2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--544fee45-f108-4fa6-ace9-3989950d210b" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2017-06-22T20:32:13.000Z" ,
"modified" : "2017-06-22T20:32:13.000Z" ,
"name" : "CthulhuSPRL.be" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--544fee45-f108-4fa6-ace9-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2017-06-22T20:32:13.000Z" ,
"modified" : "2017-06-22T20:32:13.000Z" ,
"name" : "OSINT APT28: A Window into Russia\u00e2\u20ac\u2122s Cyber Espionage Operations? blog post by FireEye" ,
"published" : "2017-06-22T20:33:52Z" ,
"object_refs" : [
"observed-data--544fee5a-2d54-45c7-96ae-4193950d210b" ,
"url--544fee5a-2d54-45c7-96ae-4193950d210b" ,
"observed-data--544fee5a-07ec-4539-803c-4ec7950d210b" ,
"url--544fee5a-07ec-4539-803c-4ec7950d210b" ,
"x-misp-attribute--544fee65-d4e8-4b02-a4db-073f950d210b" ,
"x-misp-attribute--544fee73-8964-4c74-a279-b8e1950d210b" ,
"indicator--544ff45d-2f3c-4809-9279-3989950d210b" ,
"indicator--544ff45e-39b0-4303-9ba7-3989950d210b" ,
"indicator--544ff45e-a25c-46b3-9505-3989950d210b" ,
"indicator--544ff45e-c6c0-4b28-9733-3989950d210b" ,
"indicator--544ff45e-e07c-4056-99a5-3989950d210b" ,
"indicator--544ff45e-4d2c-49ab-bf10-3989950d210b" ,
"indicator--544ff45e-de0c-406b-b09b-3989950d210b" ,
"indicator--544ff45e-3774-4904-9235-3989950d210b" ,
"indicator--544ff45e-dc88-4862-a57a-3989950d210b" ,
"indicator--544ff45e-e8bc-40be-8afc-3989950d210b" ,
"indicator--544ff471-3828-428e-90a6-47e1950d210b" ,
"indicator--544ff472-726c-4994-bb01-4d53950d210b" ,
"indicator--544ff482-06e0-40ab-a168-52be950d210b" ,
"indicator--544ff483-93ec-4a79-b783-52be950d210b" ,
"indicator--544ff483-fb00-4642-b300-52be950d210b" ,
"indicator--544ff483-dd28-48ac-a3a8-52be950d210b" ,
"indicator--544ff483-0214-4d43-ae3d-52be950d210b" ,
"indicator--544ff483-8e0c-4abe-8c30-52be950d210b" ,
"indicator--544ff483-3fa0-4d2b-bfa8-52be950d210b" ,
"indicator--544ff483-af00-4c6c-a454-52be950d210b" ,
"indicator--544ff483-7b7c-4e49-88c5-52be950d210b" ,
"indicator--544ff483-f044-4c5b-a1f8-52be950d210b" ,
"indicator--544ff483-c8dc-4aa7-9aea-52be950d210b" ,
"indicator--544ff49a-5084-4354-bf30-3989950d210b" ,
"indicator--544ff49a-9d70-430a-a6d7-3989950d210b" ,
"indicator--544ff49a-57fc-4f67-ad9f-3989950d210b" ,
"indicator--544ff49a-dfe0-4466-ba42-3989950d210b" ,
"indicator--544ff49a-9920-4e52-8790-3989950d210b" ,
"indicator--544ff4c2-914c-482f-aa29-4c43950d210b" ,
"indicator--544ff4c2-6e34-48b8-ac27-4730950d210b" ,
"observed-data--8041a130-1ead-43b7-9e3d-a8e19057292d" ,
"file--8041a130-1ead-43b7-9e3d-a8e19057292d" ,
"x-misp-attribute--23755a4c-fdfa-420e-964d-565ce679332f" ,
"observed-data--ef486ea3-4023-4fcc-960a-58eb87d77a03" ,
"file--ef486ea3-4023-4fcc-960a-58eb87d77a03" ,
"x-misp-attribute--54509659-ab28-4778-9e1a-449d950d210b" ,
"observed-data--54509659-bbf4-4523-a9db-42a6950d210b" ,
"file--54509659-bbf4-4523-a9db-42a6950d210b" ,
"artifact--54509659-bbf4-4523-a9db-42a6950d210b" ,
"observed-data--5450968b-cab4-4442-9cc7-4e1c950d210b" ,
"file--5450968b-cab4-4442-9cc7-4e1c950d210b" ,
"artifact--5450968b-cab4-4442-9cc7-4e1c950d210b" ,
"observed-data--0195bdbb-61bd-4fdd-bc80-cc130234b0a9" ,
"file--0195bdbb-61bd-4fdd-bc80-cc130234b0a9" ,
"x-misp-attribute--d96396b2-672a-4518-87a2-53c66d20676a" ,
"x-misp-attribute--545096c5-e860-4c9c-97fc-4d8c950d210b" ,
"observed-data--545096c5-f8c8-49ac-9b71-4e72950d210b" ,
"file--545096c5-f8c8-49ac-9b71-4e72950d210b" ,
"artifact--545096c5-f8c8-49ac-9b71-4e72950d210b" ,
"indicator--30842d86-e073-4b6e-a5e0-d6b354f6847a" ,
"x-misp-attribute--a0e443e4-6a41-4856-8c14-d1a271ba7b6b" ,
"x-misp-attribute--545096eb-1e24-4dd2-861e-46b7950d210b" ,
"observed-data--545096eb-3080-401b-9a3a-4f7f950d210b" ,
"file--545096eb-3080-401b-9a3a-4f7f950d210b" ,
"artifact--545096eb-3080-401b-9a3a-4f7f950d210b" ,
"indicator--5ea9f200-01f1-411e-94e3-49903f14d6f9" ,
"indicator--3f83ca5b-9a2c-4aeb-94ef-28093f6709f8" ,
"indicator--3fe4547e-5e19-4bb3-9792-eb382de45eb0" ,
"indicator--020e58f2-e4f2-4801-b731-d26589bd96b6" ,
"indicator--b48a7011-59d9-4c53-8d6c-2710d705b0c6" ,
"indicator--9106bde9-52f4-49db-86a1-13f4363bc029" ,
"indicator--8253e6f6-4248-4751-a818-f5d77efd469c" ,
"indicator--b707e318-bb58-4965-be62-a15ccf896891" ,
"indicator--51c11809-d0be-45e0-a035-e5d63686e889" ,
"indicator--21169314-ed29-4148-a70e-e9798894ea55" ,
"x-misp-attribute--87ba0439-df69-4c21-9013-be773de352ce" ,
"x-misp-attribute--2660589c-6263-44e1-b4de-484db317f93c" ,
"x-misp-attribute--e3fad633-2b34-4bdb-864e-be495f549e2a" ,
"x-misp-attribute--820fc95e-3d6f-4771-a592-fb60811fa0c0" ,
"observed-data--e704246d-ecca-4ac5-82a7-404c93aab893" ,
"file--e704246d-ecca-4ac5-82a7-404c93aab893" ,
"observed-data--91b06096-1333-470f-8d49-f408b51d84a1" ,
"file--91b06096-1333-470f-8d49-f408b51d84a1" ,
"observed-data--37148f5b-fff5-4c9e-98aa-f52fb01a3547" ,
"file--37148f5b-fff5-4c9e-98aa-f52fb01a3547" ,
"observed-data--09dd2172-ed97-433f-9c59-517161b78b2d" ,
"file--09dd2172-ed97-433f-9c59-517161b78b2d" ,
"observed-data--590e7aef-7df8-47cd-916a-360d83f132f5" ,
"network-traffic--590e7aef-7df8-47cd-916a-360d83f132f5" ,
"ipv4-addr--590e7aef-7df8-47cd-916a-360d83f132f5" ,
"observed-data--5fa65919-9467-4de8-9cb7-8574ff86b85d" ,
"file--5fa65919-9467-4de8-9cb7-8574ff86b85d" ,
"indicator--ec771d67-32c0-4076-8e9f-d9ce6b9f2a80" ,
"x-misp-attribute--54509725-4978-4706-bf95-4638950d210b" ,
"observed-data--54509725-678c-4a8c-a283-4c8c950d210b" ,
"file--54509725-678c-4a8c-a283-4c8c950d210b" ,
"artifact--54509725-678c-4a8c-a283-4c8c950d210b" ,
"observed-data--54515172-0784-49fe-bdff-b9b0950d210b" ,
"url--54515172-0784-49fe-bdff-b9b0950d210b" ,
"observed-data--54515172-3364-46b3-9145-b9b0950d210b" ,
"url--54515172-3364-46b3-9145-b9b0950d210b" ,
"observed-data--54515172-b254-4a77-8bc0-b9b0950d210b" ,
"url--54515172-b254-4a77-8bc0-b9b0950d210b" ,
"observed-data--54515172-b94c-41ae-9be0-b9b0950d210b" ,
"url--54515172-b94c-41ae-9be0-b9b0950d210b" ,
"observed-data--54515172-354c-4406-8bde-b9b0950d210b" ,
"url--54515172-354c-4406-8bde-b9b0950d210b" ,
"observed-data--54515172-24ac-4754-a2a6-b9b0950d210b" ,
"url--54515172-24ac-4754-a2a6-b9b0950d210b" ,
"observed-data--54515172-969c-4f4b-a2c1-b9b0950d210b" ,
"url--54515172-969c-4f4b-a2c1-b9b0950d210b" ,
"observed-data--54515172-dd3c-426c-ae5a-b9b0950d210b" ,
"url--54515172-dd3c-426c-ae5a-b9b0950d210b" ,
"observed-data--54515172-60d4-4a77-b1c4-b9b0950d210b" ,
"url--54515172-60d4-4a77-b1c4-b9b0950d210b" ,
"observed-data--54515172-bbc8-45b9-899f-b9b0950d210b" ,
"url--54515172-bbc8-45b9-899f-b9b0950d210b" ,
"observed-data--54515172-e024-4106-9098-b9b0950d210b" ,
"url--54515172-e024-4106-9098-b9b0950d210b" ,
"indicator--545151b0-b7b4-4d33-a3c6-6181950d210b" ,
"x-misp-attribute--545154ef-0bac-4215-ba2d-4ab3950d210b" ,
"x-misp-attribute--545154ef-3db8-4a5a-9726-47c9950d210b" ,
"x-misp-attribute--545154ef-3854-4a2b-9b51-403e950d210b" ,
"x-misp-attribute--545154ef-7dfc-4e2c-88b8-4fab950d210b" ,
"indicator--5451559b-be98-46ff-9f68-800f950d210b" ,
"indicator--5451559b-5a28-4c55-ba34-800f950d210b" ,
"indicator--5451559b-69cc-4db0-a51c-800f950d210b" ,
"indicator--545155d1-e76c-4f65-aae3-b9b0950d210b" ,
"indicator--545155d1-4304-461e-9615-b9b0950d210b" ,
"indicator--56c63fb9-0644-4c76-b9d5-c653950d210f" ,
"indicator--56c63fbc-c38c-4ebe-a6b2-40e8950d210f" ,
"indicator--56c63fbf-d514-4dbf-b3dc-599c950d210f" ,
"indicator--56c63fc1-5308-452f-8ea2-4958950d210f" ,
"indicator--56c63fc4-59e8-4951-8576-c652950d210f" ,
"indicator--56c63fc6-f364-4e59-a679-c650950d210f" ,
"indicator--56c63fc9-2818-407f-8c13-42f1950d210f" ,
"indicator--56c63fcc-fa60-440b-bb3f-59a1950d210f" ,
"indicator--56c63fcf-2d28-4d26-b266-c652950d210f" ,
"indicator--56c63fd1-439c-4d04-9e0d-c651950d210f" ,
"indicator--56c63fd4-1d2c-453b-873d-5ca1950d210f" ,
"indicator--56c63fbb-19c0-43af-a6b7-599f950d210f" ,
"indicator--56c63fbd-3ca8-4b5b-91d1-4b0d950d210f" ,
"indicator--56c63fc0-ec50-4ce9-95e1-599d950d210f" ,
"indicator--56c63fc2-d3a8-4484-977c-44e8950d210f" ,
"indicator--56c63fc5-4654-4248-b045-599c950d210f" ,
"indicator--56c63fc8-fe70-4a09-8e89-c651950d210f" ,
"indicator--56c63fca-b464-4f85-8926-59a2950d210f" ,
"indicator--56c63fcd-0868-4b54-a95d-5ca1950d210f" ,
"indicator--56c63fd0-08cc-4889-8343-4d32950d210f" ,
"indicator--56c63fd2-40b8-4459-8d9a-c653950d210f" ,
"indicator--56c63fd5-98f8-4ed5-bc19-c654950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"misp-galaxy:threat-actor=\"Sofacy\""
] ,
"object_marking_refs" : [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--544fee5a-2d54-45c7-96ae-4193950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:28:26.000Z" ,
"modified" : "2014-10-28T19:28:26.000Z" ,
"first_observed" : "2014-10-28T19:28:26Z" ,
"last_observed" : "2014-10-28T19:28:26Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--544fee5a-2d54-45c7-96ae-4193950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--544fee5a-2d54-45c7-96ae-4193950d210b" ,
"value" : "http://www.fireeye.com/blog/technical/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--544fee5a-07ec-4539-803c-4ec7950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:28:26.000Z" ,
"modified" : "2014-10-28T19:28:26.000Z" ,
"first_observed" : "2014-10-28T19:28:26Z" ,
"last_observed" : "2014-10-28T19:28:26Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--544fee5a-07ec-4539-803c-4ec7950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--544fee5a-07ec-4539-803c-4ec7950d210b" ,
"value" : "http://www.fireeye.com/resources/pdfs/apt28.pdf"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--544fee65-d4e8-4b02-a4db-073f950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:28:37.000Z" ,
"modified" : "2014-10-28T19:28:37.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "APT28"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--544fee73-8964-4c74-a279-b8e1950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:47:30.000Z" ,
"modified" : "2014-10-29T20:47:30.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Data entered by David Andr\u00c3\u00a9 with CIRCL collaboration"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff45d-2f3c-4809-9279-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:05.000Z" ,
"modified" : "2014-10-28T19:54:05.000Z" ,
"description" : "Phishing domains" ,
"pattern" : "[domain-name:value = 'kavkazcentr.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff45e-39b0-4303-9ba7-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:06.000Z" ,
"modified" : "2014-10-28T19:54:06.000Z" ,
"description" : "Phishing domains" ,
"pattern" : "[domain-name:value = 'rnil.am']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff45e-a25c-46b3-9505-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:06.000Z" ,
"modified" : "2014-10-28T19:54:06.000Z" ,
"description" : "Phishing domains" ,
"pattern" : "[domain-name:value = 'standartnevvs.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff45e-c6c0-4b28-9733-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:06.000Z" ,
"modified" : "2014-10-28T19:54:06.000Z" ,
"description" : "Phishing domains" ,
"pattern" : "[domain-name:value = 'novinitie.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff45e-e07c-4056-99a5-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:06.000Z" ,
"modified" : "2014-10-28T19:54:06.000Z" ,
"description" : "Phishing domains" ,
"pattern" : "[domain-name:value = 'n0vinite.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff45e-4d2c-49ab-bf10-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:06.000Z" ,
"modified" : "2014-10-28T19:54:06.000Z" ,
"description" : "Phishing domains" ,
"pattern" : "[domain-name:value = 'qov.hu.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff45e-de0c-406b-b09b-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:06.000Z" ,
"modified" : "2014-10-28T19:54:06.000Z" ,
"description" : "Phishing domains" ,
"pattern" : "[domain-name:value = 'q0v.pl']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff45e-3774-4904-9235-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:06.000Z" ,
"modified" : "2014-10-28T19:54:06.000Z" ,
"description" : "Phishing domains" ,
"pattern" : "[domain-name:value = 'nato.nshq.in']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff45e-dc88-4862-a57a-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:06.000Z" ,
"modified" : "2014-10-28T19:54:06.000Z" ,
"description" : "Phishing domains" ,
"pattern" : "[domain-name:value = 'natoexhibitionff14.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff45e-e8bc-40be-8afc-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:06.000Z" ,
"modified" : "2014-10-28T19:54:06.000Z" ,
"description" : "Phishing domains" ,
"pattern" : "[domain-name:value = 'login-osce.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff471-3828-428e-90a6-47e1950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:46:22.000Z" ,
"modified" : "2014-10-29T20:46:22.000Z" ,
"description" : "Phishing hostnames" ,
"pattern" : "[domain-name:value = 'mail.q0v.pl']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:46:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff472-726c-4994-bb01-4d53950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:46:22.000Z" ,
"modified" : "2014-10-29T20:46:22.000Z" ,
"description" : "Phishing hostnames" ,
"pattern" : "[domain-name:value = 'poczta.mon.q0v.pl']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:46:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff482-06e0-40ab-a168-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:42.000Z" ,
"modified" : "2014-10-28T19:54:42.000Z" ,
"pattern" : "[file:hashes.MD5 = '272f0fde35dbdfccbca1e33373b3570d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff483-93ec-4a79-b783-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:43.000Z" ,
"modified" : "2014-10-28T19:54:43.000Z" ,
"pattern" : "[file:hashes.MD5 = '8b92fe86c5b7a9e34f433a6fbac8bc3a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff483-fb00-4642-b300-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:43.000Z" ,
"modified" : "2014-10-28T19:54:43.000Z" ,
"pattern" : "[file:hashes.MD5 = '9eebfebe3987fec3c395594dc57a0c4c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff483-dd28-48ac-a3a8-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:43.000Z" ,
"modified" : "2014-10-28T19:54:43.000Z" ,
"pattern" : "[file:hashes.MD5 = 'da2a657dc69d7320f2ffc87013f257ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff483-0214-4d43-ae3d-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:43.000Z" ,
"modified" : "2014-10-28T19:54:43.000Z" ,
"pattern" : "[file:hashes.MD5 = '1259c4fe5efd9bf07fc4c78466f2dd09']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff483-8e0c-4abe-8c30-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:43.000Z" ,
"modified" : "2014-10-28T19:54:43.000Z" ,
"pattern" : "[file:hashes.MD5 = '3b0ecd011500f61237c205834db0e13a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff483-3fa0-4d2b-bfa8-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:43.000Z" ,
"modified" : "2014-10-28T19:54:43.000Z" ,
"pattern" : "[file:hashes.MD5 = '5882fda97fdf78b47081cc4105d44f7c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff483-af00-4c6c-a454-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:43.000Z" ,
"modified" : "2014-10-28T19:54:43.000Z" ,
"pattern" : "[file:hashes.MD5 = '791428601ad12b9230b9ace4f2138713']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff483-7b7c-4e49-88c5-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:43.000Z" ,
"modified" : "2014-10-28T19:54:43.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ead4ec18ebce6890d20757bb9f5285b1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff483-f044-4c5b-a1f8-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:43.000Z" ,
"modified" : "2014-10-28T19:54:43.000Z" ,
"pattern" : "[file:hashes.MD5 = '48656a93f9ba39410763a2196aabc67f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff483-c8dc-4aa7-9aea-52be950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:54:43.000Z" ,
"modified" : "2014-10-28T19:54:43.000Z" ,
"pattern" : "[file:hashes.MD5 = '8c4fa713c5e2b009114adda758adc445']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:54:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff49a-5084-4354-bf30-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:55:06.000Z" ,
"modified" : "2014-10-28T19:55:06.000Z" ,
"description" : "CnC servers" ,
"pattern" : "[domain-name:value = 'adobeincorp.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:55:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff49a-9d70-430a-a6d7-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:55:06.000Z" ,
"modified" : "2014-10-28T19:55:06.000Z" ,
"description" : "CnC servers" ,
"pattern" : "[domain-name:value = 'windows-updater.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:55:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff49a-57fc-4f67-ad9f-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:55:06.000Z" ,
"modified" : "2014-10-28T19:55:06.000Z" ,
"description" : "CnC servers" ,
"pattern" : "[domain-name:value = 'adawareblock.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:55:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff49a-dfe0-4466-ba42-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:55:06.000Z" ,
"modified" : "2014-10-28T19:55:06.000Z" ,
"description" : "CnC servers" ,
"pattern" : "[domain-name:value = 'windous.kz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:55:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff49a-9920-4e52-8790-3989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:55:06.000Z" ,
"modified" : "2014-10-28T19:55:06.000Z" ,
"description" : "CnC servers" ,
"pattern" : "[domain-name:value = 'wind0ws.kz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:55:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff4c2-914c-482f-aa29-4c43950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:55:46.000Z" ,
"modified" : "2014-10-28T19:55:46.000Z" ,
"pattern" : "[email-message:to_refs[*].value = 'lisa.cuddy@wind0ws.kz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:55:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"email-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--544ff4c2-6e34-48b8-ac27-4730950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-28T19:55:46.000Z" ,
"modified" : "2014-10-28T19:55:46.000Z" ,
"pattern" : "[email-message:to_refs[*].value = 'dr.house@wind0ws.kz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-28T19:55:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"email-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--8041a130-1ead-43b7-9e3d-a8e19057292d" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:25:13.000Z" ,
"modified" : "2014-10-29T07:25:13.000Z" ,
"first_observed" : "2014-10-29T07:25:13Z" ,
"last_observed" : "2014-10-29T07:25:13Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--8041a130-1ead-43b7-9e3d-a8e19057292d"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--8041a130-1ead-43b7-9e3d-a8e19057292d" ,
"name" : "Application Data\\Microsoft\\MediaPlayer\\"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--23755a4c-fdfa-420e-964d-565ce679332f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:25:13.000Z" ,
"modified" : "2014-10-29T07:25:13.000Z" ,
"labels" : [
"misp:type=\"other\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "other" ,
"x_misp_value" : "ProcessItem/name: updatewindws.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--ef486ea3-4023-4fcc-960a-58eb87d77a03" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:25:13.000Z" ,
"modified" : "2014-10-29T07:25:13.000Z" ,
"first_observed" : "2014-10-29T07:25:13Z" ,
"last_observed" : "2014-10-29T07:25:13Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--ef486ea3-4023-4fcc-960a-58eb87d77a03"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--ef486ea3-4023-4fcc-960a-58eb87d77a03" ,
