adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a09aaa3-e7fc-4e3c-acda-cb8d950d210f.json

708 lines
29 KiB
JSON
Raw Normal View History

chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
{
"type": "bundle",
"id": "bundle--5a09aaa3-e7fc-4e3c-acda-cb8d950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:41:16.000Z",
"modified": "2017-11-17T12:41:16.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5a09aaa3-e7fc-4e3c-acda-cb8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:41:16.000Z",
"modified": "2017-11-17T12:41:16.000Z",
"name": "OSINT - Saudi Arabia's 'Game of Thobes'",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5a09ab4a-49f4-4c13-9da2-458b950d210f",
"url--5a09ab4a-49f4-4c13-9da2-458b950d210f",
"indicator--5a09ab6e-33f0-4d46-b1e4-42e7950d210f",
"indicator--5a09ab6e-2168-4156-b837-4462950d210f",
"indicator--5a09ab6e-88f4-40d1-94bd-44ba950d210f",
"indicator--5a09af92-143c-4539-b34a-4939950d210f",
"indicator--5a09af92-4234-4cfc-8aa2-4154950d210f",
"indicator--5a09af92-f3d4-4794-9bfd-48a2950d210f",
"indicator--5a09af92-b3a8-4ad7-a250-4fc7950d210f",
"indicator--5a09afd3-f700-41f7-9d84-43ab950d210f",
"indicator--5a09afd3-7710-49d4-9626-460c950d210f",
"indicator--5a09afd3-5d74-4020-bd70-44fe950d210f",
"indicator--5a09afd3-3ec4-4e61-a267-455f950d210f",
"indicator--5a09afd3-d328-4cd7-8d4b-46ad950d210f",
"indicator--5a09afd3-9e98-4bc5-abc1-4f62950d210f",
"indicator--5a09b133-be00-49f3-8ee8-48c6950d210f",
"indicator--5a09b133-653c-413d-9682-4ac3950d210f",
"indicator--5a09b326-833c-48ce-8397-4034950d210f",
"indicator--5a09b326-4660-4c3b-92ba-4a33950d210f",
"indicator--5a09b326-bd9c-4a2e-9950-4ff8950d210f",
"indicator--5a09b326-1c58-4d04-afb8-46ab950d210f",
"observed-data--5a0ed8d0-a348-4851-8def-40e502de0b81",
"url--5a0ed8d0-a348-4851-8def-40e502de0b81",
"observed-data--5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81",
"url--5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81",
"x-misp-object--5a09ab2f-39b8-490c-84fb-4daf950d210f",
"indicator--5a09abf7-7304-4831-b206-46b8950d210f",
"indicator--5a09ad27-2430-434c-ad1b-47ea950d210f",
"indicator--5a09b25e-24f0-4913-8df2-4a94950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a09ab4a-49f4-4c13-9da2-458b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"first_observed": "2017-11-17T12:40:47Z",
"last_observed": "2017-11-17T12:40:47Z",
"number_observed": 1,
"object_refs": [
"url--5a09ab4a-49f4-4c13-9da2-458b950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a09ab4a-49f4-4c13-9da2-458b950d210f",
"value": "https://docs.google.com/document/d/1_nEWAmec3bKBddv30UPXJMiN-F0Ojuhfsmvk6KpFq0Q/edit#heading=h.iixpbs2pcjjp"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09ab6e-33f0-4d46-b1e4-42e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.106.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09ab6e-2168-4156-b837-4462950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.36.243']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09ab6e-88f4-40d1-94bd-44ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'saudiedi.toh.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09af92-143c-4539-b34a-4939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"pattern": "[file:hashes.SHA1 = 'a1047665ed9d665f5cf066e4a9902d809e7325cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09af92-4234-4cfc-8aa2-4154950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"pattern": "[file:hashes.MD5 = 'ade199b16607fd29c8e7288fb750ca2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09af92-f3d4-4794-9bfd-48a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"pattern": "[file:hashes.SHA256 = 'd5b22843aabbbc20af253d579fd1f098138be85e2cff4677f7886e8d31ff00cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09af92-b3a8-4ad7-a250-4fc7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"pattern": "[url:value = 'saudiedi.toh.info/search?q=\\\\%E7\\\\%DF\\\\%5D\\\\%10&cvid=714105926300154928']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09afd3-f700-41f7-9d84-43ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"pattern": "[url:value = 'articles/937933.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09afd3-7710-49d4-9626-460c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"pattern": "[url:value = 'articles/937934.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09afd3-5d74-4020-bd70-44fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:47.000Z",
"modified": "2017-11-17T12:40:47.000Z",
