1050 lines
46 KiB
JSON
1050 lines
46 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5717777b-a8b4-4876-b060-4339950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:24.000Z",
|
||
|
"modified": "2016-04-20T13:37:24.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5717777b-a8b4-4876-b060-4339950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:24.000Z",
|
||
|
"modified": "2016-04-20T13:37:24.000Z",
|
||
|
"name": "OSINT - New Crypto-Ransomware JIGSAW Plays Nasty Games",
|
||
|
"published": "2016-04-20T13:43:42Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--57177796-cd7c-4b46-a680-4827950d210f",
|
||
|
"url--57177796-cd7c-4b46-a680-4827950d210f",
|
||
|
"x-misp-attribute--571777ae-4f00-4231-8d8e-4796950d210f",
|
||
|
"indicator--5717794f-427c-4971-94ca-47bf950d210f",
|
||
|
"indicator--5717794f-0c2c-4338-87a6-4d0e950d210f",
|
||
|
"indicator--57177950-ec94-43ac-a41e-4c54950d210f",
|
||
|
"indicator--57177951-809c-4786-9ec1-4811950d210f",
|
||
|
"indicator--57177951-d710-4bb8-a20d-4f46950d210f",
|
||
|
"indicator--57177952-8580-4612-9c15-4335950d210f",
|
||
|
"indicator--57177953-74fc-41bd-a542-4398950d210f",
|
||
|
"indicator--57177953-5220-4571-8029-4538950d210f",
|
||
|
"indicator--57177954-d174-401f-a3f4-4209950d210f",
|
||
|
"observed-data--57177a3e-6b44-4c2d-b80d-49a4950d210f",
|
||
|
"url--57177a3e-6b44-4c2d-b80d-49a4950d210f",
|
||
|
"observed-data--57177a3f-2c24-44ec-88d4-4858950d210f",
|
||
|
"domain-name--57177a3f-2c24-44ec-88d4-4858950d210f",
|
||
|
"indicator--57178615-9754-4898-8b08-400802de0b81",
|
||
|
"indicator--57178615-2894-45d4-9c9c-4fdd02de0b81",
|
||
|
"observed-data--57178615-4ccc-4cb3-ba9f-4e5d02de0b81",
|
||
|
"url--57178615-4ccc-4cb3-ba9f-4e5d02de0b81",
|
||
|
"indicator--57178616-8334-49a1-894b-47b002de0b81",
|
||
|
"indicator--57178616-2f48-49c5-b09f-43a102de0b81",
|
||
|
"observed-data--57178616-c38c-41e1-8153-427302de0b81",
|
||
|
"url--57178616-c38c-41e1-8153-427302de0b81",
|
||
|
"indicator--57178617-f8f4-4418-9175-4c7802de0b81",
|
||
|
"indicator--57178617-772c-419a-a05c-4ac202de0b81",
|
||
|
"observed-data--57178617-7e78-4d57-b580-4ff702de0b81",
|
||
|
"url--57178617-7e78-4d57-b580-4ff702de0b81",
|
||
|
"indicator--57178618-2640-429a-9dfb-444602de0b81",
|
||
|
"indicator--57178618-ec14-4daa-8a55-4db802de0b81",
|
||
|
"observed-data--57178618-842c-4ff0-b9b4-4d3602de0b81",
|
||
|
"url--57178618-842c-4ff0-b9b4-4d3602de0b81",
|
||
|
"indicator--57178619-addc-4013-afec-4bb102de0b81",
|
||
|
"indicator--57178619-42e0-4a5e-b2d3-472302de0b81",
|
||
|
"observed-data--57178619-654c-44e2-9428-438c02de0b81",
|
||
|
"url--57178619-654c-44e2-9428-438c02de0b81",
|
||
|
"indicator--5717861a-8e9c-47e1-84c8-494702de0b81",
|
||
|
"indicator--5717861a-3d08-457e-be9c-480c02de0b81",
|
||
|
"observed-data--5717861a-3ab0-4f6d-8331-407602de0b81",
|
||
|
"url--5717861a-3ab0-4f6d-8331-407602de0b81",
|
||
|
"indicator--5717861b-7674-4714-b055-4ecb02de0b81",
|
||
|
"indicator--5717861b-f874-4e76-b5a2-40e702de0b81",
|
||
|
"observed-data--5717861b-b2fc-4335-9464-418e02de0b81",
|
||
|
"url--5717861b-b2fc-4335-9464-418e02de0b81",
|
||
|
"indicator--5717861c-d81c-455a-97a2-477902de0b81",
|
||
|
"indicator--5717861c-56f4-4465-ae03-4a2402de0b81",
|
||
|
"observed-data--5717861c-20c0-438e-b295-489a02de0b81",
|
||
|
"url--5717861c-20c0-438e-b295-489a02de0b81",
|
||
|
"indicator--5717861c-d06c-475f-bb8f-47eb02de0b81",
|
||
|
"indicator--5717861d-adf0-4e8c-8670-4d5202de0b81",
|
||
|
"observed-data--5717861d-48a0-448a-a172-431402de0b81",
|
||
|
"url--5717861d-48a0-448a-a172-431402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"malware_classification:malware-category=\"Ransomware\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57177796-cd7c-4b46-a680-4827950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:35:34.000Z",
|
||
|
"modified": "2016-04-20T12:35:34.000Z",
|
||
|
"first_observed": "2016-04-20T12:35:34Z",
|
||
|
"last_observed": "2016-04-20T12:35:34Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57177796-cd7c-4b46-a680-4827950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57177796-cd7c-4b46-a680-4827950d210f",
|
||
|
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/jigsaw-ransomware-plays-games-victims/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--571777ae-4f00-4231-8d8e-4796950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:35:58.000Z",
|
||
|
