misp-circl-feed/feeds/circl/stix-2.1/571bd702-031c-400b-a851-43ce02de0b81.json

1826 lines
76 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--571bd702-031c-400b-a851-43ce02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-19T22:22:10.000Z",
"modified": "2016-06-19T22:22:10.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--571bd702-031c-400b-a851-43ce02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-19T22:22:10.000Z",
"modified": "2016-06-19T22:22:10.000Z",
"name": "OSINT The Ghost Dragon by Cylance",
"published": "2016-06-19T22:22:20Z",
"object_refs": [
"observed-data--571bd91f-9188-41c4-be32-451e02de0b81",
"url--571bd91f-9188-41c4-be32-451e02de0b81",
"indicator--571be427-a170-40cd-89dc-424802de0b81",
"indicator--571be427-a4e0-405e-81a7-4cc502de0b81",
"indicator--571be428-1c90-44ba-b368-4cc302de0b81",
"indicator--571be428-a8d8-41f5-86fb-463102de0b81",
"indicator--571be42a-dc8c-4b29-9f4b-4a3602de0b81",
"observed-data--571be42b-0f40-467f-8224-41ed02de0b81",
"file--571be42b-0f40-467f-8224-41ed02de0b81",
"indicator--571be42b-d1c4-45f7-bdb5-44a002de0b81",
"indicator--571be42b-8458-48cd-b651-407302de0b81",
"observed-data--571be42c-f8b8-448f-a79a-47cb02de0b81",
"file--571be42c-f8b8-448f-a79a-47cb02de0b81",
"indicator--571be42c-b8ec-40a1-b61b-45d002de0b81",
"indicator--571be42d-7360-4dc5-bf99-4daf02de0b81",
"indicator--571be42d-f770-4152-b05b-436f02de0b81",
"indicator--571be42d-4b98-4735-ad9a-49a902de0b81",
"indicator--571be42e-2ea0-4e56-9f6d-44d702de0b81",
"observed-data--571be42e-5c6c-417e-a3ce-411502de0b81",
"file--571be42e-5c6c-417e-a3ce-411502de0b81",
"indicator--571be42e-4bd8-43f3-9abe-476d02de0b81",
"indicator--571be49c-3030-4fdf-a450-4a9902de0b81",
"indicator--571be49c-adf4-4c5c-95c8-4a9302de0b81",
"indicator--571be4ca-86cc-46a2-9850-473402de0b81",
"observed-data--571be4ca-6358-4226-98e4-46e302de0b81",
"file--571be4ca-6358-4226-98e4-46e302de0b81",
"indicator--571be4cb-3094-4ac2-9f05-4bed02de0b81",
"indicator--571be4f8-d4b4-4fd4-bbd6-06e102de0b81",
"indicator--571be4f9-9774-41d2-aded-06e102de0b81",
"indicator--571be4f9-7740-4c83-9093-06e102de0b81",
"indicator--571be4f9-a1d0-4c09-84e5-06e102de0b81",
"indicator--571be4fa-461c-42e4-93fa-06e102de0b81",
"indicator--571be4fa-bb6c-49fb-b075-06e102de0b81",
"indicator--571be4fa-8a9c-4421-928c-06e102de0b81",
"indicator--571be4fb-8758-4049-9f58-06e102de0b81",
"indicator--571be4fb-7924-4c78-9e51-06e102de0b81",
"indicator--571be4fb-1f28-4329-bdae-06e102de0b81",
"indicator--571be4fc-d3f0-4d86-9ce1-06e102de0b81",
"indicator--571be4fc-81e0-4a36-a78f-06e102de0b81",
"indicator--571be4fc-8adc-4e08-8124-06e102de0b81",
"indicator--571be4fd-032c-4978-8c75-06e102de0b81",
"indicator--571be4fd-ae64-43a9-a7f6-06e102de0b81",
"indicator--571be4fd-5028-420b-86bf-06e102de0b81",
"indicator--571be4fe-d028-4b71-bd19-06e102de0b81",
"indicator--571be4fe-d204-4aeb-a607-06e102de0b81",
"indicator--571be4fe-75b8-4416-9a76-06e102de0b81",
"indicator--571be4fe-d334-47f4-95e0-06e102de0b81",
"indicator--571be4ff-58f4-4b7a-93f5-06e102de0b81",
"indicator--571be4ff-9ba0-467f-8a37-06e102de0b81",
"indicator--571be4ff-0b78-471f-986c-06e102de0b81",
"indicator--571be500-b3f4-499b-aa45-06e102de0b81",
"indicator--571be500-f398-4261-8b04-06e102de0b81",
"indicator--571be500-3f24-47ca-999e-06e102de0b81",
"indicator--571be501-6ec8-4744-97ef-06e102de0b81",
"indicator--571be51a-ff48-497d-9d1b-43d402de0b81",
"indicator--571be531-44f8-4a0b-bb88-4c7f02de0b81",
"indicator--571be532-e580-47e0-9962-401002de0b81",
"indicator--571be532-8338-4447-84e3-46b002de0b81",
"indicator--571be532-cf9c-4853-ae92-481602de0b81",
"indicator--571be6ba-4950-4c42-9a39-4478950d210f",
"indicator--571be6be-69bc-41f9-8d52-458a950d210f",
"indicator--571be6bc-b398-4413-b63a-4735950d210f",
"indicator--571be6bf-6840-4bec-a572-43ba950d210f",
"indicator--571db8f2-77a0-4e9f-9d8c-414802de0b81",
"indicator--571db8f2-3bd0-4b0b-a56a-45ab02de0b81",
"observed-data--571db8f3-45c8-4d16-bbc3-494a02de0b81",
"url--571db8f3-45c8-4d16-bbc3-494a02de0b81",
"indicator--571db8f3-cf1c-45bb-b8c8-4ba802de0b81",
"indicator--571db8f3-1fc8-4824-b761-4ec402de0b81",
"observed-data--571db8f4-c7b0-47bb-a1e8-4f1802de0b81",
"url--571db8f4-c7b0-47bb-a1e8-4f1802de0b81",
"observed-data--571db8f4-f494-48ea-8383-454102de0b81",
"url--571db8f4-f494-48ea-8383-454102de0b81",
"observed-data--571db8f5-e1b8-4a2f-82fb-48b802de0b81",
"url--571db8f5-e1b8-4a2f-82fb-48b802de0b81",
"indicator--571db8f5-feb8-4fe4-a3c9-403902de0b81",
"indicator--571db8f6-c8f8-4236-8f17-4c3002de0b81",
"observed-data--571db8f6-3730-42a3-9b88-416102de0b81",
"url--571db8f6-3730-42a3-9b88-416102de0b81",
"indicator--571db8f6-3758-426d-acc0-4a8b02de0b81",
"indicator--571db8f7-8c74-46ad-893b-4eff02de0b81",
"observed-data--571db8f7-0858-4cab-849d-4e7702de0b81",
"url--571db8f7-0858-4cab-849d-4e7702de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"OSINT",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571bd91f-9188-41c4-be32-451e02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T20:20:46.000Z",
"modified": "2016-04-23T20:20:46.000Z",
"first_observed": "2016-04-23T20:20:46Z",
"last_observed": "2016-04-23T20:20:46Z",
"number_observed": 1,
"object_refs": [
"url--571bd91f-9188-41c4-be32-451e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571bd91f-9188-41c4-be32-451e02de0b81",
"value": "https://blog.cylance.com/the-ghost-dragon"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be427-a170-40cd-89dc-424802de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:51.000Z",
