d6d23aa78dee2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-04T07:16:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d57f6827-03ab-40da-9465-a87640bda410",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-04T07:16:27.000Z",
|
|
"modified": "2018-09-04T07:16:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-08-29T00:19:01",
|
|
"category": "Other",
|
|
"uuid": "3183fed9-2981-4063-9f5e-78d811d9b601"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7a35a20bb3fc5d879b99a71d9c5c5475752b900a3082aa5c4f2d6d23aa78dee2/analysis/1535501941/",
|
|
"category": "External analysis",
|
|
"uuid": "23b507c2-0f42-4e17-b3dc-90ceaeb84866"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/67",
|
|
"category": "Other",
|
|
"uuid": "f2cf6afa-89ee-4cac-9353-eb7c910b3948"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a97497b8-7a83-4a47-a5e8-e4eff10d1e7a",
|
|
"created": "2018-08-10T13:20:40.000Z",
|
|
"modified": "2018-08-10T13:20:40.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "observed-data--5b6d908d-7b7c-48a2-9f5d-cc41950d210f",
|
|
"target_ref": "indicator--5b6d90f1-3bf4-4746-a265-4d62950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5bd58753-f32d-4252-a2af-c3ec89c13add",
|
|
"created": "2018-08-10T14:30:01.000Z",
|
|
"modified": "2018-08-10T14:30:01.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "observed-data--5b6da0bc-5908-45f0-a3cb-7d2f950d210f",
|
|
"target_ref": "indicator--5b6d9fab-3cf0-4839-8421-cc8c950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7e6f345c-fe5a-4592-a548-65062c1877b9",
|
|
"created": "2018-08-10T14:31:16.000Z",
|
|
"modified": "2018-08-10T14:31:16.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "observed-data--5b6da0bc-5908-45f0-a3cb-7d2f950d210f",
|
|
"target_ref": "indicator--5b6da192-aa4c-4141-9993-b712950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--80f29524-944c-4a23-95ba-cd5717d8b25d",
|
|
"created": "2018-08-10T14:34:17.000Z",
|
|
"modified": "2018-08-10T14:34:17.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "observed-data--5b6da202-2654-49e0-93dd-a1dd950d210f",
|
|
"target_ref": "indicator--5b6da23b-5980-40d9-b40e-fc18950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--acc4351d-b80e-4d1a-871a-f8bf46b5d43f",
|
|
"created": "2018-08-10T14:36:20.000Z",
|
|
"modified": "2018-08-10T14:36:20.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "observed-data--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f",
|
|
"target_ref": "indicator--5b6da2c9-e668-4985-a4c1-a1dd950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f2a95e94-0190-49d3-93c1-a0e6f5227a77",
|
|
"created": "2018-08-10T14:38:58.000Z",
|
|
"modified": "2018-08-10T14:38:58.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "observed-data--5b6da326-0c08-44a0-90be-fc18950d210f",
|
|
"target_ref": "indicator--5b6da343-5348-45c3-88f4-4756950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--22521344-bb3a-45b0-b53d-0ddb465300bf",
|
|
"created": "2018-08-23T11:58:55.000Z",
|
|
"modified": "2018-08-23T11:58:55.000Z",
|
|
"relationship_type": "related-to",
|
|
"source_ref": "indicator--5b7ea077-cfbc-4059-9ac0-4554950d210f",
|
|
"target_ref": "indicator--5b7ea118-b9ec-4598-b96a-49b7950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--12b7af8b-34ec-4d11-aa66-a45a835380f5",
|
|
"created": "2018-09-04T07:16:28.000Z",
|
|
"modified": "2018-09-04T07:16:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ef468365-addd-40d5-a24d-543722f12e93",
|
|
"target_ref": "x-misp-object--68dc24db-7625-4d35-b6d3-c6fb1283bf18"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a81b4b36-ee65-4f97-9144-e495c9101a5a",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6ccf462a-1c20-452a-be71-cfe9936ed3ba",
|
|
"target_ref": "x-misp-object--d2f2004d-2309-4a22-99cd-031a09bde2f1"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c2190276-b5c2-4a60-8584-75363511be51",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7d3abf61-6c8e-47c1-93eb-d9f5103a9d5e",
