2415 lines
96 KiB
JSON
2415 lines
96 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5526b0e5-e2a4-45cd-abee-a5f5950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:47.000Z",
|
||
|
"modified": "2015-04-09T17:13:47.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5526b0e5-e2a4-45cd-abee-a5f5950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:47.000Z",
|
||
|
"modified": "2015-04-09T17:13:47.000Z",
|
||
|
"name": "OSINT Analysis of KRIPTOVOR: Infostealer+Ransomware by FireEye",
|
||
|
"published": "2015-04-10T06:39:58Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5526b0fd-4e90-4565-9a70-60dc950d210b",
|
||
|
"url--5526b0fd-4e90-4565-9a70-60dc950d210b",
|
||
|
"x-misp-attribute--5526b107-6928-4793-99d0-74b2950d210b",
|
||
|
"indicator--5526b16e-bf3c-4f90-8e99-961d950d210b",
|
||
|
"indicator--5526b19e-99c0-4ecc-a9ac-877c950d210b",
|
||
|
"indicator--5526b19e-1cc8-4cba-9195-877c950d210b",
|
||
|
"indicator--5526b19e-c460-4b9f-a8e7-877c950d210b",
|
||
|
"indicator--5526b19e-5314-4d5a-a072-877c950d210b",
|
||
|
"indicator--5526b19e-61c4-4fef-8516-877c950d210b",
|
||
|
"indicator--5526b19e-cf84-4eaa-9e92-877c950d210b",
|
||
|
"indicator--5526b19e-da94-4de0-8910-877c950d210b",
|
||
|
"indicator--5526b19f-1e4c-40b5-9a3a-877c950d210b",
|
||
|
"indicator--5526b19f-e268-4c3e-9c40-877c950d210b",
|
||
|
"indicator--5526b19f-c900-4838-ae15-877c950d210b",
|
||
|
"indicator--5526b19f-1b60-496e-bff5-877c950d210b",
|
||
|
"indicator--5526b19f-b60c-4721-85a3-877c950d210b",
|
||
|
"indicator--5526b19f-e9fc-4d68-ae5a-877c950d210b",
|
||
|
"indicator--5526b19f-d568-4a20-a4cd-877c950d210b",
|
||
|
"indicator--5526b19f-0848-42dc-b577-877c950d210b",
|
||
|
"indicator--5526b19f-b9f8-4467-a0f0-877c950d210b",
|
||
|
"indicator--5526b1a0-330c-4590-9434-877c950d210b",
|
||
|
"indicator--5526b1a0-fc50-49ab-bf54-877c950d210b",
|
||
|
"indicator--5526b1a0-6994-40cf-b2fc-877c950d210b",
|
||
|
"indicator--5526b1a0-efc4-4a8f-8633-877c950d210b",
|
||
|
"indicator--5526b1a0-7d7c-4f45-8eac-877c950d210b",
|
||
|
"indicator--5526b1a0-d3d4-4091-a814-877c950d210b",
|
||
|
"indicator--5526b1a0-ea94-4a2b-94a8-877c950d210b",
|
||
|
"indicator--5526b1a0-e1f8-4725-942f-877c950d210b",
|
||
|
"indicator--5526b1a0-1290-44e6-bca2-877c950d210b",
|
||
|
"indicator--5526b1a1-b134-45a1-9e81-877c950d210b",
|
||
|
"indicator--5526b1a1-5884-4cd3-aa60-877c950d210b",
|
||
|
"indicator--5526b1a1-6b80-42ad-901c-877c950d210b",
|
||
|
"indicator--5526b1a1-76d0-4387-a378-877c950d210b",
|
||
|
"indicator--5526b1b0-f038-422f-90c2-82e1950d210b",
|
||
|
"indicator--5526b1b1-2dcc-4926-9bd4-82e1950d210b",
|
||
|
"indicator--5526b1b1-ca14-4ec4-9dbd-82e1950d210b",
|
||
|
"indicator--5526b1b1-85f4-4057-ab0a-82e1950d210b",
|
||
|
"indicator--5526b1b1-48dc-483d-8619-82e1950d210b",
|
||
|
"indicator--5526b1b1-0144-42e6-b8f7-82e1950d210b",
|
||
|
"indicator--5526b1b1-38f0-4ec7-8915-82e1950d210b",
|
||
|
"indicator--5526b1b1-9848-445b-b9fe-82e1950d210b",
|
||
|
"indicator--5526b1b1-0798-4dd2-a1e0-82e1950d210b",
|
||
|
"indicator--5526b1b1-7364-4dca-98ae-82e1950d210b",
|
||
|
"indicator--5526b1b2-8128-44e9-8020-82e1950d210b",
|
||
|
"indicator--5526b1b2-7e10-4022-85da-82e1950d210b",
|
||
|
"indicator--5526b1b2-5cb4-4fe0-a8b8-82e1950d210b",
|
||
|
"indicator--5526b1b2-0100-4891-864e-82e1950d210b",
|
||
|
"indicator--5526b1b2-8024-4eff-a69d-82e1950d210b",
|
||
|
"indicator--5526b1b2-a274-4799-8170-82e1950d210b",
|
||
|
"indicator--5526b1b2-4e08-4967-bfc8-82e1950d210b",
|
||
|
"indicator--5526b1b2-a068-4dbf-a86a-82e1950d210b",
|
||
|
"indicator--5526b1b2-30ec-494f-8456-82e1950d210b",
|
||
|
"indicator--5526b1b3-c130-4001-90a5-82e1950d210b",
|
||
|
"indicator--5526b1b3-5d08-4200-bc28-82e1950d210b",
|
||
|
"indicator--5526b1b3-f3c4-4b68-84c6-82e1950d210b",
|
||
|
"indicator--5526b1b3-4d98-4b4a-bfcc-82e1950d210b",
|
||
|
"indicator--5526b1b3-e080-46f8-9b3a-82e1950d210b",
|
||
|
"indicator--5526b1b3-a37c-4c6d-b2c7-82e1950d210b",
|
||
|
"indicator--5526b1b3-6ccc-4882-8e82-82e1950d210b",
|
||
|
"indicator--5526b1b3-9aac-4daa-af65-82e1950d210b",
|
||
|
"indicator--5526b1b3-fd10-4834-b9a9-82e1950d210b",
|
||
|
"indicator--5526b1d1-d6dc-4280-86a5-baee950d210b",
|
||
|
"indicator--5526b1d1-a360-471a-a221-baee950d210b",
|
||
|
"indicator--5526b1ea-2c2c-465f-855a-60dc950d210b",
|
||
|
"indicator--5526b1ea-a9c4-480a-8f0a-60dc950d210b",
|
||
|
"indicator--5526b210-4760-4a62-8195-5bf3950d210b",
|
||
|
"indicator--5526b210-97cc-4c22-87d1-5bf3950d210b",
|
||
|
"indicator--5526b210-4740-4b85-b7af-5bf3950d210b",
|
||
|
"indicator--5526b210-4470-4eaf-a8b4-5bf3950d210b",
|
||
|
"indicator--5526b211-5530-4eb3-84cd-5bf3950d210b",
|
||
|
"indicator--5526b22a-4560-4244-b2af-8de1950d210b",
|
||
|
"indicator--5526b247-0c28-42ad-bbd0-82e1950d210b",
|
||
|
"indicator--5526b247-3168-497e-b1ef-82e1950d210b",
|
||
|
"indicator--5526b248-1d5c-45f0-bfe0-82e1950d210b",
|
||
|
"indicator--5526b248-df7c-4b87-9216-82e1950d210b",
|
||
|
"indicator--5526b248-9f64-4197-ace9-82e1950d210b",
|
||
|
"indicator--5526b248-fc50-42f0-af10-82e1950d210b",
|
||
|
"indicator--5526b248-0e6c-4f3c-8beb-82e1950d210b",
|
||
|
"indicator--5526b2a0-fea8-46fc-915a-baee950d210b",
|
||
|
"indicator--5526b2a0-3824-4f46-9012-baee950d210b",
|
||
|
"indicator--5526b2a0-f8e4-416a-a3e0-baee950d210b",
|
||
|
"indicator--5526b2a0-57e8-4141-a0cb-baee950d210b",
|
||
|
"indicator--5526b2a0-da68-4fc7-a901-baee950d210b",
|
||
|
"indicator--5526b2a0-6fa8-495a-9cac-baee950d210b",
|
||
|
"indicator--5526b2a0-2d24-49b8-90b5-baee950d210b",
|
||
|
"indicator--5526b2a0-bac0-40cb-9618-baee950d210b",
|
||
|
"indicator--5526b2a0-7ec8-4f41-bfd7-baee950d210b",
|
||
|
"indicator--5526b2a1-2798-4ebf-a9ce-baee950d210b",
|
||
|
"indicator--5526b2a1-2574-4bb9-be21-baee950d210b",
|
||
|
"indicator--5526b2a1-4680-49ad-a6f6-baee950d210b",
|
||
|
"indicator--5526b2a1-a6fc-4fd5-ab5f-baee950d210b",
|
||
|
"indicator--5526b2a1-4540-4d26-b8df-baee950d210b",
|
||
|
"x-misp-attribute--5526b34b-04a4-439f-8c49-60dc950d210b",
|
||
|
"x-misp-attribute--5526b34c-da70-47dd-b2ab-60dc950d210b",
|
||
|
"x-misp-attribute--5526b34c-7108-4689-b265-60dc950d210b",
|
||
|
"x-misp-attribute--5526b34c-2d68-49f9-99ac-60dc950d210b",
|
||
|
"x-misp-attribute--5526b34c-290c-438e-9427-60dc950d210b",
|
||
|
"x-misp-attribute--5526b34c-1514-4da2-ae0e-60dc950d210b",
|
||
|
"x-misp-attribute--5526b34c-4b20-4f04-b8ee-60dc950d210b",
|
||
|
"x-misp-attribute--5526b34c-e5c4-446d-b71a-60dc950d210b",
|
||
|
"x-misp-attribute--5526b34c-e348-4824-8219-60dc950d210b",
|
||
|
"x-misp-attribute--5526b34c-cc68-4de7-9a14-60dc950d210b",
|
||
|
"x-misp-attribute--5526b34d-fc40-452a-826a-60dc950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5526b0fd-4e90-4565-9a70-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:03:57.000Z",
|
||
|
"modified": "2015-04-09T17:03:57.000Z",
|
||
|
"first_observed": "2015-04-09T17:03:57Z",
|
||
|
"last_observed": "2015-04-09T17:03:57Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5526b0fd-4e90-4565-9a70-60dc950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5526b0fd-4e90-4565-9a70-60dc950d210b",
|
||
|
"value": "https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b107-6928-4793-99d0-74b2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:04:07.000Z",
|
||
|
"modified": "2015-04-09T17:04:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Kriptovor"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b16e-bf3c-4f90-8e99-961d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:05:50.000Z",
|
||
|
"modified": "2015-04-09T17:05:50.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '488ba9382c9ee260bbca1ef03e843981']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:05:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19e-99c0-4ecc-a9ac-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:38.000Z",
|
||
|
"modified": "2015-04-09T17:06:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '19266c9182e8232ff286ff2f276000c5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19e-1cc8-4cba-9195-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:38.000Z",
|
||
|
"modified": "2015-04-09T17:06:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2191510667defe7f386fc1c889e5b731']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19e-c460-4b9f-a8e7-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:38.000Z",
|
||
|
"modified": "2015-04-09T17:06:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '23afbf34eb2cbe2043a69233c6d1301b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19e-5314-4d5a-a072-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:38.000Z",
|
||
|
"modified": "2015-04-09T17:06:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '28dae07573fecee2b28137205f8d9a98']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19e-61c4-4fef-8516-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:38.000Z",
|
||
|
"modified": "2015-04-09T17:06:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2ea06433f5ae3bffa5896100d5361458']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19e-cf84-4eaa-9e92-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:38.000Z",
|
||
|
"modified": "2015-04-09T17:06:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '39391e022ce89784eb46fed43c8aa341']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19e-da94-4de0-8910-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:38.000Z",
|
||
|
"modified": "2015-04-09T17:06:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '4add1925e46ed6576861f62ebb016185']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19f-1e4c-40b5-9a3a-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:39.000Z",
|
||
|
"modified": "2015-04-09T17:06:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '68dfcb48d99a0735fdf477b869eac9df']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19f-e268-4c3e-9c40-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:39.000Z",
|
||
|
"modified": "2015-04-09T17:06:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6e618523c3eb5c286149c020fd6afadd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19f-c900-4838-ae15-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:39.000Z",
|
||
|
"modified": "2015-04-09T17:06:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '79b4c9f1b81b26853ea74adf4559d5f2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19f-1b60-496e-bff5-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:39.000Z",
|
||
|
"modified": "2015-04-09T17:06:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '7da180d0e49ee2b892c25bc93865b250']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19f-b60c-4721-85a3-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:39.000Z",
|
||
|
"modified": "2015-04-09T17:06:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '890c9bb8b257636a6e2081acdfdd6e3c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19f-e9fc-4d68-ae5a-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:39.000Z",
|
||
|
"modified": "2015-04-09T17:06:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '89fd244336cdb8fab0527609ca738afb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19f-d568-4a20-a4cd-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:39.000Z",
|
||
|
"modified": "2015-04-09T17:06:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '8dbb0f6470af1876af0b00d8eb6c0bd3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19f-0848-42dc-b577-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:39.000Z",
|
||
|
"modified": "2015-04-09T17:06:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '90a75836352c7662cb63dbc566f8e2de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b19f-b9f8-4467-a0f0-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:39.000Z",
|
||
|
"modified": "2015-04-09T17:06:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '90f1572e1bfe9f41bbdbd4774411aeb9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a0-330c-4590-9434-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:40.000Z",
|
||
|
"modified": "2015-04-09T17:06:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a08b44d7f569c36e33cd9042ba7e5b42']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a0-fc50-49ab-bf54-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:40.000Z",
|
||
|
"modified": "2015-04-09T17:06:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a46db27f911d928d359e7a1b8fdee0e9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a0-6994-40cf-b2fc-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:40.000Z",
|
||
|
"modified": "2015-04-09T17:06:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a5d87890fa20020e6fdb1d7408c8a1ca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a0-efc4-4a8f-8633-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:40.000Z",
|
||
|
"modified": "2015-04-09T17:06:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'af6d27b47ae5a39db78972be5cbd3fa0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a0-7d7c-4f45-8eac-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:40.000Z",
|
||
|
"modified": "2015-04-09T17:06:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b62fe0f712e6d60fbcaa1ad97ffef952']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a0-d3d4-4091-a814-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:40.000Z",
|
||
|
"modified": "2015-04-09T17:06:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd2aa056f1cb2b24e1ab4bb43169d8029']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a0-ea94-4a2b-94a8-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:40.000Z",
|
||
|
"modified": "2015-04-09T17:06:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd44247b3e8d0d40a5b128c66af3de0ce']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a0-e1f8-4725-942f-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:40.000Z",
|
||
|
"modified": "2015-04-09T17:06:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd830c65be2ffc18ea16ba936bd3b9e61']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a0-1290-44e6-bca2-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:40.000Z",
|
||
|
"modified": "2015-04-09T17:06:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'dcadfe8c1da9616b69b1101e7980f263']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a1-b134-45a1-9e81-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:41.000Z",
|
||
|
"modified": "2015-04-09T17:06:41.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'dceaf98d6aa90d42fc89f78cc3153689']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a1-5884-4cd3-aa60-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:41.000Z",
|
||
|