"name" : "updatewindws.exe"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--54509659-ab28-4778-9e1a-449d950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:25:13.000Z" ,
"modified" : "2014-10-29T07:25:13.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "long_info: OLDBAIT is a credential harvester. Both the internal strings and logic are obfuscated and are unpacked at startup. It harvests credentials from Internet Explorer, Mozilla Firefox, Eudora, The Bat! (an email client made by a Moldovan company), and Becky! (an email client made by a Japanese company). It can use both email or HTTP to send out the collected credentials."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54509659-bbf4-4523-a9db-42a6950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:25:13.000Z" ,
"modified" : "2014-10-29T07:25:13.000Z" ,
"first_observed" : "2014-10-29T07:25:13Z" ,
"last_observed" : "2014-10-29T07:25:13Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--54509659-bbf4-4523-a9db-42a6950d210b" ,
"artifact--54509659-bbf4-4523-a9db-42a6950d210b"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--54509659-bbf4-4523-a9db-42a6950d210b" ,
"name" : "a438caeb-96dd-4225-853c-fc5910980961.ioc" ,
"content_ref" : "artifact--54509659-bbf4-4523-a9db-42a6950d210b"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--54509659-bbf4-4523-a9db-42a6950d210b" ,
"payload_bin" : "PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPCEtLQogICAgVElUTEU6ICAgICAgICAgIGE0MzhjYWViLTk2ZGQtNDIyNS04NTNjLWZjNTkxMDk4MDk2MS5pb2MKICAgIFZFUlNJT046ICAgICAgICAxLjAKICAgIERFU0NSSVBUSU9OOiAgICBPcGVuSU9DIGZpbGUKICAgIExJQ0VOU0U6ICAgICAgICBDb3B5cmlnaHQgMjAxNCBGaXJlRXllIENvcnBvcmF0aW9uLiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSAyLjAgbGljZW5zZS4KCiAgICBGaXJlRXllIGxpY2Vuc2VzIHRoaXMgZmlsZSB0byB5b3UgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uCiAgICAyLjAgKHRoZSAiTGljZW5zZSIpOyB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlCiAgICBMaWNlbnNlLiAgWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0OgoKICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCgogICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICAgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKICAgIFdJVEhPVVQgV0FSUkFOVElFUyBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBlaXRoZXIgZXhwcmVzcyBvcgogICAgaW1wbGllZC4gIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZwogICAgcGVybWlzc2lvbnMgYW5kIGxpbWl0YXRpb25zIHVuZGVyIHRoZSBMaWNlbnNlLgotLT4KPGlvYyB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxucz0iaHR0cDovL3NjaGVtYXMubWFuZGlhbnQuY29tLzIwMTAvaW9jIiBpZD0iYTQzOGNhZWItOTZkZC00MjI1LTg1M2MtZmM1OTEwOTgwOTYxIiBsYXN0LW1vZGlmaWVkPSIyMDE0LTEwLTE5VDE1OjQxOjQ4WiI+CiAgPHNob3J0X2Rlc2NyaXB0aW9uPk9MREJBSVQgKFJFUE9SVCk8L3Nob3J0X2Rlc2NyaXB0aW9uPgogIDxkZXNjcmlwdGlvbj5PTERCQUlUIGlzIGEgY3JlZGVudGlhbCBoYXJ2ZXN0ZXIuIEJvdGggdGhlIGludGVybmFsIHN0cmluZ3MgYW5kIGxvZ2ljIGFyZSBvYmZ1c2NhdGVkIGFuZCBhcmUgdW5wYWNrZWQgYXQgc3RhcnR1cC4gSXQgaGFydmVzdHMgY3JlZGVudGlhbHMgZnJvbSBJbnRlcm5ldCBFeHBsb3JlciwgTW96aWxsYSBGaXJlZm94LCBFdWRvcmEsIFRoZSBCYXQhIChhbiBlbWFpbCBjbGllbnQgbWFkZSBieSBhIE1vbGRvdmFuIGNvbXBhbnkpLCBhbmQgQmVja3khIChhbiBlbWFpbCBjbGllbnQgbWFkZSBieSBhIEphcGFuZXNlIGNvbXBhbnkpLiAgSXQgY2FuIHVzZSBib3RoIGVtYWlsIG9yIEhUVFAgdG8gc2VuZCBvdXQgdGhlIGNvbGxlY3RlZCBjcmVkZW50aWFscy4KPC9kZXNjcmlwdGlvbj4KICA8a2V5d29yZHMvPgogIDxhdXRob3JlZF9ieT5GaXJlRXllPC9hdXRob3JlZF9ieT4KICA8YXV0aG9yZWRfZGF0ZT4yMDE0LTEwLTE3VDAyOjAyOjUyWjwvYXV0aG9yZWRfZGF0ZT4KICA8bGlua3M+CiAgICA8bGluayByZWw9InRocmVhdGNhdGVnb3J5Ij5BUFQ8L2xpbms+CiAgICA8bGluayByZWw9InRocmVhdGdyb3VwIj5BUFQyODwvbGluaz4KICAgIDxsaW5rIHJlbD0iY2F0ZWdvcnkiPkNyZWRlbnRpYWwgU3RlYWxlcjwvbGluaz4KICAgIDxsaW5rIHJlbD0iZmFtaWx5Ij5PTERCQUlUPC9saW5rPgogICAgPGxpbmsgcmVsPSJsaWNlbnNlIj5BcGFjaGUgMi4wPC9saW5rPgogIDwvbGlua3M+CiAgPGRlZmluaXRpb24+CiAgICA8SW5kaWNhdG9yIGlkPSJlOTkxNmZjMC03ODI1LTRmYTEtOWY2ZC1jNTQwYTVjZjZkNWUiIG9wZXJhdG9yPSJPUiI+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSI4MDQxYTEzMC0xZWFkLTQzYjctOWUzZC1hOGUxOTA1NzI5MmQiIGNvbmRpdGlvbj0iY29udGFpbnMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9GdWxsUGF0aCIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5BcHBsaWNhdGlvbiBEYXRhXE1pY3Jvc29mdFxNZWRpYVBsYXllclw8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjIzNzU1YTRjLWZkZmEtNDIwZS05NjRkLTU2NWNlNjc5MzMyZiIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IlByb2Nlc3NJdGVtIiBzZWFyY2g9IlByb2Nlc3NJdGVtL25hbWUiIHR5cGU9Im1pciIvPgogICAgICAgIDxDb250ZW50IHR5cGU9InN0cmluZyI+dXBkYXRld2luZHdzLmV4ZTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iZWY0ODZlYTMtNDAyMy00ZmNjLTk2MGEtNThlYjg3ZDc3YTAzIiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vRmlsZU5hbWUiIHR5cGU9Im1pciIvPgogICAgICAgIDxDb250ZW50IHR5cGU9InN0cmluZyI+dXBkYXRld2luZHdzLmV4ZTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgPC9JbmRpY2F0b3I+CiAgPC9kZWZpbml0aW9uPgo8L2lvYz4K"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5450968b-cab4-4442-9cc7-4e1c950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:26:03.000Z" ,
"modified" : "2014-10-29T07:26:03.000Z" ,
"first_observed" : "2014-10-29T07:26:03Z" ,
"last_observed" : "2014-10-29T07:26:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5450968b-cab4-4442-9cc7-4e1c950d210b" ,
"artifact--5450968b-cab4-4442-9cc7-4e1c950d210b"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5450968b-cab4-4442-9cc7-4e1c950d210b" ,
"name" : "0ff58bf9-1c07-42f6-b135-b18c139f631a.ioc" ,
"content_ref" : "artifact--5450968b-cab4-4442-9cc7-4e1c950d210b"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5450968b-cab4-4442-9cc7-4e1c950d210b" ,
"payload_bin" : " P D 94 b W w g d m V y c 2 l v b j 0 n M S 4 w J y B l b m N v Z G l u Z z 0 n V V R G L T g n P z 4 K P C E t L Q o g I C A g V E l U T E U 6 I C A g I C A g I C A g I D B m Z j U 4 Y m Y 5 L T F j M D c t N D J m N i 1 i M T M 1 L W I x O G M x M z l m N j M x Y S 5 p b 2 M K I C A g I F Z F U l N J T 0 46 I C A g I C A g I C A x L j A K I C A g I E R F U 0 N S S V B U S U 9 O O i A g I C B P c G V u S U 9 D I G Z p b G U K I C A g I E x J Q 0 V O U 0 U 6 I C A g I C A g I C B D b 3 B 5 c m l n a H Q g M j A x N C B G a X J l R X l l I E N v c n B v c m F 0 a W 9 u L i A g T G l j Z W 5 z Z W Q g d W 5 k Z X I g d G h l I E F w Y W N o Z S A y L j A g b G l j Z W 5 z Z S 4 K C i A g I C B G a X J l R X l l I G x p Y 2 V u c 2 V z I H R o a X M g Z m l s Z S B 0 b y B 5 b 3 U g d W 5 k Z X I g d G h l I E F w Y W N o Z S B M a W N l b n N l L C B W Z X J z a W 9 u C i A g I C A y L j A g K H R o Z S A i T G l j Z W 5 z Z S I p O y B 5 b 3 U g b W F 5 I G 5 v d C B 1 c 2 U g d G h p c y B m a W x l I G V 4 Y 2 V w d C B p b i B j b 21 w b G l h b m N l I H d p d G g g d G h l C i A g I C B M a W N l b n N l L i A g W W 91 I G 1 h e S B v Y n R h a W 4 g Y S B j b 3 B 5 I G 9 m I H R o Z S B M a W N l b n N l I G F 0 O g o K I C A g I C A g I C A g I C A g a H R 0 c D o v L 3 d 3 d y 5 h c G F j a G U u b 3 J n L 2 x p Y 2 V u c 2 V z L 0 x J Q 0 V O U 0 U t M i 4 w C g o g I C A g V W 5 s Z X N z I H J l c X V p c m V k I G J 5 I G F w c G x p Y 2 F i b G U g b G F 3 I G 9 y I G F n c m V l Z C B 0 b y B p b i B 3 c m l 0 a W 5 n L C B z b 2 Z 0 d 2 F y Z Q o g I C A g Z G l z d H J p Y n V 0 Z W Q g d W 5 k Z X I g d G h l I E x p Y 2 V u c 2 U g a X M g Z G l z d H J p Y n V 0 Z W Q g b 24 g Y W 4 g I k F T I E l T I i B C Q V N J U y w K I C A g I F d J V E h P V V Q g V 0 F S U k F O V E l F U y B P U i B D T 0 5 E S V R J T 0 5 T I E 9 G I E F O W S B L S U 5 E L C B l a X R o Z X I g Z X h w c m V z c y B v c g o g I C A g a W 1 w b G l l Z C 4 g I F N l Z S B 0 a G U g T G l j Z W 5 z Z S B m b 3 I g d G h l I H N w Z W N p Z m l j I G x h b m d 1 Y W d l I G d v d m V y b m l u Z w o g I C A g c G V y b W l z c 2 l v b n M g Y W 5 k I G x p b W l 0 Y X R p b 25 z I H V u Z G V y I H R o Z S B M a W N l b n N l L g o t L T 4 K P G l v Y y B 4 b W x u c z p 4 c 2 k 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h L W l u c 3 R h b m N l I i B 4 b W x u c z p 4 c 2 Q 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h I i B 4 b W x u c z 0 i a H R 0 c D o v L 3 N j a G V t Y X M u b W F u Z G l h b n Q u Y 29 t L z I w M T A v a W 9 j I i B p Z D 0 i M G Z m N T h i Z j k t M W M w N y 0 0 M m Y 2 L W I x M z U t Y j E 4 Y z E z O W Y 2 M z F h I i B s Y X N 0 L W 1 v Z G l m a W V k P S I y M D E 0 L T E w L T E 3 V D I w O j U 0 O j U z W i I + C i A g P H N o b 3 J 0 X 2 R l c 2 N y a X B 0 a W 9 u P k F Q V D I 4 I E R P T U F J T l M g K F J F U E 9 S V C k 8 L 3 N o b 3 J 0 X 2 R l c 2 N y a X B 0 a W 9 u P g o g I D x k Z X N j c m l w d G l v b j 5 E b 21 h a W 5 z I H V z Z W Q g Y n k g Q V B U M j g u P C 9 k Z X N j c m l w d G l v b j 4 K I C A 8 a 2 V 5 d 29 y Z H M v P g o g I D x h d X R o b 3 J l Z F 9 i e T 5 G a X J l R X l l P C 9 h d X R o b 3 J l Z F 9 i e T 4 K I C A 8 Y X V 0 a G 9 y Z W R f Z G F 0 Z T 4 y M D E 0 L T E w L T E 3 V D A y O j A 0 O j M 0 W j w v Y X V 0 a G 9 y Z W R f Z G F 0 Z T 4 K I C A 8 b G l u a 3 M + C i A g I C A 8 b G l u a y B y Z W w 9 I n R o c m V h d G N h d G V n b 3 J 5 I j 5 B U F Q 8 L 2 x p b m s + C i A g I C A 8 b G l u a y B y Z W w 9 I n R o c m V h d G d y b 3 V w I j 5 B U F Q y O D w v b G l u a z 4 K I C A g I D x s a W 5 r I H J l b D 0 i b G l j Z W 5 z Z S I + Q X B h Y 2 h l I D I u M D w v b G l u a z 4 K I C A 8 L 2 x p b m t z P g o g I D x k Z W Z p b m l 0 a W 9 u P g o g I C A g P E l u Z G l j Y X R v c i B p Z D 0 i Y 2 Z i N D Y y M z Q t M D E y Y S 0 0 M 2 M 4 L W E 3 N j M t Z j Y z N m M w N T Y 2 M D Z l I i B v c G V y Y X R v c j 0 i T 1 I i P g o g I C A g I C A 8 S W 5 k a W N h d G 9 y S X R l b S B p Z D 0 i N T Q 0 O D F j N D I t Z W Z m Y i 0 0 M z Z i L W I 0 Z D I t Y 2 Z m M W N i Z D A 5 Y T Y 2 I i B j b 25 k a X R p b 249 I m N v b n R h a W 5 z I j 4 K I C A g I C A g I C A 8 Q 29 u d G V 4 d C B k b 2 N 1 b W V u d D 0 i R G 5 z R W 50 c n l J d G V t I i B z Z W F y Y 2 g 9 I k R u c 0 V u d H J 5 S X R l b S 9 I b 3 N 0 I i B 0 e X B l P S J t a X I i L z 4 K I C A g I C A g I C A 8 Q 29 u d G V u d C B 0 e X B l P S J z d H J p b m c i P m t h d m t h e m N l b n R y L m l u Z m 88 L 0 N v b n R l b n Q + C i A g I C A g I D w v S W 5 k a W N h d G 9 y S X R l b T 4 K I C A g I C A g P E l u Z G l j Y X R v c k l 0 Z W 0 g a W Q 9 I m I 4 Y j c 0 M m Q 1 L T V k Z m Y t N G Y w Z i 1 i Z G E 4 L T B j O D c 4 Y z F k Z D F l M S I g Y 29 u Z G l 0 a W 9 u P S J j b 250 Y W l u c y I + C i A g I C A g I C A g P E N v b n R l e H Q g Z G 9 j d W 1 l b n Q 9 I k R u c 0 V u d H J 5 S X R l b S I g c 2 V h c m N o P S J E b n N F b n R y e U l 0 Z W 0 v S G 9 z d C I g d H l w Z T 0 i b W l y I i 8 + C i A g I C A g I C A g P E N v b n R l b n Q g d H l w Z T 0 i c 3 R y a W 5 n I j 5 y b m l s L m F t P C 9 D b 250 Z W 50 P g o g I C A g I C A 8 L 0 l u Z G l j Y X R v c k l 0 Z W 0 + C i A g I C A g I D x J b m R p Y 2 F 0 b 3 J J d G V t I G l k P S J h Z j M 2 Y z l i M y 1 k N T U 0 L T Q 2 Z G U t O T U y N S 1 j M D V h M D c 1 O W E z O T k i I G N v b m R p d G l v b j 0 i Y 29 u d G F p b n M i P g o g I C A g I C A g I D x D b 250 Z X h 0 I G R v Y 3 V t Z W 50 P S J E b n N F b n R y e U l 0 Z W 0 i I H N l Y X J j a D 0 i R G 5 z R W 50 c n l J d G V t L 0 h v c 3 Q i I H R 5 c G U 9 I m 1 p c i I v P g o g I C A g I C A g I D x D b 250 Z W 50 I H R 5 c G U 9 I n N 0 c m l u Z y I + c 3 R h b m R h c n R u Z X Z 2 c y 5 j b 208 L 0 N v b n R l b n Q + C i A g I C A g I D w v S W 5 k a W N h d G 9 y S X R l b T 4 K I C A g I C A g P E l u Z G l j Y X R v c k l 0 Z W 0 g a W Q 9 I j M 4 O W M 5 Y z A z L W V h Z j Q t N D I 1 O S 0 5 N G U 1 L T Y y M z M z N G N l Y T I 2 Z S I g Y 29 u Z G l 0 a W 9 u P S J j b 250 Y W l u c y I + C i A g I C A g I C A g P E N v b n R l e H Q g Z G 9 j d W 1 l b n Q 9 I k R u c 0 V u d H J 5 S X R l b S I g c 2 V h c m N o P S J E b n N F b n R y e U l 0 Z W 0 v S G 9 z d C I g d H l w Z T 0 i b W l y I i 8 + C i A g I C A g I C A g P E N v b n R l b n Q g d H l w Z T 0 i c 3 R y a W 5 n I j 5 u b 3 Z p b m l 0 a W U u Y 29 t P C 9 D b 250 Z W 50 P g o g I C A g I C A 8 L 0 l u Z G l j Y X R v c k l 0 Z W 0 + C i A g I C A g I D x J b m R p Y 2 F 0 b 3 J J d G V t I G l k P S J j M T d k M D A x Y y 1 k Z j g 5 L T Q w Z m Y t O D d k Z S 1 l O D l i Z G U 5 Z j E 0 M j U i I G N v b m R p d G l v b j 0 i Y 29 u d G F p b n M i P g o g I C A g I C A g I D x D b 250 Z X h 0 I G R v Y 3 V t Z W 50 P S J E b n N F b n R y e U l 0 Z W 0 i I H N l Y X J j a D 0 i R G 5 z R W 50 c n l J d G V t L 0 h v c 3 Q i I H R 5 c G U 9 I m 1 p c i I v P g o g I C A g I C A g I D x D b 250 Z W 50 I H R 5 c G U 9 I n N 0 c m l u Z y I + b j B 2 a W 5 p d G U u Y 29 t P C 9 D b 250 Z W 50 P g o g I C A g I C A 8 L 0 l u Z G l j Y X R v c k l 0 Z W 0 + C i A g I C A g I D x J b m R p Y 2 F 0 b 3 J J d G V t I G l k P S I x M T U w M z F i Z i 1 m M z Q y L T R i Z D A t O W Y 5 Y y 1 h N W Q 4 Z T E x M T E y O D E i I G N v b m R p d G l v b j 0 i Y 29 u d G F p b n M i P g o g I C A g I C A g I D x D b 250 Z X h 0 I G R v Y 3 V t Z W 50 P S J E b n N F b n R y e U l 0 Z W 0 i I H N l Y X J j a D 0 i R G 5 z R W 50 c n l J d G V t L 0 h v c 3 Q i I H R 5 c G U 9 I m 1 p c i I v P g o g I C A g I C A g I D x D b 250 Z W 50 I H R 5 c G U 9 I n N 0 c m l u Z y I + c W 92 L m h 1 L m N v b T w v Q 29 u d G V u d D 4 K I C A g I C A g P C 9 J b m R p Y 2 F 0 b 3 J J d G V t P g o g I C A g I C A 8 S W 5 k a W N h d G 9 y S X R l b S B p Z D 0 i M j A x Z G E 1 Y m E t Y z M y N y 0 0 Z T l i L W I w Y W Y t Z G I
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--0195bdbb-61bd-4fdd-bc80-cc130234b0a9" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:27:01.000Z" ,
"modified" : "2014-10-29T07:27:01.000Z" ,
"first_observed" : "2014-10-29T07:27:01Z" ,
"last_observed" : "2014-10-29T07:27:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--0195bdbb-61bd-4fdd-bc80-cc130234b0a9"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--0195bdbb-61bd-4fdd-bc80-cc130234b0a9" ,
"name" : "netui.dll"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--d96396b2-672a-4518-87a2-53c66d20676a" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:27:01.000Z" ,
"modified" : "2014-10-29T07:27:01.000Z" ,
"labels" : [
"misp:type=\"other\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "other" ,
"x_misp_value" : "ProcessItem/SectionList/MemorySection/Name: \\netui.dll"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--545096c5-e860-4c9c-97fc-4d8c950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:27:01.000Z" ,
"modified" : "2014-10-29T07:27:01.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "long_info: This backdoor has been delivered through the SOURFACE downloader to gain system access for reconnaissance, monitoring, credential theft, and shellcode execution."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--545096c5-f8c8-49ac-9b71-4e72950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:27:01.000Z" ,
"modified" : "2014-10-29T07:27:01.000Z" ,
"first_observed" : "2014-10-29T07:27:01Z" ,
"last_observed" : "2014-10-29T07:27:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--545096c5-f8c8-49ac-9b71-4e72950d210b" ,
"artifact--545096c5-f8c8-49ac-9b71-4e72950d210b"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--545096c5-f8c8-49ac-9b71-4e72950d210b" ,
"name" : "a6c6dbf0-d72a-4f07-8b11-55527aef4755.ioc" ,
"content_ref" : "artifact--545096c5-f8c8-49ac-9b71-4e72950d210b"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--545096c5-f8c8-49ac-9b71-4e72950d210b" ,
"payload_bin" : "PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPCEtLQogICAgVElUTEU6ICAgICAgICAgIGE2YzZkYmYwLWQ3MmEtNGYwNy04YjExLTU1NTI3YWVmNDc1NS5pb2MKICAgIFZFUlNJT046ICAgICAgICAxLjAKICAgIERFU0NSSVBUSU9OOiAgICBPcGVuSU9DIGZpbGUKICAgIExJQ0VOU0U6ICAgICAgICBDb3B5cmlnaHQgMjAxNCBGaXJlRXllIENvcnBvcmF0aW9uLiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSAyLjAgbGljZW5zZS4KCiAgICBGaXJlRXllIGxpY2Vuc2VzIHRoaXMgZmlsZSB0byB5b3UgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uCiAgICAyLjAgKHRoZSAiTGljZW5zZSIpOyB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlCiAgICBMaWNlbnNlLiAgWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0OgoKICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCgogICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICAgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKICAgIFdJVEhPVVQgV0FSUkFOVElFUyBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBlaXRoZXIgZXhwcmVzcyBvcgogICAgaW1wbGllZC4gIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZwogICAgcGVybWlzc2lvbnMgYW5kIGxpbWl0YXRpb25zIHVuZGVyIHRoZSBMaWNlbnNlLgotLT4KPGlvYyB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxucz0iaHR0cDovL3NjaGVtYXMubWFuZGlhbnQuY29tLzIwMTAvaW9jIiBpZD0iYTZjNmRiZjAtZDcyYS00ZjA3LThiMTEtNTU1MjdhZWY0NzU1IiBsYXN0LW1vZGlmaWVkPSIyMDE0LTEwLTE5VDE1OjQyOjIxWiI+CiAgPHNob3J0X2Rlc2NyaXB0aW9uPkVWSUxUT1NTIChSRVBPUlQpPC9zaG9ydF9kZXNjcmlwdGlvbj4KICA8ZGVzY3JpcHRpb24+VGhpcyBiYWNrZG9vciBoYXMgYmVlbiBkZWxpdmVyZWQgdGhyb3VnaCB0aGUgU09VUkZBQ0UgZG93bmxvYWRlciB0byBnYWluIHN5c3RlbSBhY2Nlc3MgZm9yIHJlY29ubmFpc3NhbmNlLCBtb25pdG9yaW5nLCBjcmVkZW50aWFsIHRoZWZ0LCBhbmQgc2hlbGxjb2RlIGV4ZWN1dGlvbi48L2Rlc2NyaXB0aW9uPgogIDxrZXl3b3Jkcy8+CiAgPGF1dGhvcmVkX2J5PkZpcmVFeWU8L2F1dGhvcmVkX2J5PgogIDxhdXRob3JlZF9kYXRlPjIwMTQtMTAtMTdUMDI6MDA6NTdaPC9hdXRob3JlZF9kYXRlPgogIDxsaW5rcz4KICAgIDxsaW5rIHJlbD0idGhyZWF0Y2F0ZWdvcnkiPkFQVDwvbGluaz4KICAgIDxsaW5rIHJlbD0idGhyZWF0Z3JvdXAiPkFQVDI4PC9saW5rPgogICAgPGxpbmsgcmVsPSJjYXRlZ29yeSI+QmFja2Rvb3I8L2xpbms+CiAgICA8bGluayByZWw9ImZhbWlseSI+RVZJTFRPU1M8L2xpbms+CiAgICA8bGluayByZWw9ImxpY2Vuc2UiPkFwYWNoZSAyLjA8L2xpbms+CiAgPC9saW5rcz4KICA8ZGVmaW5pdGlvbj4KICAgIDxJbmRpY2F0b3IgaWQ9ImM2ZTI1NjdiLTg0NjYtNDRlZC05ZmQyLTJlOTJmNTMyZmEwYyIgb3BlcmF0b3I9Ik9SIj4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjAxOTViZGJiLTYxYmQtNGZkZC1iYzgwLWNjMTMwMjM0YjBhOSIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL0ZpbGVOYW1lIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJzdHJpbmciPm5ldHVpLmRsbDwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iZDk2Mzk2YjItNjcyYS00NTE4LTg3YTItNTNjNjZkMjA2NzZhIiBjb25kaXRpb249ImNvbnRhaW5zIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iUHJvY2Vzc0l0ZW0iIHNlYXJjaD0iUHJvY2Vzc0l0ZW0vU2VjdGlvbkxpc3QvTWVtb3J5U2VjdGlvbi9OYW1lIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJzdHJpbmciPlxuZXR1aS5kbGw8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgIDwvSW5kaWNhdG9yPgogIDwvZGVmaW5pdGlvbj4KPC9pb2M+Cg=="
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--30842d86-e073-4b6e-a5e0-d6b354f6847a" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:59:33.000Z" ,
"modified" : "2014-10-29T20:59:33.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:name = 'edg6EF885E2.tmp']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:59:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--a0e443e4-6a41-4856-8c14-d1a271ba7b6b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:27:39.000Z" ,
"modified" : "2014-10-29T07:27:39.000Z" ,
"labels" : [
"misp:type=\"other\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "other" ,
"x_misp_value" : "ProcessItem/HandleList/Handle/Name: \\Device\\Mailslot\\check_mes_v5555"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--545096eb-1e24-4dd2-861e-46b7950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:27:39.000Z" ,
"modified" : "2014-10-29T07:27:39.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "long_info: CHOPSTICK is a backdoor that uses a modularized, object-oriented framework written in C++. This framework allows for a diverse set of capabilities across malware variants sharing a common code base. CHOPSTICK may communicate with external servers using SMTP or HTTP."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--545096eb-3080-401b-9a3a-4f7f950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:27:39.000Z" ,
"modified" : "2014-10-29T07:27:39.000Z" ,
"first_observed" : "2014-10-29T07:27:39Z" ,
"last_observed" : "2014-10-29T07:27:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--545096eb-3080-401b-9a3a-4f7f950d210b" ,
"artifact--545096eb-3080-401b-9a3a-4f7f950d210b"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--545096eb-3080-401b-9a3a-4f7f950d210b" ,
"name" : "bdf7929c-3f0b-4fdd-bcc5-b4a82554ad92.ioc" ,
"content_ref" : "artifact--545096eb-3080-401b-9a3a-4f7f950d210b"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--545096eb-3080-401b-9a3a-4f7f950d210b" ,
"payload_bin" : " P D 94 b W w g d m V y c 2 l v b j 0 n M S 4 w J y B l b m N v Z G l u Z z 0 n V V R G L T g n P z 4 K P C E t L Q o g I C A g V E l U T E U 6 I C A g I C A g I C A g I G J k Z j c 5 M j l j L T N m M G I t N G Z k Z C 1 i Y 2 M 1 L W I 0 Y T g y N T U 0 Y W Q 5 M i 5 p b 2 M K I C A g I F Z F U l N J T 0 46 I C A g I C A g I C A x L j A K I C A g I E R F U 0 N S S V B U S U 9 O O i A g I C B P c G V u S U 9 D I G Z p b G U K I C A g I E x J Q 0 V O U 0 U 6 I C A g I C A g I C B D b 3 B 5 c m l n a H Q g M j A x N C B G a X J l R X l l I E N v c n B v c m F 0 a W 9 u L i A g T G l j Z W 5 z Z W Q g d W 5 k Z X I g d G h l I E F w Y W N o Z S A y L j A g b G l j Z W 5 z Z S 4 K C i A g I C B G a X J l R X l l I G x p Y 2 V u c 2 V z I H R o a X M g Z m l s Z S B 0 b y B 5 b 3 U g d W 5 k Z X I g d G h l I E F w Y W N o Z S B M a W N l b n N l L C B W Z X J z a W 9 u C i A g I C A y L j A g K H R o Z S A i T G l j Z W 5 z Z S I p O y B 5 b 3 U g b W F 5 I G 5 v d C B 1 c 2 U g d G h p c y B m a W x l I G V 4 Y 2 V w d C B p b i B j b 21 w b G l h b m N l I H d p d G g g d G h l C i A g I C B M a W N l b n N l L i A g W W 91 I G 1 h e S B v Y n R h a W 4 g Y S B j b 3 B 5 I G 9 m I H R o Z S B M a W N l b n N l I G F 0 O g o K I C A g I C A g I C A g I C A g a H R 0 c D o v L 3 d 3 d y 5 h c G F j a G U u b 3 J n L 2 x p Y 2 V u c 2 V z L 0 x J Q 0 V O U 0 U t M i 4 w C g o g I C A g V W 5 s Z X N z I H J l c X V p c m V k I G J 5 I G F w c G x p Y 2 F i b G U g b G F 3 I G 9 y I G F n c m V l Z C B 0 b y B p b i B 3 c m l 0 a W 5 n L C B z b 2 Z 0 d 2 F y Z Q o g I C A g Z G l z d H J p Y n V 0 Z W Q g d W 5 k Z X I g d G h l I E x p Y 2 V u c 2 U g a X M g Z G l z d H J p Y n V 0 Z W Q g b 24 g Y W 4 g I k F T I E l T I i B C Q V N J U y w K I C A g I F d J V E h P V V Q g V 0 F S U k F O V E l F U y B P U i B D T 0 5 E S V R J T 0 5 T I E 9 G I E F O W S B L S U 5 E L C B l a X R o Z X I g Z X h w c m V z c y B v c g o g I C A g a W 1 w b G l l Z C 4 g I F N l Z S B 0 a G U g T G l j Z W 5 z Z S B m b 3 I g d G h l I H N w Z W N p Z m l j I G x h b m d 1 Y W d l I G d v d m V y b m l u Z w o g I C A g c G V y b W l z c 2 l v b n M g Y W 5 k I G x p b W l 0 Y X R p b 25 z I H V u Z G V y I H R o Z S B M a W N l b n N l L g o t L T 4 K P G l v Y y B 4 b W x u c z p 4 c 2 k 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h L W l u c 3 R h b m N l I i B 4 b W x u c z p 4 c 2 Q 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h I i B 4 b W x u c z 0 i a H R 0 c D o v L 3 N j a G V t Y X M u b W F u Z G l h b n Q u Y 29 t L z I w M T A v a W 9 j I i B p Z D 0 i Y m R m N z k y O W M t M 2 Y w Y i 0 0 Z m R k L W J j Y z U t Y j R h O D I 1 N T R h Z D k y I i B s Y X N 0 L W 1 v Z G l m a W V k P S I y M D E 0 L T E w L T I w V D E 4 O j U w O j U z W i I + C i A g P H N o b 3 J 0 X 2 R l c 2 N y a X B 0 a W 9 u P k N I T 1 B T V E l D S y A o U k V Q T 1 J U K T w v c 2 h v c n R f Z G V z Y 3 J p c H R p b 24 + C i A g P G R l c 2 N y a X B 0 a W 9 u P k N I T 1 B T V E l D S y B p c y B h I G J h Y 2 t k b 29 y I H R o Y X Q g d X N l c y B h I G 1 v Z H V s Y X J p e m V k L C B v Y m p l Y 3 Q t b 3 J p Z W 50 Z W Q g Z n J h b W V 3 b 3 J r I H d y a X R 0 Z W 4 g a W 4 g Q y s r L i B U a G l z I G Z y Y W 1 l d 29 y a y B h b G x v d 3 M g Z m 9 y I G E g Z G l 2 Z X J z Z S B z Z X Q g b 2 Y g Y 2 F w Y W J p b G l 0 a W V z I G F j c m 9 z c y B t Y W x 3 Y X J l I H Z h c m l h b n R z I H N o Y X J p b m c g Y S B j b 21 t b 24 g Y 29 k Z S B i Y X N l L i A g Q 0 h P U F N U S U N L I G 1 h e S B j b 21 t d W 5 p Y 2 F 0 Z S B 3 a X R o I G V 4 d G V y b m F s I H N l c n Z l c n M g d X N p b m c g U 0 1 U U C B v c i B I V F R Q L j w v Z G V z Y 3 J p c H R p b 24 + C i A g P G t l e X d v c m R z L z 4 K I C A 8 Y X V 0 a G 9 y Z W R f Y n k + R m l y Z U V 5 Z T w v Y X V 0 a G 9 y Z W R f Y n k + C i A g P G F 1 d G h v c m V k X 2 R h d G U + M j A x N C 0 x M C 0 x N 1 Q w M j o w M j o w M l o 8 L 2 F 1 d G h v c m V k X 2 R h d G U + C i A g P G x p b m t z P g o g I C A g P G x p b m s g c m V s P S J 0 a H J l Y X R j Y X R l Z 29 y e S I + Q V B U P C 9 s a W 5 r P g o g I C A g P G x p b m s g c m V s P S J 0 a H J l Y X R n c m 91 c C I + Q V B U M j g 8 L 2 x p b m s + C i A g I C A 8 b G l u a y B y Z W w 9 I m N h d G V n b 3 J 5 I j 5 C Y W N r Z G 9 v c j w v b G l u a z 4 K I C A g I D x s a W 5 r I H J l b D 0 i Z m F t a W x 5 I j 5 D S E 9 Q U 1 R J Q 0 s 8 L 2 x p b m s + C i A g I C A 8 b G l u a y B y Z W w 9 I m x p Y 2 V u c 2 U i P k F w Y W N o Z S A y L j A 8 L 2 x p b m s + C i A g P C 9 s a W 5 r c z 4 K I C A 8 Z G V m a W 5 p d G l v b j 4 K I C A g I D x J b m R p Y 2 F 0 b 3 I g a W Q 9 I m R k Y z g 4 M G E 0 L T M 2 Z D E t N D U x N C 1 h Z G Y x L T N j N W I 4 Z j R m N m V m O C I g b 3 B l c m F 0 b 3 I 9 I k 9 S I j 4 K I C A g I C A g P E l u Z G l j Y X R v c k l 0 Z W 0 g a W Q 9 I j M w O D Q y Z D g 2 L W U w N z M t N G I 2 Z S 1 h N W U w L W Q 2 Y j M 1 N G Y 2 O D Q 3 Y S I g Y 29 u Z G l 0 a W 9 u P S J p c y I + C i A g I C A g I C A g P E N v b n R l e H Q g Z G 9 j d W 1 l b n Q 9 I k Z p b G V J d G V t I i B z Z W F y Y 2 g 9 I k Z p b G V J d G V t L 0 Z p b G V O Y W 1 l I i B 0 e X B l P S J t a X I i L z 4 K I C A g I C A g I C A 8 Q 29 u d G V u d C B 0 e X B l P S J z d H J p b m c i P m V k Z z Z F R j g 4 N U U y L n R t c D w v Q 29 u d G V u d D 4 K I C A g I C A g P C 9 J b m R p Y 2 F 0 b 3 J J d G V t P g o g I C A g I C A 8 S W 5 k a W N h d G 9 y S X R l b S B p Z D 0 i Y T B l N D Q z Z T Q t N m E 0 M S 0 0 O D U 2 L T h j M T Q t Z D F h M j c x Y m E 3 Y j Z i I i B j b 25 k a X R p b 249 I m l z I j 4 K I C A g I C A g I C A 8 Q 29 u d G V 4 d C B k b 2 N 1 b W V u d D 0 i U H J v Y 2 V z c 0 l 0 Z W 0 i I H N l Y X J j a D 0 i U H J v Y 2 V z c 0 l 0 Z W 0 v S G F u Z G x l T G l z d C 9 I Y W 5 k b G U v T m F t Z S I g d H l w Z T 0 i b W l y I i 8 + C i A g I C A g I C A g P E N v b n R l b n Q g d H l w Z T 0 i c 3 R y a W 5 n I j 5 c R G V 2 a W N l X E 1 h a W x z b G 90 X G N o Z W N r X 21 l c 192 N T U 1 N T w v Q 29 u d G V u d D 4 K I C A g I C A g P C 9 J b m R p Y 2 F 0 b 3 J J d G V t P g o g I C A g I C A 8 S W 5 k a W N h d G 9 y I G l k P S I w Z m M 5 Z T U z N C 0 1 M z I 5 L T R h M z E t O D V k M i 0 0 M 2 I 0 M j Y y Z T F l Z D k i I G 9 w Z X J h d G 9 y P S J B T k Q i P g o g I C A g I C A g I D x J b m R p Y 2 F 0 b 3 J J d G V t I G l k P S I 5 N W U y M m V h Z C 0 x M 2 V m L T Q 3 O T c t Y j N i N i 1 k M D k w M j d k O D U 2 M D I i I G N v b m R p d G l v b j 0 i Y 29 u d G F p b n M i P g o g I C A g I C A g I C A g P E N v b n R l e H Q g Z G 9 j d W 1 l b n Q 9 I l J l Z 2 l z d H J 5 S X R l b S I g c 2 V h c m N o P S J S Z W d p c 3 R y e U l 0 Z W 0 v U G F 0 a C I g d H l w Z T 0 i b W l y I i 8 + C i A g I C A g I C A g I C A 8 Q 29 u d G V u d C B 0 e X B l P S J z d H J p b m c i P k 1 p Y 3 J v c 29 m d F x N Z W R p Y V B s Y X l l c l x 7 R T Y 2 O T Y x M D U t R T Y z R S 0 0 R U Y x L T k z O U U t M T V E R E Q 4 M 0 I 2 N j l B f T w v Q 29 u d G V u d D 4 K I C A g I C A g I C A 8 L 0 l u Z G l j Y X R v c k l 0 Z W 0 + C i A g I C A g I C A g P E l u Z G l j Y X R v c k l 0 Z W 0 g a W Q 9 I j I z O D g 3 O T h h L W U x Z T I t N D I 1 M S 1 h M D F j L T c 5 M 2 Q y Y 2 V k Y W F h O S I g Y 29 u Z G l 0 a W 9 u P S J j b 250 Y W l u c y I + C i A g I C A g I C A g I C A 8 Q 29 u d G V 4 d C B k b 2 N 1 b W V u d D 0 i U m V n a X N 0 c n l J d G V t I i B z Z W F y Y 2 g 9 I l J l Z 2 l z d H J 5 S X R l b S 9 W Y W x 1 Z U 5 h b W U i I H R 5 c G U 9 I m 1 p c i I v P g o g I C A g I C A g I C A g P E N v b n R l b n Q g d H l w Z T 0 i c 3 R y a W 5 n I j 5 j a G 5 u b D w v Q 29 u d G V u d D 4 K I C A g I C A g I C A 8 L 0 l u Z G l j Y X R v c k l 0 Z W 0 + C i A g I C A g I D w v S W 5 k a W N h d G 9 y P g o g I C A g P C 9 J b m R p Y 2 F 0 b 3 I + C i A g P C 9 k Z W Z p b m l 0 a W 9 u P g o 8 L 2 l v Y z 4
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea9f200-01f1-411e-94e3-49903f14d6f9" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = '8c4fa713c5e2b009114adda758adc445']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3f83ca5b-9a2c-4aeb-94ef-28093f6709f8" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = '3b0ecd011500f61237c205834db0e13a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3fe4547e-5e19-4bb3-9792-eb382de45eb0" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = '791428601ad12b9230b9ace4f2138713']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--020e58f2-e4f2-4801-b731-d26589bd96b6" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = '5882fda97fdf78b47081cc4105d44f7c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b48a7011-59d9-4c53-8d6c-2710d705b0c6" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = '48656a93f9ba39410763a2196aabc67f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9106bde9-52f4-49db-86a1-13f4363bc029" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = '9eebfebe3987fec3c395594dc57a0c4c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8253e6f6-4248-4751-a818-f5d77efd469c" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = '8b92fe86c5b7a9e34f433a6fbac8bc3a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b707e318-bb58-4965-be62-a15ccf896891" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = 'ead4ec18ebce6890d20757bb9f5285b1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--51c11809-d0be-45e0-a035-e5d63686e889" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = '1259c4fe5efd9bf07fc4c78466f2dd09']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--21169314-ed29-4148-a70e-e9798894ea55" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = '272f0fde35dbdfccbca1e33373b3570d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--87ba0439-df69-4c21-9013-be773de352ce" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:38.000Z" ,
"modified" : "2014-10-29T07:28:38.000Z" ,
"labels" : [
"misp:type=\"other\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "other" ,
"x_misp_value" : "ProcessItem/SectionList/MemorySection/Name: AppData\\Local\\conhost.dll"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--2660589c-6263-44e1-b4de-484db317f93c" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:38.000Z" ,
"modified" : "2014-10-29T07:28:38.000Z" ,
"labels" : [
"misp:type=\"other\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "other" ,
"x_misp_value" : "ProcessItem/SectionList/MemorySection/Name: Local Settings\\Application Data\\conhost.dll"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--e3fad633-2b34-4bdb-864e-be495f549e2a" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:38.000Z" ,
"modified" : "2014-10-29T07:28:38.000Z" ,
"labels" : [
"misp:type=\"other\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "other" ,
"x_misp_value" : "ProcessItem/SectionList/MemorySection/PEInfo/Exports/DllName: coreshell.dll"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--820fc95e-3d6f-4771-a592-fb60811fa0c0" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:38.000Z" ,
"modified" : "2014-10-29T07:28:38.000Z" ,
"labels" : [
"misp:type=\"other\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "other" ,
"x_misp_value" : "ProcessItem/SectionList/MemorySection/Name: \\netids.dll"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--e704246d-ecca-4ac5-82a7-404c93aab893" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:38.000Z" ,
"modified" : "2014-10-29T07:28:38.000Z" ,
"first_observed" : "2014-10-29T07:28:38Z" ,
"last_observed" : "2014-10-29T07:28:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--e704246d-ecca-4ac5-82a7-404c93aab893"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--e704246d-ecca-4ac5-82a7-404c93aab893" ,
"name" : "Local Settings\\Application Data\\svchost.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--91b06096-1333-470f-8d49-f408b51d84a1" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:38.000Z" ,
"modified" : "2014-10-29T07:28:38.000Z" ,
"first_observed" : "2014-10-29T07:28:38Z" ,
"last_observed" : "2014-10-29T07:28:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--91b06096-1333-470f-8d49-f408b51d84a1"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--91b06096-1333-470f-8d49-f408b51d84a1" ,
"name" : "Local Settings\\Application Data\\conhost.dll"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--37148f5b-fff5-4c9e-98aa-f52fb01a3547" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:38.000Z" ,
"modified" : "2014-10-29T07:28:38.000Z" ,
"first_observed" : "2014-10-29T07:28:38Z" ,
"last_observed" : "2014-10-29T07:28:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--37148f5b-fff5-4c9e-98aa-f52fb01a3547"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--37148f5b-fff5-4c9e-98aa-f52fb01a3547" ,
"name" : "AppData\\Local\\svchost.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--09dd2172-ed97-433f-9c59-517161b78b2d" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:38.000Z" ,
"modified" : "2014-10-29T07:28:38.000Z" ,
"first_observed" : "2014-10-29T07:28:38Z" ,
"last_observed" : "2014-10-29T07:28:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--09dd2172-ed97-433f-9c59-517161b78b2d"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--09dd2172-ed97-433f-9c59-517161b78b2d" ,
"name" : "AppData\\Local\\conhost.dll"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--590e7aef-7df8-47cd-916a-360d83f132f5" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:39.000Z" ,
"modified" : "2014-10-29T07:28:39.000Z" ,
"first_observed" : "2014-10-29T07:28:39Z" ,
"last_observed" : "2014-10-29T07:28:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--590e7aef-7df8-47cd-916a-360d83f132f5" ,
"ipv4-addr--590e7aef-7df8-47cd-916a-360d83f132f5"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--590e7aef-7df8-47cd-916a-360d83f132f5" ,
"src_ref" : "ipv4-addr--590e7aef-7df8-47cd-916a-360d83f132f5" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--590e7aef-7df8-47cd-916a-360d83f132f5" ,
"value" : "70.85.221.10"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5fa65919-9467-4de8-9cb7-8574ff86b85d" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:39.000Z" ,
"modified" : "2014-10-29T07:28:39.000Z" ,
"first_observed" : "2014-10-29T07:28:39Z" ,
"last_observed" : "2014-10-29T07:28:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5fa65919-9467-4de8-9cb7-8574ff86b85d"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5fa65919-9467-4de8-9cb7-8574ff86b85d" ,
"name" : "netids.dll"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ec771d67-32c0-4076-8e9f-d9ce6b9f2a80" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:45:46.000Z" ,
"modified" : "2014-10-29T20:45:46.000Z" ,
"description" : "OpenIOC import" ,
"pattern" : "[file:hashes.MD5 = 'da2a657dc69d7320f2ffc87013f257ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--54509725-4978-4706-bf95-4638950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:39.000Z" ,
"modified" : "2014-10-29T07:28:39.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "long_info: SOURFACE is a downloader that obtains a second-stage backdoor from a C2 server. Over time the downloader has evolved and the newer versions, usually compiled with the DLL name 'coreshell.dll'. These variants are distinct from the older versions so we refer to it as SOURFACE/CORESHELL or simply CORESHELL."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54509725-678c-4a8c-a283-4c8c950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T07:28:39.000Z" ,
"modified" : "2014-10-29T07:28:39.000Z" ,
"first_observed" : "2014-10-29T07:28:39Z" ,
"last_observed" : "2014-10-29T07:28:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--54509725-678c-4a8c-a283-4c8c950d210b" ,
"artifact--54509725-678c-4a8c-a283-4c8c950d210b"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--54509725-678c-4a8c-a283-4c8c950d210b" ,
"name" : "e1cbf7ca-4938-4d3c-a7e6-3ff966516191.ioc" ,
"content_ref" : "artifact--54509725-678c-4a8c-a283-4c8c950d210b"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--54509725-678c-4a8c-a283-4c8c950d210b" ,
"payload_bin" : " P D 94 b W w g d m V y c 2 l v b j 0 n M S 4 w J y B l b m N v Z G l u Z z 0 n V V R G L T g n P z 4 K P C E t L Q o g I C A g V E l U T E U 6 I C A g I C A g I C A g I G U x Y 2 J m N 2 N h L T Q 5 M z g t N G Q z Y y 1 h N 2 U 2 L T N m Z j k 2 N j U x N j E 5 M S 5 p b 2 M K I C A g I F Z F U l N J T 0 46 I C A g I C A g I C A x L j A K I C A g I E R F U 0 N S S V B U S U 9 O O i A g I C B P c G V u S U 9 D I G Z p b G U K I C A g I E x J Q 0 V O U 0 U 6 I C A g I C A g I C B D b 3 B 5 c m l n a H Q g M j A x N C B G a X J l R X l l I E N v c n B v c m F 0 a W 9 u L i A g T G l j Z W 5 z Z W Q g d W 5 k Z X I g d G h l I E F w Y W N o Z S A y L j A g b G l j Z W 5 z Z S 4 K C i A g I C B G a X J l R X l l I G x p Y 2 V u c 2 V z I H R o a X M g Z m l s Z S B 0 b y B 5 b 3 U g d W 5 k Z X I g d G h l I E F w Y W N o Z S B M a W N l b n N l L C B W Z X J z a W 9 u C i A g I C A y L j A g K H R o Z S A i T G l j Z W 5 z Z S I p O y B 5 b 3 U g b W F 5 I G 5 v d C B 1 c 2 U g d G h p c y B m a W x l I G V 4 Y 2 V w d C B p b i B j b 21 w b G l h b m N l I H d p d G g g d G h l C i A g I C B M a W N l b n N l L i A g W W 91 I G 1 h e S B v Y n R h a W 4 g Y S B j b 3 B 5 I G 9 m I H R o Z S B M a W N l b n N l I G F 0 O g o K I C A g I C A g I C A g I C A g a H R 0 c D o v L 3 d 3 d y 5 h c G F j a G U u b 3 J n L 2 x p Y 2 V u c 2 V z L 0 x J Q 0 V O U 0 U t M i 4 w C g o g I C A g V W 5 s Z X N z I H J l c X V p c m V k I G J 5 I G F w c G x p Y 2 F i b G U g b G F 3 I G 9 y I G F n c m V l Z C B 0 b y B p b i B 3 c m l 0 a W 5 n L C B z b 2 Z 0 d 2 F y Z Q o g I C A g Z G l z d H J p Y n V 0 Z W Q g d W 5 k Z X I g d G h l I E x p Y 2 V u c 2 U g a X M g Z G l z d H J p Y n V 0 Z W Q g b 24 g Y W 4 g I k F T I E l T I i B C Q V N J U y w K I C A g I F d J V E h P V V Q g V 0 F S U k F O V E l F U y B P U i B D T 0 5 E S V R J T 0 5 T I E 9 G I E F O W S B L S U 5 E L C B l a X R o Z X I g Z X h w c m V z c y B v c g o g I C A g a W 1 w b G l l Z C 4 g I F N l Z S B 0 a G U g T G l j Z W 5 z Z S B m b 3 I g d G h l I H N w Z W N p Z m l j I G x h b m d 1 Y W d l I G d v d m V y b m l u Z w o g I C A g c G V y b W l z c 2 l v b n M g Y W 5 k I G x p b W l 0 Y X R p b 25 z I H V u Z G V y I H R o Z S B M a W N l b n N l L g o t L T 4 K P G l v Y y B 4 b W x u c z p 4 c 2 k 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h L W l u c 3 R h b m N l I i B 4 b W x u c z p 4 c 2 Q 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h I i B 4 b W x u c z 0 i a H R 0 c D o v L 3 N j a G V t Y X M u b W F u Z G l h b n Q u Y 29 t L z I w M T A v a W 9 j I i B p Z D 0 i Z T F j Y m Y 3 Y 2 E t N D k z O C 0 0 Z D N j L W E 3 Z T Y t M 2 Z m O T Y 2 N T E 2 M T k x I i B s Y X N 0 L W 1 v Z G l m a W V k P S I y M D E 0 L T E w L T I x V D E z O j A 4 O j Q x W i I + C i A g P H N o b 3 J 0 X 2 R l c 2 N y a X B 0 a W 9 u P l N P V V J G Q U N F I C h S R V B P U l Q p P C 9 z a G 9 y d F 9 