adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5991e185-1808-4a0a-8df5-c44402de0b81.json

1041 lines
44 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5991e185-1808-4a0a-8df5-c44402de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:50:16.000Z",
"modified": "2017-08-14T17:50:16.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5991e185-1808-4a0a-8df5-c44402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:50:16.000Z",
"modified": "2017-08-14T17:50:16.000Z",
"name": "OSINT - The Blockbuster Saga Continues",
"published": "2017-08-14T17:50:46Z",
"object_refs": [
"observed-data--5991e193-efc8-41e2-ba11-457902de0b81",
"url--5991e193-efc8-41e2-ba11-457902de0b81",
"x-misp-attribute--5991e1ac-9748-4213-8c8c-43a302de0b81",
"indicator--5991e1db-a100-4d93-8ea9-43e802de0b81",
"indicator--5991e1db-a54c-4a1a-aa45-424f02de0b81",
"indicator--5991e1db-2eb8-455e-96c6-4fc602de0b81",
"indicator--5991e1db-39ac-4838-8009-476402de0b81",
"indicator--5991e1e7-904c-4e34-8757-480b02de0b81",
"indicator--5991e1e7-2ee8-4650-b835-43e402de0b81",
"indicator--5991e1e7-cb88-40d2-a89f-470f02de0b81",
"indicator--5991e1e7-49b8-467e-b9b5-4b2602de0b81",
"indicator--5991e1e7-13d4-4131-a75f-4a3c02de0b81",
"indicator--5991e1e7-5600-4357-996d-428302de0b81",
"indicator--5991e1e7-2e88-4fc1-bee3-49d802de0b81",
"indicator--5991e1e7-bca0-4130-89e2-482402de0b81",
"indicator--5991e1e7-f7c4-4234-a9be-4ff302de0b81",
"indicator--5991e1fa-f61c-46df-bdbf-480d02de0b81",
"indicator--5991e1fa-a230-4e68-bcf7-41fc02de0b81",
"indicator--5991e1fa-62a4-4a41-8dac-427602de0b81",
"indicator--5991e1fa-3940-4f00-9f46-4e0202de0b81",
"indicator--5991e1fa-d738-41b9-8ba2-4f9c02de0b81",
"indicator--5991e1fa-e264-424e-83e6-4b8802de0b81",
"indicator--5991e1fa-82b4-4493-8543-4ab102de0b81",
"indicator--5991e1fa-1c84-4131-a807-46a802de0b81",
"indicator--5991e1fa-9584-4430-b291-47b102de0b81",
"indicator--5991e1fa-1714-4972-8a39-476502de0b81",
"indicator--5991e1fa-9be8-43d4-8b9a-421f02de0b81",
"indicator--5991e1fa-ba30-4d3c-b87f-496802de0b81",
"indicator--5991e1fa-aa18-479c-a1f1-43af02de0b81",
"indicator--5991e1fa-1bb0-4184-a3e4-48b102de0b81",
"indicator--5991e2c3-aa68-4032-84fe-c43b02de0b81",
"indicator--5991e2c3-8b14-48ef-aa08-c43b02de0b81",
"observed-data--5991e2c3-8464-426c-b0da-c43b02de0b81",
"url--5991e2c3-8464-426c-b0da-c43b02de0b81",
"indicator--5991e2c3-ba9c-4d0f-8d37-c43b02de0b81",
"indicator--5991e2c3-66dc-42fa-9886-c43b02de0b81",
"observed-data--5991e2c3-ae8c-46ce-acea-c43b02de0b81",
"url--5991e2c3-ae8c-46ce-acea-c43b02de0b81",
"indicator--5991e2c3-381c-4078-82ea-c43b02de0b81",
"indicator--5991e2c3-44ec-4848-932a-c43b02de0b81",
"observed-data--5991e2c3-6d14-4f2d-97e4-c43b02de0b81",
"url--5991e2c3-6d14-4f2d-97e4-c43b02de0b81",
"indicator--5991e2c3-86c8-45bb-8eb6-c43b02de0b81",
"indicator--5991e2c3-c03c-4e9d-8e62-c43b02de0b81",
"observed-data--5991e2c3-ffac-4a61-9bd6-c43b02de0b81",
"url--5991e2c3-ffac-4a61-9bd6-c43b02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5991e193-efc8-41e2-ba11-457902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"first_observed": "2017-08-14T17:49:55Z",
"last_observed": "2017-08-14T17:49:55Z",
"number_observed": 1,
"object_refs": [
"url--5991e193-efc8-41e2-ba11-457902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5991e193-efc8-41e2-ba11-457902de0b81",
"value": "https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5991e1ac-9748-4213-8c8c-43a302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Unit 42 researchers at Palo Alto Networks have discovered new attack activity targeting individuals involved with United States defense contractors. Through analysis of malicious code, files, and infrastructure it is clear the group behind this campaign is either directly responsible for or has cooperated with the group which conducted Operation Blockbuster Sequel and, ultimately, Operation Blockbuster (originally outlined by researchers from Novetta). The threat actors are reusing tools, techniques, and procedures which overlap throughout these operations with little variance. Attacks originating from this threat group have not ceased since our previous report (from April of 2017) and have continued through July of 2017."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1db-a100-4d93-8ea9-43e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[url:value = 'http://210.202.40.35/CKRQST/event/careers/jobs/description/docs/NGC1398.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1db-a54c-4a1a-aa45-424f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[url:value = 'http://210.202.40.35/CKRQST/Company/HR/Position/lm/L1915.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1db-2eb8-455e-96c6-4fc602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[url:value = 'http://104.192.193.149/Event/careers/jobs/description/docs/LJC077.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1db-39ac-4838-8009-476402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[url:value = 'http://lansingturbo.org/docs/WebDAV.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1e7-904c-4e34-8757-480b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.192.193.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1e7-2ee8-4650-b835-43e402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.35.250.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1e7-cb88-40d2-a89f-470f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.152.51.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1e7-49b8-467e-b9b5-4b2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.222.149.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1e7-13d4-4131-a75f-4a3c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.246.6.83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1e7-5600-4357-996d-428302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.140.97.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1e7-2e88-4fc1-bee3-49d802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.202.40.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1e7-bca0-4130-89e2-482402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.90.93.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1e7-f7c4-4234-a9be-4ff302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.6.12.135']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-f61c-46df-bdbf-480d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = '4d4465bd9a57c7a3c0b80fa3282697554a1419794afa36e544a4ae06d60c1615']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-a230-4e68-bcf7-41fc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = 'f390ef86a4ad92dde125c983e6470f08344b9eaa14c17a1e6c4bb7ebfa7c4ec9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-62a4-4a41-8dac-427602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = 'acfae7e2fdda02e81b3e03f8c30741744d629cd672db424027f7caa59c975897']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-3940-4f00-9f46-4e0202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = '7429a6b6e8518a1ec1d1c37a8786359885f2fd4abde560adaef331ca9deaeefd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-d738-41b9-8ba2-4f9c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = 'e09224a24a14a08c6fcb79b00b4a7b3097c84f805f5f2adefe2f7d04d7b4a8ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-e264-424e-83e6-4b8802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = '062aadf3eb69686f4881860d88ce472e6b1c07e1f586d840dd2ee1f7b76cabe7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-82b4-4493-8543-4ab102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = 'c63a415d23fc4ab10ad3acfdd47d42b5c7444604485ab45147277cca82fffb34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-1c84-4131-a807-46a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = '16c3a7f143e831dd0481d2d57aae885090e22ec55cc8282009f641755d423fcd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-9584-4430-b291-47b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = 'de2d458c8e4befcd478a0010789d80997793790b18a347d10a595d6e87d91f34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-1714-4972-8a39-476502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = '2f133525f76ab0ebb0b370601673361253074c337f0b0895d0f0cb5bc261cfcb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-9be8-43d4-8b9a-421f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = 'e83a08bcb4353bfd6edcdedbc9ead9ab179a620e15155b60d18153bed9892f38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-ba30-4d3c-b87f-496802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = '6f673981892701d42159489c1b2614c098a04e4674b23e1cd0fd8911766e71a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-aa18-479c-a1f1-43af02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = 'ad075279d2ee6958105889d852e0d7f4266f746cb0078ac1b362f05a45b5828d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e1fa-1bb0-4184-a3e4-48b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"pattern": "[file:hashes.SHA256 = '1288e105c83a6f4bbad8471a9b5bedafeea684a8d8b73a1a7518137d446c2e1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e2c3-aa68-4032-84fe-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"description": "- Xchecked via VT: 1288e105c83a6f4bbad8471a9b5bedafeea684a8d8b73a1a7518137d446c2e1e",