"modified": "2016-04-23T21:07:51.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA256 = 'a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be427-a4e0-405e-81a7-4cc502de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:51.000Z",
"modified": "2016-04-23T21:07:51.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA256 = '71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be428-1c90-44ba-b368-4cc302de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:52.000Z",
"modified": "2016-04-23T21:07:52.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = 'AdobeWpkReg.tmp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be428-a8d8-41f5-86fb-463102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:08:58.000Z",
"modified": "2016-04-23T21:08:58.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://info.winupdate.net/robots.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:08:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be42a-dc8c-4b29-9f4b-4a3602de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:54.000Z",
"modified": "2016-04-23T21:07:54.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA256 = '1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571be42b-0f40-467f-8224-41ed02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-19T22:22:10.000Z",
"modified": "2016-06-19T22:22:10.000Z",
"first_observed": "2016-06-19T22:22:10Z",
"last_observed": "2016-06-19T22:22:10Z",
"number_observed": 1,
"object_refs": [
"file--571be42b-0f40-467f-8224-41ed02de0b81"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--571be42b-0f40-467f-8224-41ed02de0b81",
"name": "iconfig.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be42b-d1c4-45f7-bdb5-44a002de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:55.000Z",
"modified": "2016-04-23T21:07:55.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'bbs.winupdate.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be42b-8458-48cd-b651-407302de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:55.000Z",
"modified": "2016-04-23T21:07:55.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA256 = 'f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571be42c-f8b8-448f-a79a-47cb02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-19T22:22:09.000Z",
"modified": "2016-06-19T22:22:09.000Z",
"first_observed": "2016-06-19T22:22:09Z",
"last_observed": "2016-06-19T22:22:09Z",
"number_observed": 1,
"object_refs": [
"file--571be42c-f8b8-448f-a79a-47cb02de0b81"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--571be42c-f8b8-448f-a79a-47cb02de0b81",
"name": "install.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be42c-b8ec-40a1-b61b-45d002de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:56.000Z",
"modified": "2016-04-23T21:07:56.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'ooxxxoo.gicp.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be42d-7360-4dc5-bf99-4daf02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:57.000Z",
"modified": "2016-04-23T21:07:57.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.winupdate.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be42d-f770-4152-b05b-436f02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:57.000Z",
"modified": "2016-04-23T21:07:57.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA256 = '99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be42d-4b98-4735-ad9a-49a902de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:57.000Z",
"modified": "2016-04-23T21:07:57.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.searchhappynews.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be42e-2ea0-4e56-9f6d-44d702de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:58.000Z",
"modified": "2016-04-23T21:07:58.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA256 = 'b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571be42e-5c6c-417e-a3ce-411502de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-19T22:22:09.000Z",
"modified": "2016-06-19T22:22:09.000Z",
"first_observed": "2016-06-19T22:22:09Z",
"last_observed": "2016-06-19T22:22:09Z",
"number_observed": 1,
"object_refs": [
"file--571be42e-5c6c-417e-a3ce-411502de0b81"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--571be42e-5c6c-417e-a3ce-411502de0b81",
"name": "ExtensionManager.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be42e-4bd8-43f3-9abe-476d02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:07:58.000Z",
"modified": "2016-04-23T21:07:58.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.fhtd.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:07:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be49c-3030-4fdf-a450-4a9902de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:09:48.000Z",
"modified": "2016-04-23T21:09:48.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.18.166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be49c-adf4-4c5c-95c8-4a9302de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:09:48.000Z",
"modified": "2016-04-23T21:09:48.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.36.94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4ca-86cc-46a2-9850-473402de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:10:34.000Z",
"modified": "2016-04-23T21:10:34.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA256 = 'fb5a7cb34040b1e98b077edaf91cb59a446d8ff07263afe875cf6bd85bfb359d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:10:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571be4ca-6358-4226-98e4-46e302de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-19T22:22:10.000Z",