|
|
"target_ref": "x-misp-object--b822f813-8192-409c-8ccc-27c368ce781a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--40a87a6b-db91-4520-8e8f-c133ffacaf6e",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--cacbd9c4-03d0-435d-ad3c-a31a568e8d8e",
|
|
"target_ref": "x-misp-object--60d09241-1457-4f27-8c62-a010c19eeb21"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8dd7f160-5ae3-4698-bb0b-ca659a6a03a3",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--93f7c2d4-3eda-4a19-aba6-b3bdb34be6c6",
|
|
"target_ref": "x-misp-object--fa8c321e-5cde-45bb-a01c-7e2a2a09b969"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9aa80da9-b1f0-4130-aff4-76f8b25b5ae0",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6bf27c78-9d3b-4926-9c37-ec97cf90fee5",
|
|
"target_ref": "x-misp-object--22999236-217f-4117-ae67-135d962de74e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--382cd718-fe8f-4e31-a5fc-f8bf4600b123",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a4995eaf-38d1-4aed-a189-061d8ad9eb5b",
|
|
"target_ref": "x-misp-object--28a0ab9f-4372-42ba-bea6-9a437f2c55e6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3be94ff5-92d1-493a-9b3b-327875409c17",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--19019d95-d653-45c4-a76a-e1d0514ea188",
|
|
"target_ref": "x-misp-object--a6f536ba-7227-4404-a445-3859005c2d85"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--19b86e35-4e49-4b44-be00-6cf45c7d9768",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--dddd50b2-9d97-476a-864e-021d7986d6fb",
|
|
"target_ref": "x-misp-object--497f5b93-ac74-4869-b34e-e18258a06405"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--af26ba1f-943c-4726-a8fb-6b7d8af73c43",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f43d2055-c298-4014-b16c-cb31bb84171b",
|
|
"target_ref": "x-misp-object--f9620a5e-f529-47ca-b57b-52959ee91051"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5ebf4fa1-ca09-4070-b91d-66162de0469d",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--aa457e4c-9f49-4f78-84ec-5d60a7c157a2",
|
|
"target_ref": "x-misp-object--8af76320-edcc-4b95-bdbd-bf638bd1e369"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--822bb641-ac05-476a-9d71-1899a61bd4cd",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--790fef27-93cc-4a9f-803a-b320db0dee95",
|
|
"target_ref": "x-misp-object--f234144d-1765-4cf4-b8ad-6d6f1a2b6472"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6911bfbc-e02e-4849-9274-25699dfcd560",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6ff856c9-fa6e-454c-ba8c-0fc21d5cc864",
|
|
"target_ref": "x-misp-object--41755892-e078-4a46-87e8-1f5e2677e25c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--430ebdb0-51d7-49cf-a098-309ab774063b",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--09391239-3536-4168-8f87-72ae9d533bef",
|
|
"target_ref": "x-misp-object--d85d218a-03c1-40d8-9b3f-b88bb3f6e132"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7d8f6d90-b6ba-436f-8c18-f37991ac9a56",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bd4d9903-64a2-48b5-9aca-8daaf2bcc0ee",
|
|
"target_ref": "x-misp-object--57bf09f8-10dd-40e1-b635-be7748f76773"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cfb48e7b-f238-46cc-9482-6e38b1d9d0a5",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1e7e2181-e880-4274-9ddf-f8daa44549c7",
|
|
"target_ref": "x-misp-object--084b441e-ce8b-4086-ad6c-0ef1e2b2c78b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3495e346-8dcf-4156-9608-4c18d962ae9f",
|
|
"created": "2018-09-04T07:16:29.000Z",
|
|
"modified": "2018-09-04T07:16:29.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--43892c3f-9a1b-466c-9bee-8e397cfe7d99",
|
|
"target_ref": "x-misp-object--d57f6827-03ab-40da-9465-a87640bda410"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |