682 lines
28 KiB
JSON
682 lines
28 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--55dc2f59-7238-468a-8956-575e950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:10.000Z",
|
||
|
"modified": "2015-08-25T09:24:10.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--55dc2f59-7238-468a-8956-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:10.000Z",
|
||
|
"modified": "2015-08-25T09:24:10.000Z",
|
||
|
"name": "OSINT RTF Exploit Installs Italian RAT: uWarrior by Palo Alto",
|
||
|
"published": "2015-08-25T12:09:58Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--55dc2f83-ce00-42b3-946c-58f2950d210b",
|
||
|
"url--55dc2f83-ce00-42b3-946c-58f2950d210b",
|
||
|
"observed-data--55dc2f83-5594-4ed1-a759-58f2950d210b",
|
||
|
"url--55dc2f83-5594-4ed1-a759-58f2950d210b",
|
||
|
"indicator--55dc2fc0-ea3c-4a08-9158-58ef950d210b",
|
||
|
"indicator--55dc2fc0-1510-46aa-a516-58ef950d210b",
|
||
|
"indicator--55dc2fc0-9124-4ef4-866a-58ef950d210b",
|
||
|
"indicator--55dc2fc1-e328-49c5-951a-58ef950d210b",
|
||
|
"indicator--55dc2fc1-4f84-491a-9d9a-58ef950d210b",
|
||
|
"indicator--55dc2fc1-0704-42bb-99e6-58ef950d210b",
|
||
|
"indicator--55dc2fc1-e34c-4e1a-a6cc-58ef950d210b",
|
||
|
"vulnerability--55dc2fc1-7808-451d-8a34-58ef950d210b",
|
||
|
"vulnerability--55dc2fc1-84fc-484d-a0b8-58ef950d210b",
|
||
|
"indicator--55dc2fc1-c2a8-4ac7-be4a-58ef950d210b",
|
||
|
"indicator--55dc2fc2-a12c-4986-9c18-58ef950d210b",
|
||
|
"indicator--55dc2fc2-3858-4ae4-a9f4-58ef950d210b",
|
||
|
"indicator--55dc343a-c350-47f7-978f-575e950d210b",
|
||
|
"indicator--55dc343a-d060-4295-8e35-575e950d210b",
|
||
|
"observed-data--55dc343a-f080-43dc-a122-575e950d210b",
|
||
|
"url--55dc343a-f080-43dc-a122-575e950d210b",
|
||
|
"indicator--55dc343b-6f78-41f9-948a-575e950d210b",
|
||
|
"indicator--55dc343b-eed8-4b86-bb83-575e950d210b",
|
||
|
"observed-data--55dc343b-a264-4918-981d-575e950d210b",
|
||
|
"url--55dc343b-a264-4918-981d-575e950d210b",
|
||
|
"indicator--55dc343b-5e60-488c-8a4c-575e950d210b",
|
||
|
"indicator--55dc343b-2ff4-4025-99dd-575e950d210b",
|
||
|
"observed-data--55dc343c-1900-4100-adf0-575e950d210b",
|
||
|
"url--55dc343c-1900-4100-adf0-575e950d210b",
|
||
|
"indicator--55dc343c-ca88-49f9-b19d-575e950d210b",
|
||
|
"indicator--55dc343c-2a5c-4153-bca2-575e950d210b",
|
||
|
"observed-data--55dc343c-0144-42ed-9807-575e950d210b",
|
||
|
"url--55dc343c-0144-42ed-9807-575e950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc2f83-ce00-42b3-946c-58f2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:04:03.000Z",
|
||
|
"modified": "2015-08-25T09:04:03.000Z",
|
||
|
"first_observed": "2015-08-25T09:04:03Z",
|
||
|
"last_observed": "2015-08-25T09:04:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc2f83-ce00-42b3-946c-58f2950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc2f83-ce00-42b3-946c-58f2950d210b",
|
||
|
"value": "http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-rat-uwarrior/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc2f83-5594-4ed1-a759-58f2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:04:03.000Z",
|
||
|
"modified": "2015-08-25T09:04:03.000Z",
|
||
|
"first_observed": "2015-08-25T09:04:03Z",
|
||
|
"last_observed": "2015-08-25T09:04:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc2f83-5594-4ed1-a759-58f2950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc2f83-5594-4ed1-a759-58f2950d210b",
|
||
|
"value": "https://otx.alienvault.com/pulse/55dbbc8c67db8c7bb8cb68c4/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc2fc0-ea3c-4a08-9158-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:04.000Z",
|
||
|
"modified": "2015-08-25T09:05:04.000Z",
|
||
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\Local\\\\Temp\\\\bootloader.dec']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:05:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc2fc0-1510-46aa-a516-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:04.000Z",
|
||
|
"modified": "2015-08-25T09:05:04.000Z",
|
||
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\Roaming\\\\warriors.dat']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:05:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc2fc0-9124-4ef4-866a-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:04.000Z",
|
||
|
"modified": "2015-08-25T09:05:04.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.249.225.140']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:05:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc2fc1-e328-49c5-951a-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:05.000Z",
|
||
|
"modified": "2015-08-25T09:05:05.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:05:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc2fc1-4f84-491a-9d9a-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:05.000Z",
|
||
|
"modified": "2015-08-25T09:05:05.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:05:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc2fc1-0704-42bb-99e6-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:05.000Z",
|
||
|
"modified": "2015-08-25T09:05:05.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '63.142.245.12']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:05:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc2fc1-e34c-4e1a-a6cc-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:05.000Z",
|
||
|
"modified": "2015-08-25T09:05:05.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:05:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--55dc2fc1-7808-451d-8a34-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:05.000Z",
|
||
|
"modified": "2015-08-25T09:05:05.000Z",
|
||
|
"name": "CVE-2012-1856",
|
||
|
"labels": [
|
||
|
"misp:type=\"vulnerability\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2012-1856"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--55dc2fc1-84fc-484d-a0b8-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:05.000Z",
|
||
|
"modified": "2015-08-25T09:05:05.000Z",
|
||
|
"name": "CVE-2015-1770",
|
||
|
"labels": [
|
||
|
"misp:type=\"vulnerability\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2015-1770"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc2fc1-c2a8-4ac7-be4a-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:05.000Z",
|
||
|
"modified": "2015-08-25T09:05:05.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:05:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc2fc2-a12c-4986-9c18-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:06.000Z",
|
||
|
"modified": "2015-08-25T09:05:06.000Z",
|
||
|
"pattern": "[domain-name:value = 'login.collegefan.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:05:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc2fc2-3858-4ae4-a9f4-58ef950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:05:06.000Z",
|
||
|
"modified": "2015-08-25T09:05:06.000Z",
|
||
|
"pattern": "[domain-name:value = 'login.loginto.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:05:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc343a-c350-47f7-978f-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:10.000Z",
|
||
|
"modified": "2015-08-25T09:24:10.000Z",
|
||
|
"description": "- Xchecked via VT: f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b",
|
||
|
"pattern": "[file:hashes.SHA1 = '844d4888ec0968a9b6da60ec2f1f2aa26937e201']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc343a-d060-4295-8e35-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:10.000Z",
|
||
|
"modified": "2015-08-25T09:24:10.000Z",
|
||
|
"description": "- Xchecked via VT: f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b",
|
||
|
"pattern": "[file:hashes.MD5 = '828858985c3456e0e5c2bd8add46344b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc343a-f080-43dc-a122-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:10.000Z",
|
||
|
"modified": "2015-08-25T09:24:10.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:10Z",
|
||
|
"last_observed": "2015-08-25T09:24:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc343a-f080-43dc-a122-575e950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc343a-f080-43dc-a122-575e950d210b",
|
||
|
"value": "https://www.virustotal.com/file/f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b/analysis/1440299283/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc343b-6f78-41f9-948a-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:11.000Z",
|
||
|
"modified": "2015-08-25T09:24:11.000Z",
|
||
|
"description": "- Xchecked via VT: a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279",
|
||
|
"pattern": "[file:hashes.SHA1 = 'fb434ba4f1eaf9f7f20fe6f49c4375e90fa98069']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc343b-eed8-4b86-bb83-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:11.000Z",
|
||
|
"modified": "2015-08-25T09:24:11.000Z",
|
||
|
"description": "- Xchecked via VT: a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279",
|
||
|
"pattern": "[file:hashes.MD5 = 'ae6b65ca7cbd4ca0ba86c6278c834547']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc343b-a264-4918-981d-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:11.000Z",
|
||
|
"modified": "2015-08-25T09:24:11.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:11Z",
|
||
|
"last_observed": "2015-08-25T09:24:11Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc343b-a264-4918-981d-575e950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc343b-a264-4918-981d-575e950d210b",
|
||
|
"value": "https://www.virustotal.com/file/a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279/analysis/1440434527/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc343b-5e60-488c-8a4c-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:11.000Z",
|
||
|
"modified": "2015-08-25T09:24:11.000Z",
|
||
|
"description": "- Xchecked via VT: 5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc",
|
||
|
"pattern": "[file:hashes.SHA1 = '777ba38c219d5c0251571b00d630fa3c5a59c9ac']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc343b-2ff4-4025-99dd-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:11.000Z",
|
||
|
"modified": "2015-08-25T09:24:11.000Z",
|
||
|
"description": "- Xchecked via VT: 5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc",
|
||
|
"pattern": "[file:hashes.MD5 = '4ec51012233e45e8e293c61250b080ac']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc343c-1900-4100-adf0-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:12.000Z",
|
||
|
"modified": "2015-08-25T09:24:12.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:12Z",
|
||
|
"last_observed": "2015-08-25T09:24:12Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc343c-1900-4100-adf0-575e950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc343c-1900-4100-adf0-575e950d210b",
|
||
|
"value": "https://www.virustotal.com/file/5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc/analysis/1439560797/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc343c-ca88-49f9-b19d-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:12.000Z",
|
||
|
"modified": "2015-08-25T09:24:12.000Z",
|
||
|
"description": "- Xchecked via VT: 57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c",
|
||
|
"pattern": "[file:hashes.SHA1 = '58318739e970bbfa3ef45673f47b09ba3fe3f20b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc343c-2a5c-4153-bca2-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:12.000Z",
|
||
|
"modified": "2015-08-25T09:24:12.000Z",
|
||
|
"description": "- Xchecked via VT: 57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c",
|
||
|
"pattern": "[file:hashes.MD5 = '114c8d4316248de8630364cf4c24a754']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc343c-0144-42ed-9807-575e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:12.000Z",
|
||
|
"modified": "2015-08-25T09:24:12.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:12Z",
|
||
|
"last_observed": "2015-08-25T09:24:12Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc343c-0144-42ed-9807-575e950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc343c-0144-42ed-9807-575e950d210b",
|
||
|
"value": "https://www.virustotal.com/file/57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c/analysis/1440470623/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|