1318 lines
53 KiB
JSON
1318 lines
53 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5566caa6-0590-4956-81bf-4179950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:11:50.000Z",
|
||
|
"modified": "2015-06-02T07:11:50.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5566caa6-0590-4956-81bf-4179950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:11:50.000Z",
|
||
|
"modified": "2015-06-02T07:11:50.000Z",
|
||
|
"name": "OSINT Beware of what you download. Recent purported CEIEC document dump booby-trapped by Shadow Server",
|
||
|
"published": "2015-06-02T07:15:43Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5566cab7-e764-4563-b32e-4638950d210b",
|
||
|
"url--5566cab7-e764-4563-b32e-4638950d210b",
|
||
|
"vulnerability--556d54f6-0d08-4b48-bd1e-22fa950d210b",
|
||
|
"vulnerability--556d54f6-c58c-41ba-a6f1-22fa950d210b",
|
||
|
"observed-data--556d554a-05d4-4d46-bf97-4429950d210b",
|
||
|
"file--556d554a-05d4-4d46-bf97-4429950d210b",
|
||
|
"indicator--556d554a-a6cc-4cb7-8c7f-4429950d210b",
|
||
|
"indicator--556d554a-7228-4fb9-a170-4429950d210b",
|
||
|
"indicator--556d554a-d2e0-4963-aae1-4429950d210b",
|
||
|
"observed-data--556d554a-f9b4-4555-9f14-4429950d210b",
|
||
|
"file--556d554a-f9b4-4555-9f14-4429950d210b",
|
||
|
"observed-data--556d554b-aaec-4d34-8d5c-4429950d210b",
|
||
|
"file--556d554b-aaec-4d34-8d5c-4429950d210b",
|
||
|
"indicator--556d554b-dd7c-4138-8d53-4429950d210b",
|
||
|
"indicator--556d554b-2e2c-4019-a28b-4429950d210b",
|
||
|
"indicator--556d554b-c4e8-4e45-a262-4429950d210b",
|
||
|
"observed-data--556d554b-ed6c-48c7-a154-4429950d210b",
|
||
|
"file--556d554b-ed6c-48c7-a154-4429950d210b",
|
||
|
"indicator--556d554b-a0fc-4f30-8fa7-4429950d210b",
|
||
|
"indicator--556d554b-3ab4-499e-90f7-4429950d210b",
|
||
|
"indicator--556d554b-7330-41bd-a767-4429950d210b",
|
||
|
"observed-data--556d554c-6628-430b-afe2-4429950d210b",
|
||
|
"file--556d554c-6628-430b-afe2-4429950d210b",
|
||
|
"indicator--556d554c-0714-43a6-b9e3-4429950d210b",
|
||
|
"indicator--556d554c-e490-4a92-adc0-4429950d210b",
|
||
|
"indicator--556d554c-d548-4016-96d4-4429950d210b",
|
||
|
"observed-data--556d554c-b0b4-416d-abea-4429950d210b",
|
||
|
"file--556d554c-b0b4-416d-abea-4429950d210b",
|
||
|
"indicator--556d554c-1188-4f51-9acc-4429950d210b",
|
||
|
"indicator--556d554c-0ee4-409c-9ff4-4429950d210b",
|
||
|
"indicator--556d554c-bc2c-4e87-b583-4429950d210b",
|
||
|
"indicator--556d554d-ee94-4fa3-96bc-4429950d210b",
|
||
|
"indicator--556d554d-da00-4d65-a084-4429950d210b",
|
||
|
"indicator--556d554d-74a4-4d2f-94da-4429950d210b",
|
||
|
"indicator--556d554d-ce78-40e1-928e-4429950d210b",
|
||
|
"indicator--556d554d-ec40-497d-aab2-4429950d210b",
|
||
|
"indicator--556d554d-1050-4c80-80b9-4429950d210b",
|
||
|
"indicator--556d554d-8d88-4f93-9875-4429950d210b",
|
||
|
"indicator--556d554e-0674-45f1-bcc9-4429950d210b",
|
||
|
"indicator--556d554e-bff4-4586-a4f9-4429950d210b",
|
||
|
"observed-data--556d554e-d818-4fc8-ae95-4429950d210b",
|
||
|
"file--556d554e-d818-4fc8-ae95-4429950d210b",
|
||
|
"indicator--556d554e-10f8-4e61-8d3f-4429950d210b",
|
||
|
"indicator--556d554e-9840-4d3d-9da8-4429950d210b",
|
||
|
"indicator--556d554e-bf94-4f7d-a527-4429950d210b",
|
||
|
"indicator--556d554e-7464-406e-9268-4429950d210b",
|
||
|
"indicator--556d55d2-4208-4035-ac6b-5e69950d210b",
|
||
|
"indicator--556d55d2-263c-4cbe-9d0a-5e69950d210b",
|
||
|
"indicator--556d55d3-d364-4a86-b170-5e69950d210b",
|
||
|
"indicator--556d55d3-5ec4-4564-adf0-5e69950d210b",
|
||
|
"indicator--556d55d3-b028-4f6d-a269-5e69950d210b",
|
||
|
"indicator--556d55d3-fa98-4d81-9d47-5e69950d210b",
|
||
|
"indicator--556d55d3-0f68-416c-8fc2-5e69950d210b",
|
||
|
"indicator--556d55d3-fdb0-4d03-9215-5e69950d210b",
|
||
|
"indicator--556d55d3-aa74-4635-8169-5e69950d210b",
|
||
|
"indicator--556d55d3-5620-49fd-998e-5e69950d210b",
|
||
|
"indicator--556d5630-e698-4ff3-987f-442b950d210b",
|
||
|
"indicator--556d5630-cc2c-41ce-81bb-442b950d210b",
|
||
|
"indicator--556d5630-0e94-408d-8693-442b950d210b",
|
||
|
"indicator--556d5630-c73c-41cf-ad6e-442b950d210b",
|
||
|
"x-misp-attribute--556d5736-5ff8-4c71-b4a3-442b950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5566cab7-e764-4563-b32e-4638950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:58:47.000Z",
|
||
|
"modified": "2015-05-28T07:58:47.000Z",
|
||
|
"first_observed": "2015-05-28T07:58:47Z",
|
||
|
"last_observed": "2015-05-28T07:58:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5566cab7-e764-4563-b32e-4638950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5566cab7-e764-4563-b32e-4638950d210b",
|
||
|
"value": "http://blog.shadowserver.org/2012/04/16/beware-of-what-you-download-recent-purported-ceiec-document-dump-booby-trapped/"
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--556d54f6-0d08-4b48-bd1e-22fa950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"name": "CVE-2010-3333",
|
||
|
"labels": [
|
||
|
"misp:type=\"vulnerability\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2010-3333"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--556d54f6-c58c-41ba-a6f1-22fa950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"name": "CVE-2009-3129",
|
||
|
"labels": [
|
||
|