"modified": "2016-04-20T12:35:58.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "The evolution of crypto-ransomware in terms of behavior takes a step forward, and a creepy one at that. We have recently encountered a nasty crypto-ransomware variant called JIGSAW. Reminiscent to the horror film Saw, this malware toys with users by locking and deleting their files incrementally. To an extent, it instills fear and pressures users into paying the ransom. It even comes with an image of Saw\u00e2\u20ac\u2122s very own Billy the puppet, and the red analog clock to boot.\r\n\r\nIt\u00e2\u20ac\u2122s no longer a surprise that crypto-ransomware is the prevalent threat in today\u00e2\u20ac\u2122s computing landscape, given its promise of quick ROI for the cybercriminals behind it. It\u00e2\u20ac\u2122s also not surprising that many have joined this bandwagon. These days, the name of the crypto-ransomware game is to add \u00e2\u20ac\u0153unique\u00e2\u20ac\u009d features or \u00e2\u20ac\u0153creative\u00e2\u20ac\u009d ways to instill fear and put more pressure to users to pay up, despite the fact that, when it comes to their technical routines, there\u00e2\u20ac\u2122s not much difference among these malware. JIGSAW joins notable families like PETYA and CERBER that have emerged in the past couple of months alone."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5717794f-427c-4971-94ca-47bf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:42:55.000Z",
|
||
|
"modified": "2016-04-20T12:42:55.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:name = 'Ransom_JIGSAW.A' AND file:hashes.SHA1 = '0c269c5a641fd479269c2f353841a5bf9910888b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T12:42:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5717794f-0c2c-4338-87a6-4d0e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:42:55.000Z",
|
||
|
"modified": "2016-04-20T12:42:55.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:name = 'Ransom_JIGSAW.A' AND file:hashes.SHA1 = 'dc307a673aa5eecb5c1400f1d342e03697564f98']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T12:42:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57177950-ec94-43ac-a41e-4c54950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:42:56.000Z",
|
||
|
"modified": "2016-04-20T12:42:56.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:name = 'Ransom_JIGSAW.A' AND file:hashes.SHA1 = 'ce42e2c694ca4737ae68d3c9e333554c55afee27']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T12:42:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57177951-809c-4786-9ec1-4811950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:42:57.000Z",
|
||
|
"modified": "2016-04-20T12:42:57.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:name = 'Ransom_JIGSAW.B' AND file:hashes.SHA1 = '1ad9f8695c10adb69bdebd6bdc39b119707d500e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T12:42:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57177951-d710-4bb8-a20d-4f46950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:42:57.000Z",
|
||
|
"modified": "2016-04-20T12:42:57.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:name = 'Ransom_JIGSAW.C' AND file:hashes.SHA1 = 'ca40233610d40258539da0212a06af29b07c13f6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T12:42:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57177952-8580-4612-9c15-4335950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:42:58.000Z",
|
||
|
"modified": "2016-04-20T12:42:58.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:name = 'Ransom_JIGSAW.C' AND file:hashes.SHA1 = 'f8431cf0a73e4ede5b4b38185d73d8472cfe2ae7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T12:42:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57177953-74fc-41bd-a542-4398950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:42:59.000Z",
|
||
|
"modified": "2016-04-20T12:42:59.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:name = 'Ransom_JIGSAW.D' AND file:hashes.SHA1 = 'dce911b1c05da965c8733935723b88bc29d12756']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T12:42:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57177953-5220-4571-8029-4538950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:42:59.000Z",
|
||
|
"modified": "2016-04-20T12:42:59.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:name = 'Ransom_JIGSAW.E' AND file:hashes.SHA1 = '3f6e3e5126c837f46a18ee988dbf5756c2b856aa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T12:42:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57177954-d174-401f-a3f4-4209950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:43:00.000Z",
|
||
|
"modified": "2016-04-20T12:43:00.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:name = 'Ransom_JIGSAW.E' AND file:hashes.SHA1 = '92620194a581a91874a5284a775014e0d71a9db1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T12:43:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57177a3e-6b44-4c2d-b80d-49a4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:46:54.000Z",
|
||
|
"modified": "2016-04-20T12:46:54.000Z",
|
||
|
"first_observed": "2016-04-20T12:46:54Z",
|
||
|
"last_observed": "2016-04-20T12:46:54Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57177a3e-6b44-4c2d-b80d-49a4950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57177a3e-6b44-4c2d-b80d-49a4950d210f",
|
||
|
"value": "http://waldorftrust.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57177a3f-2c24-44ec-88d4-4858950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T12:46:55.000Z",
|
||
|
"modified": "2016-04-20T12:46:55.000Z",
|
||
|
"first_observed": "2016-04-20T12:46:55Z",
|
||
|
"last_observed": "2016-04-20T12:46:55Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--57177a3f-2c24-44ec-88d4-4858950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--57177a3f-2c24-44ec-88d4-4858950d210f",
|
||
|
"value": "1fichier.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57178615-9754-4898-8b08-400802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:25.000Z",
|
||
|
"modified": "2016-04-20T13:37:25.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 92620194a581a91874a5284a775014e0d71a9db1",
|
||
|
"pattern": "[file:hashes.SHA256 = '4cd26e0d543e7da413bff2d85a18d1fd18164059c68996049da570f9bdeb6c42']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57178615-2894-45d4-9c9c-4fdd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:25.000Z",
|
||
|
"modified": "2016-04-20T13:37:25.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 92620194a581a91874a5284a775014e0d71a9db1",
|
||
|
"pattern": "[file:hashes.MD5 = '473807de0d05cd6149060403ad01b658']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57178615-4ccc-4cb3-ba9f-4e5d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:25.000Z",
|
||
|
"modified": "2016-04-20T13:37:25.000Z",
|
||
|
"first_observed": "2016-04-20T13:37:25Z",
|
||
|
"last_observed": "2016-04-20T13:37:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57178615-4ccc-4cb3-ba9f-4e5d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57178615-4ccc-4cb3-ba9f-4e5d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4cd26e0d543e7da413bff2d85a18d1fd18164059c68996049da570f9bdeb6c42/analysis/1461138833/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57178616-8334-49a1-894b-47b002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:26.000Z",
|
||
|
"modified": "2016-04-20T13:37:26.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 3f6e3e5126c837f46a18ee988dbf5756c2b856aa",
|
||
|
"pattern": "[file:hashes.SHA256 = '773295583998b76b4e24b562f85fa685577067614133db4a7df3d2a28cb4cc3a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57178616-2f48-49c5-b09f-43a102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:26.000Z",
|
||
|
"modified": "2016-04-20T13:37:26.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 3f6e3e5126c837f46a18ee988dbf5756c2b856aa",
|
||
|
"pattern": "[file:hashes.MD5 = '89d6fc6c1a51cef335f7ee2bc2aa60ae']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57178616-c38c-41e1-8153-427302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:26.000Z",
|
||
|
"modified": "2016-04-20T13:37:26.000Z",
|
||
|
"first_observed": "2016-04-20T13:37:26Z",
|
||
|
"last_observed": "2016-04-20T13:37:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57178616-c38c-41e1-8153-427302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57178616-c38c-41e1-8153-427302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/773295583998b76b4e24b562f85fa685577067614133db4a7df3d2a28cb4cc3a/analysis/1461097304/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57178617-f8f4-4418-9175-4c7802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:27.000Z",
|
||
|
"modified": "2016-04-20T13:37:27.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: dce911b1c05da965c8733935723b88bc29d12756",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57178617-772c-419a-a05c-4ac202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:27.000Z",
