adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a462890-bb44-47c7-ba3b-21bda5fe7088.json

687 lines
81 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5a462890-bb44-47c7-ba3b-21bda5fe7088",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T12:15:11.000Z",
"modified": "2017-12-29T12:15:11.000Z",
"name": "Crimeware",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a462890-bb44-47c7-ba3b-21bda5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T12:15:11.000Z",
"modified": "2017-12-29T12:15:11.000Z",
"name": "Threat Analysis: Malicious Microsoft Word Documents Being Used in Targeted Attack Campaigns",
"published": "2018-04-24T22:38:54Z",
"object_refs": [
"observed-data--5a462b24-9d10-4f02-afce-24b9a5fe7088",
"file--5a462b24-9d10-4f02-afce-24b9a5fe7088",
"artifact--5a462b24-9d10-4f02-afce-24b9a5fe7088",
"observed-data--5a462a87-dd74-4356-be5c-21c0a5fe7088",
"url--5a462a87-dd74-4356-be5c-21c0a5fe7088",
"observed-data--5a462921-ae28-47ba-b058-24b8a5fe7088",
"url--5a462921-ae28-47ba-b058-24b8a5fe7088",
"x-misp-attribute--5a46293d-1dd0-4aa8-b2dc-24cea5fe7088",
"indicator--5a462a00-89c8-449f-8cee-24c3a5fe7088",
"indicator--5a462a01-69f8-4ee8-b0ce-24c3a5fe7088",
"indicator--5a462a01-04d0-4bb8-ae2e-24c3a5fe7088",
"indicator--5a462a01-f43c-4d17-8f06-24c3a5fe7088",
"indicator--5a462a01-40a8-4652-9457-24c3a5fe7088",
"indicator--5a462a00-2338-4071-b27e-24c3a5fe7088",
"indicator--5a462993-bad8-4de5-bc25-21bea5fe7088",
"indicator--5a462a39-a918-4393-9c0f-21c0a5fe7088",
"indicator--5a462a39-b014-485d-858b-21c0a5fe7088",
"indicator--5a462a39-9690-4c69-96a4-21c0a5fe7088",
"indicator--5a462a39-bc88-4dd8-99ef-21c0a5fe7088",
"indicator--5a462a39-971c-44eb-8fac-21c0a5fe7088",
"indicator--5a462994-0180-478c-950f-21bea5fe7088",
"indicator--5a462a39-041c-420e-84fc-21c0a5fe7088",
"indicator--5a462994-4a3c-4344-a383-21bea5fe7088",
"indicator--5a462a39-9f74-4044-ba5f-21c0a5fe7088",
"indicator--5a462a39-c24c-450f-acd2-21c0a5fe7088",
"indicator--5a462a39-85fc-4ac2-ad5d-21c0a5fe7088",
"indicator--5a462a39-4008-4bbb-85cc-21c0a5fe7088",
"indicator--5a462994-4cd4-4f75-b09a-21bea5fe7088",
"indicator--5a462a39-905c-4cb6-bb25-21c0a5fe7088",
"indicator--5a462a39-99e0-4dd8-bf3d-21c0a5fe7088"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a462b24-9d10-4f02-afce-24b9a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:46:44.000Z",
"modified": "2017-12-29T11:46:44.000Z",
"first_observed": "2017-12-29T11:46:44Z",
"last_observed": "2017-12-29T11:46:44Z",
"number_observed": 1,
"object_refs": [
"file--5a462b24-9d10-4f02-afce-24b9a5fe7088",
"artifact--5a462b24-9d10-4f02-afce-24b9a5fe7088"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5a462b24-9d10-4f02-afce-24b9a5fe7088",
"name": "Figure_10_fixed_for_release.jpg",
"content_ref": "artifact--5a462b24-9d10-4f02-afce-24b9a5fe7088"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5a462b24-9d10-4f02-afce-24b9a5fe7088",
"payload_bin": "/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAAAAAAP/sABFEdWNreQABAAQAAAA8AAD/4QMqaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLwA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/PiA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjYtYzE0MiA3OS4xNjA5MjQsIDIwMTcvMDcvMTMtMDE6MDY6MzkgICAgICAgICI+IDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+IDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bXA6Q3JlYXRvclRvb2w9IkFkb2JlIFBob3Rvc2hvcCBDQyAoV2luZG93cykiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6RTNBQkE4MDBFNEUzMTFFN0E3ODBGN0UyQjUxQjlBMzUiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6RTNBQkE4MDFFNEUzMTFFN0E3ODBGN0UyQjUxQjlBMzUiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDpFM0FCQTdGRUU0RTMxMUU3QTc4MEY3RTJCNTFCOUEzNSIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDpFM0FCQTdGRkU0RTMxMUU3QTc4MEY3RTJCNTFCOUEzNSIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/Pv/uAA5BZG9iZQBkwAAAAAH/2wCEAAYEBAQFBAYFBQYJBgUGCQsIBgYICwwKCgsKCgwQDAwMDAwMEAwODxAPDgwTExQUExMcGxsbHB8fHx8fHx8fHx8BBwcHDQwNGBAQGBoVERUaHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fH//AABEIAZMEAAMBEQACEQEDEQH/xADIAAEAAgMBAQEAAAAAAAAAAAAAAwQBAgUGBwgBAQADAQEBAAAAAAAAAAAAAAACAwQBBQYQAAICAQMCAgUFCQoLBwMEAwECAAMEERIFIQYxE0FRIjIUYXEzFQeBkaFCUmKyIxax0XKConOTs3S0kkNTY4PTJDQ1VgjBwkSEVXU28OEl8dLDN1RFRhEBAAIAAgUJBQYFBAIDAQAAAAECEQMhMUESBFFhcYGRwdETFKGxMlIF8OEiQnKSgqKy0jPxwuIjYrPyQzRT/9oADAMBAAIRAxEAPwD9UwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQOXR3V2zfyzcPTyuLZyqsyNgpchuDVgl12A66qAdR6JCMyuOGOlotwmbFN+a23OXDQ6kmzkBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA53cHOY/B8TfyeRRfk1Ubd1OLWbbTvYKNqDT8rrI3tuxiv4fInNvFImImeWcIfPew+38HuTtjmeUxmfis7l+WzcjF5ShUTkMepsgN5ZfqyEhSrLu8D8szZVItWZ1YzPS9r6hxNsjOpSfx1pl1iaz8Ezu6+d3/sr5DkL+F5DD5DOs5C/jOUzMGvIvIa5qqLNFLnxJ6yzh5mYmJnHCZY/q+XSuZW1a7sXpW2EasZjY9pL3lEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA+b8Bm9wdo8lza85xlWL2vk8nmZ7dwvl1BUXKs1pU0DWz2mKr85mWk2pM4x+HGdOL3eIplcTSnl2mc6KVrubs/ljTp1c6D7Ju3+3c/N5nvFKRdyd3L8guLyAeza2O7+ztTcKyCGPXbOcPSszNtuMp/WOJzaVpkTOFIy6Y10a8O19Pmt8+QEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQK2ZRl3GoY+ScZUdXsZVViwVgSntAjay6g+n1QPJ8p2r35nYmTi/tJSara6a6hdg49oDVZptax1ZdrM+Kq1kabQ+rqF6AcmMUq3ms4xOEunw3A9w4KW1W8rW2N8ZfbjY1GNTSleHbYrVUeyo9qtAw3ektqfCIjAtabTjM4y9FOokBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAjyWyFxrWxlV8gIxpRzopfT2Qx9AJgeeyr+9HKmnHVRWpsGq16u20AKyjI095m1XdpoAd2vswNsm/vGyy0V4y0pTajUsprbzE2WiwaGwa+0E267fHr6dAl5S3nclt3EeYKLanWxrE8l6ragXr2LcFLeczBGOmgAgVRld0jt74VKbH5wecLGdFGiEv5TK4auhm619BYSBrrqQYFrKyu66ccPXRU5Flm4bdxWpWUISBZq25NzEqCddBsMCGvke8muSv4KrXy2sbeuxeptCBmFr7T7KdF3+PXb6AtYOfzleJddzGP5be7RRiVm2w+zrrqrWD5Oug19PWBBx690eZgHIFi1nc2TWxpYoC1p2WMpbftU1KjJ46EtprpAkxE5spx1mWcinyFusz9TU5fYdK62SrfuZ927VPydPEwJcm7lLr8h8RL/hnwm8g6V1kZAYgAJbtcMR+UNsDTKzu4KqcBcfDNltoCZIs2kq4rFpbVH2gfq2r6/jsvo1gT8Fb3BbVa/MVVUMGK01V
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a462a87-dd74-4356-be5c-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:44:07.000Z",
"modified": "2017-12-29T11:44:07.000Z",
"first_observed": "2017-12-29T11:44:07Z",
"last_observed": "2017-12-29T11:44:07Z",
"number_observed": 1,
"object_refs": [
"url--5a462a87-dd74-4356-be5c-21c0a5fe7088"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a462a87-dd74-4356-be5c-21c0a5fe7088",
"value": "https://www.cobaltstrike.com/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a462921-ae28-47ba-b058-24b8a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:38:09.000Z",
"modified": "2017-12-29T11:38:09.000Z",
"first_observed": "2017-12-29T11:38:09Z",
"last_observed": "2017-12-29T11:38:09Z",
"number_observed": 1,
"object_refs": [
"url--5a462921-ae28-47ba-b058-24b8a5fe7088"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a462921-ae28-47ba-b058-24b8a5fe7088",
"value": "https://www.carbonblack.com/2017/12/19/threat-analysis-malicious-microsoft-word-documents-used-targeted-attack-campaigns/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a46293d-1dd0-4aa8-b2dc-24cea5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:38:37.000Z",
"modified": "2017-12-29T11:38:37.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "A Microsoft Word document (.doc) believed to be malicious was recently submitted to Carbon Black\u00e2\u20ac\u2122s Threat Analysis Unit (TAU). The submitting organization did not feel that that document (and subsequent payload) was fully executing in their analysis environment, and questioned whether or not it was actually malicious.\r\n\r\nThe submitted file was part of a targeted attack against an organization, and would not properly run unless the infected system configured for a domain that matched a hard coded pattern. The malicious carrier file contained embedded macros which would launch a series of VB scripts. Ultimately the scripts would inject a Cobalt Strike payload into a running process. While researching this variant TAU discovered numerous other variants (both .doc and .docx formats), which were written in the same manner. Only one instance contained the portion of code to ensure the script would only run at a targeted domain. All of these variants had very low coverage when run through an analysis engine, and as this technique emerges it will continue to be used in targeted attacks and eventually commoditized."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a00-89c8-449f-8cee-24c3a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:41:52.000Z",
"modified": "2017-12-29T11:41:52.000Z",
"description": "Cobalt Strike C2",
"pattern": "[domain-name:value = 'carbon-copy-marketing.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:41:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a01-69f8-4ee8-b0ce-24c3a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:41:53.000Z",
"modified": "2017-12-29T11:41:53.000Z",
"description": "Cobalt Strike C2",
"pattern": "[domain-name:value = 'free-clipart-archive.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:41:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a01-04d0-4bb8-ae2e-24c3a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:41:53.000Z",
"modified": "2017-12-29T11:41:53.000Z",
"description": "Cobalt Strike C2",
"pattern": "[domain-name:value = 'stationmovil.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:41:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a01-f43c-4d17-8f06-24c3a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:41:53.000Z",
