712 lines
29 KiB
JSON
712 lines
29 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--56af4bee-eeb4-4145-b10f-4c7e950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:48.000Z",
|
||
|
"modified": "2016-02-01T15:03:48.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--56af4bee-eeb4-4145-b10f-4c7e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:48.000Z",
|
||
|
"modified": "2016-02-01T15:03:48.000Z",
|
||
|
"name": "OSINT Android.Bankosy: All ears on voice call-based 2FA by Symantec",
|
||
|
"published": "2016-02-01T12:16:26Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--56af4c08-42e0-4694-8fcc-4230950d210f",
|
||
|
"url--56af4c08-42e0-4694-8fcc-4230950d210f",
|
||
|
"observed-data--56af4c08-8ee8-4929-9b14-4cd6950d210f",
|
||
|
"url--56af4c08-8ee8-4929-9b14-4cd6950d210f",
|
||
|
"indicator--56af4c51-3ec4-4e21-b041-4fcc950d210f",
|
||
|
"observed-data--56af4c75-b6dc-4027-8f9d-413a950d210f",
|
||
|
"url--56af4c75-b6dc-4027-8f9d-413a950d210f",
|
||
|
"indicator--56af4c8d-74a0-4f60-8c3f-4f3b950d210f",
|
||
|
"indicator--56af4c8d-2734-4a35-b6ea-4607950d210f",
|
||
|
"indicator--56af4c8d-8230-454c-96f0-4c58950d210f",
|
||
|
"indicator--56af4c8e-3fdc-4eaf-8cad-4898950d210f",
|
||
|
"indicator--56af4c8e-fa44-4edc-b950-4833950d210f",
|
||
|
"indicator--56af4c8e-4870-4fef-a7b5-4fb7950d210f",
|
||
|
"indicator--56af4c8e-2a58-416c-9cf4-46ed950d210f",
|
||
|
"indicator--56af4c8f-c71c-495f-bf6a-4bbc950d210f",
|
||
|
"indicator--56af4c8f-7070-4ffb-af52-4912950d210f",
|
||
|
"indicator--56af4c8f-5098-4b89-9eec-4d6d950d210f",
|
||
|
"indicator--56af4c90-a70c-44ed-a908-479d950d210f",
|
||
|
"indicator--56af4c90-fcf0-49e7-9aa7-4045950d210f",
|
||
|
"indicator--56af4c90-1384-4542-944d-463c950d210f",
|
||
|
"indicator--56af4c90-8848-4b37-b88b-4c07950d210f",
|
||
|
"indicator--56af73d5-aba8-4d78-9a42-40fe02de0b81",
|
||
|
"indicator--56af73d5-471c-407f-b75d-46d702de0b81",
|
||
|
"observed-data--56af73d5-602c-4186-8407-453b02de0b81",
|
||
|
"url--56af73d5-602c-4186-8407-453b02de0b81",
|
||
|
"indicator--56af73d6-8d84-4b15-9fc4-473b02de0b81",
|
||
|
"indicator--56af73d6-3e34-40e4-ab31-45ee02de0b81",
|
||
|
"observed-data--56af73d6-7808-4bb6-b8e4-45ca02de0b81",
|
||
|
"url--56af73d6-7808-4bb6-b8e4-45ca02de0b81",
|
||
|
"indicator--56af73d6-8e00-4302-bc62-462202de0b81",
|
||
|
"indicator--56af73d7-cca4-43c9-910b-4c6b02de0b81",
|
||
|
"observed-data--56af73d7-1658-4191-8565-401c02de0b81",
|
||
|
"url--56af73d7-1658-4191-8565-401c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56af4c08-42e0-4694-8fcc-4230950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:14:00.000Z",
|
||
|
"modified": "2016-02-01T12:14:00.000Z",
|
||
|
"first_observed": "2016-02-01T12:14:00Z",
|
||
|
"last_observed": "2016-02-01T12:14:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56af4c08-42e0-4694-8fcc-4230950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56af4c08-42e0-4694-8fcc-4230950d210f",
|
||
|
"value": "http://www.symantec.com/connect/blogs/androidbankosy-all-ears-voice-call-based-2fa"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56af4c08-8ee8-4929-9b14-4cd6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:14:00.000Z",
|
||
|
"modified": "2016-02-01T12:14:00.000Z",
|
||
|
"first_observed": "2016-02-01T12:14:00Z",
|
||
|
"last_observed": "2016-02-01T12:14:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56af4c08-8ee8-4929-9b14-4cd6950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56af4c08-8ee8-4929-9b14-4cd6950d210f",
|
||
|
"value": "http://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c51-3ec4-4e21-b041-4fcc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:15:13.000Z",
|
||
|
"modified": "2016-02-01T12:15:13.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.14.59']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:15:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56af4c75-b6dc-4027-8f9d-413a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:15:48.000Z",
|
||
|
"modified": "2016-02-01T12:15:48.000Z",
|
||
|
"first_observed": "2016-02-01T12:15:48Z",
|
||
|
"last_observed": "2016-02-01T12:15:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56af4c75-b6dc-4027-8f9d-413a950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56af4c75-b6dc-4027-8f9d-413a950d210f",
|
||
|
"value": "https://otx.alienvault.com/pulse/56a651b74637f23550f3bf0a/?source=email_notification"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c8d-74a0-4f60-8c3f-4f3b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:13.000Z",
|
||
|
"modified": "2016-02-01T12:16:13.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '7b7eeca21a4aee3768b41b9e194052cbb01835ae3b3503c1d635abbe1193aa5c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c8d-2734-4a35-b6ea-4607950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:13.000Z",
|
||
|
"modified": "2016-02-01T12:16:13.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e6c1621158d37d10899018db253bf7e51113d47d5188fc363c6b5c51a606be2f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c8d-8230-454c-96f0-4c58950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:13.000Z",
|
||
|
"modified": "2016-02-01T12:16:13.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f5bc281ee071f6fb0eb8d25f414770fee67e2ea6e02afe53896a2313f6cfe373']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c8e-3fdc-4eaf-8cad-4898950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:14.000Z",
|
||
|
"modified": "2016-02-01T12:16:14.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.14.29']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c8e-fa44-4edc-b950-4833950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:14.000Z",
|
||
|
"modified": "2016-02-01T12:16:14.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.148.188']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c8e-4870-4fef-a7b5-4fb7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:14.000Z",
|
||
|
"modified": "2016-02-01T12:16:14.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.3.144.90']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c8e-2a58-416c-9cf4-46ed950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:14.000Z",
|
||
|
"modified": "2016-02-01T12:16:14.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.222.162']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c8f-c71c-495f-bf6a-4bbc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:15.000Z",
|
||
|
"modified": "2016-02-01T12:16:15.000Z",
|
||
|
"pattern": "[url:value = 'http://185.86.148.188:2080/forms/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c8f-7070-4ffb-af52-4912950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:15.000Z",
|
||
|
"modified": "2016-02-01T12:16:15.000Z",
|
||
|
"pattern": "[url:value = 'http://89.144.14.29/remote/xxx']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c8f-5098-4b89-9eec-4d6d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:15.000Z",
|
||
|
"modified": "2016-02-01T12:16:15.000Z",
|
||
|
"pattern": "[url:value = 'http://xxxmobiletubez.com/video.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c90-a70c-44ed-a908-479d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:16.000Z",
|
||
|
"modified": "2016-02-01T12:16:16.000Z",
|
||
|
"pattern": "[url:value = 'http://185.86.148.188:2080/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c90-fcf0-49e7-9aa7-4045950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:16.000Z",
|
||
|
"modified": "2016-02-01T12:16:16.000Z",
|
||
|
"pattern": "[url:value = 'http://89.144.14.59/admin_v2/send']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c90-1384-4542-944d-463c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:16.000Z",
|
||
|
"modified": "2016-02-01T12:16:16.000Z",
|
||
|
"pattern": "[url:value = 'http://195.3.144.90:6081/forms/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af4c90-8848-4b37-b88b-4c07950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T12:16:16.000Z",
|
||
|
"modified": "2016-02-01T12:16:16.000Z",
|
||
|
"pattern": "[url:value = 'http://195.3.144.90:6081/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T12:16:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af73d5-aba8-4d78-9a42-40fe02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:49.000Z",
|
||
|
"modified": "2016-02-01T15:03:49.000Z",
|
||
|