"modified": "2015-04-09T17:06:41.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e5765ebfdbe441e444d30ae804f9e01b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a1-6b80-42ad-901c-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:41.000Z",
|
||
|
"modified": "2015-04-09T17:06:41.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e5a65138290f1f972a29fdab52990eb9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1a1-76d0-4387-a378-877c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:41.000Z",
|
||
|
"modified": "2015-04-09T17:06:41.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'fdd4f8ba09da78e1ff2957305d71563f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b0-f038-422f-90c2-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:56.000Z",
|
||
|
"modified": "2015-04-09T17:06:56.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '029ffc5ddf1e3c4181fe2fa74faaf923']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b1-2dcc-4926-9bd4-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:57.000Z",
|
||
|
"modified": "2015-04-09T17:06:57.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '0c99625be98b89a5eb25ec512d02bbb4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b1-ca14-4ec4-9dbd-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:57.000Z",
|
||
|
"modified": "2015-04-09T17:06:57.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '11bd9b1da90e0ffa2701ce83573057a4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b1-85f4-4057-ab0a-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:57.000Z",
|
||
|
"modified": "2015-04-09T17:06:57.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '16ef21dc28880a9bf4cd466618bcc2b1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b1-48dc-483d-8619-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:57.000Z",
|
||
|
"modified": "2015-04-09T17:06:57.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2771174563606448a10cb0b5062825a5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b1-0144-42e6-b8f7-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:57.000Z",
|
||
|
"modified": "2015-04-09T17:06:57.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2bcc3a2178cf01aece6284ef0932181b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b1-38f0-4ec7-8915-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:57.000Z",
|
||
|
"modified": "2015-04-09T17:06:57.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2f7e5cf944eeb5ac2254a5cf40198248']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b1-9848-445b-b9fe-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:57.000Z",
|
||
|
"modified": "2015-04-09T17:06:57.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3860c6a9b06f6bbd0063367dbe8be3e6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b1-0798-4dd2-a1e0-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:57.000Z",
|
||
|
"modified": "2015-04-09T17:06:57.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '522dd6d774e7f53108e73a5f3935ba20']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b1-7364-4dca-98ae-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:57.000Z",
|
||
|
"modified": "2015-04-09T17:06:57.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '59b3597c3bbb8b389c02cce660431b75']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b2-8128-44e9-8020-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:58.000Z",
|
||
|
"modified": "2015-04-09T17:06:58.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '74fa97a2308f3e33fc6ad1e504057ed1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b2-7e10-4022-85da-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:58.000Z",
|
||
|
"modified": "2015-04-09T17:06:58.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '7bb86f70896668026b6d4b5367286d6a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b2-5cb4-4fe0-a8b8-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:58.000Z",
|
||
|
"modified": "2015-04-09T17:06:58.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '7c1a50f254d1f3adbd8ccf288999ffe7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b2-0100-4891-864e-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:58.000Z",
|
||
|
"modified": "2015-04-09T17:06:58.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a0a616b10019f1205a33462ab383c64b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b2-8024-4eff-a69d-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:58.000Z",
|
||
|
"modified": "2015-04-09T17:06:58.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a289ee37d8f17ef34dbf3751c3736162']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b2-a274-4799-8170-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:58.000Z",
|
||
|
"modified": "2015-04-09T17:06:58.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b98abbf8d47113dd53216bcfd0356175']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b2-4e08-4967-bfc8-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:58.000Z",
|
||
|
