2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--553ea363-7aa4-426b-8f54-ad70950d210b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2018-02-04T21:23:19.000Z",
|
|
|
|
"modified": "2018-02-04T21:23:19.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--553ea363-7aa4-426b-8f54-ad70950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2018-02-04T21:23:19.000Z",
|
|
|
|
"modified": "2018-02-04T21:23:19.000Z",
|
|
|
|
"name": "OSINT Attacks against Israeli & Palestinian interests by PwC",
|
|
|
|
"published": "2018-02-04T21:23:44Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--553ea3e2-9adc-4432-b00b-ba7f950d210b",
|
|
|
|
"url--553ea3e2-9adc-4432-b00b-ba7f950d210b",
|
|
|
|
"indicator--553ea3fc-c4a4-4b75-a18f-5c47950d210b",
|
|
|
|
"indicator--553ea4d0-c458-4826-a414-f38d950d210b",
|
|
|
|
"indicator--553ea4d0-9d08-4aab-880c-f38d950d210b",
|
|
|
|
"indicator--553ea4d0-f5f8-45a5-ab07-f38d950d210b",
|
|
|
|
"indicator--553ea4d0-9e28-4402-8ff5-f38d950d210b",
|
|
|
|
"indicator--553ea4d0-79d4-4e9a-958d-f38d950d210b",
|
|
|
|
"indicator--553ea4d0-d928-489f-a732-f38d950d210b",
|
|
|
|
"indicator--553ea501-72f4-4d3b-98c4-ba7f950d210b",
|
|
|
|
"indicator--553ea501-1dcc-4f72-9c81-ba7f950d210b",
|
|
|
|
"indicator--553ea501-3c3c-471a-a77a-ba7f950d210b",
|
|
|
|
"indicator--553ea501-aa08-4dca-bb1e-ba7f950d210b",
|
|
|
|
"indicator--553ea501-fd98-4bc9-8e8b-ba7f950d210b",
|
|
|
|
"indicator--553ea502-892c-4052-a59a-ba7f950d210b",
|
|
|
|
"indicator--553ea502-cd08-4911-8ac1-ba7f950d210b",
|
|
|
|
"indicator--553ea502-1cc0-426e-baa7-ba7f950d210b",
|
|
|
|
"indicator--553ea502-a180-48a0-8f41-ba7f950d210b",
|
|
|
|
"indicator--553ea502-e1d8-4fb1-8563-ba7f950d210b",
|
|
|
|
"indicator--553ea502-31e4-419a-ac77-ba7f950d210b",
|
|
|
|
"indicator--553ea502-03c8-44d2-9ae9-ba7f950d210b",
|
|
|
|
"indicator--553ea502-d2b4-4126-9e14-ba7f950d210b",
|
|
|
|
"indicator--553ea502-47b4-41f6-9ff5-ba7f950d210b",
|
|
|
|
"indicator--553ea503-b0c8-41b8-9796-ba7f950d210b",
|
|
|
|
"indicator--553ea503-0b48-4cc0-8338-ba7f950d210b",
|
|
|
|
"indicator--553ea503-60c0-4dfb-b454-ba7f950d210b",
|
|
|
|
"indicator--553ea503-7b94-42a9-a8b1-ba7f950d210b",
|
|
|
|
"indicator--553ea503-27c8-4b7c-813e-ba7f950d210b",
|
|
|
|
"indicator--553ea503-17fc-45d2-9e68-ba7f950d210b",
|
|
|
|
"indicator--553ea503-8774-40eb-a148-ba7f950d210b",
|
|
|
|
"indicator--553ea503-8764-4007-996a-ba7f950d210b",
|
|
|
|
"indicator--553ea504-dd68-4ced-a258-ba7f950d210b",
|
|
|
|
"indicator--553ea504-4424-4719-95ee-ba7f950d210b",
|
|
|
|
"indicator--553ea504-a148-492d-bc71-ba7f950d210b",
|
|
|
|
"indicator--553ea5a6-cf94-4fec-b254-f38d950d210b",
|
|
|
|
"indicator--553ea5a6-a648-4baa-a14b-f38d950d210b",
|
|
|
|
"indicator--553ea5a6-100c-4a1f-90a0-f38d950d210b",
|
|
|
|
"indicator--553ea5af-75ec-4da4-a9f3-7df3950d210b",
|
|
|
|
"indicator--553ea5b0-5ec0-439a-a136-7df3950d210b",
|
|
|
|
"indicator--553ea5b0-1f80-471e-a215-7df3950d210b",
|
|
|
|
"indicator--553ea5b0-1df4-4954-a9d7-7df3950d210b",
|
|
|
|
"indicator--553ea5b0-d1e4-4528-ad67-7df3950d210b",
|
|
|
|
"indicator--553ea5b0-6a6c-4de7-916c-7df3950d210b",
|
|
|
|
"indicator--553ea5b0-2748-47ba-8a3d-7df3950d210b",
|
|
|
|
"indicator--553ea5b0-cbe8-4e49-9754-7df3950d210b",
|
|
|
|
"indicator--553ea5b0-e890-4d0d-8da7-7df3950d210b",
|
|
|
|
"indicator--553ea5b1-bd38-4152-995d-7df3950d210b",
|
|
|
|
"indicator--553ea5b1-4a9c-40f4-b633-7df3950d210b",
|
|
|
|
"indicator--553ea5b1-4770-487a-a2c2-7df3950d210b",
|
|
|
|
"indicator--553ea5b1-1b24-44a5-b4d7-7df3950d210b",
|
|
|
|
"indicator--553ea5b1-ff54-4d56-9f0d-7df3950d210b",
|
|
|
|
"indicator--553ea5b1-2aa0-44eb-a0b8-7df3950d210b",
|
|
|
|
"indicator--553ea5b1-a00c-4d40-953b-7df3950d210b",
|
|
|
|
"indicator--553ea5b1-6898-456d-9d88-7df3950d210b",
|
|
|
|
"indicator--553ea5b2-2d68-4aac-993d-7df3950d210b",
|
|
|
|
"indicator--553ea5b2-bce0-45e2-879f-7df3950d210b",
|
|
|
|
"indicator--553ea5b2-0c54-48ce-b636-7df3950d210b",
|
|
|
|
"indicator--553ea5b2-828c-403e-8831-7df3950d210b",
|
|
|
|
"indicator--553ea5b2-3928-4247-86fd-7df3950d210b",
|
|
|
|
"indicator--553ea5b2-da54-47ca-9cc0-7df3950d210b",
|
|
|
|
"indicator--553ea5b2-b9d8-4001-b6b5-7df3950d210b",
|
|
|
|
"indicator--553ea5b2-636c-4895-ab17-7df3950d210b",
|
|
|
|
"indicator--553ea5b3-2500-4957-9bf5-7df3950d210b",
|
|
|
|
"indicator--553ea5b3-cfd4-49c4-8a27-7df3950d210b",
|
|
|
|
"indicator--553ea5b3-2680-4ef8-abfa-7df3950d210b",
|
|
|
|
"indicator--553ea5b3-5980-4491-b72c-7df3950d210b",
|
|
|
|
"indicator--553ea5b3-3a8c-4000-bd10-7df3950d210b",
|
|
|
|
"indicator--553ea5b3-6df4-439a-b3fb-7df3950d210b",
|
|
|
|
"indicator--553ea5b3-07fc-4556-8e61-7df3950d210b",
|
|
|
|
"indicator--553ea5f1-4f74-4b2e-8aef-069f950d210b",
|
|
|
|
"indicator--553ea5f1-60a8-4e91-8a5e-069f950d210b",
|
|
|
|
"indicator--553ea5f1-dfcc-4832-ab96-069f950d210b",
|
|
|
|
"indicator--553ea5f1-e7a8-45d5-ad9c-069f950d210b",
|
|
|
|
"indicator--553ea5f1-e79c-4df8-afa5-069f950d210b",
|
|
|
|
"indicator--553ea5f1-5370-4b69-b208-069f950d210b",
|
|
|
|
"indicator--553ea5f1-21b4-4d4f-99a0-069f950d210b",
|
|
|
|
"indicator--553ea5f1-ff3c-4991-bce3-069f950d210b",
|
|
|
|
"indicator--553ea5f2-38b4-45e5-af77-069f950d210b",
|
|
|
|
"indicator--553ea5f2-da38-44ad-8510-069f950d210b",
|
|
|
|
"indicator--553ea60d-1f7c-4bf6-8aa7-f38d950d210b",
|
|
|
|
"indicator--553ea69e-bdd8-410b-98f2-7df4950d210b",
|
|
|
|
"indicator--553ea69e-f448-4133-952a-7df4950d210b",
|
|
|
|
"indicator--553ea69e-3fe0-4239-81ac-7df4950d210b",
|
|
|
|
"observed-data--553ea6e9-68bc-4fea-8b0d-ad6d950d210b",
|
|
|
|
"url--553ea6e9-68bc-4fea-8b0d-ad6d950d210b",
|
|
|
|
"indicator--56c65b66-31cc-44b3-87d8-599d950d210f",
|
|
|
|
"indicator--56c65b68-1028-4690-ad05-4bd6950d210f",
|
|
|
|
"indicator--56c65b6a-fa68-4335-b1b2-599f950d210f",
|
|
|
|
"indicator--56c65b6c-6984-41f1-80f7-599d950d210f",
|
|
|
|
"indicator--56c65b6d-eb60-41d2-b66e-5ca1950d210f",
|
|
|
|
"indicator--56c65b6f-0fe8-462a-921d-59a4950d210f",
|
|
|
|
"indicator--56c65b71-0c60-46ca-bc16-c650950d210f",
|
|
|
|
"indicator--56c65b73-aac4-4165-8338-59a2950d210f",
|
|
|
|
"indicator--56c65b75-278c-421b-9ac1-48b5950d210f",
|
|
|
|
"indicator--56c65b76-8798-4e2a-8e18-c652950d210f",
|
|
|
|
"indicator--56c65b78-c284-4c46-85d8-c654950d210f",
|
|
|
|
"indicator--56c65b7a-41b0-4394-8896-401d950d210f",
|
|
|
|
"indicator--56c65b7b-b638-45c6-8805-457c950d210f",
|
|
|
|
"indicator--56c65b7e-2340-4582-8742-4ef7950d210f",
|
|
|
|
"indicator--56c65b7f-b440-49df-8790-c651950d210f",
|
|
|
|
"indicator--56c65b81-9f28-4766-9da8-599f950d210f",
|
|
|
|
"indicator--56c65b83-088c-4a6c-b26e-4eb5950d210f",
|
|
|
|
"indicator--56c65b85-3fd0-446d-b27e-599e950d210f",
|
|
|
|
"indicator--56c65b87-3bf0-4bf8-9b1b-59a1950d210f",
|
|
|
|
"indicator--56c65b88-8ec8-4223-8876-5f51950d210f",
|
|
|
|
"indicator--56c65b8a-e6e8-4d6d-a440-5ca1950d210f",
|
|
|
|
"indicator--56c65b67-02cc-4e07-ab72-c652950d210f",
|
|
|
|
"indicator--56c65b68-8d98-45bb-a12e-4ad8950d210f",
|
|
|
|
"indicator--56c65b6a-7dfc-4cbf-b4eb-5f51950d210f",
|
|
|
|
"indicator--56c65b6c-7518-408a-9df8-599c950d210f",
|
|
|
|
"indicator--56c65b6e-f1ec-4cd4-8003-408b950d210f",
|
|
|
|
"indicator--56c65b70-3e28-4f7e-8aec-c654950d210f",
|
|
|
|
"indicator--56c65b72-2fc4-4f2f-b527-c653950d210f",
|
|
|
|
"indicator--56c65b73-da4c-4630-bc08-59a1950d210f",
|
|
|
|
"indicator--56c65b75-0c00-400e-ad78-4c81950d210f",
|
|
|
|
"indicator--56c65b77-c504-4b7f-b510-599e950d210f",
|
|
|
|
"indicator--56c65b79-cbd0-4b99-97e9-c651950d210f",
|
|
|
|
"indicator--56c65b7a-43c8-4f09-99c6-59a1950d210f",
|
|
|
|
"indicator--56c65b7c-f558-467f-beaf-c654950d210f",
|
|
|
|
"indicator--56c65b7e-d13c-447d-847d-c653950d210f",
|
|
|
|
"indicator--56c65b80-145c-4b6a-9286-4696950d210f",
|
|
|
|
"indicator--56c65b82-bae8-48d4-83c2-c651950d210f",
|
|
|
|
"indicator--56c65b84-d4ac-4702-8e6c-599d950d210f",
|
|
|
|
"indicator--56c65b86-df2c-4d5a-afb9-59a2950d210f",
|
|
|
|
"indicator--56c65b87-b28c-451d-865b-599c950d210f",
|
|
|
|
"indicator--56c65b89-c7ec-4143-9e7e-c652950d210f",
|
|
|
|
"indicator--56c65b8b-dab0-4b90-a6d3-47d7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--553ea3e2-9adc-4432-b00b-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:02:26.000Z",
|
|
|
|
"modified": "2015-04-27T21:02:26.000Z",
|
|
|
|
"first_observed": "2015-04-27T21:02:26Z",
|
|
|
|
"last_observed": "2015-04-27T21:02:26Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--553ea3e2-9adc-4432-b00b-ba7f950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--553ea3e2-9adc-4432-b00b-ba7f950d210b",
|
|
|
|
"value": "http://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea3fc-c4a4-4b75-a18f-5c47950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:02:52.000Z",
|
|
|
|
"modified": "2015-04-27T21:02:52.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ecc240f1983007177bc5bbecba50eea27b80fd3d14fd261bef6cda10b8ffe1e9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:02:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea4d0-c458-4826-a414-f38d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:06:24.000Z",
|
|
|
|
"modified": "2015-04-27T21:06:24.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rotter2.sytes.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:06:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea4d0-9d08-4aab-880c-f38d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:06:24.000Z",
|
|
|
|
"modified": "2015-04-27T21:06:24.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'haartezenglish.strangled.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:06:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea4d0-f5f8-45a5-ab07-f38d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:06:24.000Z",
|
|
|
|
"modified": "2015-04-27T21:06:24.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'wallanews.sytes.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:06:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea4d0-9e28-4402-8ff5-f38d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:06:24.000Z",
|
|
|
|
"modified": "2015-04-27T21:06:24.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ynet.sytes.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:06:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea4d0-79d4-4e9a-958d-f38d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:06:24.000Z",
|
|
|
|
"modified": "2015-04-27T21:06:24.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'safar.selfip.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:06:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea4d0-d928-489f-a732-f38d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:06:24.000Z",
|
|
|
|
"modified": "2015-04-27T21:06:24.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'depka.sytes.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:06:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea501-72f4-4d3b-98c4-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8993a516404c0dd62692f3ce5055d4ddee7e29ad4bb6aa29f67114eeeaee26b9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea501-1dcc-4f72-9c81-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bfe727f2f238f11eb989e5b76efd24ad2b41df3cf7dabf7077dfaace834e7f03']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea501-3c3c-471a-a77a-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'dad34d2cb2aa9662d4a4148481ae018f5816498f30cc7aee4919e0e9fe6b9e08']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea501-aa08-4dca-bb1e-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2cb9df0d52d09c98f0a97ce71eb8805f224945cadab7d615ef0257b7b09c80d3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea501-fd98-4bc9-8e8b-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f53fd5389b09c6ad289736720e72392dd5f30a1f7822dbc8c7c2e2b655b4dad9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea502-892c-4052-a59a-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea502-cd08-4911-8ac1-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '95b2f926ae173ab45d6dac4039f0b91eb24699e6d11b621bbcebd860752e5d5e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea502-1cc0-426e-baa7-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'da63f6392ce6af83f6d944fa1bd3f28082345fec928647ee7ef9939fac7b2e6c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea502-a180-48a0-8f41-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea502-e1d8-4fb1-8563-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea502-31e4-419a-ac77-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e945b055fb4057a396506c74f73b873694125e6178a40d10cabf24b2d89d598f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea502-03c8-44d2-9ae9-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c9e084eb1ce1066ee063f860c13a8f7d2ead97495036855fc956dacc9a24ea68']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea502-d2b4-4126-9e14-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '047e8d542e2fcdf0f4dd45e2b19848771d01abc90d161d05242b79c52cdd248d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea502-47b4-41f6-9ff5-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea503-b0c8-41b8-9796-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:15.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b0edbd0f44df72e0fad3fb73948444a4df5143ed954c9116eb1a7b606841f187']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea503-0b48-4cc0-8338-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:15.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea503-60c0-4dfb-b454-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:15.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f969bf3b7a9821b3b2d5de889b5af7af25972b25ba59e4e9439f87fe90f1c404']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea503-7b94-42a9-a8b1-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:15.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '14be3a9a2a4261cb365915e720486a0632dbebb06fe68fb669ae67aa9b18507b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea503-27c8-4b7c-813e-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:15.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea503-17fc-45d2-9e68-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:15.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b3a47e0bc0af49b46bc0c1158089bf200856ff462a5334df2b5c11e69c8b1ada']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea503-8774-40eb-a148-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:15.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '324ce011b913feec4adb916f32c743a243f07dccb51b49c0122c4fa4a8e2bded']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea503-8764-4007-996a-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:15.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd6df5943169b48ac58fc28bb665fe8800c265b65fff8a2217b70703a4d3a7277']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea504-dd68-4ced-a258-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:16.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:16.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '88e7a7e815565b92af81761ae7b9153b7507677df3d3b77e8ce68787ad1826d4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea504-4424-4719-95ee-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:16.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:16.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f51d4155534e10c09b531acc41458e8ff3b7879f4ee7d3ee99f16180c4caf0ee']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea504-a148-492d-bc71-ba7f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:07:16.000Z",
|
|
|
|
"modified": "2015-04-27T21:07:16.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:07:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5a6-cf94-4fec-b254-f38d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:09:58.000Z",
|
|
|
|
"modified": "2015-04-27T21:09:58.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'cbbnews.tk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:09:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5a6-a648-4baa-a14b-f38d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:09:58.000Z",
|
|
|
|
"modified": "2015-04-27T21:09:58.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'chromeupdt.tk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:09:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5a6-100c-4a1f-90a0-f38d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:09:58.000Z",
|
|
|
|
"modified": "2015-04-27T21:09:58.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'store-legal.biz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:09:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5af-75ec-4da4-a9f3-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:07.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:07.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ajaxo.zapto.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b0-5ec0-439a-a136-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:08.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:08.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'backjadwer.bounceme.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b0-1f80-471e-a215-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:08.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:08.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'bandao.publicvm.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b0-1df4-4954-a9d7-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:08.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:08.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'deapka.sytes.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b0-d1e4-4528-ad67-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:08.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:08.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'download.likescandy.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b0-6a6c-4de7-916c-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:08.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:08.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'downloadlog.linkpc.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b0-2748-47ba-8a3d-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:08.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:08.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'downloadmyhost.zapto.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b0-cbe8-4e49-9754-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:08.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:08.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'downloadskype.cf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b0-e890-4d0d-8da7-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:08.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:08.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'duntat.zapto.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b1-bd38-4152-995d-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:09.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'fastbingcom.sytes.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b1-4a9c-40f4-b633-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:09.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'gaonsmom.redirectme.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b1-4770-487a-a2c2-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:09.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'haartezenglish.redirectme.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b1-1b24-44a5-b4d7-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:09.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'help2014.linkpc.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b1-ff54-4d56-9f0d-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:09.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'kaliob.selfip.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b1-2aa0-44eb-a0b8-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:09.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'kaswer12.strangled.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b1-a00c-4d40-953b-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:09.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'kaswer13.zapto.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b1-6898-456d-9d88-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:09.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'kolabdown.sytes.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b2-2d68-4aac-993d-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:10.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'lilian.redirectme.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b2-bce0-45e2-879f-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:10.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'nazer.zapto.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b2-0c54-48ce-b636-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:10.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'noredirecto.redirectme.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b2-828c-403e-8831-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:10.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'orango.redirectme.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b2-3928-4247-86fd-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:10.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'redirectlnk.redirectme.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b2-da54-47ca-9cc0-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:10.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rotter2.publicvm.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b2-b9d8-4001-b6b5-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:10.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'safara.sytes.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b2-636c-4895-ab17-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:10.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'safari.linkpc.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b3-2500-4957-9bf5-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:11.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tango.zapto.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b3-cfd4-49c4-8a27-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:11.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'thenewupdate.chickenkiller.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b3-2680-4ef8-abfa-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:11.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'thenewupdatee.redirectme.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b3-5980-4491-b72c-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:11.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'totoman.no-ip.biz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b3-3a8c-4000-bd10-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:11.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'wallanews.publicvm.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b3-6df4-439a-b3fb-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:11.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'webfile.myq-see.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5b3-07fc-4556-8e61-7df3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:10:11.000Z",
|
|
|
|
"modified": "2015-04-27T21:10:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ynet.ignorelist.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:10:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5f1-4f74-4b2e-8aef-069f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:11:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:11:13.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.33.168.150']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:11:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5f1-60a8-4e91-8a5e-069f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:11:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:11:13.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.45.193.4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:11:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5f1-dfcc-4832-ab96-069f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:11:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:11:13.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.114.62.213']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:11:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5f1-e7a8-45d5-ad9c-069f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:11:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:11:13.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.72.136.11']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:11:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5f1-e79c-4df8-afa5-069f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:11:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:11:13.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.72.136.171']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:11:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5f1-5370-4b69-b208-069f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:11:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:11:13.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.253.246.169']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:11:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5f1-21b4-4d4f-99a0-069f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:11:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:11:13.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.122.96']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:11:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5f1-ff3c-4991-bce3-069f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:11:13.000Z",
|
|
|
|
"modified": "2015-04-27T21:11:13.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.72.136.124']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:11:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5f2-38b4-45e5-af77-069f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:11:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:11:14.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.168.129.29']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:11:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea5f2-da38-44ad-8510-069f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:11:14.000Z",
|
|
|
|
"modified": "2015-04-27T21:11:14.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.122.9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:11:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea60d-1f7c-4bf6-8aa7-f38d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2018-02-04T21:23:18.000Z",
|
|
|
|
"modified": "2018-02-04T21:23:18.000Z",
|
|
|
|
"pattern": "[rule DownExecute_A {\r\nmeta:\r\n author = \"PwC Cyber Threat Operations :: @tlansec\"\r\n date = \"2015-04\"\r\n reference = \"http://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html\"\r\n description = \"Malware is often wrapped/protected, best to run on memory\"\r\n \r\nstrings:\r\n $winver1 = \"win 8.1\"\r\n $winver2 = \"win Server 2012 R2\"\r\n $winver3 = \"win Srv 2012\"\r\n $winver4 = \"win srv 2008 R2\"\r\n $winver5 = \"win srv 2008\"\r\n $winver6 = \"win vsta\"\r\n $winver7 = \"win srv 2003 R2\"\r\n $winver8 = \"win hm srv\"\r\n $winver9 = \"win Strg srv 2003\"\r\n $winver10 = \"win srv 2003\"\r\n $winver11 = \"win XP prof x64 edt\"\r\n $winver12 = \"win XP\"\r\n $winver13 = \"win 2000\"\r\n \r\n $pdb1 = \"D:\\\\Acms\\\\2\\\\docs\\\\Visual Studio 2013\\\\Projects\\\\DownloadExcute\\\\DownloadExcute\\\\Release\\\\DownExecute.pdb\"\r\n $pdb2 = \"d:\\\\acms\\\\2\\\\docs\\\\visual studio 2013\\\\projects\\\\downloadexcute\\\\downloadexcute\\\\downexecute\\\\json\\\\rapidjson\\\\writer.h\"\r\n $pdb3 = \":\\\\acms\\\\2\\\\docs\\\\visual studio 2013\\\\projects\\\\downloadexcute\\\\downloadexcute\\\\downexecute\\\\json\\\\rapidjson\\\\internal/stack.h\"\r\n $pdb4 = \"\\\\downloadexcute\\\\downexecute\\\\\"\r\n \r\n $magic1 = \"<Win Get Version Info Name Error\"\r\n $magic2 = \"P@$sw0rd$nd\"\r\n $magic3 = \"$t@k0v2rF10w\"\r\n $magic4 = \"|*|123xXx(Mutex)xXx321|*|6-21-2014-03:06PM\" wide\r\n \r\n $str1 = \"Download Excute\" ascii wide fullword\r\n $str2 = \"EncryptorFunctionPointer %d\"\r\n $str3 = \"%s\\\\%s.lnk\"\r\n $str4 = \"Mac:%s-Cpu:%s-HD:%s\"\r\n $str5 = \"feed back responce of host\"\r\n $str6 = \"GET Token at host\"\r\n $str7 = \"dwn md5 err\"\r\n \r\ncondition:\r\n all of ($winver*) or\r\n any of ($pdb*) or\r\n any of ($magic*) or\r\n 2 of ($str*)\r\n}]",
|
|
|
|
"pattern_type": "yara",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-02-04T21:23:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"yara\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea69e-bdd8-410b-98f2-7df4950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:14:06.000Z",
|
|
|
|
"modified": "2015-04-27T21:14:06.000Z",
|
|
|
|
"pattern": "[alert http any any -> any any (msg:\"--[PwC CTD] -- Unclassified Middle Eastern Actor - DownExecute URI (/dw/gtk)\"; flow:established,to_server; urilen:7; content:\"/dw/gtk\"; http_uri; depth:7; content:\"GET\" ; http_method; content:!\"User-Agent:\"; http_header; content:!\"Referer:\"; http_header; reference:md5,4dd319a230ee3a0735a656231b4c9063; classtype:trojan-activity; metadata:tlp WHITE,author @ipsosCustodes; sid:99999901; rev:2015200401;)]",
|
|
|
|
"pattern_type": "snort",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:14:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"snort\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea69e-f448-4133-952a-7df4950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:14:06.000Z",
|
|
|
|
"modified": "2015-04-27T21:14:06.000Z",
|
|
|
|
"pattern": "[alert http any any -> any any (msg:\"--[PwC CTD] -- Unclassified Middle Eastern Actor - DownExecute URI (/dw/setup)\"; flow:established,to_server; urilen:>8; content:\"/dw/setup\"; http_uri; depth:9; content:\"POST\" ; http_method; reference:md5,4dd319a230ee3a0735a656231b4c9063; classtype:trojan-activity; metadata:tlp WHITE,author @ipsosCustodes; sid:99999902; rev:2015200401;)]",
|
|
|
|
"pattern_type": "snort",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:14:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"snort\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--553ea69e-3fe0-4239-81ac-7df4950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:14:06.000Z",
|
|
|
|
"modified": "2015-04-27T21:14:06.000Z",
|
|
|
|
"pattern": "[alert http any any -> any any (msg:\"--[PwC CTD] -- Unclassified Middle Eastern Actor - DownExecute Headers\"; flow:established,to_server; urilen:>7; content:\"Accept */*\"; http_client_body; content:\"Content-Type: multipart/form-data\\; boundary=------------------------\"; http_header; content: \"ci_session=\"; http_cookie; depth:11; content: \"POST\"; http_method; content:!\"Referer:\"; http_header; content:!\"User-Agent:\"; http_header; reference:md5,4dd319a230ee3a0735a656231b4c9063; classtype:trojan-activity; metadata:tlp WHITE,author @ipsosCustodes; sid:99999903; rev:2015200401;)]",
|
|
|
|
"pattern_type": "snort",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-27T21:14:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"snort\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--553ea6e9-68bc-4fea-8b0d-ad6d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-27T21:15:21.000Z",
|
|
|
|
"modified": "2015-04-27T21:15:21.000Z",
|
|
|
|
"first_observed": "2015-04-27T21:15:21Z",
|
|
|
|
"last_observed": "2015-04-27T21:15:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--553ea6e9-68bc-4fea-8b0d-ad6d950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--553ea6e9-68bc-4fea-8b0d-ad6d950d210b",
|
|
|
|
"value": "https://malwr.com/analysis/N2I1YmExMjNkMmM3NGQwMThlNjg5YmI4OGY3Mjc3ZmI"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b66-31cc-44b3-87d8-599d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:42.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:42.000Z",
|
|
|
|
"description": "Automatically added (via ecc240f1983007177bc5bbecba50eea27b80fd3d14fd261bef6cda10b8ffe1e9)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '360200d659519c5d398b05804975ebbe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b68-1028-4690-ad05-4bd6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:44.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:44.000Z",
|
|
|
|
"description": "Automatically added (via 8993a516404c0dd62692f3ce5055d4ddee7e29ad4bb6aa29f67114eeeaee26b9)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '89ff2642d8c6b0b49a009a36380495a7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b6a-fa68-4335-b1b2-599f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:46.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:46.000Z",
|
|
|
|
"description": "Automatically added (via dad34d2cb2aa9662d4a4148481ae018f5816498f30cc7aee4919e0e9fe6b9e08)",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e540076f48d7069bacb6d607f2d389d9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b6c-6984-41f1-80f7-599d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:48.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:48.000Z",
|
|
|
|
"description": "Automatically added (via 2cb9df0d52d09c98f0a97ce71eb8805f224945cadab7d615ef0257b7b09c80d3)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '77d43f0b32e30a3de6879610666f1b39']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b6d-eb60-41d2-b66e-5ca1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:49.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:49.000Z",
|
|
|
|
"description": "Automatically added (via 1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9)",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ec05a45ebd201a83974229a79979a672']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b6f-0fe8-462a-921d-59a4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:51.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:51.000Z",
|
|
|
|
"description": "Automatically added (via da63f6392ce6af83f6d944fa1bd3f28082345fec928647ee7ef9939fac7b2e6c)",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'cb008f71eb83e68b9f601533910b6cc8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b71-0c60-46ca-bc16-c650950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:53.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:53.000Z",
|
|
|
|
"description": "Automatically added (via a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4)",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'bc42a09888de8b311f2e9ab0fc966c8c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b73-aac4-4165-8338-59a2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:55.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:55.000Z",
|
|
|
|
"description": "Automatically added (via 2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '23108c347282ff101a2104bcf54204a8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b75-278c-421b-9ac1-48b5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:57.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:57.000Z",
|
|
|
|
"description": "Automatically added (via e945b055fb4057a396506c74f73b873694125e6178a40d10cabf24b2d89d598f)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '02305cc3da69cf8d5cd2f6f5ea0ec0e8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b76-8798-4e2a-8e18-c652950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:58.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:58.000Z",
|
|
|
|
"description": "Automatically added (via c9e084eb1ce1066ee063f860c13a8f7d2ead97495036855fc956dacc9a24ea68)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9c85c9400f941c4f2c8a1833fbc9283f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b78-c284-4c46-85d8-c654950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:00.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:00.000Z",
|
|
|
|
"description": "Automatically added (via 25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '27d3105273529cfca93f73865ee43a40']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b7a-41b0-4394-8896-401d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:02.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:02.000Z",
|
|
|
|
"description": "Automatically added (via b0edbd0f44df72e0fad3fb73948444a4df5143ed954c9116eb1a7b606841f187)",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b7b01ee8548d4097f528ae4280834667']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b7b-b638-45c6-8805-457c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:03.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:03.000Z",
|
|
|
|
"description": "Automatically added (via de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '53754fc20891b33d600f57a6e5975a41']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b7e-2340-4582-8742-4ef7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:06.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:06.000Z",
|
|
|
|
"description": "Automatically added (via f969bf3b7a9821b3b2d5de889b5af7af25972b25ba59e4e9439f87fe90f1c404)",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c7063f0178ea48e02f54769c0da275b8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b7f-b440-49df-8790-c651950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:07.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:07.000Z",
|
|
|
|
"description": "Automatically added (via 14be3a9a2a4261cb365915e720486a0632dbebb06fe68fb669ae67aa9b18507b)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '699067ce203ab9893943905e5b76f106']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b81-9f28-4766-9da8-599f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:09.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:09.000Z",
|
|
|
|
"description": "Automatically added (via 488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff)",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b0f49c2c29d3966125dd322a504799c6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b83-088c-4a6c-b26e-4eb5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:11.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:11.000Z",
|
|
|
|
"description": "Automatically added (via b3a47e0bc0af49b46bc0c1158089bf200856ff462a5334df2b5c11e69c8b1ada)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3dcb43a83a53a965b40de316c1593bca']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b85-3fd0-446d-b27e-599e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:13.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:13.000Z",
|
|
|
|
"description": "Automatically added (via 324ce011b913feec4adb916f32c743a243f07dccb51b49c0122c4fa4a8e2bded)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5e43b6ca1fa9536f31e09d9a418ac8c3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b87-3bf0-4bf8-9b1b-59a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:15.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:15.000Z",
|
|
|
|
"description": "Automatically added (via d6df5943169b48ac58fc28bb665fe8800c265b65fff8a2217b70703a4d3a7277)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '18d2222b56a499946e107721e5057a71']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b88-8ec8-4223-8876-5f51950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:16.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:16.000Z",
|
|
|
|
"description": "Automatically added (via f51d4155534e10c09b531acc41458e8ff3b7879f4ee7d3ee99f16180c4caf0ee)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6203dde9fad9da6f9a85d609397105f0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b8a-e6e8-4d6d-a440-5ca1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:18.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:18.000Z",
|
|
|
|
"description": "Automatically added (via bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b)",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7f684863780310a718254ff0f7f28ed2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b67-02cc-4e07-ab72-c652950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:43.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:43.000Z",
|
|
|
|
"description": "Automatically added (via ecc240f1983007177bc5bbecba50eea27b80fd3d14fd261bef6cda10b8ffe1e9)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '53c0008d517ca133be44f172f44c4b129d8e4c7a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b68-8d98-45bb-a12e-4ad8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:44.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:44.000Z",
|
|
|
|
"description": "Automatically added (via 8993a516404c0dd62692f3ce5055d4ddee7e29ad4bb6aa29f67114eeeaee26b9)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '89e71644f5da253f5c22b86eb5914be20fb9b067']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b6a-7dfc-4cbf-b4eb-5f51950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:46.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:46.000Z",
|
|
|
|
"description": "Automatically added (via dad34d2cb2aa9662d4a4148481ae018f5816498f30cc7aee4919e0e9fe6b9e08)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '893723d32824802f95e77c81779c09dac0752b1d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b6c-7518-408a-9df8-599c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:48.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:48.000Z",
|
|
|
|
"description": "Automatically added (via 2cb9df0d52d09c98f0a97ce71eb8805f224945cadab7d615ef0257b7b09c80d3)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e25d458c398b591bb6c6e6c8a3cfff17db2ea090']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b6e-f1ec-4cd4-8003-408b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:50.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:50.000Z",
|
|
|
|
"description": "Automatically added (via 1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'b5ec494f4f82bffbe6d8ddcaa927aabebe2fbd9d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b70-3e28-4f7e-8aec-c654950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:52.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:52.000Z",
|
|
|
|
"description": "Automatically added (via da63f6392ce6af83f6d944fa1bd3f28082345fec928647ee7ef9939fac7b2e6c)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ce92d1c03fc8fc965134b9163fe450794580f120']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b72-2fc4-4f2f-b527-c653950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:54.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:54.000Z",
|
|
|
|
"description": "Automatically added (via a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'a0d914ee2a550f50f4d550863a23f724aab0f3ac']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b73-da4c-4630-bc08-59a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:55.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:55.000Z",
|
|
|
|
"description": "Automatically added (via 2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '278ab45a4c27ec3ba63dff735feccf0ef91132ed']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b75-0c00-400e-ad78-4c81950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:57.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:57.000Z",
|
|
|
|
"description": "Automatically added (via e945b055fb4057a396506c74f73b873694125e6178a40d10cabf24b2d89d598f)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '49ec769c344a9dfbe3c40b0d4511be328c91d983']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b77-c504-4b7f-b510-599e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:01:59.000Z",
|
|
|
|
"modified": "2016-02-19T00:01:59.000Z",
|
|
|
|
"description": "Automatically added (via c9e084eb1ce1066ee063f860c13a8f7d2ead97495036855fc956dacc9a24ea68)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '6293a9dc5b161fe3c26db6bdecc9cba15fdbe50e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:01:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b79-cbd0-4b99-97e9-c651950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:01.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:01.000Z",
|
|
|
|
"description": "Automatically added (via 25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5f0adbe4946e65ca32356e9dc68b6ccc5ef8b01a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b7a-43c8-4f09-99c6-59a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:02.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:02.000Z",
|
|
|
|
"description": "Automatically added (via b0edbd0f44df72e0fad3fb73948444a4df5143ed954c9116eb1a7b606841f187)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'cd195f91a78e478f3b7bef77d4a7f93bccc36f20']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b7c-f558-467f-beaf-c654950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:04.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:04.000Z",
|
|
|
|
"description": "Automatically added (via de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '830be8a5fefd30f2b2697f2c0dded59d9646d017']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b7e-d13c-447d-847d-c653950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:06.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:06.000Z",
|
|
|
|
"description": "Automatically added (via f969bf3b7a9821b3b2d5de889b5af7af25972b25ba59e4e9439f87fe90f1c404)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '89e37cb4324379165a3780bb57a2195ce67937ee']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b80-145c-4b6a-9286-4696950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:08.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:08.000Z",
|
|
|
|
"description": "Automatically added (via 14be3a9a2a4261cb365915e720486a0632dbebb06fe68fb669ae67aa9b18507b)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'cd2565d041bbb3563b605978f4603da78e98e4a0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b82-bae8-48d4-83c2-c651950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:10.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:10.000Z",
|
|
|
|
"description": "Automatically added (via 488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '498edcff006dbf86b36cea721c0541ac86e06d66']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b84-d4ac-4702-8e6c-599d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:12.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:12.000Z",
|
|
|
|
"description": "Automatically added (via b3a47e0bc0af49b46bc0c1158089bf200856ff462a5334df2b5c11e69c8b1ada)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'b95e8757b6935745dab2f6f943c73de3fe7b6d0b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b86-df2c-4d5a-afb9-59a2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:14.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:14.000Z",
|
|
|
|
"description": "Automatically added (via 324ce011b913feec4adb916f32c743a243f07dccb51b49c0122c4fa4a8e2bded)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0700d5b49f9a7f530874355e7c998407c8d21fc7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b87-b28c-451d-865b-599c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:15.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:15.000Z",
|
|
|
|
"description": "Automatically added (via d6df5943169b48ac58fc28bb665fe8800c265b65fff8a2217b70703a4d3a7277)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'c31d298a16a00f9d079afbb9f7f6d711bc96fdeb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b89-c7ec-4143-9e7e-c652950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:17.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:17.000Z",
|
|
|
|
"description": "Automatically added (via f51d4155534e10c09b531acc41458e8ff3b7879f4ee7d3ee99f16180c4caf0ee)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '3ab9230f3e8e4af499040f2d88b9dda5fedbb888']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c65b8b-dab0-4b90-a6d3-47d7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:02:19.000Z",
|
|
|
|
"modified": "2016-02-19T00:02:19.000Z",
|
|
|
|
"description": "Automatically added (via bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '1088706ce7d3c623896c6fed3090eacdca832263']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:02:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|