"description": "- Xchecked via VT: f5bc281ee071f6fb0eb8d25f414770fee67e2ea6e02afe53896a2313f6cfe373",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e6ce3ab7b7b72d51e85bb23e0e722bb614d4f795']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T15:03:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af73d5-471c-407f-b75d-46d702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:49.000Z",
|
||
|
"modified": "2016-02-01T15:03:49.000Z",
|
||
|
"description": "- Xchecked via VT: f5bc281ee071f6fb0eb8d25f414770fee67e2ea6e02afe53896a2313f6cfe373",
|
||
|
"pattern": "[file:hashes.MD5 = '0d867e7265603b873d65037b147f67f9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T15:03:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56af73d5-602c-4186-8407-453b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:49.000Z",
|
||
|
"modified": "2016-02-01T15:03:49.000Z",
|
||
|
"first_observed": "2016-02-01T15:03:49Z",
|
||
|
"last_observed": "2016-02-01T15:03:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56af73d5-602c-4186-8407-453b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56af73d5-602c-4186-8407-453b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f5bc281ee071f6fb0eb8d25f414770fee67e2ea6e02afe53896a2313f6cfe373/analysis/1424432194/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af73d6-8d84-4b15-9fc4-473b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:49.000Z",
|
||
|
"modified": "2016-02-01T15:03:49.000Z",
|
||
|
"description": "- Xchecked via VT: e6c1621158d37d10899018db253bf7e51113d47d5188fc363c6b5c51a606be2f",
|
||
|
"pattern": "[file:hashes.SHA1 = '70dc807ed96d19356e8041f4d21ca89fee821e33']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T15:03:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af73d6-3e34-40e4-ab31-45ee02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:50.000Z",
|
||
|
"modified": "2016-02-01T15:03:50.000Z",
|
||
|
"description": "- Xchecked via VT: e6c1621158d37d10899018db253bf7e51113d47d5188fc363c6b5c51a606be2f",
|
||
|
"pattern": "[file:hashes.MD5 = 'eff60505bf6965e2e4435318cb9fc856']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T15:03:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56af73d6-7808-4bb6-b8e4-45ca02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:50.000Z",
|
||
|
"modified": "2016-02-01T15:03:50.000Z",
|
||
|
"first_observed": "2016-02-01T15:03:50Z",
|
||
|
"last_observed": "2016-02-01T15:03:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56af73d6-7808-4bb6-b8e4-45ca02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56af73d6-7808-4bb6-b8e4-45ca02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e6c1621158d37d10899018db253bf7e51113d47d5188fc363c6b5c51a606be2f/analysis/1453329128/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af73d6-8e00-4302-bc62-462202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:50.000Z",
|
||
|
"modified": "2016-02-01T15:03:50.000Z",
|
||
|
"description": "- Xchecked via VT: 7b7eeca21a4aee3768b41b9e194052cbb01835ae3b3503c1d635abbe1193aa5c",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd618ca9945c2d8e6903ff5fc02a28378054b8dc8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T15:03:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56af73d7-cca4-43c9-910b-4c6b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:51.000Z",
|
||
|
"modified": "2016-02-01T15:03:51.000Z",
|
||
|
"description": "- Xchecked via VT: 7b7eeca21a4aee3768b41b9e194052cbb01835ae3b3503c1d635abbe1193aa5c",
|
||
|
"pattern": "[file:hashes.MD5 = 'a133800117a9f48521a9843889047eba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-01T15:03:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56af73d7-1658-4191-8565-401c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-01T15:03:51.000Z",
|
||
|
"modified": "2016-02-01T15:03:51.000Z",
|
||
|
"first_observed": "2016-02-01T15:03:51Z",
|
||
|
"last_observed": "2016-02-01T15:03:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56af73d7-1658-4191-8565-401c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56af73d7-1658-4191-8565-401c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7b7eeca21a4aee3768b41b9e194052cbb01835ae3b3503c1d635abbe1193aa5c/analysis/1419101803/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|