misp-circl-feed/feeds/circl/stix-2.1/5b44a06a-d458-497b-b05e-0c1e0acd0835.json

1230 lines
51 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b44a06a-d458-497b-b05e-0c1e0acd0835",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-12T10:16:37.000Z",
"modified": "2018-07-12T10:16:37.000Z",
"name": "Synovus Financial",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b44a06a-d458-497b-b05e-0c1e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-12T10:16:37.000Z",
"modified": "2018-07-12T10:16:37.000Z",
"name": "Trend Micro Blog: Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor",
"published": "2018-08-23T09:29:03Z",
"object_refs": [
"indicator--5b44a084-23cc-4e7a-acec-0a3b0acd0835",
"indicator--5b44a085-e458-4ee9-9f34-0a3b0acd0835",
"indicator--5b44a085-8e9c-4645-b07a-0a3b0acd0835",
"indicator--5b44a085-e524-43a8-a22b-0a3b0acd0835",
"indicator--5b44a085-e254-4866-a5a1-0a3b0acd0835",
"indicator--5b44a085-10bc-4a12-8c90-0a3b0acd0835",
"indicator--5b44a085-dcbc-4be6-a484-0a3b0acd0835",
"indicator--5b44a085-f3fc-4783-9300-0a3b0acd0835",
"indicator--5b44a085-29d8-40cc-8996-0a3b0acd0835",
"indicator--5b44a085-e50c-49c8-b770-0a3b0acd0835",
"indicator--5b44a085-b830-48d8-b2af-0a3b0acd0835",
"indicator--5b44a085-6a84-42dd-ab5a-0a3b0acd0835",
"indicator--5b44a085-d1b4-49d5-9147-0a3b0acd0835",
"indicator--5b44a085-8830-4baf-94dc-0a3b0acd0835",
"indicator--5b44a085-48f8-44fe-8e69-0a3b0acd0835",
"indicator--5b44a085-425c-47a4-906a-0a3b0acd0835",
"indicator--5b44a085-8fa8-4a33-8c18-0a3b0acd0835",
"indicator--5b44a0cc-9380-4803-a4d2-0c950acd0835",
"indicator--5b44a0cd-4f10-4bf7-a9b9-0c950acd0835",
"indicator--5b44a0cd-3aac-4026-8086-0c950acd0835",
"indicator--5b44a0cd-2844-4c35-b9f3-0c950acd0835",
"indicator--5b44a0cd-2940-4451-b513-0c950acd0835",
"indicator--5b44a0cd-8734-451f-908e-0c950acd0835",
"indicator--5b44a0cd-2024-437e-88cd-0c950acd0835",
"indicator--5b44a0cd-a15c-41ba-9334-0c950acd0835",
"indicator--5b44a0cd-af6c-45ce-8d36-0c950acd0835",
"indicator--5b44a0cd-2c3c-403f-b00b-0c950acd0835",
"indicator--5b44a0cd-fb38-4bff-b5d3-0c950acd0835",
"indicator--5b44a0cd-ec94-4833-9e6a-0c950acd0835",
"indicator--5b44a0cd-1a7c-4818-90b4-0c950acd0835",
"indicator--5b44a0cd-3118-4e91-80ac-0c950acd0835",
"indicator--5b44a0cd-44d4-4d3e-a76a-0c950acd0835",
"indicator--5b44a0cd-badc-4d60-8cc5-0c950acd0835",
"indicator--5b44a0cd-ab88-471a-9158-0c950acd0835",
"indicator--5b44a0cd-89e4-4fd0-a95b-0c950acd0835",
"indicator--5b44a0cd-fd70-4b88-ace3-0c950acd0835",
"indicator--5b44a0cd-cab8-4289-b2d1-0c950acd0835",
"indicator--5b44a0cd-851c-4744-b26f-0c950acd0835",
"indicator--5b44a0cd-98ec-4d88-9b96-0c950acd0835",
"indicator--5b44a0dd-fe20-4156-a165-0bd60acd0835",
"indicator--5b44a0dd-30d4-442b-b051-0bd60acd0835",
"indicator--5b44a0dd-dd4c-4b5f-929d-0bd60acd0835",
"indicator--5b44a0dd-1e48-40ef-9052-0bd60acd0835",
"indicator--5b44a0dd-9c60-44b5-b917-0bd60acd0835",
"indicator--5b44a0dd-88a8-4da2-a8ea-0bd60acd0835",
"indicator--5b44a0dd-fda8-4bb7-a230-0bd60acd0835",
"indicator--5b44a0dd-57fc-426a-9f50-0bd60acd0835",
"observed-data--5b44a12b-a810-4c41-8563-0c950acd0835",
"url--5b44a12b-a810-4c41-8563-0c950acd0835"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a084-23cc-4e7a-acec-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:16.000Z",
"modified": "2018-07-10T12:03:16.000Z",
"pattern": "[file:hashes.SHA256 = '0181a985897f1fa66ede98cc04e97b05387743de198c2dcf4667fa4fde7779c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-e458-4ee9-9f34-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = '20b05a17623a7e74f7cfe4296ba79cff8ca6b3ea64f404661b7bc46ab603511c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-8e9c-4645-b07a-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = '2864b1b7417aacc13a4277d8cb9c94b5a04420f6ccc1cc4dfd3be4d369406383']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-e524-43a8-a22b-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = '2b3cd4d85b2b1f22d88db07352fb9e93405f395e7d0cfe96490ea2bc03a8c5ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-e254-4866-a5a1-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = '3b85e737965020d82cdc0890f1243732b71977117cdf310554e9dd91b78bfe63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-10bc-4a12-8c90-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = '451c4c3fbf5aec103833fa98d942b1876d9ce84575a00757562489921