1293 lines
54 KiB
JSON
1293 lines
54 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--560c1c35-fd9c-4fb4-9a93-801b950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:43:42.000Z",
|
||
|
"modified": "2015-10-01T06:43:42.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--560c1c35-fd9c-4fb4-9a93-801b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:43:42.000Z",
|
||
|
"modified": "2015-10-01T06:43:42.000Z",
|
||
|
"name": "OSINT When ELF.BillGates met Windows by Arkoon+Netasq",
|
||
|
"published": "2015-10-01T06:43:46Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--560c1c4d-a4bc-49c3-b22d-6789950d210b",
|
||
|
"url--560c1c4d-a4bc-49c3-b22d-6789950d210b",
|
||
|
"indicator--560c1c8f-05a8-4724-a235-6789950d210b",
|
||
|
"indicator--560c1cc4-0984-4576-9d59-8024950d210b",
|
||
|
"indicator--560c1cc4-ff38-43cc-9b05-8024950d210b",
|
||
|
"indicator--560c1cc5-debc-4000-8253-8024950d210b",
|
||
|
"indicator--560c1cc5-7154-4873-be3b-8024950d210b",
|
||
|
"indicator--560c1cc5-4784-49b1-8ed0-8024950d210b",
|
||
|
"indicator--560c1d2a-5ffc-4e83-99cc-8022950d210b",
|
||
|
"indicator--560c1d2a-2eac-4b6a-a9f1-8022950d210b",
|
||
|
"indicator--560c1d2a-e788-42d7-baa6-8022950d210b",
|
||
|
"indicator--560c1d2b-38a4-4e2f-85f6-8022950d210b",
|
||
|
"indicator--560c1d2b-eb64-4fdb-a51d-8022950d210b",
|
||
|
"indicator--560c1d2c-0570-40c3-acf4-8022950d210b",
|
||
|
"indicator--560c1d2c-3d98-427a-a61e-8022950d210b",
|
||
|
"indicator--560c1d2c-488c-414f-a771-8022950d210b",
|
||
|
"indicator--560c1d45-63bc-4f07-9ccc-6221950d210b",
|
||
|
"indicator--560c1d46-86e4-4032-bb59-6221950d210b",
|
||
|
"indicator--560c1d46-9364-41b3-8509-6221950d210b",
|
||
|
"indicator--560c1d47-284c-410b-b4fe-6221950d210b",
|
||
|
"indicator--560c1d47-0584-458b-9819-6221950d210b",
|
||
|
"indicator--560c1d48-fbb8-4978-ab44-6221950d210b",
|
||
|
"indicator--560c1d48-4e78-45cb-9ad5-6221950d210b",
|
||
|
"indicator--560c1d49-b02c-4db0-947d-6221950d210b",
|
||
|
"indicator--560cd0e5-96f8-4be7-8853-801c950d210b",
|
||
|
"indicator--560cd0e6-145c-4336-bc21-801c950d210b",
|
||
|
"observed-data--560cd0e6-188c-463c-82f3-801c950d210b",
|
||
|
"url--560cd0e6-188c-463c-82f3-801c950d210b",
|
||
|
"indicator--560cd0e7-f514-4c7b-a757-801c950d210b",
|
||
|
"indicator--560cd0e7-86e4-4368-9656-801c950d210b",
|
||
|
"observed-data--560cd0e7-0238-4fe1-aa85-801c950d210b",
|
||
|
"url--560cd0e7-0238-4fe1-aa85-801c950d210b",
|
||
|
"indicator--560cd0e8-fc38-4565-bfa5-801c950d210b",
|
||
|
"indicator--560cd0e8-d208-4923-be9a-801c950d210b",
|
||
|
"observed-data--560cd0e8-ec74-42f0-8c16-801c950d210b",
|
||
|
"url--560cd0e8-ec74-42f0-8c16-801c950d210b",
|
||
|
"indicator--560cd0e9-bbac-415b-8d4d-801c950d210b",
|
||
|
"indicator--560cd0e9-7c40-4d41-867e-801c950d210b",
|
||
|
"observed-data--560cd0e9-2480-4d1f-a35e-801c950d210b",
|
||
|
"url--560cd0e9-2480-4d1f-a35e-801c950d210b",
|
||
|
"indicator--560cd0ea-9750-4a76-b276-801c950d210b",
|
||
|
"indicator--560cd0ea-bd54-40a5-a3e1-801c950d210b",
|
||
|
"observed-data--560cd0eb-2448-4924-b638-801c950d210b",
|
||
|
"url--560cd0eb-2448-4924-b638-801c950d210b",
|
||
|
"indicator--560cd0eb-6f80-44f2-8ed5-801c950d210b",
|
||
|
"indicator--560cd0eb-41a0-4f9e-8af9-801c950d210b",
|
||
|
"observed-data--560cd0ec-efa0-4a7d-9277-801c950d210b",
|
||
|
"url--560cd0ec-efa0-4a7d-9277-801c950d210b",
|
||
|
"indicator--560cd0ec-8744-4dfe-a85c-801c950d210b",
|
||
|
"indicator--560cd0ec-3004-43cc-bbe5-801c950d210b",
|
||
|
"observed-data--560cd0ed-f9c0-43ad-a544-801c950d210b",
|
||
|
"url--560cd0ed-f9c0-43ad-a544-801c950d210b",
|
||
|
"indicator--560cd0ed-59f4-4152-941e-801c950d210b",
|
||
|
"indicator--560cd0ed-2fcc-4467-bfa6-801c950d210b",
|
||
|
"observed-data--560cd0ee-9928-43e5-b9e1-801c950d210b",
|
||
|
"url--560cd0ee-9928-43e5-b9e1-801c950d210b",
|
||
|
"indicator--560cd0ee-53b4-491e-abdb-801c950d210b",
|
||
|
"indicator--560cd0ee-d8e8-438b-a5e8-801c950d210b",
|
||
|
"observed-data--560cd0ef-0258-4b9b-9c61-801c950d210b",
|
||
|
"url--560cd0ef-0258-4b9b-9c61-801c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--560c1c4d-a4bc-49c3-b22d-6789950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:30:53.000Z",
