2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--58497a8d-4fb8-4155-a101-4a51950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:27:59.000Z",
|
|
|
|
"modified": "2016-12-08T15:27:59.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--58497a8d-4fb8-4155-a101-4a51950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:27:59.000Z",
|
|
|
|
"modified": "2016-12-08T15:27:59.000Z",
|
|
|
|
"name": "OSINT - Astrum Drops",
|
|
|
|
"published": "2016-12-08T15:30:23Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--58497b55-3bbc-43ef-b30c-7bb3950d210f",
|
|
|
|
"indicator--58497b55-e514-4520-a2d9-7bb3950d210f",
|
|
|
|
"indicator--58497b56-1310-4f62-9591-7bb3950d210f",
|
|
|
|
"indicator--58497b56-f5d0-4af2-8c11-7bb3950d210f",
|
|
|
|
"indicator--58497b56-9290-4dc9-9471-7bb3950d210f",
|
|
|
|
"indicator--58497b56-88e4-4e49-91f8-7bb3950d210f",
|
|
|
|
"indicator--58497b56-25b8-4311-a555-7bb3950d210f",
|
|
|
|
"indicator--58497b57-56e8-49d0-ae5a-7bb3950d210f",
|
|
|
|
"indicator--58497b57-98ec-4776-8978-7bb3950d210f",
|
|
|
|
"indicator--58497b57-5c84-4f58-a8a5-7bb3950d210f",
|
|
|
|
"indicator--58497b57-43bc-4853-ac19-7bb3950d210f",
|
|
|
|
"indicator--58497b58-0c70-4b50-b04e-7bb3950d210f",
|
|
|
|
"indicator--58497b58-d470-4748-8d12-7bb3950d210f",
|
|
|
|
"indicator--58497b58-c9f8-4416-aa2c-7bb3950d210f",
|
|
|
|
"indicator--58497b58-f41c-4e35-b142-7bb3950d210f",
|
|
|
|
"indicator--58497b59-614c-4173-88cf-7bb3950d210f",
|
|
|
|
"indicator--58497b59-adb4-49ac-9c11-7bb3950d210f",
|
|
|
|
"indicator--58497b59-94b0-45d8-a1d2-7bb3950d210f",
|
|
|
|
"indicator--58497b59-4ad4-4b98-8032-7bb3950d210f",
|
|
|
|
"indicator--58497b59-ba0c-49f1-b5d5-7bb3950d210f",
|
|
|
|
"indicator--58497b5a-1dc4-40b2-9c78-7bb3950d210f",
|
|
|
|
"indicator--58497b5a-dcec-4401-a220-7bb3950d210f",
|
|
|
|
"indicator--58497b5a-cc8c-4711-a47c-7bb3950d210f",
|
|
|
|
"indicator--58497b5a-b834-4715-b88a-7bb3950d210f",
|
|
|
|
"indicator--58497b5b-527c-4ebd-af55-7bb3950d210f",
|
|
|
|
"indicator--58497b5b-0074-4977-a46c-7bb3950d210f",
|
|
|
|
"indicator--58497b5b-6020-4810-9e46-7bb3950d210f",
|
|
|
|
"indicator--58497b5b-31bc-4f47-a14c-7bb3950d210f",
|
|
|
|
"indicator--58497b5b-58bc-48b9-bb6a-7bb3950d210f",
|
|
|
|
"indicator--58497b5c-5210-46a9-93b7-7bb3950d210f",
|
|
|
|
"indicator--58497b5c-b534-42c2-b86a-7bb3950d210f",
|
|
|
|
"indicator--58497b5c-7590-4a96-b46c-7bb3950d210f",
|
|
|
|
"indicator--58497b5c-cfa4-44b1-bfba-7bb3950d210f",
|
|
|
|
"indicator--58497b5d-7b64-4be5-bb37-7bb3950d210f",
|
|
|
|
"indicator--58497b5d-c2f4-46cb-9cbf-7bb3950d210f",
|
|
|
|
"indicator--58497b5d-0c88-44a1-bbec-7bb3950d210f",
|
|
|
|
"indicator--58497b5d-5c00-42ad-bf39-7bb3950d210f",
|
|
|
|
"indicator--58497b5d-ef3c-4db5-bc08-7bb3950d210f",
|
|
|
|
"indicator--58497b5e-cbe8-455b-9ef6-7bb3950d210f",
|
|
|
|
"indicator--58497b5e-2708-4703-8b17-7bb3950d210f",
|
|
|
|
"indicator--58497b5e-1114-4ec5-a7e4-7bb3950d210f",
|
|
|
|
"indicator--58497b5e-331c-47be-adf2-7bb3950d210f",
|
|
|
|
"indicator--58497b5f-f068-4533-818a-7bb3950d210f",
|
|
|
|
"indicator--58497b5f-ef3c-48b7-a2b5-7bb3950d210f",
|
|
|
|
"indicator--58497b5f-4550-4720-be86-7bb3950d210f",
|
|
|
|
"indicator--58497b5f-39a8-45f8-92c6-7bb3950d210f",
|
|
|
|
"indicator--58497b60-fa9c-49c9-bd64-7bb3950d210f",
|
|
|
|
"indicator--58497b60-8b48-4122-894d-7bb3950d210f",
|
|
|
|
"indicator--58497b60-7554-4498-af70-7bb3950d210f",
|
|
|
|
"indicator--58497b60-0734-4c2a-9c30-7bb3950d210f",
|
|
|
|
"observed-data--58497b78-fbc0-433e-ad26-4c63950d210f",
|
|
|
|
"url--58497b78-fbc0-433e-ad26-4c63950d210f",
|
|
|
|
"observed-data--58497bff-3618-47a3-bb79-432602de0b81",
|
|
|
|
"url--58497bff-3618-47a3-bb79-432602de0b81",
|
|
|
|
"indicator--58497bff-a148-42d0-96ce-4a4002de0b81",
|
|
|
|
"observed-data--58497bff-5c18-4591-8754-4ac302de0b81",
|
|
|
|
"url--58497bff-5c18-4591-8754-4ac302de0b81",
|
|
|
|
"observed-data--58497c00-d978-4056-bb9a-444d02de0b81",
|
|
|
|
"url--58497c00-d978-4056-bb9a-444d02de0b81",
|
|
|
|
"observed-data--58497c01-7e28-488c-8361-414402de0b81",
|
|
|
|
"url--58497c01-7e28-488c-8361-414402de0b81",
|
|
|
|
"observed-data--58497c01-ad80-417a-95eb-4d8002de0b81",
|
|
|
|
"url--58497c01-ad80-417a-95eb-4d8002de0b81",
|
|
|
|
"observed-data--58497c02-0f90-4ac8-851f-4bad02de0b81",
|
|
|
|
"url--58497c02-0f90-4ac8-851f-4bad02de0b81",
|
|
|
|
"observed-data--58497c02-9344-452a-9a0e-4cfa02de0b81",
|
|
|
|
"url--58497c02-9344-452a-9a0e-4cfa02de0b81",
|
|
|
|
"observed-data--58497c03-4bc4-487a-88a1-484602de0b81",
|
|
|
|
"url--58497c03-4bc4-487a-88a1-484602de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b55-3bbc-43ef-b30c-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:09.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:09.000Z",