k Z X N j c m l w d G l v b j 4 K I C A 8 Z G V z Y 3 J p c H R p b 24 + U 0 9 V U k Z B Q 0 U g a X M g Y S B k b 3 d u b G 9 h Z G V y I H R o Y X Q g b 2 J 0 Y W l u c y B h I H N l Y 29 u Z C 1 z d G F n Z S B i Y W N r Z G 9 v c i B m c m 9 t I G E g Q z I g c 2 V y d m V y L i A g T 3 Z l c i B 0 a W 1 l I H R o Z S B k b 3 d u b G 9 h Z G V y I G h h c y B l d m 9 s d m V k I G F u Z C B 0 a G U g b m V 3 Z X I g d m V y c 2 l v b n M s I H V z d W F s b H k g Y 29 t c G l s Z W Q g d 2 l 0 a C B 0 a G U g R E x M I G 5 h b W U g J 2 N v c m V z a G V s b C 5 k b G w n L i A g V G h l c 2 U g d m F y a W F u d H M g Y X J l I G R p c 3 R p b m N 0 I G Z y b 20 g d G h l I G 9 s Z G V y I H Z l c n N p b 25 z I H N v I H d l I H J l Z m V y I H R v I G l 0 I G F z I F N P V V J G Q U N F L 0 N P U k V T S E V M T C B v c i B z a W 1 w b H k g Q 0 9 S R V N I R U x M L j w v Z G V z Y 3 J p c H R p b 24 + C i A g P G t l e X d v c m R z L z 4 K I C A 8 Y X V 0 a G 9 y Z W R f Y n k + R m l y Z U V 5 Z T w v Y X V 0 a G 9 y Z W R f Y n k + C i A g P G F 1 d G h v c m V k X 2 R h d G U + M j A x N C 0 x M C 0 x N l Q y M D o 1 O D o y M V o 8 L 2 F 1 d G h v c m V k X 2 R h d G U + C i A g P G x p b m t z P g o g I C A g P G x p b m s g c m V s P S J 0 a H J l Y X R j Y X R l Z 29 y e S I + Q V B U P C 9 s a W 5 r P g o g I C A g P G x p b m s g c m V s P S J 0 a H J l Y X R n c m 91 c C I + Q V B U M j g 8 L 2 x p b m s + C i A g I C A 8 b G l u a y B y Z W w 9 I m N h d G V n b 3 J 5 I j 5 E b 3 d u b G 9 h Z G V y P C 9 s a W 5 r P g o g I C A g P G x p b m s g c m V s P S J m Y W 1 p b H k i P l N P V V J G Q U N F P C 9 s a W 5 r P g o g I C A g P G x p b m s g c m V s P S J m Y W 1 p b H k i P l N P V V J G Q U N F L k N P U k V T S E V M T D w v b G l u a z 4 K I C A g I D x s a W 5 r I H J l b D 0 i b G l j Z W 5 z Z S I + Q X B h Y 2 h l I D I u M D w v b G l u a z 4 K I C A 8 L 2 x p b m t z P g o g I D x k Z W Z p b m l 0 a W 9 u P g o g I C A g P E l u Z G l j Y X R v c i B p Z D 0 i Z T E 2 Z T Y y O T k t Z j c 1 Y i 0 0 M j I z L T h k O G Q t M j k w Y 2 Q w Y m Y x Y j Q x I i B v c G V y Y X R v c j 0 i T 1 I i P g o g I C A g I C A 8 S W 5 k a W N h d G 9 y S X R l b S B p Z D 0 i N W V h O W Y y M D A t M D F m M S 0 0 M T F l L T k 0 Z T M t N D k 5 M D N m M T R k N m Y 5 I i B j b 25 k a X R p b 249 I m l z I j 4 K I C A g I C A g I C A 8 Q 29 u d G V 4 d C B k b 2 N 1 b W V u d D 0 i R m l s Z U l 0 Z W 0 i I H N l Y X J j a D 0 i R m l s Z U l 0 Z W 0 v T W Q 1 c 3 V t I i B 0 e X B l P S J t a X I i L z 4 K I C A g I C A g I C A 8 Q 29 u d G V u d C B 0 e X B l P S J t Z D U i P j h j N G Z h N z E z Y z V l M m I w M D k x M T R h Z G R h N z U 4 Y W R j N D Q 1 P C 9 D b 250 Z W 50 P g o g I C A g I C A 8 L 0 l u Z G l j Y X R v c k l 0 Z W 0 + C i A g I C A g I D x J b m R p Y 2 F 0 b 3 J J d G V t I G l k P S I z Z j g z Y 2E1 Y i 0 5 Y T J j L T R h Z W I t O T R l Z i 0 y O D A 5 M 2 Y 2 N z A 5 Z j g i I G N v b m R p d G l v b j 0 i a X M i P g o g I C A g I C A g I D x D b 250 Z X h 0 I G R v Y 3 V t Z W 50 P S J G a W x l S X R l b S I g c 2 V h c m N o P S J G a W x l S X R l b S 9 N Z D V z d W 0 i I H R 5 c G U 9 I m 1 p c i I v P g o g I C A g I C A g I D x D b 250 Z W 50 I H R 5 c G U 9 I m 1 k N S I + M 2 I w Z W N k M D E x N T A w Z j Y x M j M 3 Y z I w N T g z N G R i M G U x M 2E8 L 0 N v b n R l b n Q + C i A g I C A g I D w v S W 5 k a W N h d G 9 y S X R l b T 4 K I C A g I C A g P E l u Z G l j Y X R v c k l 0 Z W 0 g a W Q 9 I j N m Z T Q 1 N D d l L T V l M T k t N G J i M y 0 5 N z k y L W V i M z g y Z G U 0 N W V i M C I g Y 29 u Z G l 0 a W 9 u P S J p c y I + C i A g I C A g I C A g P E N v b n R l e H Q g Z G 9 j d W 1 l b n Q 9 I k Z p b G V J d G V t I i B z Z W F y Y 2 g 9 I k Z p b G V J d G V t L 0 1 k N X N 1 b S I g d H l w Z T 0 i b W l y I i 8 + C i A g I C A g I C A g P E N v b n R l b n Q g d H l w Z T 0 i b W Q 1 I j 43 O T E 0 M j g 2 M D F h Z D E y Y j k y M z B i O W F j Z T R m M j E z O D c x M z w v Q 29 u d G V u d D 4 K I C A g I C A g P C 9 J b m R p Y 2 F 0 b 3 J J d G V t P g o g I C A g I C A 8 S W 5 k a W N h d G 9 y S X R l b S B p Z D 0 i M D I w Z T U 4 Z j I t Z T R m M i 0 0 O D A x L W I 3 M z E t Z D I 2 N T g 5 Y m Q 5 N m I 2 I i B j b 25 k a X R p b 249 I m l z I j 4 K I C A g I C A g I C A 8 Q 29 u d G V 4 d C B k b 2 N 1 b W V u d D 0 i R m l s Z U l 0 Z W 0 i I H N l Y X J j a D 0 i R m l s Z U l 0 Z W 0 v T W Q 1 c 3 V t I i B 0 e X B l P S J t a X I i L z 4 K I C A g I C A g I C A 8 Q 29 u d G V u d C B 0 e X B l P S J t Z D U i P j U 4 O D J m Z G E 5 N 2 Z k Z j c 4 Y j Q 3 M D g x Y 2 M 0 M T A 1 Z D Q 0 Z j d j P C 9 D b 250 Z W 50 P g o g I C A g I C A 8 L 0 l u Z G l j Y X R v c k l 0 Z W 0 + C i A g I C A g I D x J b m R p Y 2 F 0 b 3 J J d G V t I G l k P S J i N D h h N z A x M S 0 1 O W Q 5 L T R j N T M t O G Q 2 Y y 0 y N z E w Z D c w N W I w Y z Y i I G N v b m R p d G l v b j 0 i a X M i P g o g I C A g I C A g I D x D b 250 Z X h 0 I G R v Y 3 V t Z W 50 P S J G a W x
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-0784-49fe-bdff-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-0784-49fe-bdff-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-0784-49fe-bdff-b9b0950d210b" ,
"value" : "https://github.com/fireeye/iocs/tree/master/APT28"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-3364-46b3-9145-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-3364-46b3-9145-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-3364-46b3-9145-b9b0950d210b" ,
"value" : "https://github.com/fireeye/iocs/blob/master/APT28/0ff58bf9-1c07-42f6-b135-b18c139f631a.ioc"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-b254-4a77-8bc0-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-b254-4a77-8bc0-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-b254-4a77-8bc0-b9b0950d210b" ,
"value" : "https://github.com/fireeye/iocs/blob/master/APT28/a438caeb-96dd-4225-853c-fc5910980961.ioc"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-b94c-41ae-9be0-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-b94c-41ae-9be0-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-b94c-41ae-9be0-b9b0950d210b" ,
"value" : "https://github.com/fireeye/iocs/blob/master/APT28/a6c6dbf0-d72a-4f07-8b11-55527aef4755.ioc"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-354c-4406-8bde-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-354c-4406-8bde-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-354c-4406-8bde-b9b0950d210b" ,
"value" : "https://github.com/fireeye/iocs/blob/master/APT28/bdf7929c-3f0b-4fdd-bcc5-b4a82554ad92.ioc"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-24ac-4754-a2a6-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-24ac-4754-a2a6-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-24ac-4754-a2a6-b9b0950d210b" ,
"value" : "https://github.com/fireeye/iocs/blob/master/APT28/e1cbf7ca-4938-4d3c-a7e6-3ff966516191.ioc"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-969c-4f4b-a2c1-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-969c-4f4b-a2c1-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-969c-4f4b-a2c1-b9b0950d210b" ,
"value" : "https://raw.githubusercontent.com/fireeye/iocs/master/APT28/0ff58bf9-1c07-42f6-b135-b18c139f631a.ioc"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-dd3c-426c-ae5a-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-dd3c-426c-ae5a-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-dd3c-426c-ae5a-b9b0950d210b" ,
"value" : "https://raw.githubusercontent.com/fireeye/iocs/master/APT28/a438caeb-96dd-4225-853c-fc5910980961.ioc"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-60d4-4a77-b1c4-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-60d4-4a77-b1c4-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-60d4-4a77-b1c4-b9b0950d210b" ,
"value" : "https://raw.githubusercontent.com/fireeye/iocs/master/APT28/a6c6dbf0-d72a-4f07-8b11-55527aef4755.ioc"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-bbc8-45b9-899f-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-bbc8-45b9-899f-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-bbc8-45b9-899f-b9b0950d210b" ,
"value" : "https://raw.githubusercontent.com/fireeye/iocs/master/APT28/bdf7929c-3f0b-4fdd-bcc5-b4a82554ad92.ioc"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--54515172-e024-4106-9098-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:43:30.000Z" ,
"modified" : "2014-10-29T20:43:30.000Z" ,
"first_observed" : "2014-10-29T20:43:30Z" ,
"last_observed" : "2014-10-29T20:43:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--54515172-e024-4106-9098-b9b0950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--54515172-e024-4106-9098-b9b0950d210b" ,
"value" : "https://raw.githubusercontent.com/fireeye/iocs/master/APT28/e1cbf7ca-4938-4d3c-a7e6-3ff966516191.ioc"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--545151b0-b7b4-4d33-a3c6-6181950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:44:32.000Z" ,
"modified" : "2014-10-29T20:44:32.000Z" ,
"pattern" : "[domain-name:value = 'smigroup-online.co.uk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T20:44:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--545154ef-0bac-4215-ba2d-4ab3950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:58:23.000Z" ,
"modified" : "2014-10-29T20:58:23.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "OLDBAIT"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--545154ef-3db8-4a5a-9726-47c9950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:58:23.000Z" ,
"modified" : "2014-10-29T20:58:23.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "EVILTOSS"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--545154ef-3854-4a2b-9b51-403e950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:58:23.000Z" ,
