forked from CyberSaiyanIT/InfoSharing
-
Notifications
You must be signed in to change notification settings - Fork 0
/
package.stix2
202 lines (201 loc) · 9.29 KB
/
package.stix2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
{
"type": "bundle",
"id": "bundle--28af922a-b2c2-44d2-b5ce-eaacb1219671",
"spec_version": "2.0",
"objects": [
{
"type": "campaign",
"id": "campaign--5919aaea-30b0-4d4c-b532-a652d43ed082",
"created": "2018-12-15T10:59:07.000Z",
"modified": "2018-12-15T10:59:07.000Z",
"name": "Test",
"description": "Cyber Saiyan - Test - https://infosharing.cybersaiyan.it",
"first_seen": "2018-12-15T10:59:07Z",
"objective": "TBD"
},
{
"type": "marking-definition",
"id": "marking-definition--ec7e9506-8a4b-4e50-9382-4d2ca6a8cba6",
"created": "2018-12-15T09:59:07.956Z",
"definition_type": "tlp",
"definition": {
"tlp": "WHITE"
}
},
{
"type": "indicator",
"id": "indicator--5aa59f29-6bbe-4190-9a88-73d505159384",
"created": "2018-12-15T10:59:07.000Z",
"modified": "2018-12-15T10:59:07.000Z",
"name": "Test - SHA256",
"description": "Cyber Saiyan - Test - https://infosharing.cybersaiyan.it",
"pattern": "[file:hashes.'SHA-256' = '29b42b0ecd874bcad5a5d9d03ed8f8dee320892305312b4898a0b64f9fbde93a'] OR [file:hashes.'SHA-256' = 'ef07905923461ce13a3ca18ef6eb1833a8c8d327d47e9cc8641a2ca3d5ce97f3'] OR [file:hashes.'SHA-256' = 'a7ba2c9def86e54086f0624a73597865a90cb93aa72dec7fdf264f655cf1bb56']",
"valid_from": "2018-12-15T09:59:07.964387Z",
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--ec7e9506-8a4b-4e50-9382-4d2ca6a8cba6"
]
},
{
"type": "relationship",
"id": "relationship--23412778-2db1-4897-b622-331bc943277f",
"created": "2018-12-15T09:59:07.978Z",
"modified": "2018-12-15T09:59:07.978Z",
"relationship_type": "indicates",
"source_ref": "indicator--5aa59f29-6bbe-4190-9a88-73d505159384",
"target_ref": "campaign--5919aaea-30b0-4d4c-b532-a652d43ed082"
},
{
"type": "indicator",
"id": "indicator--170d71e0-5664-4185-ae94-c835177040a4",
"created": "2018-12-15T10:59:07.000Z",
"modified": "2018-12-15T10:59:07.000Z",
"name": "Test - MD5",
"description": "Cyber Saiyan - Test - https://infosharing.cybersaiyan.it",
"pattern": "[file:hashes.'MD5' = 'f583ca884c1d93458fb61ed137ff44f6'] OR [file:hashes.'MD5' = '3eb876507d4373f2ba589f9dde5982b9'] OR [file:hashes.'MD5' = '5ffaf3df68e0aa6d62e7f1158f2887ba']",
"valid_from": "2018-12-15T09:59:07.978374Z",
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--ec7e9506-8a4b-4e50-9382-4d2ca6a8cba6"
]
},
{
"type": "relationship",
"id": "relationship--36eccabc-abce-4ead-817f-f0fec649c3fb",
"created": "2018-12-15T09:59:07.980Z",
"modified": "2018-12-15T09:59:07.980Z",
"relationship_type": "indicates",
"source_ref": "indicator--170d71e0-5664-4185-ae94-c835177040a4",
"target_ref": "campaign--5919aaea-30b0-4d4c-b532-a652d43ed082"
},
{
"type": "indicator",
"id": "indicator--078378a5-6f05-4c40-b346-3ba3c8e89b6a",
"created": "2018-12-15T10:59:07.000Z",
"modified": "2018-12-15T10:59:07.000Z",
"name": "Test - SHA1",
"description": "Cyber Saiyan - Test - https://infosharing.cybersaiyan.it",
"pattern": "[file:hashes.'SHA1' = '6753b7f8f0ddc71c97a47ba621952e3d9fef6bdd'] OR [file:hashes.'SHA1' = 'd3fa5d024b9119fa86435e0b909eaaa846fd182e'] OR [file:hashes.'SHA1' = 'e5f790a411b486a3a8acc87601c72e08e3cf586e']",
"valid_from": "2018-12-15T09:59:07.981123Z",
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--ec7e9506-8a4b-4e50-9382-4d2ca6a8cba6"
]
},
{
"type": "relationship",
"id": "relationship--6006a6eb-1d4a-4630-928a-94bd4e5d99f3",
"created": "2018-12-15T09:59:07.983Z",
"modified": "2018-12-15T09:59:07.983Z",
"relationship_type": "indicates",