|
|
|
|
"description": "175760baa2bbca3fbdc4d8f30c993b89_aningik.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = '175760baa2bbca3fbdc4d8f30c993b89']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b55-e514-4520-a2d9-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:09.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:09.000Z",
|
|
|
|
"description": "175760baa2bbca3fbdc4d8f30c993b89_aningik.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ae35c375086970b7a20242eaa377e36f20b2e766']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b56-1310-4f62-9591-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:10.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:10.000Z",
|
|
|
|
"description": "175760baa2bbca3fbdc4d8f30c993b89_aningik.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'cb9fbb444a6a0b8fd1984db02f9523f9914df2b0747fecc7a1076beee364eb99']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b56-f5d0-4af2-8c11-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:10.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:10.000Z",
|
|
|
|
"description": "6229795fa30ee413d1aaeb1619a89b8f_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6229795fa30ee413d1aaeb1619a89b8f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b56-9290-4dc9-9471-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:10.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:10.000Z",
|
|
|
|
"description": "6229795fa30ee413d1aaeb1619a89b8f_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '2197c2632fb0f59ffffba2f26bcd6f12412793bc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b56-88e4-4e49-91f8-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:10.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:10.000Z",
|
|
|
|
"description": "6229795fa30ee413d1aaeb1619a89b8f_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '70406966f853345efe978ecf6e5f15233aab11296cd71d7adfaee664f33ab6a1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b56-25b8-4311-a555-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:10.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:10.000Z",
|
|
|
|
"description": "9072591fd08526efe69572294a5a0c63_vawtrak_113.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9072591fd08526efe69572294a5a0c63']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b57-56e8-49d0-ae5a-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:11.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:11.000Z",
|
|
|
|
"description": "9072591fd08526efe69572294a5a0c63_vawtrak_113.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'bab7a711f30e97caae04add267ddec743eea33cb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b57-98ec-4776-8978-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:11.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:11.000Z",
|
|
|
|
"description": "9072591fd08526efe69572294a5a0c63_vawtrak_113.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd8c1ea29e6d5bc1ffbd735749237a7e03cd900fb94c94e2f6f18881479b67922']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b57-5c84-4f58-a8a5-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:11.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:11.000Z",
|
|
|
|
"description": "a2fc4c3fbd4efd2c24d26b8ede001a10_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a2fc4c3fbd4efd2c24d26b8ede001a10']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b57-43bc-4853-ac19-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:11.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:11.000Z",
|
|
|
|
"description": "a2fc4c3fbd4efd2c24d26b8ede001a10_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ea839998a9eb52c7c420bf9ca69c90807784ebfd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b58-0c70-4b50-b04e-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:12.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:12.000Z",
|
|
|
|
"description": "a2fc4c3fbd4efd2c24d26b8ede001a10_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b88cc172abb47f4a62706a474527bc14a768e8f72f63ae5383320e849b4d3e50']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b58-d470-4748-8d12-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:12.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:12.000Z",
|
|
|
|
"description": "a0144df5caa43684f733634d7937fe25_gootkit.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '231dc8c84a65804a69be351e52892bb7bf1532d9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b58-c9f8-4416-aa2c-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:12.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:12.000Z",
|
|
|
|
