2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--54323f2c-e50c-4268-896c-4867950d210b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:12:57.000Z",
|
|
|
|
"modified": "2014-10-06T07:12:57.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--54323f2c-e50c-4268-896c-4867950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:12:57.000Z",
|
|
|
|
"modified": "2014-10-06T07:12:57.000Z",
|
|
|
|
"name": "OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks",
|
|
|
|
"published": "2016-02-22T14:22:58Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--54323f34-fc28-4ad9-9295-4c32950d210b",
|
|
|
|
"url--54323f34-fc28-4ad9-9295-4c32950d210b",
|
|
|
|
"x-misp-attribute--54323f3e-df38-4d05-b6b8-4b14950d210b",
|
|
|
|
"indicator--54323f9c-2aec-42b7-8abb-41b1950d210b",
|
|
|
|
"indicator--54323f9c-2c00-4d9d-afd8-4ab8950d210b",
|
|
|
|
"indicator--54323f9c-e698-49c5-99e6-4039950d210b",
|
|
|
|
"indicator--54323f9c-4138-4efc-a2ca-4851950d210b",
|
|
|
|
"indicator--54323f9c-12b8-4909-86b1-45a8950d210b",
|
|
|
|
"indicator--54323f9c-2768-4c9f-b004-4fc5950d210b",
|
|
|
|
"indicator--54323f9c-dc1c-442d-843f-490f950d210b",
|
|
|
|
"indicator--54324042-49fc-4628-a95e-44da950d210b",
|
|
|
|
"indicator--54324042-7c14-4318-a5c0-4600950d210b",
|
|
|
|
"indicator--54324042-4f8c-4ce1-b8f6-4be8950d210b",
|
|
|
|
"indicator--54324042-f50c-47f1-9140-435b950d210b",
|
|
|
|
"indicator--54324042-512c-46e0-9551-49cb950d210b",
|
|
|
|
"indicator--54324042-863c-4553-b05c-4174950d210b",
|
|
|
|
"indicator--54324042-a9f0-473c-9284-4f56950d210b",
|
|
|
|
"indicator--54324081-3308-4f1f-8674-4953950d210b",
|
|
|
|
"indicator--54324081-08ec-4161-a2ed-4c75950d210b",
|
|
|
|
"indicator--543240dc-f068-437a-baa9-48f2950d210b",
|
|
|
|
"indicator--543240dc-7fac-4be4-93e8-482b950d210b",
|
|
|
|
"indicator--543240dc-ca14-4537-a5df-4aba950d210b",
|
|
|
|
"x-misp-attribute--543240f9-64e8-41f2-958f-4e21950d210b",
|
|
|
|
"indicator--56c625a7-f31c-460c-9ea1-c652950d210f",
|
|
|
|
"indicator--56c625a9-0850-4f0e-ba6b-59a4950d210f",
|
|
|
|
"indicator--56c625aa-b0e4-4e44-b997-4d98950d210f",
|
|
|
|
"indicator--56c625ab-2708-47fb-bc05-c650950d210f",
|
|
|
|
"indicator--56c625ac-14e4-409a-91bb-c651950d210f",
|
|
|
|
"indicator--56c625ad-4fa8-4a43-9c0e-59a1950d210f",
|
|
|
|
"indicator--56c625ae-9b04-4e28-8806-4e26950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--54323f34-fc28-4ad9-9295-4c32950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:05:24.000Z",
|
|
|
|
"modified": "2014-10-06T07:05:24.000Z",
|
|
|
|
"first_observed": "2014-10-06T07:05:24Z",
|
|
|
|
"last_observed": "2014-10-06T07:05:24Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--54323f34-fc28-4ad9-9295-4c32950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--54323f34-fc28-4ad9-9295-4c32950d210b",
|
|
|
|
"value": "http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt-group-nitro-uncovered/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--54323f3e-df38-4d05-b6b8-4b14950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:05:34.000Z",
|
|
|
|
"modified": "2014-10-06T07:05:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"comment\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "comment",
|
|
|
|
"x_misp_value": "Data encoded by David Andr\u00c3\u00a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54323f9c-2aec-42b7-8abb-41b1950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:07:08.000Z",
|
|
|
|
"modified": "2014-10-06T07:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7915aabb2e66ff14841e4ef0fbff7486']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54323f9c-2c00-4d9d-afd8-4ab8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:07:08.000Z",
|
|
|
|
"modified": "2014-10-06T07:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7522baef20df95eeeeafdf4efe3aac3c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54323f9c-e698-49c5-99e6-4039950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:07:08.000Z",
|
|
|
|
"modified": "2014-10-06T07:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6527ba8baab0f86b0ffb6178247772c4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54323f9c-4138-4efc-a2ca-4851950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:07:08.000Z",
|
|
|
|
"modified": "2014-10-06T07:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '271e6a4d45c2817f86148ca413f97604']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54323f9c-12b8-4909-86b1-45a8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:07:08.000Z",
|
|
|
|
"modified": "2014-10-06T07:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'be765cd5723e4366d35172aaf13fad44']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54323f9c-2768-4c9f-b004-4fc5950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:07:08.000Z",
|
|
|
|
"modified": "2014-10-06T07:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ec519d709c0582346741fe0094208216']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54323f9c-dc1c-442d-843f-490f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:07:08.000Z",
|
|
|
|
"modified": "2014-10-06T07:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a3b2e34973691ad320b70248bd67fbd2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54324042-49fc-4628-a95e-44da950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:09:54.000Z",
|
|
|
|
"modified": "2014-10-06T07:09:54.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0a1103bc90725d4665b932f88e81d39eafa5823b0de3ab146e2d4548b7da79a0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:09:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54324042-7c14-4318-a5c0-4600950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:09:54.000Z",
|
|
|
|
"modified": "2014-10-06T07:09:54.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8aef92a986568ba31729269efa31a2488f35920d136ab41cb6fce55fd8e0b4b7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:09:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54324042-4f8c-4ce1-b8f6-4be8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:09:54.000Z",
|
|
|
|
"modified": "2014-10-06T07:09:54.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '995bc16a5c2c212b57ba00c2376ac57c8032c7f2b1d521f995a5e1d49066d64d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:09:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54324042-f50c-47f1-9140-435b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:09:54.000Z",
|
|
|
|
"modified": "2014-10-06T07:09:54.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e7f2af8c48f837da57000c068368d77bc9b06eba1e077edfab58df6aa2ea40ec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:09:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54324042-512c-46e0-9551-49cb950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:09:54.000Z",
|
|
|
|
"modified": "2014-10-06T07:09:54.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e601da16f923b33465dbafbff9d47195e8fc50099fd0581a16a1745bf890afb6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:09:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54324042-863c-4553-b05c-4174950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:09:54.000Z",
|
|
|
|
"modified": "2014-10-06T07:09:54.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '184c083e839451c2ab0de7a89aa801dc0458e2bd1fe79e60f35c26d92a0dbf6a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:09:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54324042-a9f0-473c-9284-4f56950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:09:54.000Z",
|
|
|
|
"modified": "2014-10-06T07:09:54.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ffbddfb536e8e604c880ec977d06f804a500fc0396899bd2c195fb1f5b74207a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:09:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54324081-3308-4f1f-8674-4953950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:10:57.000Z",
|
|
|
|
"modified": "2014-10-06T07:10:57.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '223.25.233.248']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--54324081-08ec-4161-a2ed-4c75950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:10:57.000Z",
|
|
|
|
"modified": "2014-10-06T07:10:57.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.45.144.12']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--543240dc-f068-437a-baa9-48f2950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:12:28.000Z",
|
|
|
|
"modified": "2014-10-06T07:12:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'xenserver.ddns.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:12:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--543240dc-7fac-4be4-93e8-482b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:12:28.000Z",
|
|
|
|
"modified": "2014-10-06T07:12:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'zipoo.redirectme.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:12:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--543240dc-ca14-4537-a5df-4aba950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:12:28.000Z",
|
|
|
|
"modified": "2014-10-06T07:12:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'good.myftp.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-10-06T07:12:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--543240f9-64e8-41f2-958f-4e21950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-10-06T07:12:57.000Z",
|
|
|
|
"modified": "2014-10-06T07:12:57.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Nitro"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c625a7-f31c-460c-9ea1-c652950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T20:12:23.000Z",
|
|
|
|
"modified": "2016-02-18T20:12:23.000Z",
|
|
|
|
"description": "Automatically added (via 7915aabb2e66ff14841e4ef0fbff7486)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0ea76f1586c008932d90c991dfdd5042f3aac8ea']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T20:12:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c625a9-0850-4f0e-ba6b-59a4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T20:12:25.000Z",
|
|
|
|
"modified": "2016-02-18T20:12:25.000Z",
|
|
|
|
"description": "Automatically added (via 7522baef20df95eeeeafdf4efe3aac3c)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7c5b1cd43daa19289d629fd969ea0b16c04803fb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T20:12:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c625aa-b0e4-4e44-b997-4d98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T20:12:26.000Z",
|
|
|
|
"modified": "2016-02-18T20:12:26.000Z",
|
|
|
|
"description": "Automatically added (via 6527ba8baab0f86b0ffb6178247772c4)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'd76a8a3c3e6f14ba31e1a42fa63455260f2a9b1a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T20:12:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c625ab-2708-47fb-bc05-c650950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T20:12:27.000Z",
|
|
|
|
"modified": "2016-02-18T20:12:27.000Z",
|
|
|
|
"description": "Automatically added (via 271e6a4d45c2817f86148ca413f97604)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8554ac096023dec3235a4c627cc9fd4c5ab0cac8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T20:12:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c625ac-14e4-409a-91bb-c651950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T20:12:28.000Z",
|
|
|
|
"modified": "2016-02-18T20:12:28.000Z",
|
|
|
|
"description": "Automatically added (via be765cd5723e4366d35172aaf13fad44)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0a0a610b209dbed9029dbdf2843f7682b6a5c6ad']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T20:12:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c625ad-4fa8-4a43-9c0e-59a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T20:12:29.000Z",
|
|
|
|
"modified": "2016-02-18T20:12:29.000Z",
|
|
|
|
"description": "Automatically added (via ec519d709c0582346741fe0094208216)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '074df94be307c60e1c1b35c5872654dabb3d61f7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T20:12:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c625ae-9b04-4e28-8806-4e26950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T20:12:30.000Z",
|
|
|
|
"modified": "2016-02-18T20:12:30.000Z",
|
|
|
|
"description": "Automatically added (via a3b2e34973691ad320b70248bd67fbd2)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5591bae552004f38964f6a0bec7bf9ce5f2b37cc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T20:12:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:GREEN",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "green"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|