|
||
|
"modified": "2016-04-20T13:37:27.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: dce911b1c05da965c8733935723b88bc29d12756",
|
||
|
"pattern": "[file:hashes.MD5 = '3bee1d24189d4941f68b96da6e207be4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57178617-7e78-4d57-b580-4ff702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:27.000Z",
|
||
|
"modified": "2016-04-20T13:37:27.000Z",
|
||
|
"first_observed": "2016-04-20T13:37:27Z",
|
||
|
"last_observed": "2016-04-20T13:37:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57178617-7e78-4d57-b580-4ff702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57178617-7e78-4d57-b580-4ff702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710/analysis/1461135574/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57178618-2640-429a-9dfb-444602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:28.000Z",
|
||
|
"modified": "2016-04-20T13:37:28.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: f8431cf0a73e4ede5b4b38185d73d8472cfe2ae7",
|
||
|
"pattern": "[file:hashes.SHA256 = '9580e6c4deba3bd46419a402b6309f77c2ed47ad62299c82ec8578400c2a3a64']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57178618-ec14-4daa-8a55-4db802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:28.000Z",
|
||
|
"modified": "2016-04-20T13:37:28.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: f8431cf0a73e4ede5b4b38185d73d8472cfe2ae7",
|
||
|
"pattern": "[file:hashes.MD5 = '64e7c95aefe82efb39185321a6cdd5c4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57178618-842c-4ff0-b9b4-4d3602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:28.000Z",
|
||
|
"modified": "2016-04-20T13:37:28.000Z",
|
||
|
"first_observed": "2016-04-20T13:37:28Z",
|
||
|
"last_observed": "2016-04-20T13:37:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57178618-842c-4ff0-b9b4-4d3602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57178618-842c-4ff0-b9b4-4d3602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9580e6c4deba3bd46419a402b6309f77c2ed47ad62299c82ec8578400c2a3a64/analysis/1461138863/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57178619-addc-4013-afec-4bb102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:29.000Z",
|
||
|
"modified": "2016-04-20T13:37:29.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: ca40233610d40258539da0212a06af29b07c13f6",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd41b5d3d0c6c0e8e9c850eaedf84623f48ba8e72f3867e57b0d94ddaaca738ee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57178619-42e0-4a5e-b2d3-472302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:29.000Z",
|
||
|
"modified": "2016-04-20T13:37:29.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: ca40233610d40258539da0212a06af29b07c13f6",
|
||
|
"pattern": "[file:hashes.MD5 = '4fe313da6d94379f996c31754df8eb30']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57178619-654c-44e2-9428-438c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:29.000Z",
|
||
|
"modified": "2016-04-20T13:37:29.000Z",
|
||
|
"first_observed": "2016-04-20T13:37:29Z",
|
||
|
"last_observed": "2016-04-20T13:37:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57178619-654c-44e2-9428-438c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57178619-654c-44e2-9428-438c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d41b5d3d0c6c0e8e9c850eaedf84623f48ba8e72f3867e57b0d94ddaaca738ee/analysis/1460698641/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5717861a-8e9c-47e1-84c8-494702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:30.000Z",
|
||
|
"modified": "2016-04-20T13:37:30.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 1ad9f8695c10adb69bdebd6bdc39b119707d500e",
|
||
|
"pattern": "[file:hashes.SHA256 = '917809beb6566079dbb6b686107756d9eb3ff4543f6b41ef327cea7497118457']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5717861a-3d08-457e-be9c-480c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:30.000Z",
|
||
|
"modified": "2016-04-20T13:37:30.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 1ad9f8695c10adb69bdebd6bdc39b119707d500e",
|
||
|
"pattern": "[file:hashes.MD5 = '6984a724843fb60130a965a9fc317f2d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5717861a-3ab0-4f6d-8331-407602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:30.000Z",
|
||
|
"modified": "2016-04-20T13:37:30.000Z",
|
||
|
"first_observed": "2016-04-20T13:37:30Z",
|
||
|