"description": "a0144df5caa43684f733634d7937fe25_gootkit.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c58c97d8ff93eca30e69335cc7c6428fe00c0876e87cf643d025821d27dbd44f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b58-f41c-4e35-b142-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:12.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:12.000Z",
|
|
|
|
"description": "b2eead90d9cc54752b027e9a9f32741c_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b2eead90d9cc54752b027e9a9f32741c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b59-614c-4173-88cf-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:13.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:13.000Z",
|
|
|
|
"description": "b2eead90d9cc54752b027e9a9f32741c_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'bf8b2208d242bab61bde878053b2be7a116904eb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b59-adb4-49ac-9c11-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:13.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:13.000Z",
|
|
|
|
"description": "b2eead90d9cc54752b027e9a9f32741c_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '672f56545491108a5e710b727ee6268d7d9ff83612a573c716b02618e26a370f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b59-94b0-45d8-a1d2-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:13.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:13.000Z",
|
|
|
|
"description": "e96f2bfb9527e08fc5f82500ef96e487_vawtrak_114.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e96f2bfb9527e08fc5f82500ef96e487']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b59-4ad4-4b98-8032-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:13.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:13.000Z",
|
|
|
|
"description": "e96f2bfb9527e08fc5f82500ef96e487_vawtrak_114.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '281373b455c9d400e1e56e25e7dcd7cd174a7d65']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b59-ba0c-49f1-b5d5-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:13.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:13.000Z",
|
|
|
|
"description": "e96f2bfb9527e08fc5f82500ef96e487_vawtrak_114.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '70a4b312ceec1eb2c259913451c93c138465f3d70c74d0a61eb4c48c5aba0b51']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5a-1dc4-40b2-9c78-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:14.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:14.000Z",
|
|
|
|
"description": "ecd1ad7ea3950f29a9afbc000d2b9b1a_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ecd1ad7ea3950f29a9afbc000d2b9b1a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5a-dcec-4401-a220-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:14.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:14.000Z",
|
|
|
|
"description": "ecd1ad7ea3950f29a9afbc000d2b9b1a_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e9f0c59a2090e681e5d4b5166e6d60f9fb9db772']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5a-cc8c-4711-a47c-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:14.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:14.000Z",
|
|
|
|
"description": "ecd1ad7ea3950f29a9afbc000d2b9b1a_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '61b8655dfdb553d8fbd5afab7997e247da4b1e9dfc1bbb2474750617bcca5e0f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5a-b834-4715-b88a-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:14.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:14.000Z",
|
|
|
|
"description": "f12cdb36588d661a0cd1c63808df3f20_ramnit.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'f12cdb36588d661a0cd1c63808df3f20']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5b-527c-4ebd-af55-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:15.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:15.000Z",
|
|
|
|
"description": "f12cdb36588d661a0cd1c63808df3f20_ramnit.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '50dc8a7e5df13f94dadbe48d81d136b82b19b131']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5b-0074-4977-a46c-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:15.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:15.000Z",
|
|
|
|
"description": "f12cdb36588d661a0cd1c63808df3f20_ramnit.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '57adba8dea8bd0eb8dab7a2e77a52823b60b6062df64c77af0f5bfd7eafb542c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5b-6020-4810-9e46-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:15.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:15.000Z",
|
|
|
|
"description": "f9243ae7005815ff3e3fbe43505e22b3_godzilla.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'f9243ae7005815ff3e3fbe43505e22b3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5b-31bc-4f47-a14c-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:15.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:15.000Z",
|
|
|
|
"description": "f9243ae7005815ff3e3fbe43505e22b3_godzilla.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'bcfde94dcb4be8be69ca706c703de170956ffe0b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5b-58bc-48b9-bb6a-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:15.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:15.000Z",
|
|
|
|
"description": "f9243ae7005815ff3e3fbe43505e22b3_godzilla.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'be1652dbe9bb2fe035e29c8d341f7b54137e47f4d3d5b8a6f70ca7525a27f4c7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5c-5210-46a9-93b7-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:16.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:16.000Z",
|
|
|
|
"description": "fa495110b05f2bb572e46214a681e3f3_zloader.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fa495110b05f2bb572e46214a681e3f3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5c-b534-42c2-b86a-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:16.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:16.000Z",
|
|
|
|
"description": "fa495110b05f2bb572e46214a681e3f3_zloader.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e2da4e94a5ace245c0c0acde2660d342f6c00454']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5c-7590-4a96-b46c-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:16.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:16.000Z",
|
|
|
|
"description": "fa495110b05f2bb572e46214a681e3f3_zloader.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f5abbc55f71a4df294a9dde70e41617e32a64e4ccf6a0c6baf7f4306ef0070b2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5c-cfa4-44b1-bfba-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:16.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:16.000Z",
|
|
|
|
"description": "0b9e17cec5939bf3ea26bece55949b44_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0b9e17cec5939bf3ea26bece55949b44']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5d-7b64-4be5-bb37-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:17.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:17.000Z",
|
|
|
|
"description": "0b9e17cec5939bf3ea26bece55949b44_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e471707419f31a876484df03f2fe84cdac230a8e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5d-c2f4-46cb-9cbf-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:17.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:17.000Z",
|
|
|
|
"description": "0b9e17cec5939bf3ea26bece55949b44_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f029a658e6b63e48d791310ffda403f0eb36f8a5108b14a87b85b5be01e18b86']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5d-0c88-44a1-bbec-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:17.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:17.000Z",
|
|
|
|
"description": "0f048d74e11515a4eeee5a28e5eb93d3_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0f048d74e11515a4eeee5a28e5eb93d3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5d-5c00-42ad-bf39-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:17.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:17.000Z",
|
|
|
|
"description": "0f048d74e11515a4eeee5a28e5eb93d3_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'b2e4e5c38be5380558d2ada30c3e30b015cf5b16']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5d-ef3c-4db5-bc08-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:17.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:17.000Z",
|
|
|
|
"description": "0f048d74e11515a4eeee5a28e5eb93d3_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8d58eb6316855492b689242d852908a9e9005bb950910fa7f3e1be6d8fe70895']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5e-cbe8-455b-9ef6-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:18.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:18.000Z",
|
|
|
|
"description": "1a03106ce5f67f2928d31dfea0f99d63_zloader.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1a03106ce5f67f2928d31dfea0f99d63']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5e-2708-4703-8b17-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:18.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:18.000Z",
|
|
|
|
"description": "1a03106ce5f67f2928d31dfea0f99d63_zloader.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5eba3d5c01e404c965e4d51e34e7904b3686c488']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5e-1114-4ec5-a7e4-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:18.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:18.000Z",
