2023-06-14 17:31:25 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--577e3339-2418-48f2-ade0-034eac1064c3",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:10.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:10.000Z",
|
|
|
|
"name": "clearskysec.com",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--577e3339-2418-48f2-ade0-034eac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:10.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:10.000Z",
|
|
|
|
"name": "YellowAlbatross/Sphinx malware by 360-Qihoo and some OSINT",
|
|
|
|
"published": "2016-07-26T12:08:31Z",
|
|
|
|
"object_refs": [
|
|
|
|
"x-misp-attribute--577e68a9-f888-477e-ba15-0a24ac1064c3",
|
|
|
|
"observed-data--5782579d-67a8-4cf7-bd6f-0618ac1064c3",
|
|
|
|
"url--5782579d-67a8-4cf7-bd6f-0618ac1064c3",
|
|
|
|
"indicator--577e6881-966c-47a1-bc72-058aac1064c3",
|
|
|
|
"indicator--577e6881-9394-4f4f-b5a5-058aac1064c3",
|
|
|
|
"indicator--577e6881-0714-4478-af1c-058aac1064c3",
|
|
|
|
"indicator--577e6881-cf84-404b-9e7c-058aac1064c3",
|
|
|
|
"indicator--577e6881-5ac0-4f77-8bcf-058aac1064c3",
|
|
|
|
"indicator--577e6881-213c-4a52-ac38-058aac1064c3",
|
|
|
|
"indicator--577e6881-fa14-4c47-9afe-058aac1064c3",
|
|
|
|
"indicator--577e3c71-5964-4e89-9983-034eac1064c3",
|
|
|
|
"indicator--577e3c71-2db0-48dc-8c5b-034eac1064c3",
|
|
|
|
"indicator--577e6881-4530-4078-a679-058aac1064c3",
|
|
|
|
"indicator--577e6881-24d0-47c7-8672-058aac1064c3",
|
|
|
|
"indicator--577e6881-1474-4ca8-9e4a-058aac1064c3",
|
|
|
|
"x-misp-attribute--577e68c3-9ae0-4044-bb67-0605ac1064c3",
|
|
|
|
"indicator--577e3c71-b410-4956-8d3e-034eac1064c3",
|
|
|
|
"indicator--577e6881-78f4-4b58-8f01-058aac1064c3",
|
|
|
|
"indicator--577e6881-19f0-4bd4-b18f-058aac1064c3",
|
|
|
|
"indicator--577e6881-2d84-46f2-8096-058aac1064c3",
|
|
|
|
"indicator--577e6881-17b0-4603-a4b7-058aac1064c3",
|
|
|
|
"indicator--577e6881-a6c0-4335-b448-058aac1064c3",
|
|
|
|
"indicator--577e6881-f35c-4c55-8994-058aac1064c3",
|
|
|
|
"indicator--577e6881-b5b0-4b86-9964-058aac1064c3",
|
|
|
|
"indicator--577e6881-d844-481f-ad0b-058aac1064c3",
|
|
|
|
"indicator--577e6881-bc30-49be-9a4a-058aac1064c3",
|
|
|
|
"indicator--577e6881-7e20-446c-8402-058aac1064c3",
|
|
|
|
"indicator--577e6881-47e0-4672-90d7-058aac1064c3",
|
|
|
|
"indicator--577e6881-1010-4266-8d99-058aac1064c3",
|
|
|
|
"indicator--577e6881-d3f4-41f0-b92c-058aac1064c3",
|
|
|
|
"indicator--577e6881-c71c-4df0-b8f3-058aac1064c3",
|
|
|
|
"indicator--577e6881-c660-439c-92d2-058aac1064c3",
|
|
|
|
"indicator--577e6881-c4dc-4ea6-b8d2-058aac1064c3",
|
|
|
|
"indicator--577e6881-e428-4c48-852e-058aac1064c3",
|
|
|
|
"indicator--577e6881-d624-4809-9978-058aac1064c3",
|
|
|
|
"indicator--577e6881-0bc8-49ab-a795-058aac1064c3",
|
|
|
|
"indicator--577e6881-12dc-49a0-9299-058aac1064c3",
|
|
|
|
"indicator--577e6881-1478-4fd3-9ad6-058aac1064c3",
|
|
|
|
"indicator--577e6881-5d90-4a47-8f6a-058aac1064c3",
|
|
|
|
"indicator--577e3c3c-6658-4920-b79a-034dac1064c3",
|
|
|
|
"indicator--577e3c3c-f864-4cce-9a80-034dac1064c3",
|
|
|
|
"indicator--577e3c3c-f8b0-4899-92b1-034dac1064c3",
|
|
|
|
"indicator--577e3c3c-e95c-4a4c-b8fc-034dac1064c3",
|
|
|
|
"indicator--577e3c3c-a164-4952-b006-034dac1064c3",
|
|
|
|
"indicator--577e3c3c-95f8-4bb7-a239-034dac1064c3",
|
|
|
|
"indicator--577e3c71-8d28-4bea-bce0-034eac1064c3",
|
|
|
|
"indicator--577e3c71-b95c-4a32-a9d4-034eac1064c3",
|
|
|
|
"indicator--577e3c71-50d4-4b31-8a1a-034eac1064c3",
|
|
|
|
"indicator--577e3c71-2754-41ca-8aaf-034eac1064c3",
|
|
|
|
"indicator--577e3c71-eb78-4e69-883d-034eac1064c3",
|
|
|
|
"indicator--577e6881-eb4c-4831-b18f-058aac1064c3",
|
|
|
|
"indicator--577e6881-0b3c-4589-b6c8-058aac1064c3",
|
|
|
|
"indicator--577e6881-0e44-4227-96a3-058aac1064c3",
|
|
|
|
"indicator--577e6881-096c-4d64-8221-058aac1064c3",
|
|
|
|
"indicator--577e6881-df24-4a4c-9a96-058aac1064c3",
|
|
|
|
"indicator--577e6881-f618-4494-a0bc-058aac1064c3",
|
|
|
|
"indicator--577e6881-b974-4b71-bc63-058aac1064c3",
|
|
|
|
"indicator--579752aa-f9f8-4f39-8fed-4e6602de0b81",
|
|
|
|
"indicator--579752ab-0094-451f-9b6d-48cc02de0b81",
|
|
|
|
"observed-data--579752ab-21c0-4976-9049-439e02de0b81",
|
|
|
|
"url--579752ab-21c0-4976-9049-439e02de0b81",
|
|
|
|
"indicator--579752ab-d538-46a5-a43c-461402de0b81",
|
|
|
|
"indicator--579752ab-defc-421d-af2f-4b4802de0b81",
|
|
|
|
"observed-data--579752ab-54ec-4182-a8d3-4aee02de0b81",
|
|
|
|
"url--579752ab-54ec-4182-a8d3-4aee02de0b81",
|
|
|
|
"indicator--579752ac-2da4-48b1-b55f-428f02de0b81",
|
|
|
|
"indicator--579752ac-205c-4714-9189-409202de0b81",
|
|
|
|
"observed-data--579752ac-4c38-446b-88c8-47f002de0b81",
|
|
|
|
"url--579752ac-4c38-446b-88c8-47f002de0b81",
|
|
|
|
"indicator--579752ac-5888-483e-b31e-4b3102de0b81",
|
|
|
|
"indicator--579752ad-7a3c-4250-8a4a-4f0a02de0b81",
|
|
|
|
"observed-data--579752ad-3d94-485f-9585-47e802de0b81",
|
|
|
|
"url--579752ad-3d94-485f-9585-47e802de0b81",
|
|
|
|
"indicator--579752ad-8044-4220-bd4a-4e2502de0b81",
|
|
|
|
"indicator--579752ad-5310-4ed3-bf39-4eba02de0b81",
|
|
|
|
"observed-data--579752ad-7140-4346-af59-4e2302de0b81",
|
|
|
|
"url--579752ad-7140-4346-af59-4e2302de0b81",
|
|
|
|
"indicator--579752ae-bf38-4099-be79-437802de0b81",
|
|
|
|
"indicator--579752ae-4bd8-4ff0-a516-492902de0b81",
|
|
|
|
"observed-data--579752ae-1ff4-4d06-81a1-406302de0b81",
|
|
|
|
"url--579752ae-1ff4-4d06-81a1-406302de0b81",
|
|
|
|
"indicator--579752ae-70fc-455c-9822-46bb02de0b81",
|
|
|
|
"indicator--579752af-ed74-4bfd-84aa-4ab202de0b81",
|
|
|
|
"observed-data--579752af-9d60-4f6c-90fa-468402de0b81",
|
|
|
|
"url--579752af-9d60-4f6c-90fa-468402de0b81",
|
|
|
|
"indicator--579752af-5fe0-433c-b792-451002de0b81",
|
|
|
|
"indicator--579752af-0034-47ea-a355-4c8602de0b81",
|
|
|
|
"observed-data--579752af-4e3c-4e5f-8082-426f02de0b81",
|
|
|
|
"url--579752af-4e3c-4e5f-8082-426f02de0b81",
|
|
|
|
"indicator--579752af-4f0c-4c4a-8696-494402de0b81",
|
|
|
|
"indicator--579752b0-2e80-4f09-bfdb-41fb02de0b81",
|
|
|
|
"observed-data--579752b0-b3dc-4068-8c97-401802de0b81",
|
|
|
|
"url--579752b0-b3dc-4068-8c97-401802de0b81",
|
|
|
|
"indicator--579752b0-2938-4046-ab88-493d02de0b81",
|
|
|
|
"indicator--579752b0-4388-477d-b422-420b02de0b81",
|
|
|
|
"observed-data--579752b0-3958-479e-8fe6-4e3602de0b81",
|
|
|
|
"url--579752b0-3958-479e-8fe6-4e3602de0b81",
|
|
|
|
"indicator--579752b1-cee8-47c0-92e5-499a02de0b81",
|
|
|
|
"indicator--579752b1-0ef8-4556-8d0c-453b02de0b81",
|
|
|
|
"observed-data--579752b1-0b48-44e0-ae1b-4c8702de0b81",
|
|
|
|
"url--579752b1-0b48-44e0-ae1b-4c8702de0b81",
|
|
|
|
"indicator--579752b1-8a68-4113-9945-473402de0b81",
|
|
|
|
"indicator--579752b1-6ff4-4ef5-a322-4e5302de0b81",
|
|
|
|
"observed-data--579752b2-8fac-4cc4-94d2-433a02de0b81",
|
|
|
|
"url--579752b2-8fac-4cc4-94d2-433a02de0b81",
|
|
|
|
"indicator--579752b2-1c38-40ff-bfd1-446602de0b81",
|
|
|
|
"indicator--579752b2-5754-481c-a524-418202de0b81",
|
|
|
|
"observed-data--579752b2-edf4-406c-8c67-42e002de0b81",
|
|
|
|
"url--579752b2-edf4-406c-8c67-42e002de0b81",
|
|
|
|
"indicator--579752b2-d7fc-4218-bb61-4a1502de0b81",
|
|
|
|
"indicator--579752b3-9340-419a-833e-435c02de0b81",
|
|
|
|
"observed-data--579752b3-3ee0-4974-afd2-464202de0b81",
|
|
|
|
"url--579752b3-3ee0-4974-afd2-464202de0b81",
|
|
|
|
"indicator--579752b3-69f0-4e34-81e0-495002de0b81",
|
|
|
|
"indicator--579752b3-282c-469e-8226-439102de0b81",
|
|
|
|
"observed-data--579752b3-3168-4da6-a5c1-4be802de0b81",
|
|
|
|
"url--579752b3-3168-4da6-a5c1-4be802de0b81",
|
|
|
|
"indicator--579752b4-5dd4-4f81-a556-474302de0b81",
|
|
|
|
"indicator--579752b4-2ed0-4201-a1c4-455302de0b81",
|
|
|
|
"observed-data--579752b4-726c-4662-9203-409a02de0b81",
|
|
|
|
"url--579752b4-726c-4662-9203-409a02de0b81",
|
|
|
|
"indicator--579752b4-cec8-4b03-ba79-4e7702de0b81",
|
|
|
|
"indicator--579752b4-8c60-454d-86ef-4c9402de0b81",
|
|
|
|
"observed-data--579752b5-4020-4f7f-8e2a-449702de0b81",
|
|
|
|
"url--579752b5-4020-4f7f-8e2a-449702de0b81",
|
|
|
|
"indicator--579752b5-3f84-4308-9a10-4f7602de0b81",
|
|
|
|
"indicator--579752b5-8cb8-4051-849c-454902de0b81",
|
|
|
|
"observed-data--579752b5-8cb8-4edc-9c06-486d02de0b81",
|
|
|
|
"url--579752b5-8cb8-4edc-9c06-486d02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--577e68a9-f888-477e-ba15-0a24ac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:35:21.000Z",
|
|
|
|
"modified": "2016-07-07T14:35:21.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Antivirus detection\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Antivirus detection",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Win32.YellowAlbatross"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5782579d-67a8-4cf7-bd6f-0618ac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-10T14:11:41.000Z",
|
|
|
|
"modified": "2016-07-10T14:11:41.000Z",
|
|
|
|
"first_observed": "2016-07-10T14:11:41Z",
|
|
|
|
"last_observed": "2016-07-10T14:11:41Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5782579d-67a8-4cf7-bd6f-0618ac1064c3"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5782579d-67a8-4cf7-bd6f-0618ac1064c3",
|
|
|
|
"value": "http://www.aqniu.com/threat-alert/17332.html"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-966c-47a1-bc72-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ss4m1.dnsdojo.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-9394-4f4f-b5a5-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'avg99.does-it.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-0714-4478-af1c-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'adobe.sells-it.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-cf84-404b-9e7c-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'microwindows.is-by.us']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-5ac0-4f77-8bcf-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'wolfxx.esy.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-213c-4a52-ac38-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'avg999.hot.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-fa14-4c47-9afe-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'israelleaks.is-a-chef.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c71-5964-4e89-9983-034eac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:36:03.000Z",
|
|
|
|
"modified": "2016-07-07T14:36:03.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.205.194.60']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:36:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c71-2db0-48dc-8c5b-034eac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:36:00.000Z",
|
|
|
|
"modified": "2016-07-07T14:36:00.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.205.194.61']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:36:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-4530-4078-a679-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.168.61']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-24d0-47c7-8672-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.157.250.48']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-1474-4ca8-9e4a-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.18.107']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--577e68c3-9ae0-4044-bb67-0605ac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:35:47.000Z",