"modified": "2016-06-19T22:22:10.000Z",
"first_observed": "2016-06-19T22:22:10Z",
"last_observed": "2016-06-19T22:22:10Z",
"number_observed": 1,
"object_refs": [
"file--571be4ca-6358-4226-98e4-46e302de0b81"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--571be4ca-6358-4226-98e4-46e302de0b81",
"name": "operas.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4cb-3094-4ac2-9f05-4bed02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:10:35.000Z",
"modified": "2016-04-23T21:10:35.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.swgabeg.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:10:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4f8-d4b4-4fd4-bbd6-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:20.000Z",
"modified": "2016-04-23T21:11:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.55.33.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4f9-9774-41d2-aded-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:21.000Z",
"modified": "2016-04-23T21:11:21.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.232.215.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4f9-7740-4c83-9093-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:21.000Z",
"modified": "2016-04-23T21:11:21.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.246.245.147']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4f9-a1d0-4c09-84e5-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:21.000Z",
"modified": "2016-04-23T21:11:21.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '111.68.8.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fa-461c-42e4-93fa-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:22.000Z",
"modified": "2016-04-23T21:11:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.125.17.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fa-bb6c-49fb-b075-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:22.000Z",
"modified": "2016-04-23T21:11:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.10.148.161']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fa-8a9c-4421-928c-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:22.000Z",
"modified": "2016-04-23T21:11:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.10.148.205']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fb-8758-4049-9f58-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:23.000Z",
"modified": "2016-04-23T21:11:23.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.41.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fb-7924-4c78-9e51-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:23.000Z",
"modified": "2016-04-23T21:11:23.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.83.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fb-1f28-4329-bdae-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:23.000Z",
"modified": "2016-04-23T21:11:23.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.85.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fc-d3f0-4d86-9ce1-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:24.000Z",
"modified": "2016-04-23T21:11:24.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.9.247.128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fc-81e0-4a36-a78f-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:24.000Z",
"modified": "2016-04-23T21:11:24.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.9.247.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fc-8adc-4e08-8124-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:24.000Z",
"modified": "2016-04-23T21:11:24.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.9.247.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fd-032c-4978-8c75-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:25.000Z",
"modified": "2016-04-23T21:11:25.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.9.247.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fd-ae64-43a9-a7f6-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:25.000Z",
"modified": "2016-04-23T21:11:25.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.254.111.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fd-5028-420b-86bf-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:25.000Z",
"modified": "2016-04-23T21:11:25.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.4.103.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fe-d028-4b71-bd19-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:26.000Z",
"modified": "2016-04-23T21:11:26.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.128.255.228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fe-d204-4aeb-a607-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:26.000Z",
"modified": "2016-04-23T21:11:26.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '175.45.192.234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fe-75b8-4416-9a76-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:26.000Z",
"modified": "2016-04-23T21:11:26.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.172.32.172']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4fe-d334-47f4-95e0-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:26.000Z",
"modified": "2016-04-23T21:11:26.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.174.130.116']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4ff-58f4-4b7a-93f5-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:27.000Z",