"modified": "2015-04-09T17:06:58.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b9cd15b5508608cd05dfa26b6a7c9acb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b2-a068-4dbf-a86a-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:58.000Z",
|
||
|
"modified": "2015-04-09T17:06:58.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'bddf850fe166ae3c2b0d142eb635b031']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b2-30ec-494f-8456-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:58.000Z",
|
||
|
"modified": "2015-04-09T17:06:58.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'c1d844f9234edace188b4fcbd71f3393']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b3-c130-4001-90a5-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:59.000Z",
|
||
|
"modified": "2015-04-09T17:06:59.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'c3ab87f85ca07a7d026d3cbd54029bbe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b3-5d08-4200-bc28-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:59.000Z",
|
||
|
"modified": "2015-04-09T17:06:59.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd400ff2788705fc520fe8b6ada8d7b5a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b3-f3c4-4b68-84c6-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:59.000Z",
|
||
|
"modified": "2015-04-09T17:06:59.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd42851d1a6b657506a71e4029e377a45']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b3-4d98-4b4a-bfcc-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:59.000Z",
|
||
|
"modified": "2015-04-09T17:06:59.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'db4c2df5984e143abbfae023ee932ff8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b3-e080-46f8-9b3a-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:59.000Z",
|
||
|
"modified": "2015-04-09T17:06:59.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e426309faa42e406e5c0691bf5005781']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b3-a37c-4c6d-b2c7-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:59.000Z",
|
||
|
"modified": "2015-04-09T17:06:59.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'ec673988e825ee278d2637e6d7b04fad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b3-6ccc-4882-8e82-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:59.000Z",
|
||
|
"modified": "2015-04-09T17:06:59.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'f3ec248bbaab9b806941be521c92ebf7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b3-9aac-4daa-af65-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:59.000Z",
|
||
|
"modified": "2015-04-09T17:06:59.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'f4b011f3b4b4f8a0ec39c34edfe0cbe4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1b3-fd10-4834-b9a9-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:06:59.000Z",
|
||
|
"modified": "2015-04-09T17:06:59.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'fccb80162484b146619b4a9d9d0f6df9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:06:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1d1-d6dc-4280-86a5-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:07:29.000Z",
|
||
|
"modified": "2015-04-09T17:07:29.000Z",
|
||
|
"description": "RAR files",
|
||
|
"pattern": "[file:hashes.MD5 = '30a42d0fc3a805a356972aae7359c381']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:07:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1d1-a360-471a-a221-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:07:29.000Z",
|
||
|
"modified": "2015-04-09T17:07:29.000Z",
|
||
|
"description": "RAR files",
|
||
|
"pattern": "[file:hashes.MD5 = '98c3c1a643dada6d29b3cde71154535b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:07:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1ea-2c2c-465f-855a-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:07:54.000Z",
|
||
|
"modified": "2015-04-09T17:07:54.000Z",
|
||
|
"description": "Trojan & Ransomware",
|
||
|
"pattern": "[file:hashes.MD5 = '00e3b69b18bfad7980c1621256ee10fa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:07:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b1ea-a9c4-480a-8f0a-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:07:54.000Z",
|
||
|
"modified": "2015-04-09T17:07:54.000Z",
|
||
|
"description": "Trojan & Ransomware",
|
||
|
"pattern": "[file:hashes.MD5 = '29fe76f31482a42ba72f4015812184a3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:07:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b210-4760-4a62-8195-5bf3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:08:32.000Z",
|
||
|
"modified": "2015-04-09T17:08:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'plantsroyal.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:08:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b210-97cc-4c22-87d1-5bf3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:08:32.000Z",