|
||
|
"modified": "2015-09-30T17:30:53.000Z",
|
||
|
"first_observed": "2015-09-30T17:30:53Z",
|
||
|
"last_observed": "2015-09-30T17:30:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--560c1c4d-a4bc-49c3-b22d-6789950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--560c1c4d-a4bc-49c3-b22d-6789950d210b",
|
||
|
"value": "http://thisissecurity.net/2015/09/30/when-elf-billgates-met-windows/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1c8f-05a8-4724-a235-6789950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:31:59.000Z",
|
||
|
"modified": "2015-09-30T17:31:59.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '4b14d7aca890642c3e269b75953e65cb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:31:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1cc4-0984-4576-9d59-8024950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:32:52.000Z",
|
||
|
"modified": "2015-09-30T17:32:52.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '39.109.0.113']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:32:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1cc4-ff38-43cc-9b05-8024950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:32:52.000Z",
|
||
|
"modified": "2015-09-30T17:32:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'say.f322.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:32:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1cc5-debc-4000-8253-8024950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:32:53.000Z",
|
||
|
"modified": "2015-09-30T17:32:53.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '1.82.184.200']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:32:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1cc5-7154-4873-be3b-8024950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:32:53.000Z",
|
||
|
"modified": "2015-09-30T17:32:53.000Z",
|
||
|
"pattern": "[domain-name:value = 'mou521.f3322.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:32:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1cc5-4784-49b1-8ed0-8024950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:32:53.000Z",
|
||
|
"modified": "2015-09-30T17:32:53.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '129.231.45.171']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:32:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d2a-5ffc-4e83-99cc-8022950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:34:34.000Z",
|
||
|
"modified": "2015-09-30T17:34:34.000Z",
|
||
|
"description": "Win32.BillGates",
|
||
|
"pattern": "[file:hashes.MD5 = 'fb7e7b5c35bb5311acc8139350344878']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:34:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d2a-2eac-4b6a-a9f1-8022950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:34:34.000Z",
|
||
|
"modified": "2015-09-30T17:34:34.000Z",
|
||
|
"description": "Win32.BillGates",
|
||
|
"pattern": "[file:hashes.MD5 = '51f00e56b4ef21e6b7d6685ca3fbad1a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:34:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d2a-e788-42d7-baa6-8022950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:34:34.000Z",
|
||
|
"modified": "2015-09-30T17:34:34.000Z",
|
||
|
"description": "Win32.BillGates",
|
||
|
"pattern": "[file:hashes.MD5 = 'f864867f277330f81669a7c90fb6a3f4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:34:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d2b-38a4-4e2f-85f6-8022950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:34:35.000Z",
|
||
|
"modified": "2015-09-30T17:34:35.000Z",
|
||
|
"description": "Win32.BillGates",
|
||
|
"pattern": "[file:hashes.MD5 = 'c32f27eaadda31c36e32e97c481771c9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:34:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d2b-eb64-4fdb-a51d-8022950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:34:35.000Z",
|
||
|
"modified": "2015-09-30T17:34:35.000Z",
|
||
|
"description": "Win32.BillGates",
|
||
|
"pattern": "[file:hashes.MD5 = '8e9e4da1272f0b637917201443fcbd0a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:34:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d2c-0570-40c3-acf4-8022950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:34:36.000Z",
|
||
|
"modified": "2015-09-30T17:34:36.000Z",
|
||
|
"description": "Win32.BillGates infected by Win32.Virut:",
|
||
|
"pattern": "[file:hashes.MD5 = '93fe8980c6279c090924e8669b0cb582']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:34:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d2c-3d98-427a-a61e-8022950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:34:36.000Z",
|
||
|
"modified": "2015-09-30T17:34:36.000Z",
|
||
|
"description": "Win32.BillGates infected by Win32.Virut:",
|
||
|
"pattern": "[file:hashes.MD5 = '2130df6f7817c86890a5e922f99430a3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:34:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d2c-488c-414f-a771-8022950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:34:36.000Z",
|
||
|
"modified": "2015-09-30T17:34:36.000Z",
|
||
|
"description": "Win32.BillGates infected by Win32.Parite",
|
||
|
"pattern": "[file:hashes.MD5 = '129877bf0cbc9b8239c674810675f6f7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:34:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d45-63bc-4f07-9ccc-6221950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:35:01.000Z",
|
||
|
"modified": "2015-09-30T17:35:01.000Z",
|
||
|
"pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\DbSecuritySpt\\\\DbSecuritySpt.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:35:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d46-86e4-4032-bb59-6221950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:35:02.000Z",
|
||
|
"modified": "2015-09-30T17:35:02.000Z",
|
||
|
"pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\DbSecuritySpt\\\\svch0st.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:35:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d46-9364-41b3-8509-6221950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:35:02.000Z",
|
||
|
"modified": "2015-09-30T17:35:02.000Z",
|
||
|
"pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\Windows Media Player\\\\agony.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:35:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d47-284c-410b-b4fe-6221950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:35:03.000Z",
|
||
|
"modified": "2015-09-30T17:35:03.000Z",
|
||
|
"pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\Windows Media Player\\\\agony.sys']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:35:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d47-0584-458b-9819-6221950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:35:03.000Z",
|
||
|
"modified": "2015-09-30T17:35:03.000Z",
|
||
|
"pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\Windows Media Player\\\\DNSProtection.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:35:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d48-fbb8-4978-ab44-6221950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:35:04.000Z",
|
||
|
"modified": "2015-09-30T17:35:04.000Z",
|
||
|
"pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\Windows Media Player\\\\DNSSupport.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:35:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d48-4e78-45cb-9ad5-6221950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:35:04.000Z",
|
||
|
"modified": "2015-09-30T17:35:04.000Z",
|
||
|
"pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\DbSecuritySpt\\\\NPF.sys']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:35:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560c1d49-b02c-4db0-947d-6221950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-09-30T17:35:05.000Z",
|
||
|
"modified": "2015-09-30T17:35:05.000Z",
|
||
|
"pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\DbSecuritySpt\\\\packet.dll']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-09-30T17:35:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0e5-96f8-4be7-8853-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:25.000Z",