|
|
|
|
"modified": "2016-07-07T14:35:47.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"pattern-in-traffic\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Network activity",
|
|
|
|
"x_misp_type": "pattern-in-traffic",
|
|
|
|
"x_misp_value": "/nouba/gadling.php"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c71-b410-4956-8d3e-034eac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:36:06.000Z",
|
|
|
|
"modified": "2016-07-07T14:36:06.000Z",
|
|
|
|
"pattern": "[url:value = 'http://israelleaks.is-a-chef.com/leaks/isleaks.rar']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:36:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-78f4-4b58-8f01-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[url:value = 'https://www.facebook.com/ofir.hadad.963']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-19f0-4bd4-b18f-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[url:value = 'https://www.facebook.com/rafi.partook']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-2d84-46f2-8096-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[url:value = 'https://www.facebook.com/people/\\\\%D7\\\\%90\\\\%D7\\\\%95\\\\%D7\\\\%94\\\\%D7\\\\%93-\\\\%D7\\\\%A4\\\\%D7\\\\%93\\\\%D7\\\\%']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-17b0-4603-a4b7-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[url:value = 'https://www.facebook.com/tuti.rotam.5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-a6c0-4335-b448-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\zcore.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-f35c-4c55-8994-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\zcore32.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-b5b0-4b86-9964-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgcomm.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-d844-481f-ad0b-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgcomm32.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-bc30-49be-9a4a-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plginput.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-7e20-446c-8402-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plginput32.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-47e0-4672-90d7-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgcmd.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-1010-4266-8d99-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgcmd32.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-d3f4-41f0-b92c-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgurl.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-c71c-4df0-b8f3-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgurl32.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-c660-439c-92d2-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgskype.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-c4dc-4ea6-b8d2-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgskype32.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-e428-4c48-852e-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgavbug.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-d624-4809-9978-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgavbug32.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-0bc8-49ab-a795-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgusrstl.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-12dc-49a0-9299-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgusrstl32.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-1478-4fd3-9ad6-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgfsflt.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-5d90-4a47-8f6a-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:name = 'Files\\\\officeplugin\\\\plgfsflt32.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c3c-6658-4920-b79a-034dac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:25:48.000Z",
|
|
|
|
"modified": "2016-07-07T11:25:48.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'adddf1abce1f71578fa862bbdcd1478d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:25:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c3c-f864-4cce-9a80-034dac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:25:48.000Z",
|
|
|
|
"modified": "2016-07-07T11:25:48.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0fea31c7b54b873fcb2bd1d627262b7d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:25:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c3c-f8b0-4899-92b1-034dac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:25:48.000Z",
|
|
|
|
"modified": "2016-07-07T11:25:48.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fb338a6f49cb5b1300c6b4b70c8bdaff']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:25:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c3c-e95c-4a4c-b8fc-034dac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:25:48.000Z",
|
|
|
|
"modified": "2016-07-07T11:25:48.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '45e850ce0f585f0a8f3725755ee22fdb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:25:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c3c-a164-4952-b006-034dac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:25:48.000Z",
|
|
|
|
"modified": "2016-07-07T11:25:48.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ef1b4c9519216805ad7e1946d1329943']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:25:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c3c-95f8-4bb7-a239-034dac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:25:48.000Z",
|
|
|
|
"modified": "2016-07-07T11:25:48.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '69bd530b81f0ad16998fce322cc87536']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:25:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c71-8d28-4bea-bce0-034eac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:26:41.000Z",
|
|
|
|
"modified": "2016-07-07T11:26:41.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1e4ed1704e31917f8652aa0078a85459']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:26:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c71-b95c-4a32-a9d4-034eac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:26:41.000Z",
|
|
|
|
"modified": "2016-07-07T11:26:41.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '52f461a133e95328ccd9ba7f70e2f3e6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:26:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c71-50d4-4b31-8a1a-034eac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:26:41.000Z",
|
|
|
|
"modified": "2016-07-07T11:26:41.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c80b3fb9293a932b4e814a32e7ca76d3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:26:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c71-2754-41ca-8aaf-034eac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:26:41.000Z",
|
|
|
|
"modified": "2016-07-07T11:26:41.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1ed42d19ca305d296b2f68e1381bd27c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:26:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e3c71-eb78-4e69-883d-034eac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T11:26:41.000Z",
|
|
|
|
"modified": "2016-07-07T11:26:41.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c8926bbd4caa6de78e7d82da756e9aa1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T11:26:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-eb4c-4831-b18f-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd2aab99d804df4e47fda7a6c09322758']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-0b3c-4589-b6c8-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e5923cf0ee63e0331e4cccc3f11836eb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-0e44-4227-96a3-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '831c7e0e3794724cb7bd449aa522319d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-096c-4d64-8221-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '61d7ab10018cfe65115b30d437f02c74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-df24-4a4c-9a96-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b2cd288aa9f38bf25da8a6be646e1de1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-f618-4494-a0bc-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'eede6f6ba9c312206c7c39b03dffaaa9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--577e6881-b974-4b71-bc63-058aac1064c3",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-07T14:34:41.000Z",
|
|
|
|
"modified": "2016-07-07T14:34:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ac20427b2d72dee63aff982b5b939694']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-07T14:34:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752aa-f9f8-4f39-8fed-4e6602de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:10.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:10.000Z",
|
|
|
|
"description": "- Xchecked via VT: ac20427b2d72dee63aff982b5b939694",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8ff7be63a27f879d134c76ceae57bc5aa8ff0fd5e7da86607c489ab4e9784ec7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ab-0094-451f-9b6d-48cc02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:11.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:11.000Z",
|
|
|
|
"description": "- Xchecked via VT: ac20427b2d72dee63aff982b5b939694",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '1a1789b97e98eeb2a2dc6e122bff8f0d79079d27']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752ab-21c0-4976-9049-439e02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:11.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:11.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:11Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:11Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752ab-21c0-4976-9049-439e02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752ab-21c0-4976-9049-439e02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/8ff7be63a27f879d134c76ceae57bc5aa8ff0fd5e7da86607c489ab4e9784ec7/analysis/1460947214/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ab-d538-46a5-a43c-461402de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:11.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:11.000Z",
|
|
|
|
"description": "- Xchecked via VT: eede6f6ba9c312206c7c39b03dffaaa9",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6dee2de9fc9ade1d3d94a550efc421bcdd0e5c5f6d88c17302c59d764bb666bc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ab-defc-421d-af2f-4b4802de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:11.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:11.000Z",
|
|
|
|
"description": "- Xchecked via VT: eede6f6ba9c312206c7c39b03dffaaa9",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5437f6a44b5ae8f8ea4f72169eba0f24a5823199']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752ab-54ec-4182-a8d3-4aee02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:11.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:11.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:11Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:11Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752ab-54ec-4182-a8d3-4aee02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752ab-54ec-4182-a8d3-4aee02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/6dee2de9fc9ade1d3d94a550efc421bcdd0e5c5f6d88c17302c59d764bb666bc/analysis/1460947226/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ac-2da4-48b1-b55f-428f02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:12.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:12.000Z",
|
|
|
|
"description": "- Xchecked via VT: b2cd288aa9f38bf25da8a6be646e1de1",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7bc6540222a6cf62e2dc0cd801130aa4f3fe355dcbe1f37e931b345eccc41474']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ac-205c-4714-9189-409202de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:12.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:12.000Z",
|
|
|
|
"description": "- Xchecked via VT: b2cd288aa9f38bf25da8a6be646e1de1",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'c87715e29f122c6e01571af94e6562475424cd4a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752ac-4c38-446b-88c8-47f002de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:12.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:12.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:12Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:12Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752ac-4c38-446b-88c8-47f002de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752ac-4c38-446b-88c8-47f002de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/7bc6540222a6cf62e2dc0cd801130aa4f3fe355dcbe1f37e931b345eccc41474/analysis/1467790373/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ac-5888-483e-b31e-4b3102de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:12.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:12.000Z",
|
|
|
|
"description": "- Xchecked via VT: 61d7ab10018cfe65115b30d437f02c74",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '330fc47182675cd51cb314f7b2c38e7df04209259452c11aae74a589e1571529']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ad-7a3c-4250-8a4a-4f0a02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:13.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:13.000Z",
|
|
|
|
"description": "- Xchecked via VT: 61d7ab10018cfe65115b30d437f02c74",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '63f9a6593b92af2bf8a37114b11d4ff307e62e5d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752ad-3d94-485f-9585-47e802de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:13.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:13.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:13Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:13Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752ad-3d94-485f-9585-47e802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752ad-3d94-485f-9585-47e802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/330fc47182675cd51cb314f7b2c38e7df04209259452c11aae74a589e1571529/analysis/1460947241/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ad-8044-4220-bd4a-4e2502de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:13.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:13.000Z",
|
|
|
|
"description": "- Xchecked via VT: 831c7e0e3794724cb7bd449aa522319d",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f029c5622ec5b92a5c9612ce61cadf2ca0db6c615f6e663660e063c5e9c39d44']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ad-5310-4ed3-bf39-4eba02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:13.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:13.000Z",
|
|
|
|
"description": "- Xchecked via VT: 831c7e0e3794724cb7bd449aa522319d",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7cb81d661e6b8856f545583363a393e1a5f4150c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752ad-7140-4346-af59-4e2302de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:13.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:13.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:13Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:13Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752ad-7140-4346-af59-4e2302de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752ad-7140-4346-af59-4e2302de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/f029c5622ec5b92a5c9612ce61cadf2ca0db6c615f6e663660e063c5e9c39d44/analysis/1467811895/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ae-bf38-4099-be79-437802de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:14.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:14.000Z",
|
|
|
|
"description": "- Xchecked via VT: e5923cf0ee63e0331e4cccc3f11836eb",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '669bda513a8767b4acc6894872f022dfb65797e38405febd52b2fdabf0d13084']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ae-4bd8-4ff0-a516-492902de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:14.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:14.000Z",
|
|
|
|