"modified": "2017-12-29T11:41:53.000Z",
"description": "Cobalt Strike C2",
"pattern": "[domain-name:value = 'www.bankingandfinanceexpert.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:41:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a01-40a8-4652-9457-24c3a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:41:53.000Z",
"modified": "2017-12-29T11:41:53.000Z",
"description": "Cobalt Strike C2",
"pattern": "[domain-name:value = 'www.themediaeducation.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:41:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a00-2338-4071-b27e-24c3a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:41:52.000Z",
"modified": "2017-12-29T11:41:52.000Z",
"description": "Cobalt Strike C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.83.58.231']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:41:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462993-bad8-4de5-bc25-21bea5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:40:03.000Z",
"modified": "2017-12-29T11:40:03.000Z",
"description": "Embedded payload",
"pattern": "[file:name = 'Cobalt_Strike.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:40:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-a918-4393-9c0f-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.MD5 = '3f06c23c4119d720b2a627ab5454a3e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-b014-485d-858b-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.MD5 = '376396fceb8e52425780459c41ac3ab4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-9690-4c69-96a4-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.MD5 = 'd79a8e0a9e8c7294351657f7897fd121']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-bc88-4dd8-99ef-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.MD5 = 'c17cfcab0d115732a262da8a58dcf318']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-971c-44eb-8fac-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.MD5 = '81af1f218c0a44ea39aa3eca78f24bc0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462994-0180-478c-950f-21bea5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:40:04.000Z",
"modified": "2017-12-29T11:40:04.000Z",
"description": "Embedded payload",
"pattern": "[file:hashes.MD5 = 'f2f52c78d594c37b546f6c09207cb481']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-041c-420e-84fc-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.MD5 = 'c916685d48dec5891e92c09e18300381']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462994-4a3c-4344-a383-21bea5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:40:04.000Z",
"modified": "2017-12-29T11:40:04.000Z",
"description": "Embedded payload",
"pattern": "[file:hashes.SHA1 = '12bc1affe86327d9f78684cde46cfff4dee57149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-9f74-4044-ba5f-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.SHA256 = '277226cb5f59de6f4493a42e42f7ea575d65da7a033ae343166ad4fa96db8654']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-c24c-450f-acd2-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.SHA256 = '76e2277c63303df6c5b32fdacffcf37c8657ec263070a533eba100d83cade81e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-85fc-4ac2-ad5d-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.SHA256 = '2519e09e54ccc18c7dfc938760b48b559b7e4fb8465e12d8144083d2178789e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-4008-4bbb-85cc-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.SHA256 = 'c10ee375a841fd537ede2afa9e68817ddaaaf2e6587a519c267aac6c1fe8d081']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462994-4cd4-4f75-b09a-21bea5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:40:04.000Z",
"modified": "2017-12-29T11:40:04.000Z",
"description": "Embedded payload",
"pattern": "[file:hashes.SHA256 = 'fa405c36d82b264568219b521886d2e7ef589674874983c7db1d67928003489e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-905c-4cb6-bb25-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.SHA256 = '9416893eb0b8b1e7b4afd342887fa358d1ea7dbd56d4a51a25a801715c761356']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a462a39-99e0-4dd8-bf3d-21c0a5fe7088",
"created_by_ref": "identity--569f692d-b290-40cc-ae1a-2c48ff32448e",
"created": "2017-12-29T11:42:49.000Z",
"modified": "2017-12-29T11:42:49.000Z",
"pattern": "[file:hashes.SHA256 = '2a31a24ce994ae3465e77d4ec190882804233209b7f67bd4ef03375bd9b5f9ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-29T11:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink