misp-circl-feed/feeds/circl/misp/57b5b7eb-208c-4c32-ae59-4ec2950d210f.json

675 lines
28 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--57b5b7eb-208c-4c32-ae59-4ec2950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T14:06:16.000Z",
"modified": "2016-08-18T14:06:16.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57b5b7eb-208c-4c32-ae59-4ec2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T14:06:16.000Z",
"modified": "2016-08-18T14:06:16.000Z",
"name": "OSINT Bad News Bears - Panda Banker Starts Looking More Like a Grizzly by ProofPoint",
"published": "2016-09-25T20:38:22Z",
"object_refs": [
"observed-data--57b5b7f6-59c0-43f4-baf2-4fc2950d210f",
"url--57b5b7f6-59c0-43f4-baf2-4fc2950d210f",
"indicator--57b5b831-e9b4-4d0f-8320-4fe5950d210f",
"indicator--57b5b831-1e74-4c89-8e27-4e0e950d210f",
"indicator--57b5b831-a3ac-4eef-961d-43a1950d210f",
"indicator--57b5b832-e9d0-4aea-9913-44d3950d210f",
"indicator--57b5b832-3940-457e-b45d-42b8950d210f",
"indicator--57b5b832-ec4c-45cb-85d3-4deb950d210f",
"indicator--57b5b832-2438-4826-953c-4d20950d210f",
"indicator--57b5b832-fa74-4d9b-92d1-4950950d210f",
"indicator--57b5b833-37d8-46e0-998a-4a57950d210f",
"indicator--57b5b833-1af8-4f5f-b10d-49ca950d210f",
"indicator--57b5b833-1a6c-480e-928f-4e91950d210f",
"indicator--57b5b833-42ac-45da-b0ed-4243950d210f",
"indicator--57b5b833-10c4-49cb-a6dd-42ed950d210f",
"indicator--57b5b834-6a80-4bb1-98a3-42c9950d210f",
"indicator--57b5b834-8b0c-4d92-8cb2-4f93950d210f",
"indicator--57b5b834-6b28-4531-ab4c-4026950d210f",
"indicator--57b5b834-0a20-4511-b35b-4610950d210f",
"indicator--57b5b834-9c8c-4bfb-970e-4abf950d210f",
"indicator--57b5c0d8-50f4-4a3f-9f65-42f902de0b81",
"indicator--57b5c0d8-4a98-440c-a46e-4a8602de0b81",
"observed-data--57b5c0d9-78e4-4d17-8b5a-424202de0b81",
"url--57b5c0d9-78e4-4d17-8b5a-424202de0b81",
"indicator--57b5c0d9-3e14-417b-bc45-499202de0b81",
"indicator--57b5c0d9-564c-4a05-b4b0-41da02de0b81",
"observed-data--57b5c0d9-3778-47fb-9819-47f302de0b81",
"url--57b5c0d9-3778-47fb-9819-47f302de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"OSINT",
"circl:topic=\"finance\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b5b7f6-59c0-43f4-baf2-4fc2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:28:22.000Z",
"modified": "2016-08-18T13:28:22.000Z",
"first_observed": "2016-08-18T13:28:22Z",
"last_observed": "2016-08-18T13:28:22Z",
"number_observed": 1,
"object_refs": [
"url--57b5b7f6-59c0-43f4-baf2-4fc2950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b5b7f6-59c0-43f4-baf2-4fc2950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/panda-banker-starts-looking-more-like-a-grizzly"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b831-e9b4-4d0f-8320-4fe5950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:21.000Z",
"modified": "2016-08-18T13:29:21.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'nederlandstest.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b831-1e74-4c89-8e27-4e0e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:21.000Z",
"modified": "2016-08-18T13:29:21.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'test2222test.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b831-a3ac-4eef-961d-43a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:21.000Z",
"modified": "2016-08-18T13:29:21.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b832-e9d0-4aea-9913-44d3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:22.000Z",
"modified": "2016-08-18T13:29:22.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b832-3940-457e-b45d-42b8950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:22.000Z",
"modified": "2016-08-18T13:29:22.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://www.monparfum.it/payments/info.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b832-ec4c-45cb-85d3-4deb950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:22.000Z",
"modified": "2016-08-18T13:29:22.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://www.monparfum.it/payments/history.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b832-2438-4826-953c-4d20950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:22.000Z",
"modified": "2016-08-18T13:29:22.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://vividlightingandliving.com.au/bank-info/report.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b832-fa74-4d9b-92d1-4950950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:22.000Z",
"modified": "2016-08-18T13:29:22.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://www.1800cloud.com/infos/payment.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b833-37d8-46e0-998a-4a57950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:23.000Z",
"modified": "2016-08-18T13:29:23.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://88.119.179.160/1biycuhoqetzowaawneab.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b833-1af8-4f5f-b10d-49ca950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:23.000Z",
