misp-circl-feed/feeds/circl/misp/5968d8bc-9874-4fc2-ab64-4d7c950d210f.json

844 lines
34 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5968d8bc-9874-4fc2-ab64-4d7c950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T18:54:53.000Z",
"modified": "2017-07-14T18:54:53.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5968d8bc-9874-4fc2-ab64-4d7c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T18:54:53.000Z",
"modified": "2017-07-14T18:54:53.000Z",
"name": "M2M - Encrypted Docx Campaign",
"published": "2017-07-14T18:54:58Z",
"object_refs": [
"indicator--5968d8bd-05a8-4ec7-89b8-4165950d210f",
"indicator--5968d8bd-ffa4-4c28-9679-4bb1950d210f",
"observed-data--5968d8bd-8680-43ba-a0ad-4dc7950d210f",
"url--5968d8bd-8680-43ba-a0ad-4dc7950d210f",
"observed-data--5968d8bd-88d4-4c37-be58-414c950d210f",
"network-traffic--5968d8bd-88d4-4c37-be58-414c950d210f",
"ipv4-addr--5968d8bd-88d4-4c37-be58-414c950d210f",
"indicator--5968d8be-36c8-467a-9030-4464950d210f",
"indicator--5968d8be-0d2c-42b2-91cd-41b2950d210f",
"observed-data--5968d8bf-c224-47c4-85b8-4bb2950d210f",
"network-traffic--5968d8bf-c224-47c4-85b8-4bb2950d210f",
"ipv4-addr--5968d8bf-c224-47c4-85b8-4bb2950d210f",
"indicator--5968d8bf-84dc-46f1-a964-4ec9950d210f",
"indicator--5968d8c0-5a28-4f0e-b4b2-482c950d210f",
"observed-data--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
"network-traffic--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
"ipv4-addr--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
"observed-data--5968d8c1-bd08-4f73-af5d-455d950d210f",
"url--5968d8c1-bd08-4f73-af5d-455d950d210f",
"observed-data--5968d8c1-28b8-4121-8a19-4e98950d210f",
"domain-name--5968d8c1-28b8-4121-8a19-4e98950d210f",
"observed-data--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
"network-traffic--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
"ipv4-addr--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
"indicator--5968d8c3-7e54-4c10-b74e-49cc950d210f",
"indicator--5968d8e1-0e68-4a7f-acca-4b52950d210f",
"indicator--5968d8e1-a2a4-4a02-aeff-47d0950d210f",
"indicator--5968d8e2-215c-4b33-a4a2-45de950d210f",
"indicator--5968d8e2-d4b4-4bda-b238-412f950d210f",
"indicator--5968d8e2-ede8-4033-9942-47ae950d210f",
"observed-data--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
"network-traffic--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
"ipv4-addr--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
"indicator--5968d8e3-4cec-47da-ba4f-4eee950d210f",
"indicator--5968d901-6b24-4a70-84c1-4e3b950d210f",
"indicator--5968d901-d2ac-4af7-8970-44d9950d210f",
"indicator--5968d901-3c50-4b56-b6cc-426d950d210f",
"indicator--5968dbca-1a2c-49d3-a3d8-46f802de0b81",
"indicator--5968dbca-ab5c-417b-b9df-452a02de0b81",
"observed-data--5968dbca-fb74-4987-af9f-45b602de0b81",
"url--5968dbca-fb74-4987-af9f-45b602de0b81",
"indicator--5968dbca-5744-4b5f-b3ea-4f2202de0b81",
"indicator--5968dbca-48d4-413d-ba9f-4cfe02de0b81",
"observed-data--5968dbca-a24c-4515-b49a-450e02de0b81",
"url--5968dbca-a24c-4515-b49a-450e02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8bd-05a8-4ec7-89b8-4165950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[file:hashes.MD5 = '031cbd2f5c2ec443c7f3957cd98666f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8bd-ffa4-4c28-9679-4bb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[file:hashes.MD5 = '5d688046d113f85481eb28dd1617f4c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5968d8bd-8680-43ba-a0ad-4dc7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"first_observed": "2017-07-14T14:57:14Z",
"last_observed": "2017-07-14T14:57:14Z",
"number_observed": 1,
"object_refs": [
"url--5968d8bd-8680-43ba-a0ad-4dc7950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5968d8bd-8680-43ba-a0ad-4dc7950d210f",
"value": "http://46.17.40.142/45.txt"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5968d8bd-88d4-4c37-be58-414c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"first_observed": "2017-07-14T14:57:14Z",
"last_observed": "2017-07-14T14:57:14Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5968d8bd-88d4-4c37-be58-414c950d210f",
"ipv4-addr--5968d8bd-88d4-4c37-be58-414c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5968d8bd-88d4-4c37-be58-414c950d210f",
"dst_ref": "ipv4-addr--5968d8bd-88d4-4c37-be58-414c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5968d8bd-88d4-4c37-be58-414c950d210f",
"value": "46.17.40.142"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8be-36c8-467a-9030-4464950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[url:value = 'http://www.afripaper.co.za/Readme.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8be-0d2c-42b2-91cd-41b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'www.afripaper.co.za']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5968d8bf-c224-47c4-85b8-4bb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"first_observed": "2017-07-14T14:57:14Z",
"last_observed": "2017-07-14T14:57:14Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5968d8bf-c224-47c4-85b8-4bb2950d210f",
"ipv4-addr--5968d8bf-c224-47c4-85b8-4bb2950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5968d8bf-c224-47c4-85b8-4bb2950d210f",
"dst_ref": "ipv4-addr--5968d8bf-c224-47c4-85b8-4bb2950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5968d8bf-c224-47c4-85b8-4bb2950d210f",
"value": "41.76.209.200"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8bf-84dc-46f1-a964-4ec9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[url:value = 'http://vreken.co.za/php.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8c0-5a28-4f0e-b4b2-482c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'vreken.co.za']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"first_observed": "2017-07-14T14:57:14Z",
"last_observed": "2017-07-14T14:57:14Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