"misp:type=\"vulnerability\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2009-3129"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--556d554a-05d4-4d46-bf97-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"first_observed": "2015-06-02T07:10:00Z",
|
||
|
"last_observed": "2015-06-02T07:10:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--556d554a-05d4-4d46-bf97-4429950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--556d554a-05d4-4d46-bf97-4429950d210b",
|
||
|
"name": "LD.doc"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554a-a6cc-4cb7-8c7f-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2e454ea0c0d3fadfc478e8695400df40']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554a-7228-4fb9-a170-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '0dc324cf2efae2bc7dc29fe26f616decd765d66a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554a-d2e0-4963-aae1-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '8c26bf867e70f2e3511bd295c2c56abca51ab008b88d7a9e80b99ca240f79773']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--556d554a-f9b4-4555-9f14-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:52.000Z",
|
||
|
"modified": "2015-06-02T07:10:52.000Z",
|
||
|
"first_observed": "2015-06-02T07:10:52Z",
|
||
|
"last_observed": "2015-06-02T07:10:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--556d554a-f9b4-4555-9f14-4429950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--556d554a-f9b4-4555-9f14-4429950d210b",
|
||
|
"name": "LD(1).doc"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--556d554b-aaec-4d34-8d5c-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"first_observed": "2015-06-02T07:10:00Z",
|
||
|
"last_observed": "2015-06-02T07:10:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--556d554b-aaec-4d34-8d5c-4429950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--556d554b-aaec-4d34-8d5c-4429950d210b",
|
||
|
"name": "sach.doc"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554b-dd7c-4138-8d53-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '32f5ad4f09135fcdde86ecd4c466a993']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554b-2e2c-4019-a28b-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd3311b97aa10d759bbf704c0a3c4c2cef3f997a6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554b-c4e8-4e45-a262-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '15f9f9f3e617d84083e6ac3652dfa9090f236ca8879a66654464a5b781318df5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--556d554b-ed6c-48c7-a154-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"first_observed": "2015-06-02T07:10:00Z",
|
||
|
"last_observed": "2015-06-02T07:10:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--556d554b-ed6c-48c7-a154-4429950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--556d554b-ed6c-48c7-a154-4429950d210b",
|
||
|
"name": "rise.doc"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554b-a0fc-4f30-8fa7-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd824988793146a25d026eb12759dbab0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554b-3ab4-499e-90f7-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '3ce24923dc478afb30d8105303f51c958856da52']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554b-7330-41bd-a767-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e4e123a6757e041a5c1c053e2770f89b08ad2b58661e0044b29965d480f5100e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--556d554c-6628-430b-afe2-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:11:05.000Z",
|
||
|
"modified": "2015-06-02T07:11:05.000Z",
|
||
|
"first_observed": "2015-06-02T07:11:05Z",
|
||
|
"last_observed": "2015-06-02T07:11:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--556d554c-6628-430b-afe2-4429950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--556d554c-6628-430b-afe2-4429950d210b",
|
||
|
"name": "2011.xls"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554c-0714-43a6-b9e3-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '1423113c5b7176cef19f989f76a020c4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554c-e490-4a92-adc0-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '608ed5cb5b8497f3bc483d1c2a91a34a09abd828']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554c-d548-4016-96d4-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '761d8cbb4cd95bf520584ca5ec3036ae9fd9a9cefdf4ae9e79b060db3a673b28']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--556d554c-b0b4-416d-abea-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:11:09.000Z",
|
||
|
"modified": "2015-06-02T07:11:09.000Z",
|
||
|
"first_observed": "2015-06-02T07:11:09Z",
|
||
|
"last_observed": "2015-06-02T07:11:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--556d554c-b0b4-416d-abea-4429950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--556d554c-b0b4-416d-abea-4429950d210b",
|
||
|