"modified": "2016-04-23T21:11:27.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.232.28.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4ff-9ba0-467f-8a37-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:27.000Z",
"modified": "2016-04-23T21:11:27.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.85.84.165']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be4ff-0b78-471f-986c-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:27.000Z",
"modified": "2016-04-23T21:11:27.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.85.84.167']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be500-b3f4-499b-aa45-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:28.000Z",
"modified": "2016-04-23T21:11:28.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.179.179']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be500-f398-4261-8b04-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:28.000Z",
"modified": "2016-04-23T21:11:28.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.64.187.22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be500-3f24-47ca-999e-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:28.000Z",
"modified": "2016-04-23T21:11:28.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.215.128.246']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be501-6ec8-4744-97ef-06e102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:29.000Z",
"modified": "2016-04-23T21:11:29.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.111.220.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be51a-ff48-497d-9d1b-43d402de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:11:54.000Z",
"modified": "2016-04-23T21:11:54.000Z",
"pattern": "[domain-name:value = 'info.winupdate.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be531-44f8-4a0b-bb88-4c7f02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:12:17.000Z",
"modified": "2016-04-23T21:12:17.000Z",
"pattern": "[domain-name:value = 'winupdate.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:12:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be532-e580-47e0-9962-401002de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:12:18.000Z",
"modified": "2016-04-23T21:12:18.000Z",
"pattern": "[domain-name:value = 'searchhappynews.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:12:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be532-8338-4447-84e3-46b002de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:12:18.000Z",
"modified": "2016-04-23T21:12:18.000Z",
"pattern": "[domain-name:value = 'fhtd.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:12:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be532-cf9c-4853-ae92-481602de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:12:18.000Z",
"modified": "2016-04-23T21:12:18.000Z",
"pattern": "[domain-name:value = 'swgabeg.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:12:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be6ba-4950-4c42-9a39-4478950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:18:50.000Z",
"modified": "2016-04-23T21:18:50.000Z",
"description": "Automatically added (via 1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42)",
"pattern": "[file:hashes.MD5 = 'ba6eaf301344de6fe1e079fa960bc698']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:18:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be6be-69bc-41f9-8d52-458a950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:18:54.000Z",
"modified": "2016-04-23T21:18:54.000Z",
"description": "Automatically added (via f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197)",
"pattern": "[file:hashes.MD5 = 'b0a2c91d85195a72f86399590ac2c549']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:18:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be6bc-b398-4413-b63a-4735950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:18:52.000Z",
"modified": "2016-04-23T21:18:52.000Z",
"description": "Automatically added (via 1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42)",
"pattern": "[file:hashes.SHA1 = 'c0eea2b52460d5fef1c4c439c56cf51ea74b5abd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:18:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571be6bf-6840-4bec-a572-43ba950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-23T21:18:55.000Z",
"modified": "2016-04-23T21:18:55.000Z",
"description": "Automatically added (via f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197)",
"pattern": "[file:hashes.SHA1 = '63323dc4bfa47548317a19ae52d6f179f807bba0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-23T21:18:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571db8f2-77a0-4e9f-9d8c-414802de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:02.000Z",
"modified": "2016-04-25T06:28:02.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5",
"pattern": "[file:hashes.SHA1 = 'f24a47d4d197b06331aa9c86b915799d0ad9c8c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T06:28:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571db8f2-3bd0-4b0b-a56a-45ab02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:02.000Z",
"modified": "2016-04-25T06:28:02.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5",
"pattern": "[file:hashes.MD5 = '8b4b1c933f5f7b47e3c2a9da35fb7dc3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T06:28:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571db8f3-45c8-4d16-bbc3-494a02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:03.000Z",