"source_ref": "indicator--078378a5-6f05-4c40-b346-3ba3c8e89b6a",
"target_ref": "campaign--5919aaea-30b0-4d4c-b532-a652d43ed082"
},
{
"type": "indicator",
"id": "indicator--3f4bef7d-9f4d-42d8-9592-fd1482c74843",
"created": "2018-12-15T10:59:07.000Z",
"modified": "2018-12-15T10:59:07.000Z",
"name": "Test - DOMAINS",
"description": "Cyber Saiyan - Test - https://infosharing.cybersaiyan.it",
"pattern": "[domain-name:value = 'www.holzbock.biz'] OR [domain-name:value = 'hosting-ch.ch'] OR [domain-name:value = 'www.fliptray.biz']",
"valid_from": "2018-12-15T09:59:07.983421Z",
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--ec7e9506-8a4b-4e50-9382-4d2ca6a8cba6"
]
},
{
"type": "relationship",
"id": "relationship--cce21e9a-98a5-4142-8517-fd9732b33ee0",
"created": "2018-12-15T09:59:07.988Z",
"modified": "2018-12-15T09:59:07.988Z",
"relationship_type": "indicates",
"source_ref": "indicator--3f4bef7d-9f4d-42d8-9592-fd1482c74843",
"target_ref": "campaign--5919aaea-30b0-4d4c-b532-a652d43ed082"
},
{
"type": "indicator",
"id": "indicator--5c7acd83-d941-4e1f-86a2-e550cc69339c",
"created": "2018-12-15T10:59:07.000Z",
"modified": "2018-12-15T10:59:07.000Z",
"name": "Test - URL",
"description": "Cyber Saiyan - Test - https://infosharing.cybersaiyan.it",
"pattern": "[url:value = 'http://egorgerov3.temp.swtest.ru/index.php'] OR [url:value = 'http://supermainers.online/exp.exe'] OR [url:value = 'http://jdhftu.tk']",
"valid_from": "2018-12-15T09:59:07.988542Z",
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--ec7e9506-8a4b-4e50-9382-4d2ca6a8cba6"
]
},
{
"type": "relationship",
"id": "relationship--5e5bd6b4-50ec-47cb-88f9-a971313e53dc",
"created": "2018-12-15T09:59:07.991Z",
"modified": "2018-12-15T09:59:07.991Z",
"relationship_type": "indicates",
"source_ref": "indicator--5c7acd83-d941-4e1f-86a2-e550cc69339c",
"target_ref": "campaign--5919aaea-30b0-4d4c-b532-a652d43ed082"
},
{
"type": "indicator",
"id": "indicator--a306dd32-dbd0-4216-a7ad-5321748cf9b1",
"created": "2018-12-15T10:59:07.000Z",
"modified": "2018-12-15T10:59:07.000Z",
"name": "Test - IPS",
"description": "Cyber Saiyan - Test - https://infosharing.cybersaiyan.it",
"pattern": "[ipv4-addr:value = '192.168.0.1'] OR [ipv4-addr:value = '10.0.0.254'] OR [ipv4-addr:value = '172.16.33.4']",
"valid_from": "2018-12-15T09:59:07.991492Z",
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--ec7e9506-8a4b-4e50-9382-4d2ca6a8cba6"
]
},
{
"type": "relationship",
"id": "relationship--3e2bebf5-e347-4cfb-a57c-5efa40a4c439",
"created": "2018-12-15T09:59:07.993Z",
"modified": "2018-12-15T09:59:07.993Z",
"relationship_type": "indicates",
"source_ref": "indicator--a306dd32-dbd0-4216-a7ad-5321748cf9b1",
"target_ref": "campaign--5919aaea-30b0-4d4c-b532-a652d43ed082"
},
{
"type": "indicator",
"id": "indicator--ee2d4353-83b8-411a-8400-36759689f15a",
"created": "2018-12-15T10:59:07.000Z",
"modified": "2018-12-15T10:59:07.000Z",
"name": "Test - EMAILS",
"description": "Cyber Saiyan - Test - https://infosharing.cybersaiyan.it",
"pattern": "[email-message:from_ref.value = 'test@gio.com'] OR [email-message:from_ref.value = 'test2@fake.gio2.net'] OR [email-message:from_ref.value = 'test3@gio3.it']",
"valid_from": "2018-12-15T09:59:07.993935Z",
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--ec7e9506-8a4b-4e50-9382-4d2ca6a8cba6"
]
},
{
"type": "relationship",
"id": "relationship--7ac2ed3a-6255-4ee0-902f-d2fcd1e83641",
"created": "2018-12-15T09:59:07.997Z",
"modified": "2018-12-15T09:59:07.997Z",
"relationship_type": "indicates",
"source_ref": "indicator--ee2d4353-83b8-411a-8400-36759689f15a",
"target_ref": "campaign--5919aaea-30b0-4d4c-b532-a652d43ed082"
}
]
}