1951 lines
80 KiB
JSON
1951 lines
80 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--55dc3064-fb18-481a-b837-58f2950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:27.000Z",
|
||
|
"modified": "2015-08-25T09:24:27.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--55dc3064-fb18-481a-b837-58f2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:27.000Z",
|
||
|
"modified": "2015-08-25T09:24:27.000Z",
|
||
|
"name": "OSINT The Curious Case of the Document Exploiting an Unknown Vulnerability \u00e2\u20ac\u201c Part 2: RATs, Hackers and Rihanna by Fortinet",
|
||
|
"published": "2015-08-25T12:27:52Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--55dc3083-3a84-4948-b78f-5964950d210b",
|
||
|
"url--55dc3083-3a84-4948-b78f-5964950d210b",
|
||
|
"observed-data--55dc3083-68e0-4ee6-9d55-5964950d210b",
|
||
|
"url--55dc3083-68e0-4ee6-9d55-5964950d210b",
|
||
|
"indicator--55dc3092-ac20-4f57-b30c-58ee950d210b",
|
||
|
"indicator--55dc3093-5e58-4aee-87ad-58ee950d210b",
|
||
|
"indicator--55dc3093-c634-4910-b777-58ee950d210b",
|
||
|
"indicator--55dc3093-6a84-452a-93e5-58ee950d210b",
|
||
|
"indicator--55dc3093-fc60-4aee-8e41-58ee950d210b",
|
||
|
"indicator--55dc3093-aa44-464c-8549-58ee950d210b",
|
||
|
"indicator--55dc3094-6a94-485e-aafd-58ee950d210b",
|
||
|
"indicator--55dc3094-7ba4-4097-ba98-58ee950d210b",
|
||
|
"indicator--55dc3094-3e14-4dde-a9c5-58ee950d210b",
|
||
|
"indicator--55dc3094-45f8-42da-a3f6-58ee950d210b",
|
||
|
"indicator--55dc3094-6d78-4e3c-b200-58ee950d210b",
|
||
|
"indicator--55dc3095-32c4-46f9-a8b6-58ee950d210b",
|
||
|
"indicator--55dc3095-3ed8-4491-9e50-58ee950d210b",
|
||
|
"indicator--55dc3095-7164-4350-b57d-58ee950d210b",
|
||
|
"indicator--55dc3095-8584-4c31-847c-58ee950d210b",
|
||
|
"indicator--55dc30af-7f20-4daa-b28a-58ee950d210b",
|
||
|
"indicator--55dc30b0-e794-4786-b7e3-58ee950d210b",
|
||
|
"indicator--55dc30b0-2964-4c9a-a801-58ee950d210b",
|
||
|
"indicator--55dc30b0-84dc-4ef8-84a8-58ee950d210b",
|
||
|
"indicator--55dc30b0-c8b0-40dc-b8c0-58ee950d210b",
|
||
|
"indicator--55dc30b0-912c-429b-8810-58ee950d210b",
|
||
|
"indicator--55dc30b1-f7ac-4ff0-a6cb-58ee950d210b",
|
||
|
"indicator--55dc30b1-7c2c-40f1-8327-58ee950d210b",
|
||
|
"indicator--55dc30b1-c650-40e4-84af-58ee950d210b",
|
||
|
"indicator--55dc30b1-d2a4-45ce-8317-58ee950d210b",
|
||
|
"indicator--55dc30b2-8ad4-4331-a043-58ee950d210b",
|
||
|
"indicator--55dc30b2-d324-4b56-b19b-58ee950d210b",
|
||
|
"indicator--55dc30b2-6ac0-4a39-94fc-58ee950d210b",
|
||
|
"indicator--55dc30b2-6e18-425b-97cd-58ee950d210b",
|
||
|
"indicator--55dc30b2-ef34-42cf-9ab2-58ee950d210b",
|
||
|
"indicator--55dc30b3-44bc-4aa2-82bf-58ee950d210b",
|
||
|
"indicator--55dc30b3-d82c-43fe-b01a-58ee950d210b",
|
||
|
"indicator--55dc30b3-5ed4-420b-8e19-58ee950d210b",
|
||
|
"indicator--55dc30b3-cd54-4d4b-a7a7-58ee950d210b",
|
||
|
"indicator--55dc30b3-3d2c-4f88-b6d9-58ee950d210b",
|
||
|
"indicator--55dc344b-7a14-42ec-aeb3-3c78950d210b",
|
||
|
"indicator--55dc344b-be4c-4fec-9d61-3c78950d210b",
|
||
|
"observed-data--55dc344b-df8c-494b-b070-3c78950d210b",
|
||
|
"url--55dc344b-df8c-494b-b070-3c78950d210b",
|
||
|
"indicator--55dc344c-c04c-4f8c-a36b-3c78950d210b",
|
||
|
"indicator--55dc344c-62b8-4490-a84c-3c78950d210b",
|
||
|
"observed-data--55dc344c-aa2c-49e3-8fd4-3c78950d210b",
|
||
|
"url--55dc344c-aa2c-49e3-8fd4-3c78950d210b",
|
||
|
"indicator--55dc344c-667c-4d4b-b381-3c78950d210b",
|
||
|
"indicator--55dc344c-6d60-429c-9078-3c78950d210b",
|
||
|
"observed-data--55dc344d-dfbc-4650-a206-3c78950d210b",
|
||
|
"url--55dc344d-dfbc-4650-a206-3c78950d210b",
|
||
|
"indicator--55dc344d-3060-465b-bd83-3c78950d210b",
|
||
|
"indicator--55dc344d-2a44-4763-838c-3c78950d210b",
|
||
|
"observed-data--55dc344d-ff88-471e-88bc-3c78950d210b",
|
||
|
"url--55dc344d-ff88-471e-88bc-3c78950d210b",
|
||
|
"indicator--55dc344d-e0e4-4f85-a26d-3c78950d210b",
|
||
|
"indicator--55dc344e-4418-4f18-8e8f-3c78950d210b",
|
||
|
"observed-data--55dc344e-496c-4f88-ba82-3c78950d210b",
|
||
|
"url--55dc344e-496c-4f88-ba82-3c78950d210b",
|
||
|
"indicator--55dc344e-c49c-46be-8c92-3c78950d210b",
|
||
|
"indicator--55dc344e-d774-4f48-bf07-3c78950d210b",
|
||
|
"observed-data--55dc344e-31f4-4adb-925b-3c78950d210b",
|
||
|
"url--55dc344e-31f4-4adb-925b-3c78950d210b",
|
||
|
"indicator--55dc344f-53a8-40ce-9e76-3c78950d210b",
|
||
|
"indicator--55dc344f-2f14-40d8-9a35-3c78950d210b",
|
||
|
"observed-data--55dc344f-ed74-46a3-b1d5-3c78950d210b",
|
||
|
"url--55dc344f-ed74-46a3-b1d5-3c78950d210b",
|
||
|
"indicator--55dc344f-b1bc-480e-ae0e-3c78950d210b",
|
||
|
"indicator--55dc3450-f020-4cec-af5a-3c78950d210b",
|
||
|
"observed-data--55dc3450-2484-4c7e-8974-3c78950d210b",
|
||
|
"url--55dc3450-2484-4c7e-8974-3c78950d210b",
|
||
|
"indicator--55dc3450-b610-43b0-bc36-3c78950d210b",
|
||
|
"indicator--55dc3450-cce4-4a6f-8a35-3c78950d210b",
|
||
|
"observed-data--55dc3450-bc1c-4d0d-bd7a-3c78950d210b",
|
||
|
"url--55dc3450-bc1c-4d0d-bd7a-3c78950d210b",
|
||
|
"indicator--55dc3451-37a8-418f-85d5-3c78950d210b",
|
||
|
"indicator--55dc3451-d77c-40a1-9ab4-3c78950d210b",
|
||
|
"observed-data--55dc3451-8654-4c51-9adb-3c78950d210b",
|
||
|
"url--55dc3451-8654-4c51-9adb-3c78950d210b",
|
||
|
"indicator--55dc3451-d030-46ed-b487-3c78950d210b",
|
||
|
"indicator--55dc3451-35c0-4d69-a9e3-3c78950d210b",
|
||
|
"observed-data--55dc3452-c030-449e-85b0-3c78950d210b",
|
||
|
"url--55dc3452-c030-449e-85b0-3c78950d210b",
|
||
|
"indicator--55dc3452-3ce8-478d-95dd-3c78950d210b",
|
||
|
"indicator--55dc3452-7bb8-4918-ae8c-3c78950d210b",
|
||
|
"observed-data--55dc3452-c0c4-4bb7-80bf-3c78950d210b",
|
||
|
"url--55dc3452-c0c4-4bb7-80bf-3c78950d210b",
|
||
|
"indicator--55dc3452-2100-4cd4-b5c7-3c78950d210b",
|
||
|
"indicator--55dc3453-5f50-4625-b1ce-3c78950d210b",
|
||
|
"observed-data--55dc3453-b348-4d29-8300-3c78950d210b",
|
||
|
"url--55dc3453-b348-4d29-8300-3c78950d210b",
|
||
|
"indicator--55dc3453-5020-47ce-bdc1-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc3083-3a84-4948-b78f-5964950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:19.000Z",
|
||
|
"modified": "2015-08-25T09:08:19.000Z",
|
||
|
"first_observed": "2015-08-25T09:08:19Z",
|
||
|
"last_observed": "2015-08-25T09:08:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc3083-3a84-4948-b78f-5964950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc3083-3a84-4948-b78f-5964950d210b",
|
||
|
"value": "http://blog.fortinet.com/post/the-curious-case-of-the-document-exploiting-an-unknown-vulnerability-part-2-rats-hackers-and-rihanna"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc3083-68e0-4ee6-9d55-5964950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:19.000Z",
|
||
|
"modified": "2015-08-25T09:08:19.000Z",
|
||
|
"first_observed": "2015-08-25T09:08:19Z",
|
||
|
"last_observed": "2015-08-25T09:08:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc3083-68e0-4ee6-9d55-5964950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc3083-68e0-4ee6-9d55-5964950d210b",
|
||
|
"value": "http://blog.fortinet.com/post/the-curious-case-of-the-document-exploiting-an-unknown-vulnerability-part-1"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3092-ac20-4f57-b30c-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:34.000Z",
|
||
|
"modified": "2015-08-25T09:08:34.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2b4b0ba685522de8398d14d540b41a3a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3093-5e58-4aee-87ad-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:35.000Z",
|
||
|
"modified": "2015-08-25T09:08:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2c3adf843acf69c56b5ced66d919ae6f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3093-c634-4910-b777-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:35.000Z",
|
||
|
"modified": "2015-08-25T09:08:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3e486ce5fbcc8fed0172bf19f4013cba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3093-6a84-452a-93e5-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:35.000Z",
|
||
|
"modified": "2015-08-25T09:08:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '65eb2ddc65eb4b963061fe01ad0069df']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3093-fc60-4aee-8e41-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:35.000Z",