|
|
|
|
"description": "1a03106ce5f67f2928d31dfea0f99d63_zloader.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'da781eb4c3d0bcfa77fa06ec0c0f1d40f1152580744e4d8cdfbf99de82c3f32e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5e-331c-47be-adf2-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:18.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:18.000Z",
|
|
|
|
"description": "7a85085f54f4e10a10a3270ccce67cc3_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7a85085f54f4e10a10a3270ccce67cc3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5f-f068-4533-818a-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:19.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:19.000Z",
|
|
|
|
"description": "7a85085f54f4e10a10a3270ccce67cc3_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '6f155e576bbe80703cf48246c2bea1e35e06acf5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5f-ef3c-48b7-a2b5-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:19.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:19.000Z",
|
|
|
|
"description": "7a85085f54f4e10a10a3270ccce67cc3_dreambot.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd5a492253d0a336a620b8447780ec8efee720f1b9575fb77d2d29b01fbf18ca9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5f-4550-4720-be86-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:19.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:19.000Z",
|
|
|
|
"description": "97b764282ad33dc7fc19f5dbd7a3649a_gootkit.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = '97b764282ad33dc7fc19f5dbd7a3649a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b5f-39a8-45f8-92c6-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:19.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:19.000Z",
|
|
|
|
"description": "97b764282ad33dc7fc19f5dbd7a3649a_gootkit.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'bfbfa097560e84760201c90d8e4da6a7896c0067']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b60-fa9c-49c9-bd64-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:20.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:20.000Z",
|
|
|
|
"description": "97b764282ad33dc7fc19f5dbd7a3649a_gootkit.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1d8acc610c84233ecd91a373efa450e0719078c50d17eb927b465d4675d02e7f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b60-8b48-4122-894d-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:20.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:20.000Z",
|
|
|
|
"description": "3129c8b9ccf91f3349262c12be21d5ed_godzilla.kaf",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3129c8b9ccf91f3349262c12be21d5ed']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b60-7554-4498-af70-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:20.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:20.000Z",
|
|
|
|
"description": "3129c8b9ccf91f3349262c12be21d5ed_godzilla.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'd7688d0af073ad89051ca87d8ba31b18ea4f55e9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497b60-0734-4c2a-9c30-7bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:20.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:20.000Z",
|
|
|
|
"description": "3129c8b9ccf91f3349262c12be21d5ed_godzilla.kaf",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9ae69049018ddb938b454e55ffe75daa2e8a446d226ab3193ea0011870a5e445']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:25:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--58497b78-fbc0-433e-ad26-4c63950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:25:44.000Z",
|
|
|
|
"modified": "2016-12-08T15:25:44.000Z",
|
|
|
|
"first_observed": "2016-12-08T15:25:44Z",
|
|
|
|
"last_observed": "2016-12-08T15:25:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--58497b78-fbc0-433e-ad26-4c63950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--58497b78-fbc0-433e-ad26-4c63950d210f",
|
|
|
|
"value": "https://github.com/Kafeine/public/blob/master/Astrum_drop_2016-12-07.md"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--58497bff-3618-47a3-bb79-432602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:27:59.000Z",
|
|
|
|
"modified": "2016-12-08T15:27:59.000Z",
|
|
|
|
"first_observed": "2016-12-08T15:27:59Z",
|
|
|
|
"last_observed": "2016-12-08T15:27:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--58497bff-3618-47a3-bb79-432602de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--58497bff-3618-47a3-bb79-432602de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/d8c1ea29e6d5bc1ffbd735749237a7e03cd900fb94c94e2f6f18881479b67922/analysis/1481015797/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--58497bff-a148-42d0-96ce-4a4002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:27:59.000Z",