|
||
|
"modified": "2015-04-09T17:08:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'ripola.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:08:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b210-4740-4b85-b7af-5bf3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:08:32.000Z",
|
||
|
"modified": "2015-04-09T17:08:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'valanoice.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:08:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b210-4470-4eaf-a8b4-5bf3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:08:32.000Z",
|
||
|
"modified": "2015-04-09T17:08:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'adorephoto.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:08:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b211-5530-4eb3-84cd-5bf3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:08:33.000Z",
|
||
|
"modified": "2015-04-09T17:08:33.000Z",
|
||
|
"pattern": "[domain-name:value = 'jackropely.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:08:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b22a-4560-4244-b2af-8de1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:08:58.000Z",
|
||
|
"modified": "2015-04-09T17:08:58.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.96.147.86']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:08:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b247-0c28-42ad-bbd0-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:09:27.000Z",
|
||
|
"modified": "2015-04-09T17:09:27.000Z",
|
||
|
"pattern": "[mutex:name = 'cramator']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:09:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b247-3168-497e-b1ef-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:09:27.000Z",
|
||
|
"modified": "2015-04-09T17:09:27.000Z",
|
||
|
"pattern": "[mutex:name = 'rocs']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:09:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b248-1d5c-45f0-bfe0-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:09:28.000Z",
|
||
|
"modified": "2015-04-09T17:09:28.000Z",
|
||
|
"pattern": "[mutex:name = 'galaxy']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:09:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b248-df7c-4b87-9216-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:09:28.000Z",
|
||
|
"modified": "2015-04-09T17:09:28.000Z",
|
||
|
"pattern": "[mutex:name = 'pilsner']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:09:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b248-9f64-4197-ace9-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:09:28.000Z",
|
||
|
"modified": "2015-04-09T17:09:28.000Z",
|
||
|
"pattern": "[mutex:name = 'palder']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:09:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b248-fc50-42f0-af10-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:09:28.000Z",
|
||
|
"modified": "2015-04-09T17:09:28.000Z",
|
||
|
"pattern": "[mutex:name = 'letorna']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:09:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b248-0e6c-4f3c-8beb-82e1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:09:28.000Z",
|
||
|
"modified": "2015-04-09T17:09:28.000Z",
|
||
|
"pattern": "[mutex:name = 'gordon']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:09:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a0-fea8-46fc-915a-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:56.000Z",
|
||
|
"modified": "2015-04-09T17:10:56.000Z",
|
||
|
"pattern": "[url:value = 'http://jackropely.org/talker/monopolker.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a0-3824-4f46-9012-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:56.000Z",
|
||
|
"modified": "2015-04-09T17:10:56.000Z",
|
||
|
"pattern": "[url:value = 'http://jackropely.org/talker/tirony.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a0-f8e4-416a-a3e0-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:56.000Z",
|
||
|
"modified": "2015-04-09T17:10:56.000Z",
|
||
|
"pattern": "[url:value = 'http://plantsroyal.org/css/dina.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a0-57e8-4141-a0cb-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:56.000Z",
|
||
|
"modified": "2015-04-09T17:10:56.000Z",
|
||
|
"pattern": "[url:value = 'http://plantsroyal.org/css/dissa.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a0-da68-4fc7-a901-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:56.000Z",
|
||
|
"modified": "2015-04-09T17:10:56.000Z",
|
||
|
"pattern": "[url:value = 'http://plantsroyal.org/css/papalore.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a0-6fa8-495a-9cac-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:56.000Z",
|
||
|
"modified": "2015-04-09T17:10:56.000Z",
|
||
|