|
||
|
"modified": "2015-08-25T09:08:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6bde5462f45a230edc7e7641dd711505']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3093-aa44-464c-8549-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:35.000Z",
|
||
|
"modified": "2015-08-25T09:08:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '78904b8c4831f368f6a51f640c5540d8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3094-6a94-485e-aafd-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:36.000Z",
|
||
|
"modified": "2015-08-25T09:08:36.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '7bb1f568a9877c1177a134a273ad744f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3094-7ba4-4097-ba98-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:36.000Z",
|
||
|
"modified": "2015-08-25T09:08:36.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '7e8e3fa76f2e41fca6d8b81fea4dea5d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3094-3e14-4dde-a9c5-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:36.000Z",
|
||
|
"modified": "2015-08-25T09:08:36.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '7f44125412432e2533fb76cf49642dd1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3094-45f8-42da-a3f6-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:36.000Z",
|
||
|
"modified": "2015-08-25T09:08:36.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '84f169c2ff66175c415dca6e3d1d7a11']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3094-6d78-4e3c-b200-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:36.000Z",
|
||
|
"modified": "2015-08-25T09:08:36.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a5b2acfa5b86bc31740ca0af1d2cd2d8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3095-32c4-46f9-a8b6-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:37.000Z",
|
||
|
"modified": "2015-08-25T09:08:37.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'ae6b65ca7cbd4ca0ba86c6278c834547']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3095-3ed8-4491-9e50-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:37.000Z",
|
||
|
"modified": "2015-08-25T09:08:37.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b411d5fd45711e2223d0d85e84850d3f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3095-7164-4350-b57d-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:37.000Z",
|
||
|
"modified": "2015-08-25T09:08:37.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'baccbf655d0a7ff171a4fef7cfdc47e1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3095-8584-4c31-847c-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:08:37.000Z",
|
||
|
"modified": "2015-08-25T09:08:37.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e023335a2a96bf7a8e9c4c1439182a1f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:08:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30af-7f20-4daa-b28a-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:03.000Z",
|
||
|
"modified": "2015-08-25T09:09:03.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.192.221.51']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b0-e794-4786-b7e3-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:04.000Z",
|
||
|
"modified": "2015-08-25T09:09:04.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.249.225.140']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b0-2964-4c9a-a801-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:04.000Z",
|
||
|
"modified": "2015-08-25T09:09:04.000Z",
|
||
|
"pattern": "[domain-name:value = 'james.securitytactics.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b0-84dc-4ef8-84a8-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:04.000Z",
|
||
|
"modified": "2015-08-25T09:09:04.000Z",
|
||
|
"pattern": "[domain-name:value = 'cyber.serveexchange.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b0-c8b0-40dc-b8c0-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:04.000Z",
|
||
|
"modified": "2015-08-25T09:09:04.000Z",
|
||
|
"pattern": "[url:value = 'hktristars@gmail.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b0-912c-429b-8810-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:04.000Z",
|
||
|
"modified": "2015-08-25T09:09:04.000Z",
|
||
|
"pattern": "[url:value = 'http://149.86.66.9/spoolscv.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b1-f7ac-4ff0-a6cb-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:05.000Z",
|
||
|
"modified": "2015-08-25T09:09:05.000Z",
|
||
|
"pattern": "[url:value = 'http://173.208.195.150/gu/s.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b1-7c2c-40f1-8327-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:05.000Z",
|
||
|
"modified": "2015-08-25T09:09:05.000Z",
|
||
|
"pattern": "[url:value = 'http://84.19.27.254/~docswift/security.jar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b1-c650-40e4-84af-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:05.000Z",
|
||
|
"modified": "2015-08-25T09:09:05.000Z",
|
||
|
"pattern": "[url:value = 'http://creditbeuar.com/svchosts.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b1-d2a4-45ce-8317-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:05.000Z",
|
||
|
"modified": "2015-08-25T09:09:05.000Z",
|
||
|
"pattern": "[url:value = 'http://kuwota.com/version-check.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b2-8ad4-4331-a043-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:06.000Z",
|
||
|
"modified": "2015-08-25T09:09:06.000Z",
|
||
|
"pattern": "[url:value = 'http://notyourbusiness.net/kelvin.jar']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b2-d324-4b56-b19b-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:06.000Z",
|
||
|
"modified": "2015-08-25T09:09:06.000Z",
|
||
|
"pattern": "[url:value = 'http://notyourbusiness.net/y.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b2-6ac0-4a39-94fc-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:06.000Z",
|
||
|
"modified": "2015-08-25T09:09:06.000Z",
|
||
|
"pattern": "[url:value = 'http://www.creditbeuar.com/human.exe.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b2-6e18-425b-97cd-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:06.000Z",
|
||
|
"modified": "2015-08-25T09:09:06.000Z",
|
||
|
"pattern": "[domain-name:value = 'jack.servep2p.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b2-ef34-42cf-9ab2-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:06.000Z",
|
||
|
"modified": "2015-08-25T09:09:06.000Z",
|
||
|
"pattern": "[domain-name:value = 'john.cable-modem.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b3-44bc-4aa2-82bf-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:07.000Z",
|
||
|
"modified": "2015-08-25T09:09:07.000Z",
|
||
|
"pattern": "[domain-name:value = 'kuwota.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b3-d82c-43fe-b01a-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:07.000Z",
|
||
|
"modified": "2015-08-25T09:09:07.000Z",
|
||
|
"pattern": "[domain-name:value = 'login.loginto.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b3-5ed4-420b-8e19-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:07.000Z",
|
||
|
"modified": "2015-08-25T09:09:07.000Z",
|
||
|
"pattern": "[domain-name:value = 'notyourbusiness.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b3-cd54-4d4b-a7a7-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:07.000Z",
|
||
|
"modified": "2015-08-25T09:09:07.000Z",
|
||
|
"pattern": "[domain-name:value = 'uaelab.mypsx.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc30b3-3d2c-4f88-b6d9-58ee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:09:07.000Z",
|
||
|
"modified": "2015-08-25T09:09:07.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.creditbeuar.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:09:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344b-7a14-42ec-aeb3-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:27.000Z",
|
||
|
"modified": "2015-08-25T09:24:27.000Z",
|
||
|
"description": "- Xchecked via VT: e023335a2a96bf7a8e9c4c1439182a1f",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bb83dd035cd4522b80b17b17283176f90ea528bffede33b140db3d36d8b5e7f8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344b-be4c-4fec-9d61-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:27.000Z",
|
||
|
"modified": "2015-08-25T09:24:27.000Z",
|
||
|
"description": "- Xchecked via VT: e023335a2a96bf7a8e9c4c1439182a1f",
|
||
|
"pattern": "[file:hashes.SHA1 = '25f7e36faf5e62b06587e8101bfdebc7449121bc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc344b-df8c-494b-b070-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:27.000Z",
|
||
|
"modified": "2015-08-25T09:24:27.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:27Z",
|
||
|
"last_observed": "2015-08-25T09:24:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc344b-df8c-494b-b070-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc344b-df8c-494b-b070-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/bb83dd035cd4522b80b17b17283176f90ea528bffede33b140db3d36d8b5e7f8/analysis/1439967835/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344c-c04c-4f8c-a36b-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:27.000Z",
|
||
|
"modified": "2015-08-25T09:24:27.000Z",
|
||
|
"description": "- Xchecked via VT: baccbf655d0a7ff171a4fef7cfdc47e1",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c49946311ed1244fce1aec9102ae0d640b340cd772cca601dfb9cd2a9a3548e4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344c-62b8-4490-a84c-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:28.000Z",
|
||
|
"modified": "2015-08-25T09:24:28.000Z",
|
||
|
"description": "- Xchecked via VT: baccbf655d0a7ff171a4fef7cfdc47e1",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ae06eb722bb5bb96f974c3def7058e1e25874fd4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc344c-aa2c-49e3-8fd4-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:28.000Z",
|
||
|
"modified": "2015-08-25T09:24:28.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:28Z",
|
||
|
"last_observed": "2015-08-25T09:24:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc344c-aa2c-49e3-8fd4-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc344c-aa2c-49e3-8fd4-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/c49946311ed1244fce1aec9102ae0d640b340cd772cca601dfb9cd2a9a3548e4/analysis/1439965326/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344c-667c-4d4b-b381-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:28.000Z",
|
||
|
"modified": "2015-08-25T09:24:28.000Z",
|
||
|
"description": "- Xchecked via VT: b411d5fd45711e2223d0d85e84850d3f",
|
||
|
"pattern": "[file:hashes.SHA256 = '18ac5f538f8904ac6d63f1ab6679ee83e29b5ded6a70e9a947d9f3bad51258a7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344c-6d60-429c-9078-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:28.000Z",
|
||
|
"modified": "2015-08-25T09:24:28.000Z",
|
||
|
"description": "- Xchecked via VT: b411d5fd45711e2223d0d85e84850d3f",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ab25a23a850c60680b41ec31d9e7d7a7254b4103']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc344d-dfbc-4650-a206-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:29.000Z",
|
||
|
"modified": "2015-08-25T09:24:29.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:29Z",
|
||
|
"last_observed": "2015-08-25T09:24:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc344d-dfbc-4650-a206-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc344d-dfbc-4650-a206-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/18ac5f538f8904ac6d63f1ab6679ee83e29b5ded6a70e9a947d9f3bad51258a7/analysis/1418736548/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344d-3060-465b-bd83-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:29.000Z",
|
||
|
"modified": "2015-08-25T09:24:29.000Z",
|
||
|
"description": "- Xchecked via VT: ae6b65ca7cbd4ca0ba86c6278c834547",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344d-2a44-4763-838c-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:29.000Z",
|
||
|
"modified": "2015-08-25T09:24:29.000Z",
|
||
|
"description": "- Xchecked via VT: ae6b65ca7cbd4ca0ba86c6278c834547",
|
||
|
"pattern": "[file:hashes.SHA1 = 'fb434ba4f1eaf9f7f20fe6f49c4375e90fa98069']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc344d-ff88-471e-88bc-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:29.000Z",
|
||
|
"modified": "2015-08-25T09:24:29.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:29Z",
|
||
|
"last_observed": "2015-08-25T09:24:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc344d-ff88-471e-88bc-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc344d-ff88-471e-88bc-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279/analysis/1440434527/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344d-e0e4-4f85-a26d-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:29.000Z",
|
||
|
"modified": "2015-08-25T09:24:29.000Z",
|
||
|
"description": "- Xchecked via VT: a5b2acfa5b86bc31740ca0af1d2cd2d8",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ebc74b5b036e98a7fef8ae18d0783ae1dd3cd288be349cca79789972701e3db0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344e-4418-4f18-8e8f-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:30.000Z",
|
||
|
"modified": "2015-08-25T09:24:30.000Z",
|
||
|
"description": "- Xchecked via VT: a5b2acfa5b86bc31740ca0af1d2cd2d8",
|
||
|
"pattern": "[file:hashes.SHA1 = '80b4642862c3017ba0f2fe77c6c7377299dff6e8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc344e-496c-4f88-ba82-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:30.000Z",
|
||
|
"modified": "2015-08-25T09:24:30.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:30Z",
|
||
|
"last_observed": "2015-08-25T09:24:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc344e-496c-4f88-ba82-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc344e-496c-4f88-ba82-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/ebc74b5b036e98a7fef8ae18d0783ae1dd3cd288be349cca79789972701e3db0/analysis/1439302720/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344e-c49c-46be-8c92-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:30.000Z",
|
||
|
"modified": "2015-08-25T09:24:30.000Z",
|
||
|
"description": "- Xchecked via VT: 84f169c2ff66175c415dca6e3d1d7a11",
|
||
|
"pattern": "[file:hashes.SHA256 = '9462fb820f15f2606dcc15fa4c72f25a2d9faa59e72692cd5755933d0a513e61']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344e-d774-4f48-bf07-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:30.000Z",
|
||
|
"modified": "2015-08-25T09:24:30.000Z",
|
||
|
"description": "- Xchecked via VT: 84f169c2ff66175c415dca6e3d1d7a11",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b16958621998eb8a4bec2f6b4306431245ab56b7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc344e-31f4-4adb-925b-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:30.000Z",
|
||
|
"modified": "2015-08-25T09:24:30.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:30Z",
|
||
|
"last_observed": "2015-08-25T09:24:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc344e-31f4-4adb-925b-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc344e-31f4-4adb-925b-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/9462fb820f15f2606dcc15fa4c72f25a2d9faa59e72692cd5755933d0a513e61/analysis/1440388279/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344f-53a8-40ce-9e76-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:31.000Z",
|
||
|
"modified": "2015-08-25T09:24:31.000Z",
|
||
|
"description": "- Xchecked via VT: 7f44125412432e2533fb76cf49642dd1",
|
||
|
"pattern": "[file:hashes.SHA256 = '831919c2ae338204dcbd06119a6ba8f9541f92c3fe6d9697964881a1655079e5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344f-2f14-40d8-9a35-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:31.000Z",
|
||
|
"modified": "2015-08-25T09:24:31.000Z",
|
||
|
"description": "- Xchecked via VT: 7f44125412432e2533fb76cf49642dd1",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b87e41faf1194ebcb0eefa54f1d17e7016364f4e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc344f-ed74-46a3-b1d5-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:31.000Z",
|
||
|
"modified": "2015-08-25T09:24:31.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:31Z",
|
||
|
"last_observed": "2015-08-25T09:24:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc344f-ed74-46a3-b1d5-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc344f-ed74-46a3-b1d5-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/831919c2ae338204dcbd06119a6ba8f9541f92c3fe6d9697964881a1655079e5/analysis/1420090683/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc344f-b1bc-480e-ae0e-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:31.000Z",
|
||
|
"modified": "2015-08-25T09:24:31.000Z",
|
||
|
"description": "- Xchecked via VT: 7e8e3fa76f2e41fca6d8b81fea4dea5d",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a9c2f901928e977dd6d930a426aa725926d5a638652767d9c9f6cb133f558a25']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3450-f020-4cec-af5a-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:32.000Z",
|
||
|
"modified": "2015-08-25T09:24:32.000Z",
|
||
|
"description": "- Xchecked via VT: 7e8e3fa76f2e41fca6d8b81fea4dea5d",
|
||
|
"pattern": "[file:hashes.SHA1 = '2d4cf67196e7a4bed5f18cde60121b4e390cd6c4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc3450-2484-4c7e-8974-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:32.000Z",
|
||
|
"modified": "2015-08-25T09:24:32.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:32Z",
|
||
|
"last_observed": "2015-08-25T09:24:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc3450-2484-4c7e-8974-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc3450-2484-4c7e-8974-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/a9c2f901928e977dd6d930a426aa725926d5a638652767d9c9f6cb133f558a25/analysis/1439887201/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3450-b610-43b0-bc36-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:32.000Z",
|
||
|
"modified": "2015-08-25T09:24:32.000Z",
|
||
|
"description": "- Xchecked via VT: 7bb1f568a9877c1177a134a273ad744f",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c22c4d8ca2335605f8708b0bcaa9495c5b1848328a72c9fb61e84649d7480eb9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3450-cce4-4a6f-8a35-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:32.000Z",
|
||
|
"modified": "2015-08-25T09:24:32.000Z",
|
||
|
"description": "- Xchecked via VT: 7bb1f568a9877c1177a134a273ad744f",
|
||
|
"pattern": "[file:hashes.SHA1 = '39ffcdef624ada839f22f47a1283e1d5d2488b48']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc3450-bc1c-4d0d-bd7a-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:32.000Z",
|
||
|
"modified": "2015-08-25T09:24:32.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:32Z",
|
||
|
"last_observed": "2015-08-25T09:24:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc3450-bc1c-4d0d-bd7a-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc3450-bc1c-4d0d-bd7a-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/c22c4d8ca2335605f8708b0bcaa9495c5b1848328a72c9fb61e84649d7480eb9/analysis/1417914581/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3451-37a8-418f-85d5-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:33.000Z",
|
||
|
"modified": "2015-08-25T09:24:33.000Z",
|
||
|
"description": "- Xchecked via VT: 78904b8c4831f368f6a51f640c5540d8",
|
||
|
"pattern": "[file:hashes.SHA256 = '3b003f18a29a2e7517651e2068279e70c4afa8306ea3bc6734a69ab5b97e7fb7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3451-d77c-40a1-9ab4-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:33.000Z",
|
||
|
"modified": "2015-08-25T09:24:33.000Z",
|
||
|
"description": "- Xchecked via VT: 78904b8c4831f368f6a51f640c5540d8",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a4efcbf0309c705442dc1f622204c34bf7b540ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc3451-8654-4c51-9adb-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:33.000Z",
|
||
|
"modified": "2015-08-25T09:24:33.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:33Z",
|
||
|
"last_observed": "2015-08-25T09:24:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc3451-8654-4c51-9adb-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc3451-8654-4c51-9adb-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/3b003f18a29a2e7517651e2068279e70c4afa8306ea3bc6734a69ab5b97e7fb7/analysis/1439964248/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3451-d030-46ed-b487-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:33.000Z",
|
||
|
"modified": "2015-08-25T09:24:33.000Z",
|
||
|
