2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--57b5b7eb-208c-4c32-ae59-4ec2950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T14:06:16.000Z",
|
|
|
|
"modified": "2016-08-18T14:06:16.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--57b5b7eb-208c-4c32-ae59-4ec2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T14:06:16.000Z",
|
|
|
|
"modified": "2016-08-18T14:06:16.000Z",
|
|
|
|
"name": "OSINT Bad News Bears - Panda Banker Starts Looking More Like a Grizzly by ProofPoint",
|
|
|
|
"published": "2016-09-25T20:38:22Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--57b5b7f6-59c0-43f4-baf2-4fc2950d210f",
|
|
|
|
"url--57b5b7f6-59c0-43f4-baf2-4fc2950d210f",
|
|
|
|
"indicator--57b5b831-e9b4-4d0f-8320-4fe5950d210f",
|
|
|
|
"indicator--57b5b831-1e74-4c89-8e27-4e0e950d210f",
|
|
|
|
"indicator--57b5b831-a3ac-4eef-961d-43a1950d210f",
|
|
|
|
"indicator--57b5b832-e9d0-4aea-9913-44d3950d210f",
|
|
|
|
"indicator--57b5b832-3940-457e-b45d-42b8950d210f",
|
|
|
|
"indicator--57b5b832-ec4c-45cb-85d3-4deb950d210f",
|
|
|
|
"indicator--57b5b832-2438-4826-953c-4d20950d210f",
|
|
|
|
"indicator--57b5b832-fa74-4d9b-92d1-4950950d210f",
|
|
|
|
"indicator--57b5b833-37d8-46e0-998a-4a57950d210f",
|
|
|
|
"indicator--57b5b833-1af8-4f5f-b10d-49ca950d210f",
|
|
|
|
"indicator--57b5b833-1a6c-480e-928f-4e91950d210f",
|
|
|
|
"indicator--57b5b833-42ac-45da-b0ed-4243950d210f",
|
|
|
|
"indicator--57b5b833-10c4-49cb-a6dd-42ed950d210f",
|
|
|
|
"indicator--57b5b834-6a80-4bb1-98a3-42c9950d210f",
|
|
|
|
"indicator--57b5b834-8b0c-4d92-8cb2-4f93950d210f",
|
|
|
|
"indicator--57b5b834-6b28-4531-ab4c-4026950d210f",
|
|
|
|
"indicator--57b5b834-0a20-4511-b35b-4610950d210f",
|
|
|
|
"indicator--57b5b834-9c8c-4bfb-970e-4abf950d210f",
|
|
|
|
"indicator--57b5c0d8-50f4-4a3f-9f65-42f902de0b81",
|
|
|
|
"indicator--57b5c0d8-4a98-440c-a46e-4a8602de0b81",
|
|
|
|
"observed-data--57b5c0d9-78e4-4d17-8b5a-424202de0b81",
|
|
|
|
"url--57b5c0d9-78e4-4d17-8b5a-424202de0b81",
|
|
|
|
"indicator--57b5c0d9-3e14-417b-bc45-499202de0b81",
|
|
|
|
"indicator--57b5c0d9-564c-4a05-b4b0-41da02de0b81",
|
|
|
|
"observed-data--57b5c0d9-3778-47fb-9819-47f302de0b81",
|
|
|
|
"url--57b5c0d9-3778-47fb-9819-47f302de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"OSINT",
|
|
|
|
"circl:topic=\"finance\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57b5b7f6-59c0-43f4-baf2-4fc2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:28:22.000Z",
|
|
|
|
"modified": "2016-08-18T13:28:22.000Z",
|
|
|
|
"first_observed": "2016-08-18T13:28:22Z",
|
|
|
|
"last_observed": "2016-08-18T13:28:22Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57b5b7f6-59c0-43f4-baf2-4fc2950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57b5b7f6-59c0-43f4-baf2-4fc2950d210f",
|
|
|
|
"value": "https://www.proofpoint.com/us/threat-insight/post/panda-banker-starts-looking-more-like-a-grizzly"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b831-e9b4-4d0f-8320-4fe5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:21.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:21.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[domain-name:value = 'nederlandstest.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b831-1e74-4c89-8e27-4e0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:21.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:21.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[domain-name:value = 'test2222test.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b831-a3ac-4eef-961d-43a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:21.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:21.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b832-e9d0-4aea-9913-44d3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:22.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:22.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b832-3940-457e-b45d-42b8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:22.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:22.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://www.monparfum.it/payments/info.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b832-ec4c-45cb-85d3-4deb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:22.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:22.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://www.monparfum.it/payments/history.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b832-2438-4826-953c-4d20950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:22.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:22.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://vividlightingandliving.com.au/bank-info/report.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b832-fa74-4d9b-92d1-4950950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:22.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:22.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://www.1800cloud.com/infos/payment.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b833-37d8-46e0-998a-4a57950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:23.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:23.