"modified": "2016-04-25T06:28:03.000Z",
"first_observed": "2016-04-25T06:28:03Z",
"last_observed": "2016-04-25T06:28:03Z",
"number_observed": 1,
"object_refs": [
"url--571db8f3-45c8-4d16-bbc3-494a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571db8f3-45c8-4d16-bbc3-494a02de0b81",
"value": "https://www.virustotal.com/file/b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5/analysis/1376040471/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571db8f3-cf1c-45bb-b8c8-4ba802de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:03.000Z",
"modified": "2016-04-25T06:28:03.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2",
"pattern": "[file:hashes.SHA1 = '83fe6ace20b721a67d7bf6090d78a053b24d0d06']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T06:28:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571db8f3-1fc8-4824-b761-4ec402de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:03.000Z",
"modified": "2016-04-25T06:28:03.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2",
"pattern": "[file:hashes.MD5 = '8f513ea6bbfb8b6a439eef9b68aca11c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T06:28:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571db8f4-c7b0-47bb-a1e8-4f1802de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:04.000Z",
"modified": "2016-04-25T06:28:04.000Z",
"first_observed": "2016-04-25T06:28:04Z",
"last_observed": "2016-04-25T06:28:04Z",
"number_observed": 1,
"object_refs": [
"url--571db8f4-c7b0-47bb-a1e8-4f1802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571db8f4-c7b0-47bb-a1e8-4f1802de0b81",
"value": "https://www.virustotal.com/file/99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2/analysis/1423637719/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571db8f4-f494-48ea-8383-454102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:04.000Z",
"modified": "2016-04-25T06:28:04.000Z",
"first_observed": "2016-04-25T06:28:04Z",
"last_observed": "2016-04-25T06:28:04Z",
"number_observed": 1,
"object_refs": [
"url--571db8f4-f494-48ea-8383-454102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571db8f4-f494-48ea-8383-454102de0b81",
"value": "https://www.virustotal.com/file/f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197/analysis/1453437365/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571db8f5-e1b8-4a2f-82fb-48b802de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:05.000Z",
"modified": "2016-04-25T06:28:05.000Z",
"first_observed": "2016-04-25T06:28:05Z",
"last_observed": "2016-04-25T06:28:05Z",
"number_observed": 1,
"object_refs": [
"url--571db8f5-e1b8-4a2f-82fb-48b802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571db8f5-e1b8-4a2f-82fb-48b802de0b81",
"value": "https://www.virustotal.com/file/1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42/analysis/1455814047/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571db8f5-feb8-4fe4-a3c9-403902de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:05.000Z",
"modified": "2016-04-25T06:28:05.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97",
"pattern": "[file:hashes.SHA1 = '4e93941aa05dd908e7cd7bfa6f8ca7b446e7b6f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T06:28:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571db8f6-c8f8-4236-8f17-4c3002de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:06.000Z",
"modified": "2016-04-25T06:28:06.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97",
"pattern": "[file:hashes.MD5 = '1a7772d0fbedf103e4f21d949392a34b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T06:28:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571db8f6-3730-42a3-9b88-416102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:06.000Z",
"modified": "2016-04-25T06:28:06.000Z",
"first_observed": "2016-04-25T06:28:06Z",
"last_observed": "2016-04-25T06:28:06Z",
"number_observed": 1,
"object_refs": [
"url--571db8f6-3730-42a3-9b88-416102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571db8f6-3730-42a3-9b88-416102de0b81",
"value": "https://www.virustotal.com/file/71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97/analysis/1445871730/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571db8f6-3758-426d-acc0-4a8b02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:06.000Z",
"modified": "2016-04-25T06:28:06.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67",
"pattern": "[file:hashes.SHA1 = 'c17a9c6841c554ebc5273ff021f5aed5c76920c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T06:28:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571db8f7-8c74-46ad-893b-4eff02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:07.000Z",
"modified": "2016-04-25T06:28:07.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67",
"pattern": "[file:hashes.MD5 = '0875cf64928da6c9b365384e6dbb3c33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T06:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571db8f7-0858-4cab-849d-4e7702de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-25T06:28:07.000Z",
"modified": "2016-04-25T06:28:07.000Z",
"first_observed": "2016-04-25T06:28:07Z",
"last_observed": "2016-04-25T06:28:07Z",
"number_observed": 1,
"object_refs": [
"url--571db8f7-0858-4cab-849d-4e7702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571db8f7-0858-4cab-849d-4e7702de0b81",
"value": "https://www.virustotal.com/file/a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67/analysis/1432189489/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}