"name": "928.doc"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554c-1188-4f51-9acc-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'cd80a451990f17f6684d5b100de6ece0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554c-0ee4-409c-9ff4-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '436047e74948181d8a2ba91f0c044c4b4e9e1865']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554c-bc2c-4e87-b583-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '51f495acd08195a04671fb7eb808a5697f3be8877e9d5254d38241147d2b51f1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554d-ee94-4fa3-96bc-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:name = 'bi(done).doc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554d-da00-4d65-a084-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2332ebd103a963d5494ddb431e8b05b7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554d-74a4-4d2f-94da-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bc289ea12d9afdae9f7503309a9d142b0c247ca7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554d-ce78-40e1-928e-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'cff1035db0c190081fc78dde2323a04a39ded675b2029f2572b3c084240aaedb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554d-ec40-497d-aab2-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:name = 'thang_3.doc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554d-1050-4c80-80b9-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '336420283e047155bec94a549cd60ac8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554d-8d88-4f93-9875-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '4b8d6693dc6c127ac9f649f3428de6cd6f8aa8e7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554e-0674-45f1-bcc9-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '2c28cf467d9e42f0182174943ec9e8dc467901020465b2354fdb27ccdaafa0c0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554e-bff4-4586-a4f9-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:name = 'thang_3(1).doc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--556d554e-d818-4fc8-ae95-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"first_observed": "2015-06-02T07:10:00Z",
|
||
|
"last_observed": "2015-06-02T07:10:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--556d554e-d818-4fc8-ae95-4429950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--556d554e-d818-4fc8-ae95-4429950d210b",
|
||
|
"name": "vu.doc"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554e-10f8-4e61-8d3f-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:name = 'moi.doc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554e-9840-4d3d-9da8-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd916409f960d3fc3263b32fe32b4bf20']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554e-bf94-4f7d-a527-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '42a767745bff3e8a1f5f42d1340eb4db4ed3e57c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d554e-7464-406e-9268-4429950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '8e8f15980af335727dec14d9c2fed218cbc699aa7f41dae42d9cf96e7b663da4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d55d2-4208-4035-ac6b-5e69950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'kullywolf.gicp.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d55d2-263c-4cbe-9d0a-5e69950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'congtytancang.uicp.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d55d3-d364-4a86-b170-5e69950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.ollay011.zyns.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d55d3-5ec4-4564-adf0-5e69950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'l1x.lflinkup.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d55d3-b028-4f6d-a269-5e69950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '73.252.204.85']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d55d3-fa98-4d81-9d47-5e69950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.70.255.201']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d55d3-0f68-416c-8fc2-5e69950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.70.128.124']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d55d3-fdb0-4d03-9215-5e69950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.153.115']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d55d3-aa74-4635-8169-5e69950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.56.70.253']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d55d3-5620-49fd-998e-5e69950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'front11.gicp.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d5630-e698-4ff3-987f-442b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.120.105.120']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d5630-cc2c-41ce-81bb-442b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.112.147.16']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d5630-0e94-408d-8693-442b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:00.000Z",
|
||
|
"modified": "2015-06-02T07:10:00.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.172.238.174']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--556d5630-c73c-41cf-ad6e-442b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:10:42.000Z",
|
||
|
"modified": "2015-06-02T07:10:42.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.56.70.254']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-06-02T07:10:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--556d5736-5ff8-4c71-b4a3-442b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-06-02T07:11:50.000Z",
|
||
|
"modified": "2015-06-02T07:11:50.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "Disabled \"for IDS\" flag for some of the filenames in the original reports since they seem likely to trigger false positives"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|