"pattern": "[file:hashes.SHA1 = '67d2eceea179d3e0e3b99a4464cca82bec2236dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e2c3-8b14-48ef-aa08-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"description": "- Xchecked via VT: 1288e105c83a6f4bbad8471a9b5bedafeea684a8d8b73a1a7518137d446c2e1e",
"pattern": "[file:hashes.MD5 = '307866c7d98fc9a050c0d178d95b3e8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5991e2c3-8464-426c-b0da-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"first_observed": "2017-08-14T17:49:55Z",
"last_observed": "2017-08-14T17:49:55Z",
"number_observed": 1,
"object_refs": [
"url--5991e2c3-8464-426c-b0da-c43b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5991e2c3-8464-426c-b0da-c43b02de0b81",
"value": "https://www.virustotal.com/file/1288e105c83a6f4bbad8471a9b5bedafeea684a8d8b73a1a7518137d446c2e1e/analysis/1502714543/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e2c3-ba9c-4d0f-8d37-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"description": "- Xchecked via VT: 6f673981892701d42159489c1b2614c098a04e4674b23e1cd0fd8911766e71a0",
"pattern": "[file:hashes.SHA1 = 'cbb56d1aff6ddd7c280c52fd03ca10529b1b2e36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e2c3-66dc-42fa-9886-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"description": "- Xchecked via VT: 6f673981892701d42159489c1b2614c098a04e4674b23e1cd0fd8911766e71a0",
"pattern": "[file:hashes.MD5 = '766ec87da598965efc2fb7e5a5b60ee2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5991e2c3-ae8c-46ce-acea-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"first_observed": "2017-08-14T17:49:55Z",
"last_observed": "2017-08-14T17:49:55Z",
"number_observed": 1,
"object_refs": [
"url--5991e2c3-ae8c-46ce-acea-c43b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5991e2c3-ae8c-46ce-acea-c43b02de0b81",
"value": "https://www.virustotal.com/file/6f673981892701d42159489c1b2614c098a04e4674b23e1cd0fd8911766e71a0/analysis/1502715759/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e2c3-381c-4078-82ea-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"description": "- Xchecked via VT: 16c3a7f143e831dd0481d2d57aae885090e22ec55cc8282009f641755d423fcd",
"pattern": "[file:hashes.SHA1 = '9e2017128dd01108571b241f6c2b435d98d52d3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e2c3-44ec-4848-932a-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"description": "- Xchecked via VT: 16c3a7f143e831dd0481d2d57aae885090e22ec55cc8282009f641755d423fcd",
"pattern": "[file:hashes.MD5 = 'e8aa28ad79c9adcf9bb8629973fdfa24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5991e2c3-6d14-4f2d-97e4-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"first_observed": "2017-08-14T17:49:55Z",
"last_observed": "2017-08-14T17:49:55Z",
"number_observed": 1,
"object_refs": [
"url--5991e2c3-6d14-4f2d-97e4-c43b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5991e2c3-6d14-4f2d-97e4-c43b02de0b81",
"value": "https://www.virustotal.com/file/16c3a7f143e831dd0481d2d57aae885090e22ec55cc8282009f641755d423fcd/analysis/1502724035/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e2c3-86c8-45bb-8eb6-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"description": "- Xchecked via VT: acfae7e2fdda02e81b3e03f8c30741744d629cd672db424027f7caa59c975897",
"pattern": "[file:hashes.SHA1 = 'e784d38b6e628357d93e0db926590c8ef5393d1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5991e2c3-c03c-4e9d-8e62-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"description": "- Xchecked via VT: acfae7e2fdda02e81b3e03f8c30741744d629cd672db424027f7caa59c975897",
"pattern": "[file:hashes.MD5 = 'aa9548f3b03cc481c8c195fd458bc6dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-14T17:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5991e2c3-ffac-4a61-9bd6-c43b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-14T17:49:55.000Z",
"modified": "2017-08-14T17:49:55.000Z",
"first_observed": "2017-08-14T17:49:55Z",
"last_observed": "2017-08-14T17:49:55Z",
"number_observed": 1,
"object_refs": [
"url--5991e2c3-ffac-4a61-9bd6-c43b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5991e2c3-ffac-4a61-9bd6-c43b02de0b81",
"value": "https://www.virustotal.com/file/acfae7e2fdda02e81b3e03f8c30741744d629cd672db424027f7caa59c975897/analysis/1502715852/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink