2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--55e6bb38-180c-4497-afd6-601a950d210b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:45:28.000Z",
|
|
|
|
"modified": "2015-10-13T06:45:28.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--55e6bb38-180c-4497-afd6-601a950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:45:28.000Z",
|
|
|
|
"modified": "2015-10-13T06:45:28.000Z",
|
|
|
|
"name": "OSINT KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia by Palo Alto Networks Unit 42",
|
|
|
|
"published": "2015-10-13T06:45:32Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--55e6bb4b-4460-4261-9e71-67f5950d210b",
|
|
|
|
"url--55e6bb4b-4460-4261-9e71-67f5950d210b",
|
|
|
|
"x-misp-attribute--55e6bb53-2c24-434f-a269-36be950d210b",
|
|
|
|
"indicator--55ed7deb-cc04-406f-8af1-4e21950d210b",
|
|
|
|
"indicator--55ed7deb-9988-4805-a1e6-49f8950d210b",
|
|
|
|
"indicator--55ed7deb-8454-4b5c-b739-4907950d210b",
|
|
|
|
"indicator--55ed7dec-0a98-4f38-93e9-42ed950d210b",
|
|
|
|
"indicator--55ed7dec-5b44-43bd-8e36-444c950d210b",
|
|
|
|
"indicator--55ed7dec-8020-49cf-8cc7-4954950d210b",
|
|
|
|
"indicator--55ed7ded-7344-4337-bcc8-4aa4950d210b",
|
|
|
|
"indicator--55ed7ded-1554-47c6-a465-478e950d210b",
|
|
|
|
"indicator--55ed7ded-be64-475f-ac4c-4692950d210b",
|
|
|
|
"indicator--55ed7dee-bdf8-412f-a134-47dc950d210b",
|
|
|
|
"indicator--55ed7e13-f604-45ad-874c-4f8d950d210b",
|
|
|
|
"indicator--55ed7e13-1c2c-411f-8f2e-4a50950d210b",
|
|
|
|
"indicator--55ed7e21-ca24-4ad4-b7c2-4a39950d210b",
|
|
|
|
"indicator--561ca845-5de4-4e2d-b895-4ec6950d210b",
|
|
|
|
"indicator--561ca846-65ec-485a-96ec-4080950d210b",
|
|
|
|
"observed-data--561ca846-91d4-4cb8-b028-46ee950d210b",
|
|
|
|
"url--561ca846-91d4-4cb8-b028-46ee950d210b",
|
|
|
|
"indicator--561ca847-f3ac-420d-b489-42d7950d210b",
|
|
|
|
"indicator--561ca847-081c-4932-b45f-45e6950d210b",
|
|
|
|
"observed-data--561ca848-5284-4b97-9219-491c950d210b",
|
|
|
|
"url--561ca848-5284-4b97-9219-491c950d210b",
|
|
|
|
"indicator--561ca848-f490-4f76-9d44-4e08950d210b",
|
|
|
|
"indicator--561ca848-d310-43e7-bfeb-4d0c950d210b",
|
|
|
|
"observed-data--561ca849-176c-4504-988e-4db2950d210b",
|
|
|
|
"url--561ca849-176c-4504-988e-4db2950d210b",
|
|
|
|
"indicator--561ca849-1904-451b-abba-4c92950d210b",
|
|
|
|
"indicator--561ca84a-02f8-4291-9de9-4008950d210b",
|
|
|
|
"observed-data--561ca84a-e368-4d86-81fe-42c2950d210b",
|
|
|
|
"url--561ca84a-e368-4d86-81fe-42c2950d210b",
|
|
|
|
"indicator--561ca84a-a7ec-42ab-a9bf-49b9950d210b",
|
|
|
|
"indicator--561ca84b-33b4-4c0a-93a7-4527950d210b",
|
|
|
|
"observed-data--561ca84b-4d78-44d9-aae1-4bc2950d210b",
|
|
|
|
"url--561ca84b-4d78-44d9-aae1-4bc2950d210b",
|
|
|
|
"indicator--561ca84c-c204-4c1d-9f59-472b950d210b",
|
|
|
|
"indicator--561ca84c-6890-4ce4-881a-4c2c950d210b",
|
|
|
|
"observed-data--561ca84c-c31c-4c5a-ac93-45ff950d210b",
|
|
|
|
"url--561ca84c-c31c-4c5a-ac93-45ff950d210b",
|
|
|
|
"indicator--561ca84d-056c-46f2-b707-4958950d210b",
|
|
|
|
"indicator--561ca84d-b770-461f-bc4c-4880950d210b",
|
|
|
|
"observed-data--561ca84e-91b4-41c5-b66e-45a8950d210b",
|
|
|
|
"url--561ca84e-91b4-41c5-b66e-45a8950d210b",
|
|
|
|
"indicator--561ca84e-ffa0-4945-96da-4149950d210b",
|
|
|
|
"indicator--561ca84e-1d54-4384-884b-423f950d210b",
|
|
|
|
"observed-data--561ca84f-2fe0-4735-8873-4236950d210b",
|
|
|
|
"url--561ca84f-2fe0-4735-8873-4236950d210b",
|
|
|
|
"indicator--561ca84f-03a4-44cc-a4bf-4403950d210b",
|
|
|
|
"indicator--561ca84f-b958-4be6-a063-4dd6950d210b",
|
|
|
|
"observed-data--561ca850-3654-407b-a26b-4bb5950d210b",
|
|
|
|
"url--561ca850-3654-407b-a26b-4bb5950d210b",
|
|
|
|
"indicator--561ca850-29f4-47ae-a0bb-4cc6950d210b",
|
|
|
|
"indicator--561ca851-cce8-4d40-b014-40e4950d210b",
|
|
|
|
"observed-data--561ca851-3194-494a-9686-4ce4950d210b",
|
|
|
|
"url--561ca851-3194-494a-9686-4ce4950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--55e6bb4b-4460-4261-9e71-67f5950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-02T09:03:07.000Z",
|
|
|
|
"modified": "2015-09-02T09:03:07.000Z",
|
|
|
|
"first_observed": "2015-09-02T09:03:07Z",
|
|
|
|
"last_observed": "2015-09-02T09:03:07Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--55e6bb4b-4460-4261-9e71-67f5950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--55e6bb4b-4460-4261-9e71-67f5950d210b",
|
|
|
|
"value": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--55e6bb53-2c24-434f-a269-36be950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-02T09:03:15.000Z",
|
|
|
|
"modified": "2015-09-02T09:03:15.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Keyraider"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7deb-cc04-406f-8af1-4e21950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:07.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:07.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '1cba9fe852b05c4843922c123c06117191958e1d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7deb-9988-4805-a1e6-49f8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:07.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:07.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '4a154eabd5a5bd6ad0203eea6ed68b31e25811d7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7deb-8454-4b5c-b739-4907950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:07.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:07.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5c7c83ab04858890d74d96cd1f353e24dec3ba66']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7dec-0a98-4f38-93e9-42ed950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:08.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '717373f57ff4398316cce593af11bd45c55c9b91']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7dec-5b44-43bd-8e36-444c950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:08.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8886d72b087017b0cdca2f18b0005b6cb302e83d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7dec-8020-49cf-8cc7-4954950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:08.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '9ae5549fdd90142985c3ae7a7e983d4fcb2b797f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7ded-7344-4337-bcc8-4aa4950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:09.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:09.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'a05b9af5f4c40129575cce321cd4b0435f89fba8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7ded-1554-47c6-a465-478e950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:09.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:09.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'af5d7ffe0d1561f77e979c189f22e11a33c7a407']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7ded-be64-475f-ac4c-4692950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:09.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:09.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'bb56acf8b48900f62eb4e4380dcf7f5acfbdf80d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7dee-bdf8-412f-a134-47dc950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:10.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:10.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e0576cd9831f1c6495408471fcacb1b54597ac24']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7e13-f604-45ad-874c-4f8d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:47.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:47.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'top100.gotoip4.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7e13-1c2c-411f-8f2e-4a50950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:07:47.000Z",
|
|
|
|
"modified": "2015-09-07T12:07:47.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'www.wushidou.cn']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:07:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55ed7e21-ca24-4ad4-b7c2-4a39950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-07T12:08:01.000Z",
|
|
|
|
"modified": "2015-09-07T12:08:01.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.10.174.167']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-07T12:08:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca845-5de4-4e2d-b895-4ec6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:21.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:21.000Z",
|
|
|
|
"description": "- Xchecked via VT: e0576cd9831f1c6495408471fcacb1b54597ac24",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '20f802f3c74f3452010c2d56f02cac96a6ce191c970f4901156310a5888ab015']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca846-65ec-485a-96ec-4080950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:22.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:22.000Z",
|
|
|
|
"description": "- Xchecked via VT: e0576cd9831f1c6495408471fcacb1b54597ac24",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ddf224f63ee9c7fba76298664a2b0b00']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561ca846-91d4-4cb8-b028-46ee950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:22.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:22.000Z",
|
|
|
|
"first_observed": "2015-10-13T06:44:22Z",
|
|
|
|
"last_observed": "2015-10-13T06:44:22Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561ca846-91d4-4cb8-b028-46ee950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561ca846-91d4-4cb8-b028-46ee950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/20f802f3c74f3452010c2d56f02cac96a6ce191c970f4901156310a5888ab015/analysis/1444666982/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca847-f3ac-420d-b489-42d7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:23.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:23.000Z",
|
|
|
|
"description": "- Xchecked via VT: bb56acf8b48900f62eb4e4380dcf7f5acfbdf80d",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '63007787f847d4070cc5ea5e69e8772ad8ad877ae3a0dd24c6457480d9db3099']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca847-081c-4932-b45f-45e6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:23.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:23.000Z",
|
|
|
|
"description": "- Xchecked via VT: bb56acf8b48900f62eb4e4380dcf7f5acfbdf80d",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2669e97eeb78df448225e6786d34f9ab']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561ca848-5284-4b97-9219-491c950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:24.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:24.000Z",
|
|
|
|
"first_observed": "2015-10-13T06:44:24Z",
|
|
|
|
"last_observed": "2015-10-13T06:44:24Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561ca848-5284-4b97-9219-491c950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561ca848-5284-4b97-9219-491c950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/63007787f847d4070cc5ea5e69e8772ad8ad877ae3a0dd24c6457480d9db3099/analysis/1444667162/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca848-f490-4f76-9d44-4e08950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:24.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:24.000Z",
|
|
|
|
"description": "- Xchecked via VT: af5d7ffe0d1561f77e979c189f22e11a33c7a407",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '28177018ef22be760e12c38c447f69f6962f66f07271a83cc8e1e0e86a10221b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca848-d310-43e7-bfeb-4d0c950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:24.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:24.000Z",
|
|
|
|
"description": "- Xchecked via VT: af5d7ffe0d1561f77e979c189f22e11a33c7a407",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0f710f8397ec969af26c299a63aeda8b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561ca849-176c-4504-988e-4db2950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:25.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:25.000Z",
|
|
|
|
"first_observed": "2015-10-13T06:44:25Z",
|
|
|
|
"last_observed": "2015-10-13T06:44:25Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561ca849-176c-4504-988e-4db2950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561ca849-176c-4504-988e-4db2950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/28177018ef22be760e12c38c447f69f6962f66f07271a83cc8e1e0e86a10221b/analysis/1444667161/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca849-1904-451b-abba-4c92950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:25.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:25.000Z",
|
|
|
|
"description": "- Xchecked via VT: a05b9af5f4c40129575cce321cd4b0435f89fba8",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9bcbd9c527abc70e5675b6f61a27d1d5a0a7cba0cd0070cc46439b6a564eda6d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84a-02f8-4291-9de9-4008950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:26.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:26.000Z",
|
|
|
|
"description": "- Xchecked via VT: a05b9af5f4c40129575cce321cd4b0435f89fba8",
|
|
|
|
"pattern": "[file:hashes.MD5 = '02464ae6259a2c8194470385781501b7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561ca84a-e368-4d86-81fe-42c2950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:26.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:26.000Z",
|
|
|
|
"first_observed": "2015-10-13T06:44:26Z",
|
|
|
|
"last_observed": "2015-10-13T06:44:26Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561ca84a-e368-4d86-81fe-42c2950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561ca84a-e368-4d86-81fe-42c2950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/9bcbd9c527abc70e5675b6f61a27d1d5a0a7cba0cd0070cc46439b6a564eda6d/analysis/1444667162/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84a-a7ec-42ab-a9bf-49b9950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:26.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:26.000Z",
|
|
|
|
"description": "- Xchecked via VT: 9ae5549fdd90142985c3ae7a7e983d4fcb2b797f",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '46df0e140082e650f794df40b43179d276219eff080df87707484ad503d8e3d6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84b-33b4-4c0a-93a7-4527950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:27.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:27.000Z",
|
|
|
|
"description": "- Xchecked via VT: 9ae5549fdd90142985c3ae7a7e983d4fcb2b797f",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ec89c9cf095d2d0c45fbd29590365584']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561ca84b-4d78-44d9-aae1-4bc2950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:27.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:27.000Z",
|
|
|
|
"first_observed": "2015-10-13T06:44:27Z",
|
|
|
|
"last_observed": "2015-10-13T06:44:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561ca84b-4d78-44d9-aae1-4bc2950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561ca84b-4d78-44d9-aae1-4bc2950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/46df0e140082e650f794df40b43179d276219eff080df87707484ad503d8e3d6/analysis/1444667162/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84c-c204-4c1d-9f59-472b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:28.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:28.000Z",
|
|
|
|
"description": "- Xchecked via VT: 8886d72b087017b0cdca2f18b0005b6cb302e83d",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4b7e730af2239020083ab1f45d1d87049eee8cf7b99cb412928f3936c95f6d06']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84c-6890-4ce4-881a-4c2c950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:28.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:28.000Z",
|
|
|
|
"description": "- Xchecked via VT: 8886d72b087017b0cdca2f18b0005b6cb302e83d",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'caaf060572e57b6d175c3959495bcdbf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561ca84c-c31c-4c5a-ac93-45ff950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:28.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:28.000Z",
|
|
|
|
"first_observed": "2015-10-13T06:44:28Z",
|
|
|
|
"last_observed": "2015-10-13T06:44:28Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561ca84c-c31c-4c5a-ac93-45ff950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561ca84c-c31c-4c5a-ac93-45ff950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/4b7e730af2239020083ab1f45d1d87049eee8cf7b99cb412928f3936c95f6d06/analysis/1444667162/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84d-056c-46f2-b707-4958950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:29.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:29.000Z",
|
|
|
|
"description": "- Xchecked via VT: 717373f57ff4398316cce593af11bd45c55c9b91",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f657a54c822e4fe7ae8f6275f1eccd361bac363357f726649cd80623d86fcda1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84d-b770-461f-bc4c-4880950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:29.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:29.000Z",
|
|
|
|
"description": "- Xchecked via VT: 717373f57ff4398316cce593af11bd45c55c9b91",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8985ecbc80d257e02c1e30b0268d91e7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561ca84e-91b4-41c5-b66e-45a8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:30.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:30.000Z",
|
|
|
|
"first_observed": "2015-10-13T06:44:30Z",
|
|
|
|
"last_observed": "2015-10-13T06:44:30Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561ca84e-91b4-41c5-b66e-45a8950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561ca84e-91b4-41c5-b66e-45a8950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/f657a54c822e4fe7ae8f6275f1eccd361bac363357f726649cd80623d86fcda1/analysis/1444667289/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84e-ffa0-4945-96da-4149950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:30.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:30.000Z",
|
|
|
|
"description": "- Xchecked via VT: 5c7c83ab04858890d74d96cd1f353e24dec3ba66",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ef8f5cd5075df7629c5c6377bd342e0aff15df0b4542d2c96dbb5b15cce61e26']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84e-1d54-4384-884b-423f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:30.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:30.000Z",
|
|
|
|
"description": "- Xchecked via VT: 5c7c83ab04858890d74d96cd1f353e24dec3ba66",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'dc71cb3a71f159e667367cb07d2660f7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561ca84f-2fe0-4735-8873-4236950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:31.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:31.000Z",
|
|
|
|
"first_observed": "2015-10-13T06:44:31Z",
|
|
|
|
"last_observed": "2015-10-13T06:44:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561ca84f-2fe0-4735-8873-4236950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561ca84f-2fe0-4735-8873-4236950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/ef8f5cd5075df7629c5c6377bd342e0aff15df0b4542d2c96dbb5b15cce61e26/analysis/1444667162/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84f-03a4-44cc-a4bf-4403950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:31.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:31.000Z",
|
|
|
|
"description": "- Xchecked via VT: 4a154eabd5a5bd6ad0203eea6ed68b31e25811d7",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f09dfe8060648e2cf824c6e6e1f643eefb896dd42e8aacf41506ed03f0a53fcc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca84f-b958-4be6-a063-4dd6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:31.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:31.000Z",
|
|
|
|
"description": "- Xchecked via VT: 4a154eabd5a5bd6ad0203eea6ed68b31e25811d7",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1dd1a8c6c213e3b51cd2463d764a9c62']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561ca850-3654-407b-a26b-4bb5950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:32.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:32.000Z",
|
|
|
|
"first_observed": "2015-10-13T06:44:32Z",
|
|
|
|
"last_observed": "2015-10-13T06:44:32Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561ca850-3654-407b-a26b-4bb5950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561ca850-3654-407b-a26b-4bb5950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/f09dfe8060648e2cf824c6e6e1f643eefb896dd42e8aacf41506ed03f0a53fcc/analysis/1444666982/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca850-29f4-47ae-a0bb-4cc6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:32.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:32.000Z",
|
|
|
|
"description": "- Xchecked via VT: 1cba9fe852b05c4843922c123c06117191958e1d",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '572f53a5fa3b800e05b9a94d0efb3a44c52adfeaf18addac73652f2b1350dc0e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561ca851-cce8-4d40-b014-40e4950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:33.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:33.000Z",
|
|
|
|
"description": "- Xchecked via VT: 1cba9fe852b05c4843922c123c06117191958e1d",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3c57e433fbba1ac1e4dc1b84cec038fb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-13T06:44:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561ca851-3194-494a-9686-4ce4950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-13T06:44:33.000Z",
|
|
|
|
"modified": "2015-10-13T06:44:33.000Z",
|
|
|
|
"first_observed": "2015-10-13T06:44:33Z",
|
|
|
|
"last_observed": "2015-10-13T06:44:33Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561ca851-3194-494a-9686-4ce4950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561ca851-3194-494a-9686-4ce4950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/572f53a5fa3b800e05b9a94d0efb3a44c52adfeaf18addac73652f2b1350dc0e/analysis/1444667161/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|