"description": "- Xchecked via VT: e5923cf0ee63e0331e4cccc3f11836eb",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'b02c084ba6ccafc9e5fa288f1bee466a2187dd65']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752ae-1ff4-4d06-81a1-406302de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:14.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:14.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:14Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752ae-1ff4-4d06-81a1-406302de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752ae-1ff4-4d06-81a1-406302de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/669bda513a8767b4acc6894872f022dfb65797e38405febd52b2fdabf0d13084/analysis/1460947224/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752ae-70fc-455c-9822-46bb02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:14.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:14.000Z",
|
|
|
|
"description": "- Xchecked via VT: d2aab99d804df4e47fda7a6c09322758",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '77e7c3422500d33b38ec84c9adbe655e2ecaac2eb92f8535104f186ab3515e6f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752af-ed74-4bfd-84aa-4ab202de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:15.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:15.000Z",
|
|
|
|
"description": "- Xchecked via VT: d2aab99d804df4e47fda7a6c09322758",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '01b509b13b36468b5341b2a62a4feae586e303df']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752af-9d60-4f6c-90fa-468402de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:15.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:15.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:15Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:15Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752af-9d60-4f6c-90fa-468402de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752af-9d60-4f6c-90fa-468402de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/77e7c3422500d33b38ec84c9adbe655e2ecaac2eb92f8535104f186ab3515e6f/analysis/1460947244/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752af-5fe0-433c-b792-451002de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:15.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:15.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: c8926bbd4caa6de78e7d82da756e9aa1",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9f705ebd29d8ba697e6c4edac0a7a4b93a2bb880b8646f74489f38672af398df']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752af-0034-47ea-a355-4c8602de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:15.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:15.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: c8926bbd4caa6de78e7d82da756e9aa1",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '84ddce44de9833eaac7a0a76640c342e47a39c75']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752af-4e3c-4e5f-8082-426f02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:15.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:15.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:15Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:15Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752af-4e3c-4e5f-8082-426f02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752af-4e3c-4e5f-8082-426f02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/9f705ebd29d8ba697e6c4edac0a7a4b93a2bb880b8646f74489f38672af398df/analysis/1467811893/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752af-4f0c-4c4a-8696-494402de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:15.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:15.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 1ed42d19ca305d296b2f68e1381bd27c",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9dea52911e4b87d532b3e17ab840bb8ac16dcb7090fe7539742bdc61fe7fba25']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b0-2e80-4f09-bfdb-41fb02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:16.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:16.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 1ed42d19ca305d296b2f68e1381bd27c",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '600ed32e8dfe056a647e5e3ec698cbf0ac1f79b8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752b0-b3dc-4068-8c97-401802de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:16.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:16.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:16Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:16Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752b0-b3dc-4068-8c97-401802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752b0-b3dc-4068-8c97-401802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/9dea52911e4b87d532b3e17ab840bb8ac16dcb7090fe7539742bdc61fe7fba25/analysis/1467811893/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b0-2938-4046-ab88-493d02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:16.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:16.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: c80b3fb9293a932b4e814a32e7ca76d3",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9b1590d1ed271fa0148f39c120570e5af8c919f38d5eb68f08301481ce013b0f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b0-4388-477d-b422-420b02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:16.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:16.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: c80b3fb9293a932b4e814a32e7ca76d3",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'afbe30048827a90803b8e63de3e80640d2cfc06c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752b0-3958-479e-8fe6-4e3602de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:16.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:16.