"description": "- Xchecked via VT: 6bde5462f45a230edc7e7641dd711505",
|
||
|
"pattern": "[file:hashes.SHA256 = '2b9c941150206d38a635620f2129660628f9b08dd2f674013cacda39bde7ae56']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3451-35c0-4d69-a9e3-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:33.000Z",
|
||
|
"modified": "2015-08-25T09:24:33.000Z",
|
||
|
"description": "- Xchecked via VT: 6bde5462f45a230edc7e7641dd711505",
|
||
|
"pattern": "[file:hashes.SHA1 = '889fd076e5c50e8350a804e953895cd9247512b6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc3452-c030-449e-85b0-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:34.000Z",
|
||
|
"modified": "2015-08-25T09:24:34.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:34Z",
|
||
|
"last_observed": "2015-08-25T09:24:34Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc3452-c030-449e-85b0-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc3452-c030-449e-85b0-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/2b9c941150206d38a635620f2129660628f9b08dd2f674013cacda39bde7ae56/analysis/1440094201/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3452-3ce8-478d-95dd-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:34.000Z",
|
||
|
"modified": "2015-08-25T09:24:34.000Z",
|
||
|
"description": "- Xchecked via VT: 65eb2ddc65eb4b963061fe01ad0069df",
|
||
|
"pattern": "[file:hashes.SHA256 = '4158eab567330a2743a189941412da5304bb80bbb9acce9bb7a22014124f6c3a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3452-7bb8-4918-ae8c-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:34.000Z",
|
||
|
"modified": "2015-08-25T09:24:34.000Z",
|
||
|
"description": "- Xchecked via VT: 65eb2ddc65eb4b963061fe01ad0069df",
|
||
|
"pattern": "[file:hashes.SHA1 = '5918a3dcf36b38c6ac9077e3a18f09f4573f243b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc3452-c0c4-4bb7-80bf-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:34.000Z",
|
||
|
"modified": "2015-08-25T09:24:34.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:34Z",
|
||
|
"last_observed": "2015-08-25T09:24:34Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc3452-c0c4-4bb7-80bf-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc3452-c0c4-4bb7-80bf-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/4158eab567330a2743a189941412da5304bb80bbb9acce9bb7a22014124f6c3a/analysis/1439879031/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3452-2100-4cd4-b5c7-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:34.000Z",
|
||
|
"modified": "2015-08-25T09:24:34.000Z",
|
||
|
"description": "- Xchecked via VT: 3e486ce5fbcc8fed0172bf19f4013cba",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a626b185fdfda2cea594ac9b314478b5d8e6283a07a2c899ea96c7051dcffbbe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3453-5f50-4625-b1ce-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:35.000Z",
|
||
|
"modified": "2015-08-25T09:24:35.000Z",
|
||
|
"description": "- Xchecked via VT: 3e486ce5fbcc8fed0172bf19f4013cba",
|
||
|
"pattern": "[file:hashes.SHA1 = '6f6600eecd45e3943906a21ba33ec6045143eeb4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc3453-b348-4d29-8300-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:35.000Z",
|
||
|
"modified": "2015-08-25T09:24:35.000Z",
|
||
|
"first_observed": "2015-08-25T09:24:35Z",
|
||
|
"last_observed": "2015-08-25T09:24:35Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc3453-b348-4d29-8300-3c78950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc3453-b348-4d29-8300-3c78950d210b",
|
||
|
"value": "https://www.virustotal.com/file/a626b185fdfda2cea594ac9b314478b5d8e6283a07a2c899ea96c7051dcffbbe/analysis/1433738373/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc3453-5020-47ce-bdc1-3c78950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T09:24:35.000Z",
|
||
|
"modified": "2015-08-25T09:24:35.000Z",
|
||
|
"description": "- Xchecked via VT: 2c3adf843acf69c56b5ced66d919ae6f",
|
||
|
"pattern": "[file:hashes.SHA256 = '2de259a6926da4ab70f62584f9ec31fc086adab367db454b36af460cf1c722ff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T09:24:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|