"ipv4-addr--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
"dst_ref": "ipv4-addr--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
"value": "85.10.213.74"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5968d8c1-bd08-4f73-af5d-455d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T18:54:42.000Z",
"modified": "2017-07-14T18:54:42.000Z",
"first_observed": "2017-07-14T18:54:42Z",
"last_observed": "2017-07-14T18:54:42Z",
"number_observed": 1,
"object_refs": [
"url--5968d8c1-bd08-4f73-af5d-455d950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5968d8c1-bd08-4f73-af5d-455d950d210f",
"value": "http://www.php.net/license/3_0.txt"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5968d8c1-28b8-4121-8a19-4e98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T18:53:34.000Z",
"modified": "2017-07-14T18:53:34.000Z",
"first_observed": "2017-07-14T18:53:34Z",
"last_observed": "2017-07-14T18:53:34Z",
"number_observed": 1,
"object_refs": [
"domain-name--5968d8c1-28b8-4121-8a19-4e98950d210f"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5968d8c1-28b8-4121-8a19-4e98950d210f",
"value": "www.php.net"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"first_observed": "2017-07-14T14:57:14Z",
"last_observed": "2017-07-14T14:57:14Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
"ipv4-addr--5968d8c2-7bb8-47e6-ada7-43bd950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
"dst_ref": "ipv4-addr--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
"value": "72.52.91.14"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8c3-7e54-4c10-b74e-49cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'theindividualsa.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8e1-0e68-4a7f-acca-4b52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'phpbehalfasayingengright.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8e1-a2a4-4a02-aeff-47d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'andpromoteaphpvoluntary.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8e2-215c-4b33-a4a2-45de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'andthefollowing.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8e2-d4b4-4bda-b238-412f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'pleasetheliable.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8e2-ede8-4033-9942-47ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'developmentfstrict.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"first_observed": "2017-07-14T14:57:14Z",
"last_observed": "2017-07-14T14:57:14Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
"ipv4-addr--5968d8e2-d07c-4a77-af2c-4d5d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
"dst_ref": "ipv4-addr--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
"value": "87.106.18.141"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d8e3-4cec-47da-ba4f-4eee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'yotherwiseforms.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d901-6b24-4a70-84c1-4e3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'termswrittennew.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d901-d2ac-4af7-8970-44d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'incidentalarizend.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968d901-3c50-4b56-b6cc-426d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"pattern": "[domain-name:value = 'disclaimersource.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968dbca-1a2c-49d3-a3d8-46f802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"description": "- Xchecked via VT: 031cbd2f5c2ec443c7f3957cd98666f2",
"pattern": "[file:hashes.SHA256 = '68dab0f3405c9e72014912dce2e9fb136d217ce7c1d8c290100b72bf575f8e86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968dbca-ab5c-417b-b9df-452a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"description": "- Xchecked via VT: 031cbd2f5c2ec443c7f3957cd98666f2",
"pattern": "[file:hashes.SHA1 = '6ad2f8a07c6f460cd90a800f2ab439d355644be7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5968dbca-fb74-4987-af9f-45b602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"first_observed": "2017-07-14T14:57:14Z",
"last_observed": "2017-07-14T14:57:14Z",
"number_observed": 1,
"object_refs": [
"url--5968dbca-fb74-4987-af9f-45b602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5968dbca-fb74-4987-af9f-45b602de0b81",
"value": "https://www.virustotal.com/file/68dab0f3405c9e72014912dce2e9fb136d217ce7c1d8c290100b72bf575f8e86/analysis/1499950427/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968dbca-5744-4b5f-b3ea-4f2202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"description": "- Xchecked via VT: 5d688046d113f85481eb28dd1617f4c8",
"pattern": "[file:hashes.SHA256 = 'e3d5b9a0cd383d8935e967354229ef3535f8af55c18386bd54661b6448989a2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5968dbca-48d4-413d-ba9f-4cfe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"description": "- Xchecked via VT: 5d688046d113f85481eb28dd1617f4c8",
"pattern": "[file:hashes.SHA1 = '43cfb4ea8f6a1bb049f94653aa89d462b19ead04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-14T14:57:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5968dbca-a24c-4515-b49a-450e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-14T14:57:14.000Z",
"modified": "2017-07-14T14:57:14.000Z",
"first_observed": "2017-07-14T14:57:14Z",
"last_observed": "2017-07-14T14:57:14Z",
"number_observed": 1,
"object_refs": [
"url--5968dbca-a24c-4515-b49a-450e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5968dbca-a24c-4515-b49a-450e02de0b81",
"value": "https://www.virustotal.com/file/e3d5b9a0cd383d8935e967354229ef3535f8af55c18386bd54661b6448989a2b/analysis/1500007097/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}