2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--55fff330-003c-4c9b-96ed-44b7950d210b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:42.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:42.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--55fff330-003c-4c9b-96ed-44b7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:42.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:42.000Z",
|
|
|
|
"name": "OSINT Password Hygiene: Hiding Your Identity is Difficult for Attackers and Adulterers by Threat Geek",
|
|
|
|
"published": "2015-09-21T12:25:00Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--55fff33a-9208-40fb-b966-492f950d210b",
|
|
|
|
"url--55fff33a-9208-40fb-b966-492f950d210b",
|
|
|
|
"indicator--55fff35e-0b60-4043-aed6-4cd5950d210b",
|
|
|
|
"indicator--55fff35e-2b60-47af-a0a5-4692950d210b",
|
|
|
|
"indicator--55fff35f-5d08-4234-a407-4111950d210b",
|
|
|
|
"indicator--55fff35f-8158-49b2-a81e-4b23950d210b",
|
|
|
|
"indicator--55fff35f-61e0-4d52-bbd3-4183950d210b",
|
|
|
|
"indicator--55fff360-1514-4325-9edc-43f8950d210b",
|
|
|
|
"indicator--55fff360-54a4-48fc-8874-454a950d210b",
|
|
|
|
"indicator--55fff360-58ec-436a-b50c-44fe950d210b",
|
|
|
|
"indicator--55fff361-fc8c-44fe-a366-4a00950d210b",
|
|
|
|
"indicator--55fff361-1d14-4f66-9a67-4dcd950d210b",
|
|
|
|
"indicator--55fff361-a0b0-4860-afb9-4238950d210b",
|
|
|
|
"indicator--55fff362-5d40-4d1f-9a94-4c48950d210b",
|
|
|
|
"indicator--55fff362-7f18-4dee-86fd-4fd1950d210b",
|
|
|
|
"indicator--55fff362-16dc-42ba-a476-47bc950d210b",
|
|
|
|
"indicator--55fff363-6418-4e85-b6c3-4bab950d210b",
|
|
|
|
"indicator--55fff363-0a78-41d5-9566-4c4a950d210b",
|
|
|
|
"indicator--55fff363-51b0-4358-b96a-4fef950d210b",
|
|
|
|
"x-misp-attribute--55fff37a-a8cc-4f16-911e-41c3950d210b",
|
|
|
|
"indicator--55fff657-c974-44d7-b363-4d25950d210b",
|
|
|
|
"indicator--55fff657-ce64-4e8f-a654-4e55950d210b",
|
|
|
|
"observed-data--55fff657-cfa0-49e6-8f61-44d0950d210b",
|
|
|
|
"url--55fff657-cfa0-49e6-8f61-44d0950d210b",
|
|
|
|
"indicator--55fff658-f47c-4ccf-9214-4124950d210b",
|
|
|
|
"indicator--55fff658-3184-4fde-aeb8-4cb7950d210b",
|
|
|
|
"observed-data--55fff658-4858-443f-b887-4073950d210b",
|
|
|
|
"url--55fff658-4858-443f-b887-4073950d210b",
|
|
|
|
"indicator--55fff659-6d50-4016-bf5e-4241950d210b",
|
|
|
|
"indicator--55fff659-46e8-4a9a-bef8-469a950d210b",
|
|
|
|
"observed-data--55fff659-e27c-4c09-b46c-4a9e950d210b",
|
|
|
|
"url--55fff659-e27c-4c09-b46c-4a9e950d210b",
|
|
|
|
"indicator--55fff65a-5b48-402d-a00a-4cf6950d210b",
|
|
|
|
"indicator--55fff65a-b5cc-485a-a19c-4d7d950d210b",
|
|
|
|
"observed-data--55fff65b-3ca8-42e0-a9d7-45b0950d210b",
|
|
|
|
"url--55fff65b-3ca8-42e0-a9d7-45b0950d210b",
|
|
|
|
"indicator--55fff65b-cdec-4c5b-af20-4bb6950d210b",
|
|
|
|
"indicator--55fff65b-1ef4-43a7-8eab-4098950d210b",
|
|
|
|
"observed-data--55fff65c-4808-44a8-86f6-47ff950d210b",
|
|
|
|
"url--55fff65c-4808-44a8-86f6-47ff950d210b",
|
|
|
|
"indicator--55fff65c-5fd4-4a2c-beab-468f950d210b",
|
|
|
|
"indicator--55fff65c-1428-4d3e-8dca-488b950d210b",
|
|
|
|
"observed-data--55fff65d-6f24-433f-bdf9-42d5950d210b",
|
|
|
|
"url--55fff65d-6f24-433f-bdf9-42d5950d210b",
|
|
|
|
"indicator--55fff65d-7eb4-41bd-bf77-4c4b950d210b",
|
|
|
|
"indicator--55fff65d-dda8-4850-8e2e-449c950d210b",
|
|
|
|
"observed-data--55fff65e-09e4-4ace-bfe0-4943950d210b",
|
|
|
|
"url--55fff65e-09e4-4ace-bfe0-4943950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--55fff33a-9208-40fb-b966-492f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:08:26.000Z",
|
|
|
|
"modified": "2015-09-21T12:08:26.000Z",
|
|
|
|
"first_observed": "2015-09-21T12:08:26Z",
|
|
|
|
"last_observed": "2015-09-21T12:08:26Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--55fff33a-9208-40fb-b966-492f950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--55fff33a-9208-40fb-b966-492f950d210b",
|
|
|
|
"value": "http://www.threatgeek.com/2015/09/password-hygiene-hiding-your-identity-is-difficult-for-attackers-and-adulterers.html"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff35e-0b60-4043-aed6-4cd5950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:02.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:02.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '089fe27df0be49a5eaa5d233561105f8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff35e-2b60-47af-a0a5-4692950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:02.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:02.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '19b1c577c41c8d4ac540d166b34a6eac']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff35f-5d08-4234-a407-4111950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:03.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:03.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '21f3369333d26192e5f1a4578eac934f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff35f-8158-49b2-a81e-4b23950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:03.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:03.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7ee53765e423d7c965e8b09c24bd931b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff35f-61e0-4d52-bbd3-4183950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:03.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:03.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b9c8eb67e91bd53271127821a3b6e1a2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff360-1514-4325-9edc-43f8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:04.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:04.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c4ded03b6e79ed948a570961907d4beb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff360-54a4-48fc-8874-454a950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:04.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:04.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'df25df77402ba4f5db5fd48234611a3e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff360-58ec-436a-b50c-44fe950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:04.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:04.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'connektme.hopto.