"pattern": "[url:value = 'http://plantsroyal.org/css/parken.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a0-2d24-49b8-90b5-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:56.000Z",
|
||
|
"modified": "2015-04-09T17:10:56.000Z",
|
||
|
"pattern": "[url:value = 'http://plantsroyal.org/css/pibody.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a0-bac0-40cb-9618-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:56.000Z",
|
||
|
"modified": "2015-04-09T17:10:56.000Z",
|
||
|
"pattern": "[url:value = 'http://plantsroyal.org/css/salomon.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a0-7ec8-4f41-bfd7-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:56.000Z",
|
||
|
"modified": "2015-04-09T17:10:56.000Z",
|
||
|
"pattern": "[url:value = 'http://ripola.net/data/darling.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a1-2798-4ebf-a9ce-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:57.000Z",
|
||
|
"modified": "2015-04-09T17:10:57.000Z",
|
||
|
"pattern": "[url:value = 'http://ripola.net/rist/ristan/poper.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a1-2574-4bb9-be21-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:57.000Z",
|
||
|
"modified": "2015-04-09T17:10:57.000Z",
|
||
|
"pattern": "[url:value = 'http://valanoice..org/talker/monopolker.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a1-4680-49ad-a6f6-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:57.000Z",
|
||
|
"modified": "2015-04-09T17:10:57.000Z",
|
||
|
"pattern": "[url:value = 'http://valanoice.org/corton/paltor.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a1-a6fc-4fd5-ab5f-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:57.000Z",
|
||
|
"modified": "2015-04-09T17:10:57.000Z",
|
||
|
"pattern": "[url:value = 'http://valanoice.org/dallas/rocket.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5526b2a1-4540-4d26-b8df-baee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:10:57.000Z",
|
||
|
"modified": "2015-04-09T17:10:57.000Z",
|
||
|
"pattern": "[url:value = 'http://valanoice.org/talker/simma.rar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-04-09T17:10:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34b-04a4-439f-8c49-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:47.000Z",
|
||
|
"modified": "2015-04-09T17:13:47.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "6443rFtget22"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34c-da70-47dd-b2ab-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:48.000Z",
|
||
|
"modified": "2015-04-09T17:13:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "7Gthfy67Tge"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34c-7108-4689-b265-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:48.000Z",
|
||
|
"modified": "2015-04-09T17:13:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "7Qr4r3fgTr5e4"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34c-2d68-49f9-99ac-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:48.000Z",
|
||
|
"modified": "2015-04-09T17:13:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Hygtrfegt564tgrhjfy"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34c-290c-438e-9427-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:48.000Z",
|
||
|
"modified": "2015-04-09T17:13:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "IjhT6tGhrg"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34c-1514-4da2-ae0e-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:48.000Z",
|
||
|
"modified": "2015-04-09T17:13:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Ijhy6tGtyrh3"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34c-4b20-4f04-b8ee-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:48.000Z",
|
||
|
"modified": "2015-04-09T17:13:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "j9888UjfjuthjJ"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34c-e5c4-446d-b71a-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:48.000Z",
|
||
|
"modified": "2015-04-09T17:13:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "u6673764Yhgr"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34c-e348-4824-8219-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:48.000Z",
|
||
|
"modified": "2015-04-09T17:13:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "u6673764Yhgrt7"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34c-cc68-4de7-9a14-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:48.000Z",
|
||
|
"modified": "2015-04-09T17:13:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "u76yHytg65rtgeqd"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5526b34d-fc40-452a-826a-60dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-04-09T17:13:49.000Z",
|
||
|
"modified": "2015-04-09T17:13:49.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Password for RAR file",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Ujht6yTgrt63"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|