bc1d396']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-dcbc-4be6-a484-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = '45b2580db6d13720014753813eb69c1aa0effbd100bb80e5a07d75447489ba0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-f3fc-4783-9300-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = '7730a98fd698f1043184992f1ca349ea1bdfd33d43a0ece2cd88f9f6da2e37d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-29d8-40cc-8996-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = '804d883661ba51cec97135f9f33c1fa9084384783d59a4f55d496e2901c20289']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-e50c-49c8-b770-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = '96a4f844d7102d0ee757caa1719f1cd95d1386e61eb7c694020d6cf14b546880']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-b830-48d8-b2af-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = '9eac92bec146ce9cef096105f6531f2ee4c2e1a14507f069728a1022ecdcdedd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-6a84-42dd-ab5a-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = 'a4b25e5e72fc552e30391d7cd8182af023dc1084641d93b7fa6f348e89b29492']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-d1b4-49d5-9147-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = 'a9fc2b6f8bc339742268bac6c02843011ebb670114a786a71ff0fa65397ac9c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-8830-4baf-94dc-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = 'c57bf08c414900b5b4ad907272a606d6695c14dc2acc0264eca53840eee3f3f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-48f8-44fe-8e69-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = 'c9b7c2189d3cea05a666c45043812d832bed60cfcb8a97222bca9afc53b3d229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-425c-47a4-906a-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = 'cc60dae1199c72543dd761c921397f6e457ff0440da5b4451503bfca9fb0c730']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a085-8fa8-4a33-8c18-0a3b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:03:17.000Z",
"modified": "2018-07-10T12:03:17.000Z",
"pattern": "[file:hashes.SHA256 = 'd904495737dfe33599c0c408855f6d0dd9539be4b989eb5ab910eb6ab076d9ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cc-9380-4803-a4d2-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:28.000Z",
"modified": "2018-07-10T12:04:28.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1eoZvAJNwYmj97bWhzVLUVIt0lAqWKssD&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-4f10-4bf7-a9b9-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1f84hF8spepIVwTMAQU0nYs-6o9ZI3yjo&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-3aac-4026-8086-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1G7pfj4X3R4t8wq_NyCoE2pMYFo-TIkI9&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-2844-4c35-b9f3-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1GofUo_21wAidnNek5wIqTEH65c5B4mYl&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-2940-4451-b513-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1NfIqI9SJedlNn02Vww8rd5F73MfLlKsJ&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-8734-451f-908e-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1NgMUcD8FzNTEi45sNc6Cp-VG-EnK_uL-&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-2024-437e-88cd-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1NStRbzXtC4Vwv2qZ0CjrJYbk5ENFmQv_&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-a15c-41ba-9334-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1tBu1-SVAdWQccETb_AxAhBR3CLIrjkOU&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-af6c-45ce-8d36-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1TjywdxSZfENUorSHyjVDprOsT8Sq1_SW&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-2c3c-403f-b00b-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1Xhx22-OVqg-ZcpwU6bVBdP9lWZfzyFzB&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-fb38-4bff-b5d3-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1yC0rtWErmwTTyLO3VuP33pgLkfzy0xik&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-ec94-4833-9e6a-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1YqlYbFUObMjRBvNFfjwkdSJTpxU-rMVy&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-1a7c-4818-90b4-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/chrome_update']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-3118-4e91-80ac-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/chrome_update']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-44d4-4d3e-a76a-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/firefox_update']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-badc-4d60-8cc5-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/iexplorer_update']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-ab88-471a-9158-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/opera_update']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-89e4-4fd0-a95b-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/updater']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-fd70-4b88-ace3-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/firefox_update']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-cab8-4289-b2d1-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/iexplorer_update']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-851c-4744-b26f-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/opera_update']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0cd-98ec-4d88-9b96-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:29.000Z",
"modified": "2018-07-10T12:04:29.000Z",
"description": "Stage 1",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/updater']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0dd-fe20-4156-a165-0bd60acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:45.000Z",
"modified": "2018-07-10T12:04:45.000Z",
"description": "Stage 2",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1lcw-cN9o3NkR6zkeHrDHg-WiUhHBi1wK&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0dd-30d4-442b-b051-0bd60acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:45.000Z",
"modified": "2018-07-10T12:04:45.000Z",
"description": "Stage 2",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1OhTA1K04zKFaKw7omXJbmN8_S2VmIcdD&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0dd-dd4c-4b5f-929d-0bd60acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:45.000Z",
"modified": "2018-07-10T12:04:45.000Z",
"description": "Stage 2",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1okynNTx2kEvx1gBQsmmB3OuS0wQ3A3uE&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0dd-1e48-40ef-9052-0bd60acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:45.000Z",
"modified": "2018-07-10T12:04:45.000Z",
"description": "Stage 2",
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1ZFcguS1z4bSCpnMibYZZ8KHdFtN6hscM&export=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0dd-9c60-44b5-b917-0bd60acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:45.000Z",
"modified": "2018-07-10T12:04:45.000Z",
"description": "Stage 2",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/winhost.img']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0dd-88a8-4da2-a8ea-0bd60acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:45.000Z",
"modified": "2018-07-10T12:04:45.000Z",
"description": "Stage 2",
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/winhost.ver']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0dd-fda8-4bb7-a230-0bd60acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:45.000Z",
"modified": "2018-07-10T12:04:45.000Z",
"description": "Stage 2",
"pattern": "[url:value = 'https://raw.githubusercontent.com/modernconceptplanet/vsto/master/winhost.img']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b44a0dd-57fc-426a-9f50-0bd60acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:04:45.000Z",
"modified": "2018-07-10T12:04:45.000Z",
"description": "Stage 2",
"pattern": "[url:value = 'https://raw.githubusercontent.com/modernconceptplanet/vsto/master/winhost.ver']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-10T12:04:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b44a12b-a810-4c41-8563-0c950acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-07-10T12:06:03.000Z",
"modified": "2018-07-10T12:06:03.000Z",
"first_observed": "2018-07-10T12:06:03Z",
"last_observed": "2018-07-10T12:06:03Z",
"number_observed": 1,
"object_refs": [
"url--5b44a12b-a810-4c41-8563-0c950acd0835"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b44a12b-a810-4c41-8563-0c950acd0835",
"value": "https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-macro-hijacks-desktop-shortcuts-to-deliver-backdoor/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}