"last_observed": "2016-04-20T13:37:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5717861a-3ab0-4f6d-8331-407602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5717861a-3ab0-4f6d-8331-407602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/917809beb6566079dbb6b686107756d9eb3ff4543f6b41ef327cea7497118457/analysis/1461128493/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5717861b-7674-4714-b055-4ecb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:31.000Z",
|
||
|
"modified": "2016-04-20T13:37:31.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: ce42e2c694ca4737ae68d3c9e333554c55afee27",
|
||
|
"pattern": "[file:hashes.SHA256 = '31823040d8ccb20eab0b8653d01af370a6537017e69ead69f6f7b73d6ef7ac14']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5717861b-f874-4e76-b5a2-40e702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:31.000Z",
|
||
|
"modified": "2016-04-20T13:37:31.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: ce42e2c694ca4737ae68d3c9e333554c55afee27",
|
||
|
"pattern": "[file:hashes.MD5 = '4c153eacdfa8807f1c8fd98e5267da4b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5717861b-b2fc-4335-9464-418e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:31.000Z",
|
||
|
"modified": "2016-04-20T13:37:31.000Z",
|
||
|
"first_observed": "2016-04-20T13:37:31Z",
|
||
|
"last_observed": "2016-04-20T13:37:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5717861b-b2fc-4335-9464-418e02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5717861b-b2fc-4335-9464-418e02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/31823040d8ccb20eab0b8653d01af370a6537017e69ead69f6f7b73d6ef7ac14/analysis/1460584418/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5717861c-d81c-455a-97a2-477902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:32.000Z",
|
||
|
"modified": "2016-04-20T13:37:32.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: dc307a673aa5eecb5c1400f1d342e03697564f98",
|
||
|
"pattern": "[file:hashes.SHA256 = '80a6681b00056a487bba1b66c046b798dfe18bf37aa30d8a4a1be968b9add997']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5717861c-56f4-4465-ae03-4a2402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:32.000Z",
|
||
|
"modified": "2016-04-20T13:37:32.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: dc307a673aa5eecb5c1400f1d342e03697564f98",
|
||
|
"pattern": "[file:hashes.MD5 = '1e0812fbdaa20a2b9aaddf531daed935']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5717861c-20c0-438e-b295-489a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:32.000Z",
|
||
|
"modified": "2016-04-20T13:37:32.000Z",
|
||
|
"first_observed": "2016-04-20T13:37:32Z",
|
||
|
"last_observed": "2016-04-20T13:37:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5717861c-20c0-438e-b295-489a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5717861c-20c0-438e-b295-489a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/80a6681b00056a487bba1b66c046b798dfe18bf37aa30d8a4a1be968b9add997/analysis/1461138898/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5717861c-d06c-475f-bb8f-47eb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:32.000Z",
|
||
|
"modified": "2016-04-20T13:37:32.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 0c269c5a641fd479269c2f353841a5bf9910888b",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bc83ef30422eb7b0c8903d3b4f1d4258e25cf78e9357a30dac773f8d2c17aa28']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5717861d-adf0-4e8c-8670-4d5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:33.000Z",
|
||
|
"modified": "2016-04-20T13:37:33.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 0c269c5a641fd479269c2f353841a5bf9910888b",
|
||
|
"pattern": "[file:hashes.MD5 = '5a9bd3d7f1534431a396a033d16ca496']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-20T13:37:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5717861d-48a0-448a-a172-431402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-20T13:37:33.000Z",
|
||
|
"modified": "2016-04-20T13:37:33.000Z",
|
||
|
"first_observed": "2016-04-20T13:37:33Z",
|
||
|
"last_observed": "2016-04-20T13:37:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5717861d-48a0-448a-a172-431402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5717861d-48a0-448a-a172-431402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/bc83ef30422eb7b0c8903d3b4f1d4258e25cf78e9357a30dac773f8d2c17aa28/analysis/1460698688/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|