1230 lines
51 KiB
JSON
1230 lines
51 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5b44a06a-d458-497b-b05e-0c1e0acd0835",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-12T10:16:37.000Z",
|
||
|
"modified": "2018-07-12T10:16:37.000Z",
|
||
|
"name": "Synovus Financial",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5b44a06a-d458-497b-b05e-0c1e0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-12T10:16:37.000Z",
|
||
|
"modified": "2018-07-12T10:16:37.000Z",
|
||
|
"name": "Trend Micro Blog: Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor",
|
||
|
"published": "2018-08-23T09:29:03Z",
|
||
|
"object_refs": [
|
||
|
"indicator--5b44a084-23cc-4e7a-acec-0a3b0acd0835",
|
||
|
"indicator--5b44a085-e458-4ee9-9f34-0a3b0acd0835",
|
||
|
"indicator--5b44a085-8e9c-4645-b07a-0a3b0acd0835",
|
||
|
"indicator--5b44a085-e524-43a8-a22b-0a3b0acd0835",
|
||
|
"indicator--5b44a085-e254-4866-a5a1-0a3b0acd0835",
|
||
|
"indicator--5b44a085-10bc-4a12-8c90-0a3b0acd0835",
|
||
|
"indicator--5b44a085-dcbc-4be6-a484-0a3b0acd0835",
|
||
|
"indicator--5b44a085-f3fc-4783-9300-0a3b0acd0835",
|
||
|
"indicator--5b44a085-29d8-40cc-8996-0a3b0acd0835",
|
||
|
"indicator--5b44a085-e50c-49c8-b770-0a3b0acd0835",
|
||
|
"indicator--5b44a085-b830-48d8-b2af-0a3b0acd0835",
|
||
|
"indicator--5b44a085-6a84-42dd-ab5a-0a3b0acd0835",
|
||
|
"indicator--5b44a085-d1b4-49d5-9147-0a3b0acd0835",
|
||
|
"indicator--5b44a085-8830-4baf-94dc-0a3b0acd0835",
|
||
|
"indicator--5b44a085-48f8-44fe-8e69-0a3b0acd0835",
|
||
|
"indicator--5b44a085-425c-47a4-906a-0a3b0acd0835",
|
||
|
"indicator--5b44a085-8fa8-4a33-8c18-0a3b0acd0835",
|
||
|
"indicator--5b44a0cc-9380-4803-a4d2-0c950acd0835",
|
||
|
"indicator--5b44a0cd-4f10-4bf7-a9b9-0c950acd0835",
|
||
|
"indicator--5b44a0cd-3aac-4026-8086-0c950acd0835",
|
||
|
"indicator--5b44a0cd-2844-4c35-b9f3-0c950acd0835",
|
||
|
"indicator--5b44a0cd-2940-4451-b513-0c950acd0835",
|
||
|
"indicator--5b44a0cd-8734-451f-908e-0c950acd0835",
|
||
|
"indicator--5b44a0cd-2024-437e-88cd-0c950acd0835",
|
||
|
"indicator--5b44a0cd-a15c-41ba-9334-0c950acd0835",
|
||
|
"indicator--5b44a0cd-af6c-45ce-8d36-0c950acd0835",
|
||
|
"indicator--5b44a0cd-2c3c-403f-b00b-0c950acd0835",
|
||
|
"indicator--5b44a0cd-fb38-4bff-b5d3-0c950acd0835",
|
||
|
"indicator--5b44a0cd-ec94-4833-9e6a-0c950acd0835",
|
||
|
"indicator--5b44a0cd-1a7c-4818-90b4-0c950acd0835",
|
||
|
"indicator--5b44a0cd-3118-4e91-80ac-0c950acd0835",
|
||
|
"indicator--5b44a0cd-44d4-4d3e-a76a-0c950acd0835",
|
||
|
"indicator--5b44a0cd-badc-4d60-8cc5-0c950acd0835",
|
||
|
"indicator--5b44a0cd-ab88-471a-9158-0c950acd0835",
|
||
|
"indicator--5b44a0cd-89e4-4fd0-a95b-0c950acd0835",
|
||
|
"indicator--5b44a0cd-fd70-4b88-ace3-0c950acd0835",
|
||
|
"indicator--5b44a0cd-cab8-4289-b2d1-0c950acd0835",
|
||
|
"indicator--5b44a0cd-851c-4744-b26f-0c950acd0835",
|
||
|
"indicator--5b44a0cd-98ec-4d88-9b96-0c950acd0835",
|
||
|
"indicator--5b44a0dd-fe20-4156-a165-0bd60acd0835",
|
||
|
"indicator--5b44a0dd-30d4-442b-b051-0bd60acd0835",
|
||
|
"indicator--5b44a0dd-dd4c-4b5f-929d-0bd60acd0835",
|
||
|
"indicator--5b44a0dd-1e48-40ef-9052-0bd60acd0835",
|
||
|
"indicator--5b44a0dd-9c60-44b5-b917-0bd60acd0835",
|
||
|
"indicator--5b44a0dd-88a8-4da2-a8ea-0bd60acd0835",
|
||
|
"indicator--5b44a0dd-fda8-4bb7-a230-0bd60acd0835",
|
||
|
"indicator--5b44a0dd-57fc-426a-9f50-0bd60acd0835",
|
||
|
"observed-data--5b44a12b-a810-4c41-8563-0c950acd0835",
|
||
|
"url--5b44a12b-a810-4c41-8563-0c950acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a084-23cc-4e7a-acec-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:16.000Z",
|
||
|
"modified": "2018-07-10T12:03:16.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '0181a985897f1fa66ede98cc04e97b05387743de198c2dcf4667fa4fde7779c1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-e458-4ee9-9f34-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '20b05a17623a7e74f7cfe4296ba79cff8ca6b3ea64f404661b7bc46ab603511c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-8e9c-4645-b07a-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '2864b1b7417aacc13a4277d8cb9c94b5a04420f6ccc1cc4dfd3be4d369406383']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-e524-43a8-a22b-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '2b3cd4d85b2b1f22d88db07352fb9e93405f395e7d0cfe96490ea2bc03a8c5ff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-e254-4866-a5a1-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '3b85e737965020d82cdc0890f1243732b71977117cdf310554e9dd91b78bfe63']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-10bc-4a12-8c90-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '451c4c3fbf5aec103833fa98d942b1876d9ce84575a00757562489921bc1d396']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-dcbc-4be6-a484-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '45b2580db6d13720014753813eb69c1aa0effbd100bb80e5a07d75447489ba0f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-f3fc-4783-9300-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '7730a98fd698f1043184992f1ca349ea1bdfd33d43a0ece2cd88f9f6da2e37d1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-29d8-40cc-8996-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '804d883661ba51cec97135f9f33c1fa9084384783d59a4f55d496e2901c20289']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-e50c-49c8-b770-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '96a4f844d7102d0ee757caa1719f1cd95d1386e61eb7c694020d6cf14b546880']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-b830-48d8-b2af-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '9eac92bec146ce9cef096105f6531f2ee4c2e1a14507f069728a1022ecdcdedd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-6a84-42dd-ab5a-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a4b25e5e72fc552e30391d7cd8182af023dc1084641d93b7fa6f348e89b29492']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-d1b4-49d5-9147-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a9fc2b6f8bc339742268bac6c02843011ebb670114a786a71ff0fa65397ac9c6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-8830-4baf-94dc-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c57bf08c414900b5b4ad907272a606d6695c14dc2acc0264eca53840eee3f3f4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-48f8-44fe-8e69-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c9b7c2189d3cea05a666c45043812d832bed60cfcb8a97222bca9afc53b3d229']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-425c-47a4-906a-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'cc60dae1199c72543dd761c921397f6e457ff0440da5b4451503bfca9fb0c730']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a085-8fa8-4a33-8c18-0a3b0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:03:17.000Z",
|
||
|
"modified": "2018-07-10T12:03:17.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd904495737dfe33599c0c408855f6d0dd9539be4b989eb5ab910eb6ab076d9ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:03:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cc-9380-4803-a4d2-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:28.000Z",
|
||
|
"modified": "2018-07-10T12:04:28.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1eoZvAJNwYmj97bWhzVLUVIt0lAqWKssD&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-4f10-4bf7-a9b9-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1f84hF8spepIVwTMAQU0nYs-6o9ZI3yjo&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-3aac-4026-8086-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1G7pfj4X3R4t8wq_NyCoE2pMYFo-TIkI9&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-2844-4c35-b9f3-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1GofUo_21wAidnNek5wIqTEH65c5B4mYl&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-2940-4451-b513-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1NfIqI9SJedlNn02Vww8rd5F73MfLlKsJ&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-8734-451f-908e-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1NgMUcD8FzNTEi45sNc6Cp-VG-EnK_uL-&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-2024-437e-88cd-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1NStRbzXtC4Vwv2qZ0CjrJYbk5ENFmQv_&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-a15c-41ba-9334-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1tBu1-SVAdWQccETb_AxAhBR3CLIrjkOU&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-af6c-45ce-8d36-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1TjywdxSZfENUorSHyjVDprOsT8Sq1_SW&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-2c3c-403f-b00b-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1Xhx22-OVqg-ZcpwU6bVBdP9lWZfzyFzB&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-fb38-4bff-b5d3-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1yC0rtWErmwTTyLO3VuP33pgLkfzy0xik&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-ec94-4833-9e6a-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1YqlYbFUObMjRBvNFfjwkdSJTpxU-rMVy&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-1a7c-4818-90b4-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/chrome_update']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-3118-4e91-80ac-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/chrome_update']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-44d4-4d3e-a76a-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/firefox_update']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-badc-4d60-8cc5-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/iexplorer_update']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-ab88-471a-9158-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/opera_update']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-89e4-4fd0-a95b-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/updater']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-fd70-4b88-ace3-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/firefox_update']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-cab8-4289-b2d1-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/iexplorer_update']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-851c-4744-b26f-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/opera_update']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0cd-98ec-4d88-9b96-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:29.000Z",
|
||
|
"modified": "2018-07-10T12:04:29.000Z",
|
||
|
"description": "Stage 1",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/updater']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0dd-fe20-4156-a165-0bd60acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:45.000Z",
|
||
|
"modified": "2018-07-10T12:04:45.000Z",
|
||
|
"description": "Stage 2",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1lcw-cN9o3NkR6zkeHrDHg-WiUhHBi1wK&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0dd-30d4-442b-b051-0bd60acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:45.000Z",
|
||
|
"modified": "2018-07-10T12:04:45.000Z",
|
||
|
"description": "Stage 2",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1OhTA1K04zKFaKw7omXJbmN8_S2VmIcdD&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0dd-dd4c-4b5f-929d-0bd60acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:45.000Z",
|
||
|
"modified": "2018-07-10T12:04:45.000Z",
|
||
|
"description": "Stage 2",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1okynNTx2kEvx1gBQsmmB3OuS0wQ3A3uE&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0dd-1e48-40ef-9052-0bd60acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:45.000Z",
|
||
|
"modified": "2018-07-10T12:04:45.000Z",
|
||
|
"description": "Stage 2",
|
||
|
"pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1ZFcguS1z4bSCpnMibYZZ8KHdFtN6hscM&export=download']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0dd-9c60-44b5-b917-0bd60acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:45.000Z",
|
||
|
"modified": "2018-07-10T12:04:45.000Z",
|
||
|
"description": "Stage 2",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/winhost.img']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0dd-88a8-4da2-a8ea-0bd60acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:45.000Z",
|
||
|
"modified": "2018-07-10T12:04:45.000Z",
|
||
|
"description": "Stage 2",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/winhost.ver']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0dd-fda8-4bb7-a230-0bd60acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:45.000Z",
|
||
|
"modified": "2018-07-10T12:04:45.000Z",
|
||
|
"description": "Stage 2",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/modernconceptplanet/vsto/master/winhost.img']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b44a0dd-57fc-426a-9f50-0bd60acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:04:45.000Z",
|
||
|
"modified": "2018-07-10T12:04:45.000Z",
|
||
|
"description": "Stage 2",
|
||
|
"pattern": "[url:value = 'https://raw.githubusercontent.com/modernconceptplanet/vsto/master/winhost.ver']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-10T12:04:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b44a12b-a810-4c41-8563-0c950acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-10T12:06:03.000Z",
|
||
|
"modified": "2018-07-10T12:06:03.000Z",
|
||
|
"first_observed": "2018-07-10T12:06:03Z",
|
||
|
"last_observed": "2018-07-10T12:06:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5b44a12b-a810-4c41-8563-0c950acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5b44a12b-a810-4c41-8563-0c950acd0835",
|
||
|
"value": "https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-macro-hijacks-desktop-shortcuts-to-deliver-backdoor/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|