"modified" : "2014-10-29T20:58:23.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "CHOPSTICK"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--545154ef-7dfc-4e2c-88b8-4fab950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T20:58:23.000Z" ,
"modified" : "2014-10-29T20:58:23.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "SOURFACE"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5451559b-be98-46ff-9f68-800f950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T21:01:15.000Z" ,
"modified" : "2014-10-29T21:01:15.000Z" ,
"pattern" : "[domain-name:value = 'g0v.pl']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T21:01:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5451559b-5a28-4c55-ba34-800f950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T21:01:15.000Z" ,
"modified" : "2014-10-29T21:01:15.000Z" ,
"pattern" : "[domain-name:value = 'nshq.in']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T21:01:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5451559b-69cc-4db0-a51c-800f950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T21:01:15.000Z" ,
"modified" : "2014-10-29T21:01:15.000Z" ,
"pattern" : "[domain-name:value = 'baltichost.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T21:01:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--545155d1-e76c-4f65-aae3-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T21:02:09.000Z" ,
"modified" : "2014-10-29T21:02:09.000Z" ,
"pattern" : "[domain-name:value = 'mail.g0v.pl']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T21:02:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--545155d1-4304-461e-9615-b9b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2014-10-29T21:02:09.000Z" ,
"modified" : "2014-10-29T21:02:09.000Z" ,
"pattern" : "[domain-name:value = 'nato.nshq.in']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2014-10-29T21:02:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fb9-0644-4c76-b9d5-c653950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:37.000Z" ,
"modified" : "2016-02-18T22:03:37.000Z" ,
"description" : "Automatically added (via 8c4fa713c5e2b009114adda758adc445)" ,
"pattern" : "[file:hashes.SHA1 = 'f5b3e98c6b5d65807da66d50bd5730d35692174d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fbc-c38c-4ebe-a6b2-40e8950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:40.000Z" ,
"modified" : "2016-02-18T22:03:40.000Z" ,
"description" : "Automatically added (via 48656a93f9ba39410763a2196aabc67f)" ,
"pattern" : "[file:hashes.SHA1 = 'a8551397e1f1a2c0148e6eadcb56fa35ee6009ca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fbf-d514-4dbf-b3dc-599c950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:43.000Z" ,
"modified" : "2016-02-18T22:03:43.000Z" ,
"description" : "Automatically added (via ead4ec18ebce6890d20757bb9f5285b1)" ,
"pattern" : "[file:hashes.SHA1 = 'ed48ef531d96e8c7360701da1c57e2ff13f12405']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fc1-5308-452f-8ea2-4958950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:45.000Z" ,
"modified" : "2016-02-18T22:03:45.000Z" ,
"description" : "Automatically added (via 791428601ad12b9230b9ace4f2138713)" ,
"pattern" : "[file:hashes.SHA1 = '367d40465fd1633c435b966fa9b289188aa444bc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fc4-59e8-4951-8576-c652950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:48.000Z" ,
"modified" : "2016-02-18T22:03:48.000Z" ,
"description" : "Automatically added (via 5882fda97fdf78b47081cc4105d44f7c)" ,
"pattern" : "[file:hashes.SHA1 = 'cf3220c867b81949d1ce2b36446642de7894c6dc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fc6-f364-4e59-a679-c650950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:50.000Z" ,
"modified" : "2016-02-18T22:03:50.000Z" ,
"description" : "Automatically added (via 3b0ecd011500f61237c205834db0e13a)" ,
"pattern" : "[file:hashes.SHA1 = '682e49efa6d2549147a21993d64291bfa40d815a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fc9-2818-407f-8c13-42f1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:53.000Z" ,
"modified" : "2016-02-18T22:03:53.000Z" ,
"description" : "Automatically added (via 1259c4fe5efd9bf07fc4c78466f2dd09)" ,
"pattern" : "[file:hashes.SHA1 = 'd9c53adce8c35ec3b1e015ec8011078902e6800b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fcc-fa60-440b-bb3f-59a1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:56.000Z" ,
"modified" : "2016-02-18T22:03:56.000Z" ,
"description" : "Automatically added (via da2a657dc69d7320f2ffc87013f257ad)" ,
"pattern" : "[file:hashes.SHA1 = '6316258ca5ba2d85134ad7427f24a8a51ce4815b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fcf-2d28-4d26-b266-c652950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:59.000Z" ,
"modified" : "2016-02-18T22:03:59.000Z" ,
"description" : "Automatically added (via 9eebfebe3987fec3c395594dc57a0c4c)" ,
"pattern" : "[file:hashes.SHA1 = 'e2450dffa675c61aa43077b25b12851a910eeeb6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fd1-439c-4d04-9e0d-c651950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:04:01.000Z" ,
"modified" : "2016-02-18T22:04:01.000Z" ,
"description" : "Automatically added (via 8b92fe86c5b7a9e34f433a6fbac8bc3a)" ,
"pattern" : "[file:hashes.SHA1 = '85522190958c82589fa290c0835805f3d9a2f8d6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:04:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fd4-1d2c-453b-873d-5ca1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:04:04.000Z" ,
"modified" : "2016-02-18T22:04:04.000Z" ,
"description" : "Automatically added (via 272f0fde35dbdfccbca1e33373b3570d)" ,
"pattern" : "[file:hashes.SHA1 = 'd87b310aa81ae6254fff27b7d57f76035f544073']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:04:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fbb-19c0-43af-a6b7-599f950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:39.000Z" ,
"modified" : "2016-02-18T22:03:39.000Z" ,
"description" : "Automatically added (via 8c4fa713c5e2b009114adda758adc445)" ,
"pattern" : "[file:hashes.SHA256 = 'd58f2a799552aff8358e9c63a4345ea971b27edd14b8eac825db30a8321d1a7a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fbd-3ca8-4b5b-91d1-4b0d950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:41.000Z" ,
"modified" : "2016-02-18T22:03:41.000Z" ,
"description" : "Automatically added (via 48656a93f9ba39410763a2196aabc67f)" ,
"pattern" : "[file:hashes.SHA256 = 'c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fc0-ec50-4ce9-95e1-599d950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:44.000Z" ,
"modified" : "2016-02-18T22:03:44.000Z" ,
"description" : "Automatically added (via ead4ec18ebce6890d20757bb9f5285b1)" ,
"pattern" : "[file:hashes.SHA256 = '7695f20315f84bb1d940149b17dd58383210ea3498450b45fefa22a450e79683']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fc2-d3a8-4484-977c-44e8950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:46.000Z" ,
"modified" : "2016-02-18T22:03:46.000Z" ,
"description" : "Automatically added (via 791428601ad12b9230b9ace4f2138713)" ,
"pattern" : "[file:hashes.SHA256 = '29cc2e69f65b9ce5fe04eb9b65942b2dabf48e41770f0a49eb698271b99d2787']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fc5-4654-4248-b045-599c950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:49.000Z" ,
"modified" : "2016-02-18T22:03:49.000Z" ,
"description" : "Automatically added (via 5882fda97fdf78b47081cc4105d44f7c)" ,
"pattern" : "[file:hashes.SHA256 = '744f2a1e1a62dff2a8d5bd273304a4d21ee37a3c9b0bdcffeeca50374bd10a39']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fc8-fe70-4a09-8e89-c651950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:52.000Z" ,
"modified" : "2016-02-18T22:03:52.000Z" ,
"description" : "Automatically added (via 3b0ecd011500f61237c205834db0e13a)" ,
"pattern" : "[file:hashes.SHA256 = '7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fca-b464-4f85-8926-59a2950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:54.000Z" ,
"modified" : "2016-02-18T22:03:54.000Z" ,
"description" : "Automatically added (via 1259c4fe5efd9bf07fc4c78466f2dd09)" ,
"pattern" : "[file:hashes.SHA256 = '102b0158bcd5a8b64de44d9f765193dd80df1504e398ce52d37b7c8c33f2552a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fcd-0868-4b54-a95d-5ca1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:03:57.000Z" ,
"modified" : "2016-02-18T22:03:57.000Z" ,
"description" : "Automatically added (via da2a657dc69d7320f2ffc87013f257ad)" ,
"pattern" : "[file:hashes.SHA256 = 'd54173be095b688016528f18dc97f2d583efcf5ce562ec766afc0b294eb51ac7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:03:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fd0-08cc-4889-8343-4d32950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:04:00.000Z" ,
"modified" : "2016-02-18T22:04:00.000Z" ,
"description" : "Automatically added (via 9eebfebe3987fec3c395594dc57a0c4c)" ,
"pattern" : "[file:hashes.SHA256 = 'e6d09ce32cc62b6f17279204fac1771a6eb35077bb79471115e8dfed2c86cd75']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:04:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fd2-40b8-4459-8d9a-c653950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:04:02.000Z" ,
"modified" : "2016-02-18T22:04:02.000Z" ,
"description" : "Automatically added (via 8b92fe86c5b7a9e34f433a6fbac8bc3a)" ,
"pattern" : "[file:hashes.SHA256 = '03ed773bde6c6a1ac3b24bde6003322df8d41d3d1c85109b8669c430b58d2f69']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:04:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c63fd5-98f8-4ed5-bc19-c654950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-18T22:04:05.000Z" ,
"modified" : "2016-02-18T22:04:05.000Z" ,
"description" : "Automatically added (via 272f0fde35dbdfccbca1e33373b3570d)" ,
"pattern" : "[file:hashes.SHA256 = '423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-18T22:04:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:GREEN" ,
"definition" : {
"tlp" : "green"
}
}
2023-04-21 13:25:09 +00:00
]
}