|
|
|
|
"modified": "2016-12-08T15:27:59.000Z",
|
|
|
|
"description": "a0144df5caa43684f733634d7937fe25_gootkit.kaf - Xchecked via VT: c58c97d8ff93eca30e69335cc7c6428fe00c0876e87cf643d025821d27dbd44f",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a0144df5caa43684f733634d7937fe25']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-12-08T15:27:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--58497bff-5c18-4591-8754-4ac302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:27:59.000Z",
|
|
|
|
"modified": "2016-12-08T15:27:59.000Z",
|
|
|
|
"first_observed": "2016-12-08T15:27:59Z",
|
|
|
|
"last_observed": "2016-12-08T15:27:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--58497bff-5c18-4591-8754-4ac302de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--58497bff-5c18-4591-8754-4ac302de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/c58c97d8ff93eca30e69335cc7c6428fe00c0876e87cf643d025821d27dbd44f/analysis/1480426462/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--58497c00-d978-4056-bb9a-444d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:28:00.000Z",
|
|
|
|
"modified": "2016-12-08T15:28:00.000Z",
|
|
|
|
"first_observed": "2016-12-08T15:28:00Z",
|
|
|
|
"last_observed": "2016-12-08T15:28:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--58497c00-d978-4056-bb9a-444d02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--58497c00-d978-4056-bb9a-444d02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/70a4b312ceec1eb2c259913451c93c138465f3d70c74d0a61eb4c48c5aba0b51/analysis/1479586398/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--58497c01-7e28-488c-8361-414402de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:28:01.000Z",
|
|
|
|
"modified": "2016-12-08T15:28:01.000Z",
|
|
|
|
"first_observed": "2016-12-08T15:28:01Z",
|
|
|
|
"last_observed": "2016-12-08T15:28:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--58497c01-7e28-488c-8361-414402de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--58497c01-7e28-488c-8361-414402de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/61b8655dfdb553d8fbd5afab7997e247da4b1e9dfc1bbb2474750617bcca5e0f/analysis/1480979088/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--58497c01-ad80-417a-95eb-4d8002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:28:01.000Z",
|
|
|
|
"modified": "2016-12-08T15:28:01.000Z",
|
|
|
|
"first_observed": "2016-12-08T15:28:01Z",
|
|
|
|
"last_observed": "2016-12-08T15:28:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--58497c01-ad80-417a-95eb-4d8002de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--58497c01-ad80-417a-95eb-4d8002de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/57adba8dea8bd0eb8dab7a2e77a52823b60b6062df64c77af0f5bfd7eafb542c/analysis/1475653336/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--58497c02-0f90-4ac8-851f-4bad02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:28:02.000Z",
|
|
|
|
"modified": "2016-12-08T15:28:02.000Z",
|
|
|
|
"first_observed": "2016-12-08T15:28:02Z",
|
|
|
|
"last_observed": "2016-12-08T15:28:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--58497c02-0f90-4ac8-851f-4bad02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--58497c02-0f90-4ac8-851f-4bad02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/be1652dbe9bb2fe035e29c8d341f7b54137e47f4d3d5b8a6f70ca7525a27f4c7/analysis/1476781773/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--58497c02-9344-452a-9a0e-4cfa02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:28:02.000Z",
|
|
|
|
"modified": "2016-12-08T15:28:02.000Z",
|
|
|
|
"first_observed": "2016-12-08T15:28:02Z",
|
|
|
|
"last_observed": "2016-12-08T15:28:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--58497c02-9344-452a-9a0e-4cfa02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--58497c02-9344-452a-9a0e-4cfa02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/f029a658e6b63e48d791310ffda403f0eb36f8a5108b14a87b85b5be01e18b86/analysis/1477316139/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--58497c03-4bc4-487a-88a1-484602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-12-08T15:28:03.000Z",
|
|
|
|
"modified": "2016-12-08T15:28:03.000Z",
|
|
|
|
"first_observed": "2016-12-08T15:28:03Z",
|
|
|
|
"last_observed": "2016-12-08T15:28:03Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--58497c03-4bc4-487a-88a1-484602de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--58497c03-4bc4-487a-88a1-484602de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/9ae69049018ddb938b454e55ffe75daa2e8a446d226ab3193ea0011870a5e445/analysis/1479993485/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|