|
||
|
"modified": "2015-10-01T06:21:25.000Z",
|
||
|
"description": "Win32.BillGates infected by Win32.Parite - Xchecked via VT: 129877bf0cbc9b8239c674810675f6f7",
|
||
|
"pattern": "[file:hashes.SHA256 = '2f1ae7942df4f4d47a569e20913fe9107caa14bfd89b08925473f6536acbc6a3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0e6-145c-4336-bc21-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:26.000Z",
|
||
|
"modified": "2015-10-01T06:21:26.000Z",
|
||
|
"description": "Win32.BillGates infected by Win32.Parite - Xchecked via VT: 129877bf0cbc9b8239c674810675f6f7",
|
||
|
"pattern": "[file:hashes.SHA1 = '8d51d194aab4727ff3469b8b4e1486a39f84d6f0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--560cd0e6-188c-463c-82f3-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:26.000Z",
|
||
|
"modified": "2015-10-01T06:21:26.000Z",
|
||
|
"first_observed": "2015-10-01T06:21:26Z",
|
||
|
"last_observed": "2015-10-01T06:21:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--560cd0e6-188c-463c-82f3-801c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--560cd0e6-188c-463c-82f3-801c950d210b",
|
||
|
"value": "https://www.virustotal.com/file/2f1ae7942df4f4d47a569e20913fe9107caa14bfd89b08925473f6536acbc6a3/analysis/1432574759/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0e7-f514-4c7b-a757-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:27.000Z",
|
||
|
"modified": "2015-10-01T06:21:27.000Z",
|
||
|
"description": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 2130df6f7817c86890a5e922f99430a3",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd7efd8ab33fe77b689968ef3fe790ed7939624c754a455ce512fe5bb67be732f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0e7-86e4-4368-9656-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:27.000Z",
|
||
|
"modified": "2015-10-01T06:21:27.000Z",
|
||
|
"description": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 2130df6f7817c86890a5e922f99430a3",
|
||
|
"pattern": "[file:hashes.SHA1 = '8531f1e1b3d2ee15af6ed3ab5b4a804773650d25']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--560cd0e7-0238-4fe1-aa85-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:27.000Z",
|
||
|
"modified": "2015-10-01T06:21:27.000Z",
|
||
|
"first_observed": "2015-10-01T06:21:27Z",
|
||
|
"last_observed": "2015-10-01T06:21:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--560cd0e7-0238-4fe1-aa85-801c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--560cd0e7-0238-4fe1-aa85-801c950d210b",
|
||
|
"value": "https://www.virustotal.com/file/d7efd8ab33fe77b689968ef3fe790ed7939624c754a455ce512fe5bb67be732f/analysis/1439312871/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0e8-fc38-4565-bfa5-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:28.000Z",
|
||
|
"modified": "2015-10-01T06:21:28.000Z",
|
||
|
"description": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 93fe8980c6279c090924e8669b0cb582",
|
||
|
"pattern": "[file:hashes.SHA256 = '9dc3068a321b41def24dca518b07a717a633a84d953f9e6d6bd94be2e21e8e98']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0e8-d208-4923-be9a-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:28.000Z",
|
||
|
"modified": "2015-10-01T06:21:28.000Z",
|
||
|
"description": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 93fe8980c6279c090924e8669b0cb582",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a80fbe481dfab7d0f4a9e11f649f6863a6b8a844']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--560cd0e8-ec74-42f0-8c16-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:28.000Z",
|
||
|
"modified": "2015-10-01T06:21:28.000Z",
|
||
|
"first_observed": "2015-10-01T06:21:28Z",
|
||
|
"last_observed": "2015-10-01T06:21:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--560cd0e8-ec74-42f0-8c16-801c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--560cd0e8-ec74-42f0-8c16-801c950d210b",
|
||
|
"value": "https://www.virustotal.com/file/9dc3068a321b41def24dca518b07a717a633a84d953f9e6d6bd94be2e21e8e98/analysis/1424121957/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0e9-bbac-415b-8d4d-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:29.000Z",
|
||
|
"modified": "2015-10-01T06:21:29.000Z",
|
||
|
"description": "Win32.BillGates - Xchecked via VT: 8e9e4da1272f0b637917201443fcbd0a",
|
||
|
"pattern": "[file:hashes.SHA256 = 'aa068ca86fd9ec4e29d3bf00c7d99a3039f04f701e358e31ee98e5c48c09cc7a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0e9-7c40-4d41-867e-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:29.000Z",
|
||
|
"modified": "2015-10-01T06:21:29.000Z",
|
||
|
"description": "Win32.BillGates - Xchecked via VT: 8e9e4da1272f0b637917201443fcbd0a",
|
||
|
"pattern": "[file:hashes.SHA1 = '4367ae72e85d42e979c7faca87c0754e5aa9da41']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--560cd0e9-2480-4d1f-a35e-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:29.000Z",
|
||
|
"modified": "2015-10-01T06:21:29.000Z",
|
||
|
"first_observed": "2015-10-01T06:21:29Z",
|
||
|
"last_observed": "2015-10-01T06:21:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--560cd0e9-2480-4d1f-a35e-801c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--560cd0e9-2480-4d1f-a35e-801c950d210b",
|
||
|
"value": "https://www.virustotal.com/file/aa068ca86fd9ec4e29d3bf00c7d99a3039f04f701e358e31ee98e5c48c09cc7a/analysis/1418116709/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0ea-9750-4a76-b276-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:30.000Z",
|
||
|
"modified": "2015-10-01T06:21:30.000Z",
|
||
|
"description": "Win32.BillGates - Xchecked via VT: c32f27eaadda31c36e32e97c481771c9",
|
||
|
"pattern": "[file:hashes.SHA256 = '8ad95441c528ab80226ad2bb4be5d921acb6818e97c3e793a05f2677e1591e24']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0ea-bd54-40a5-a3e1-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:30.000Z",
|
||
|
"modified": "2015-10-01T06:21:30.000Z",
|
||
|
"description": "Win32.BillGates - Xchecked via VT: c32f27eaadda31c36e32e97c481771c9",
|
||
|
"pattern": "[file:hashes.SHA1 = '91c6e2ac9dce76bf8ee6bdb5ec58735a6bad98f5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--560cd0eb-2448-4924-b638-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:31.000Z",
|
||
|
"modified": "2015-10-01T06:21:31.000Z",
|
||
|
"first_observed": "2015-10-01T06:21:31Z",
|
||
|
"last_observed": "2015-10-01T06:21:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--560cd0eb-2448-4924-b638-801c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--560cd0eb-2448-4924-b638-801c950d210b",
|
||
|
"value": "https://www.virustotal.com/file/8ad95441c528ab80226ad2bb4be5d921acb6818e97c3e793a05f2677e1591e24/analysis/1406118682/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0eb-6f80-44f2-8ed5-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:31.000Z",
|
||
|
"modified": "2015-10-01T06:21:31.000Z",
|
||
|
"description": "Win32.BillGates - Xchecked via VT: f864867f277330f81669a7c90fb6a3f4",
|
||
|
"pattern": "[file:hashes.SHA256 = '6341eec9e0bdfad72ae6b05ae9e196539b15a8eb7eb2ece1ca79e93ac6f35e25']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0eb-41a0-4f9e-8af9-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:31.000Z",
|
||
|
"modified": "2015-10-01T06:21:31.000Z",
|
||
|
"description": "Win32.BillGates - Xchecked via VT: f864867f277330f81669a7c90fb6a3f4",
|
||
|
"pattern": "[file:hashes.SHA1 = '495bb971f973104a30a83d1f1e8739dc70181912']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--560cd0ec-efa0-4a7d-9277-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:32.000Z",
|
||
|
"modified": "2015-10-01T06:21:32.000Z",
|
||
|
"first_observed": "2015-10-01T06:21:32Z",
|
||
|
"last_observed": "2015-10-01T06:21:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--560cd0ec-efa0-4a7d-9277-801c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--560cd0ec-efa0-4a7d-9277-801c950d210b",
|
||
|
"value": "https://www.virustotal.com/file/6341eec9e0bdfad72ae6b05ae9e196539b15a8eb7eb2ece1ca79e93ac6f35e25/analysis/1403672511/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0ec-8744-4dfe-a85c-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:32.000Z",