"modified": "2016-08-18T13:29:23.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://www.1800cloud.com/infos/report.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b833-1a6c-480e-928f-4e91950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:23.000Z",
"modified": "2016-08-18T13:29:23.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://freebase.pw/vnc64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b833-42ac-45da-b0ed-4243950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:23.000Z",
"modified": "2016-08-18T13:29:23.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://guestlistalamode.com/bank/report.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b833-10c4-49cb-a6dd-42ed950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:23.000Z",
"modified": "2016-08-18T13:29:23.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://guestlistalamode.com/bank/payment.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b834-6a80-4bb1-98a3-42c9950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:24.000Z",
"modified": "2016-08-18T13:29:24.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://freebase.pw/backsocks.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b834-8b0c-4d92-8cb2-4f93950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:24.000Z",
"modified": "2016-08-18T13:29:24.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://vividlightingandliving.com.au/bank-info/payment.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b834-6b28-4531-ab4c-4026950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:24.000Z",
"modified": "2016-08-18T13:29:24.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://freebase.pw/vnc32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b834-0a20-4511-b35b-4610950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:24.000Z",
"modified": "2016-08-18T13:29:24.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://freebase.pw/1biycuhoqetzowaawneab.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5b834-9c8c-4bfb-970e-4abf950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T13:29:24.000Z",
"modified": "2016-08-18T13:29:24.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = 'http://freebase.pw/grabber.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T13:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5c0d8-50f4-4a3f-9f65-42f902de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T14:06:16.000Z",
"modified": "2016-08-18T14:06:16.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578",
"pattern": "[file:hashes.SHA1 = '7039bee1b6918ce4ab9d999c3a6df023674b43f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T14:06:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5c0d8-4a98-440c-a46e-4a8602de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T14:06:16.000Z",
"modified": "2016-08-18T14:06:16.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578",
"pattern": "[file:hashes.MD5 = '81a50b5d0005b50a59d4779132703932']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T14:06:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b5c0d9-78e4-4d17-8b5a-424202de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T14:06:17.000Z",
"modified": "2016-08-18T14:06:17.000Z",
"first_observed": "2016-08-18T14:06:17Z",
"last_observed": "2016-08-18T14:06:17Z",
"number_observed": 1,
"object_refs": [
"url--57b5c0d9-78e4-4d17-8b5a-424202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b5c0d9-78e4-4d17-8b5a-424202de0b81",
"value": "https://www.virustotal.com/file/b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578/analysis/1471270815/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5c0d9-3e14-417b-bc45-499202de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T14:06:17.000Z",
"modified": "2016-08-18T14:06:17.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4",
"pattern": "[file:hashes.SHA1 = '575f0f7f672a66eba44455eb5efaefa6443e760c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T14:06:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b5c0d9-564c-4a05-b4b0-41da02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T14:06:17.000Z",
"modified": "2016-08-18T14:06:17.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4",
"pattern": "[file:hashes.MD5 = '8783e267751086a09130de0b16de5dec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-18T14:06:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b5c0d9-3778-47fb-9819-47f302de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-18T14:06:17.000Z",
"modified": "2016-08-18T14:06:17.000Z",
"first_observed": "2016-08-18T14:06:17Z",
"last_observed": "2016-08-18T14:06:17Z",
"number_observed": 1,
"object_refs": [
"url--57b5c0d9-3778-47fb-9819-47f302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b5c0d9-3778-47fb-9819-47f302de0b81",
"value": "https://www.virustotal.com/file/3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4/analysis/1471418928/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}