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:16Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:16Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752b0-3958-479e-8fe6-4e3602de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752b0-3958-479e-8fe6-4e3602de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/9b1590d1ed271fa0148f39c120570e5af8c919f38d5eb68f08301481ce013b0f/analysis/1468918980/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b1-cee8-47c0-92e5-499a02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:17.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:17.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 52f461a133e95328ccd9ba7f70e2f3e6",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e84ebe6fffe1bf61ceecc7b149dc6d386f2db7f74097cd841b92673ff59e0c96']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b1-0ef8-4556-8d0c-453b02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:17.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:17.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 52f461a133e95328ccd9ba7f70e2f3e6",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7401dcd464a490d00eb2bf1e28c26ddb345ae069']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752b1-0b48-44e0-ae1b-4c8702de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:17.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:17.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:17Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:17Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752b1-0b48-44e0-ae1b-4c8702de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752b1-0b48-44e0-ae1b-4c8702de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/e84ebe6fffe1bf61ceecc7b149dc6d386f2db7f74097cd841b92673ff59e0c96/analysis/1468918914/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b1-8a68-4113-9945-473402de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:17.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:17.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 1e4ed1704e31917f8652aa0078a85459",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '60a63023532927deef3c08ec915146cf1e10a2c101bb6f6d05ad8d9d5dd499da']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b1-6ff4-4ef5-a322-4e5302de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:17.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:17.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 1e4ed1704e31917f8652aa0078a85459",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5cb8995c41832c6cac544a300155c0ef904b2d71']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752b2-8fac-4cc4-94d2-433a02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:18.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:18.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:18Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752b2-8fac-4cc4-94d2-433a02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752b2-8fac-4cc4-94d2-433a02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/60a63023532927deef3c08ec915146cf1e10a2c101bb6f6d05ad8d9d5dd499da/analysis/1467811896/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b2-1c38-40ff-bfd1-446602de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:18.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:18.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 69bd530b81f0ad16998fce322cc87536",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '86d0768a6b840d3b308e25e03274c59c1e0a461d71905f2fd7e47c5d993bacba']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b2-5754-481c-a524-418202de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:18.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:18.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 69bd530b81f0ad16998fce322cc87536",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5c47a995acf382fe8a35ffeadcec404ea3f2437f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752b2-edf4-406c-8c67-42e002de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:18.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:18.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:18Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752b2-edf4-406c-8c67-42e002de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752b2-edf4-406c-8c67-42e002de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/86d0768a6b840d3b308e25e03274c59c1e0a461d71905f2fd7e47c5d993bacba/analysis/1467811895/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b2-d7fc-4218-bb61-4a1502de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:18.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:18.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: ef1b4c9519216805ad7e1946d1329943",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3b95975db3726b119eb08d674dac84fdbf2e92d74ed27b20b0450e23d84f7ae7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b3-9340-419a-833e-435c02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:19.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:19.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: ef1b4c9519216805ad7e1946d1329943",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '440dd71d0ab55171ac7d190e5fa32d81940bded4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752b3-3ee0-4974-afd2-464202de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:19.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:19.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:19Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752b3-3ee0-4974-afd2-464202de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752b3-3ee0-4974-afd2-464202de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/3b95975db3726b119eb08d674dac84fdbf2e92d74ed27b20b0450e23d84f7ae7/analysis/1467811896/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b3-69f0-4e34-81e0-495002de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:19.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:19.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 45e850ce0f585f0a8f3725755ee22fdb",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '66d453abbbabebcb71b04d1381cafb6b1b6514d6302dbcefb2054f36efc49eeb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b3-282c-469e-8226-439102de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:19.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:19.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 45e850ce0f585f0a8f3725755ee22fdb",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'f8cd5cb6bbd13c852db5eb2c50177d8058e51f7e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752b3-3168-4da6-a5c1-4be802de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:19.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:19.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:19Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752b3-3168-4da6-a5c1-4be802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752b3-3168-4da6-a5c1-4be802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/66d453abbbabebcb71b04d1381cafb6b1b6514d6302dbcefb2054f36efc49eeb/analysis/1467821117/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b4-5dd4-4f81-a556-474302de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:20.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:20.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: fb338a6f49cb5b1300c6b4b70c8bdaff",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '036addd2376acdf692a6f23f21bc9d3320a61b9b47ec0188578ba27dc72c3733']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b4-2ed0-4201-a1c4-455302de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:20.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:20.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: fb338a6f49cb5b1300c6b4b70c8bdaff",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5084b389ae50cd76a0058061d681f6e51d591f66']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752b4-726c-4662-9203-409a02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:20.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:20.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:20Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752b4-726c-4662-9203-409a02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752b4-726c-4662-9203-409a02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/036addd2376acdf692a6f23f21bc9d3320a61b9b47ec0188578ba27dc72c3733/analysis/1467811893/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b4-cec8-4b03-ba79-4e7702de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:20.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:20.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 0fea31c7b54b873fcb2bd1d627262b7d",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f7a98a0ed6d62f9007ad3001744d3fd5eb7c1ce768f1a09f3c2c9383f45ce2ec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b4-8c60-454d-86ef-4c9402de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:20.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:20.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 0fea31c7b54b873fcb2bd1d627262b7d",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '4755b4c44aa3ec2ea24b83510a96ddd065b67115']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752b5-4020-4f7f-8e2a-449702de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:21.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:21.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:21Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752b5-4020-4f7f-8e2a-449702de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752b5-4020-4f7f-8e2a-449702de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/f7a98a0ed6d62f9007ad3001744d3fd5eb7c1ce768f1a09f3c2c9383f45ce2ec/analysis/1467811895/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b5-3f84-4308-9a10-4f7602de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:21.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:21.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: adddf1abce1f71578fa862bbdcd1478d",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'cfd52e29044229fcbf1c3eee35601bb6df2d64943c56a24b6dd93384feaf857e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--579752b5-8cb8-4051-849c-454902de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:21.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:21.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: adddf1abce1f71578fa862bbdcd1478d",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7b4c22a8a1984041f66d060651e9557e74a0b089']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-07-26T12:08:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--579752b5-8cb8-4edc-9c06-486d02de0b81",
|
|
|
|
"created_by_ref": "identity--56cd7f5a-3f38-4913-9d9a-73d6ac1064e9",
|
|
|
|
"created": "2016-07-26T12:08:21.000Z",
|
|
|
|
"modified": "2016-07-26T12:08:21.000Z",
|
|
|
|
"first_observed": "2016-07-26T12:08:21Z",
|
|
|
|
"last_observed": "2016-07-26T12:08:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--579752b5-8cb8-4edc-9c06-486d02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--579752b5-8cb8-4edc-9c06-486d02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/cfd52e29044229fcbf1c3eee35601bb6df2d64943c56a24b6dd93384feaf857e/analysis/1467811893/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|