|
||
|
"modified": "2015-10-01T06:21:32.000Z",
|
||
|
"description": "Win32.BillGates - Xchecked via VT: 51f00e56b4ef21e6b7d6685ca3fbad1a",
|
||
|
"pattern": "[file:hashes.SHA256 = '4209035f042bcd79fe91997c8466cfdd890e740d8cb85b3076d7a5e79891f441']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0ec-3004-43cc-bbe5-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:32.000Z",
|
||
|
"modified": "2015-10-01T06:21:32.000Z",
|
||
|
"description": "Win32.BillGates - Xchecked via VT: 51f00e56b4ef21e6b7d6685ca3fbad1a",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c145e5e23cd95de4c0b521f0eb7ded59ba0a381e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--560cd0ed-f9c0-43ad-a544-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:33.000Z",
|
||
|
"modified": "2015-10-01T06:21:33.000Z",
|
||
|
"first_observed": "2015-10-01T06:21:33Z",
|
||
|
"last_observed": "2015-10-01T06:21:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--560cd0ed-f9c0-43ad-a544-801c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--560cd0ed-f9c0-43ad-a544-801c950d210b",
|
||
|
"value": "https://www.virustotal.com/file/4209035f042bcd79fe91997c8466cfdd890e740d8cb85b3076d7a5e79891f441/analysis/1431436610/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0ed-59f4-4152-941e-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:33.000Z",
|
||
|
"modified": "2015-10-01T06:21:33.000Z",
|
||
|
"description": "Win32.BillGates - Xchecked via VT: fb7e7b5c35bb5311acc8139350344878",
|
||
|
"pattern": "[file:hashes.SHA256 = '0434ba4a0dc59bca819f7586f12f9ef0de83de28b37da9c83a0b12520d3ebbd1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0ed-2fcc-4467-bfa6-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:33.000Z",
|
||
|
"modified": "2015-10-01T06:21:33.000Z",
|
||
|
"description": "Win32.BillGates - Xchecked via VT: fb7e7b5c35bb5311acc8139350344878",
|
||
|
"pattern": "[file:hashes.SHA1 = '3038ca2fc80c4c90cd7909724a937e9890bc0203']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--560cd0ee-9928-43e5-b9e1-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:34.000Z",
|
||
|
"modified": "2015-10-01T06:21:34.000Z",
|
||
|
"first_observed": "2015-10-01T06:21:34Z",
|
||
|
"last_observed": "2015-10-01T06:21:34Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--560cd0ee-9928-43e5-b9e1-801c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--560cd0ee-9928-43e5-b9e1-801c950d210b",
|
||
|
"value": "https://www.virustotal.com/file/0434ba4a0dc59bca819f7586f12f9ef0de83de28b37da9c83a0b12520d3ebbd1/analysis/1424273883/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0ee-53b4-491e-abdb-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:34.000Z",
|
||
|
"modified": "2015-10-01T06:21:34.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 4b14d7aca890642c3e269b75953e65cb",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd241880aefef812b462153ae0f8ec079e8b56789f1c7547624e9406b74da12fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560cd0ee-d8e8-438b-a5e8-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:34.000Z",
|
||
|
"modified": "2015-10-01T06:21:34.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 4b14d7aca890642c3e269b75953e65cb",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cb4271a5ed7cf66b1d508d3d7364c11280c1763d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-01T06:21:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--560cd0ef-0258-4b9b-9c61-801c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-01T06:21:35.000Z",
|
||
|
"modified": "2015-10-01T06:21:35.000Z",
|
||
|
"first_observed": "2015-10-01T06:21:35Z",
|
||
|
"last_observed": "2015-10-01T06:21:35Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--560cd0ef-0258-4b9b-9c61-801c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--560cd0ef-0258-4b9b-9c61-801c950d210b",
|
||
|
"value": "https://www.virustotal.com/file/d241880aefef812b462153ae0f8ec079e8b56789f1c7547624e9406b74da12fd/analysis/1435885257/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|