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff361-fc8c-44fe-a366-4a00950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:05.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:05.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'connektme.no-ip.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff361-1d14-4f66-9a67-4dcd950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:05.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:05.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'drwebstatic.hopto.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff361-a0b0-4860-afb9-4238950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:05.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:05.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'drwebstatic.myvnc.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff362-5d40-4d1f-9a94-4c48950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:06.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:06.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'easyconnect.no-ip.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff362-7f18-4dee-86fd-4fd1950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:06.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:06.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'easyconnect.zapto.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff362-16dc-42ba-a476-47bc950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:06.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:06.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'gserverhost.myftp.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff363-6418-4e85-b6c3-4bab950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:07.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:07.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'gserverhost.no-ip.biz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff363-0a78-41d5-9566-4c4a950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:07.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:07.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'hellointra.myftp.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff363-51b0-4358-b96a-4fef950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:07.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:07.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'hellointra.no-ip.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:09:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--55fff37a-a8cc-4f16-911e-41c3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:09:30.000Z",
|
|
|
|
"modified": "2015-09-21T12:09:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Attribution\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Attribution",
|
|
|
|
"x_misp_comment": "Password",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "@client$321$"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff657-c974-44d7-b363-4d25950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:43.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:43.000Z",
|
|
|
|
"description": "- Xchecked via VT: df25df77402ba4f5db5fd48234611a3e",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0bd4a87623d1285f78d4d1a38da96eb9b33bfaf0d9881fbd0ac57698428f842a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff657-ce64-4e8f-a654-4e55950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:43.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:43.000Z",
|
|
|
|
"description": "- Xchecked via VT: df25df77402ba4f5db5fd48234611a3e",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7d55b4b9b46135a0164919a48f09f98d55441ff0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--55fff657-cfa0-49e6-8f61-44d0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:43.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:43.000Z",
|
|
|
|
"first_observed": "2015-09-21T12:21:43Z",
|
|
|
|
"last_observed": "2015-09-21T12:21:43Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--55fff657-cfa0-49e6-8f61-44d0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--55fff657-cfa0-49e6-8f61-44d0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/0bd4a87623d1285f78d4d1a38da96eb9b33bfaf0d9881fbd0ac57698428f842a/analysis/1440754925/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff658-f47c-4ccf-9214-4124950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:44.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:44.000Z",
|
|
|
|
"description": "- Xchecked via VT: c4ded03b6e79ed948a570961907d4beb",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'efa271464fb6826360f2c81211a92d15aebc19c28454cdc14d968f7a852de00d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff658-3184-4fde-aeb8-4cb7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:44.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:44.000Z",
|
|
|
|
"description": "- Xchecked via VT: c4ded03b6e79ed948a570961907d4beb",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'b89ee54a43107a3d4f4e70d94874a9aac2909e82']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--55fff658-4858-443f-b887-4073950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:44.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:44.000Z",
|
|
|
|
"first_observed": "2015-09-21T12:21:44Z",
|
|
|
|
"last_observed": "2015-09-21T12:21:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--55fff658-4858-443f-b887-4073950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--55fff658-4858-443f-b887-4073950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/efa271464fb6826360f2c81211a92d15aebc19c28454cdc14d968f7a852de00d/analysis/1440751218/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff659-6d50-4016-bf5e-4241950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:45.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:45.000Z",
|
|
|
|
"description": "- Xchecked via VT: b9c8eb67e91bd53271127821a3b6e1a2",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '43a2430935b957dfd588be6b866a7e99e3bc8207aa9b37b26c27cafd8fd59245']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff659-46e8-4a9a-bef8-469a950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:45.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:45.000Z",
|
|
|
|
"description": "- Xchecked via VT: b9c8eb67e91bd53271127821a3b6e1a2",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e2dfd659fc19ed799f467a20ff59e0616073440c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--55fff659-e27c-4c09-b46c-4a9e950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:45.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:45.000Z",
|
|
|
|
"first_observed": "2015-09-21T12:21:45Z",
|
|
|
|
"last_observed": "2015-09-21T12:21:45Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--55fff659-e27c-4c09-b46c-4a9e950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--55fff659-e27c-4c09-b46c-4a9e950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/43a2430935b957dfd588be6b866a7e99e3bc8207aa9b37b26c27cafd8fd59245/analysis/1439723512/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff65a-5b48-402d-a00a-4cf6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:46.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:46.000Z",
|
|
|
|
"description": "- Xchecked via VT: 7ee53765e423d7c965e8b09c24bd931b",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b5db7c5eb106e946e3ea5562b4aa516efc4107caa7da591b6efbd0317874c54d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff65a-b5cc-485a-a19c-4d7d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:46.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:46.000Z",
|
|
|
|
"description": "- Xchecked via VT: 7ee53765e423d7c965e8b09c24bd931b",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '56d3bcbb5dce999d9fc94cef65968a8af1a90f2d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--55fff65b-3ca8-42e0-a9d7-45b0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:46.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:46.000Z",
|
|
|
|
"first_observed": "2015-09-21T12:21:46Z",
|
|
|
|
"last_observed": "2015-09-21T12:21:46Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--55fff65b-3ca8-42e0-a9d7-45b0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--55fff65b-3ca8-42e0-a9d7-45b0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/b5db7c5eb106e946e3ea5562b4aa516efc4107caa7da591b6efbd0317874c54d/analysis/1440751805/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff65b-cdec-4c5b-af20-4bb6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:47.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:47.000Z",
|
|
|
|
"description": "- Xchecked via VT: 21f3369333d26192e5f1a4578eac934f",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '82a02680af032c0454d62a7522b2b3699c331c4495e936ba13faca831f29fcc4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff65b-1ef4-43a7-8eab-4098950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:47.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:47.000Z",
|
|
|
|
"description": "- Xchecked via VT: 21f3369333d26192e5f1a4578eac934f",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'eae4afc5ce009164f3b3c7c57bb0b429e2e96038']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--55fff65c-4808-44a8-86f6-47ff950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:48.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:48.000Z",
|
|
|
|
"first_observed": "2015-09-21T12:21:48Z",
|
|
|
|
"last_observed": "2015-09-21T12:21:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--55fff65c-4808-44a8-86f6-47ff950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--55fff65c-4808-44a8-86f6-47ff950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/82a02680af032c0454d62a7522b2b3699c331c4495e936ba13faca831f29fcc4/analysis/1439723523/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff65c-5fd4-4a2c-beab-468f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:48.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:48.000Z",
|
|
|
|
"description": "- Xchecked via VT: 19b1c577c41c8d4ac540d166b34a6eac",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1239fca834eff1d09dbb6c3ead644dd13e6f259ae6de81d8a06e0d65f45fbe6d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff65c-1428-4d3e-8dca-488b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:48.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:48.000Z",
|
|
|
|
"description": "- Xchecked via VT: 19b1c577c41c8d4ac540d166b34a6eac",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '21a428cb0a3bc4e1e567e0cbb6587063bd9754b6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--55fff65d-6f24-433f-bdf9-42d5950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:49.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:49.000Z",
|
|
|
|
"first_observed": "2015-09-21T12:21:49Z",
|
|
|
|
"last_observed": "2015-09-21T12:21:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--55fff65d-6f24-433f-bdf9-42d5950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--55fff65d-6f24-433f-bdf9-42d5950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/1239fca834eff1d09dbb6c3ead644dd13e6f259ae6de81d8a06e0d65f45fbe6d/analysis/1440838622/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff65d-7eb4-41bd-bf77-4c4b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:49.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:49.000Z",
|
|
|
|
"description": "- Xchecked via VT: 089fe27df0be49a5eaa5d233561105f8",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '259ae388ba8006a57a4c31f46f5ff29bf8d7aa425355950ad9d35b4d20265683']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55fff65d-dda8-4850-8e2e-449c950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:49.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:49.000Z",
|
|
|
|
"description": "- Xchecked via VT: 089fe27df0be49a5eaa5d233561105f8",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8a27a40edd0af9bdf1b467a46f98169dcd90dfe1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-09-21T12:21:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--55fff65e-09e4-4ace-bfe0-4943950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-09-21T12:21:50.000Z",
|
|
|
|
"modified": "2015-09-21T12:21:50.000Z",
|
|
|
|
"first_observed": "2015-09-21T12:21:50Z",
|
|
|
|
"last_observed": "2015-09-21T12:21:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--55fff65e-09e4-4ace-bfe0-4943950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--55fff65e-09e4-4ace-bfe0-4943950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/259ae388ba8006a57a4c31f46f5ff29bf8d7aa425355950ad9d35b4d20265683/analysis/1440476438/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|