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://88.119.179.160/1biycuhoqetzowaawneab.exe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b833-1af8-4f5f-b10d-49ca950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:23.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:23.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://www.1800cloud.com/infos/report.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b833-1a6c-480e-928f-4e91950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:23.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:23.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://freebase.pw/vnc64.bin']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b833-42ac-45da-b0ed-4243950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:23.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:23.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://guestlistalamode.com/bank/report.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b833-10c4-49cb-a6dd-42ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:23.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:23.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://guestlistalamode.com/bank/payment.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b834-6a80-4bb1-98a3-42c9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:24.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:24.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://freebase.pw/backsocks.bin']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b834-8b0c-4d92-8cb2-4f93950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:24.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:24.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://vividlightingandliving.com.au/bank-info/payment.doc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b834-6b28-4531-ab4c-4026950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:24.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:24.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://freebase.pw/vnc32.bin']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b834-0a20-4511-b35b-4610950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:24.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:24.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://freebase.pw/1biycuhoqetzowaawneab.exe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5b834-9c8c-4bfb-970e-4abf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T13:29:24.000Z",
|
|
|
|
"modified": "2016-08-18T13:29:24.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[url:value = 'http://freebase.pw/grabber.bin']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T13:29:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5c0d8-50f4-4a3f-9f65-42f902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T14:06:16.000Z",
|
|
|
|
"modified": "2016-08-18T14:06:16.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7039bee1b6918ce4ab9d999c3a6df023674b43f3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T14:06:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5c0d8-4a98-440c-a46e-4a8602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T14:06:16.000Z",
|
|
|
|
"modified": "2016-08-18T14:06:16.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578",
|
|
|
|
"pattern": "[file:hashes.MD5 = '81a50b5d0005b50a59d4779132703932']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T14:06:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57b5c0d9-78e4-4d17-8b5a-424202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T14:06:17.000Z",
|
|
|
|
"modified": "2016-08-18T14:06:17.000Z",
|
|
|
|
"first_observed": "2016-08-18T14:06:17Z",
|
|
|
|
"last_observed": "2016-08-18T14:06:17Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57b5c0d9-78e4-4d17-8b5a-424202de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57b5c0d9-78e4-4d17-8b5a-424202de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578/analysis/1471270815/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5c0d9-3e14-417b-bc45-499202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T14:06:17.000Z",
|
|
|
|
"modified": "2016-08-18T14:06:17.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '575f0f7f672a66eba44455eb5efaefa6443e760c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T14:06:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57b5c0d9-564c-4a05-b4b0-41da02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T14:06:17.000Z",
|
|
|
|
"modified": "2016-08-18T14:06:17.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8783e267751086a09130de0b16de5dec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-08-18T14:06:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57b5c0d9-3778-47fb-9819-47f302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-08-18T14:06:17.000Z",
|
|
|
|
"modified": "2016-08-18T14:06:17.000Z",
|
|
|
|
"first_observed": "2016-08-18T14:06:17Z",
|
|
|
|
"last_observed": "2016-08-18T14:06:17Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57b5c0d9-3778-47fb-9819-47f302de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57b5c0d9-3778-47fb-9819-47f302de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4/analysis/1471418928/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|