"pattern": "[url:value = 'articles/937935.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09afd3-3ec4-4e61-a267-455f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"pattern": "[url:value = 'articles/937936.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09afd3-d328-4cd7-8d4b-46ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"pattern": "[url:value = 'articles/937937.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09afd3-9e98-4bc5-abc1-4f62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"pattern": "[url:value = 'articles/937938.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09b133-be00-49f3-8ee8-48c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"pattern": "[file:name = '00007AA8[.]ex_']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09b133-653c-413d-9682-4ac3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"pattern": "[file:name = 'Saudi Arabia\\'s \\'Game of Thobes\\'[.]doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09b326-833c-48ce-8397-4034950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"pattern": "[file:hashes.MD5 = '8598313222c41280eb42863eda8a9490']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09b326-4660-4c3b-92ba-4a33950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"pattern": "[file:hashes.SHA1 = '256c631372692a1a907b04d27a735eb0905a003e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09b326-bd9c-4a2e-9950-4ff8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"pattern": "[file:hashes.SHA256 = '50eedaf3150253cc2298446615421f4caa0482cb93658dc095855c38d425e3fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09b326-1c58-4d04-afb8-46ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"pattern": "[file:hashes.SHA256 = '8c81eb0fb49c40a1fa5474f45ff638961330ff73198dc7d537667455e5273bb8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ed8d0-a348-4851-8def-40e502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"first_observed": "2017-11-17T12:40:48Z",
"last_observed": "2017-11-17T12:40:48Z",
"number_observed": 1,
"object_refs": [
"url--5a0ed8d0-a348-4851-8def-40e502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a0ed8d0-a348-4851-8def-40e502de0b81",
"value": "https://www.virustotal.com/file/8c81eb0fb49c40a1fa5474f45ff638961330ff73198dc7d537667455e5273bb8/analysis/1509021029/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:48.000Z",
"modified": "2017-11-17T12:40:48.000Z",
"first_observed": "2017-11-17T12:40:48Z",
"last_observed": "2017-11-17T12:40:48Z",
"number_observed": 1,
"object_refs": [
"url--5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81",
"value": "https://www.virustotal.com/file/d5b22843aabbbc20af253d579fd1f098138be85e2cff4677f7886e8d31ff00cb/analysis/1510308447/"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a09ab2f-39b8-490c-84fb-4daf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-13T14:24:47.000Z",
"modified": "2017-11-13T14:24:47.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "\"Saudi Arabia's 'Game of Thobes'.doc\u05f3\" submitted from TR, CVE-2017-11826, \r\nC2: 45.76.106[.]149 , 45.76.36[.]243 , saudiedi.toh[.]info\r\n\r\nMore details in Raw Threat Intelligence:\r\n\r\n(link: https://docs.google.com/document/d/1_nEWAmec3bKBddv30UPXJMiN-F0Ojuhfsmvk6KpFq0Q/edit#heading=h.iixpbs2pcjjp) docs.google.com/document/d/1_n\u2026",
"category": "Other",
"uuid": "5a09ab2f-fb18-4691-ad33-4c74950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5a09ab2f-e0cc-4dbb-a6f9-47e2950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://mobile.twitter.com/ClearskySec/status/929998314002673666",
"category": "External analysis",
"to_ids": true,
"uuid": "5a09ab2f-db38-4066-9878-4865950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2017/11/13",
"category": "Other",
"uuid": "5a09ab2f-13c0-4417-9869-42c4950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "@ClearskySec",
"category": "Other",
"uuid": "5a09ab2f-9960-4d5f-a028-4b36950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09abf7-7304-4831-b206-46b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-13T14:28:07.000Z",
"modified": "2017-11-13T14:28:07.000Z",
"pattern": "[file:hashes.MD5 = 'aede654e77e92dbd77ca512e19f495b8' AND file:hashes.SHA1 = 'd9fac68b6c49c485675d9141f375799d10572999' AND file:hashes.SHA256 = 'aed93c002574f25dabd1859f080203a2c8f332e92c80db9aa983316695d938d3' AND file:name = '2017-11-13 \u201cSaudi Arabia\\'s \\'Game of Thobes\\'.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-13T14:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09ad27-2430-434c-ad1b-47ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-13T14:33:11.000Z",
"modified": "2017-11-13T14:33:11.000Z",
"pattern": "[file:hashes.MD5 = 'b76f4c8c22b84600ac3cff64dadfaf8b' AND file:hashes.SHA1 = '78c0266456e33abed00895cb05d0f9fe09b83da3' AND file:hashes.SHA256 = '5ae0a582ed5d60324d6d1397be3deb0c704a1d77c9ef3d5f486455f99da32e7f' AND file:name = '\\\\%TEMP\\\\%\\\\vcpkgs.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-13T14:33:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a09b25e-24f0-4913-8df2-4a94950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-13T14:55:26.000Z",
"modified": "2017-11-13T14:55:26.000Z",
"pattern": "[file:hashes.MD5 = 'fea6546e3299a31a58a3aa2a6b7060c9' AND file:hashes.SHA1 = 'eddf2ca780b4396c0bf5ea3f13d22275fb6822fc' AND file:hashes.SHA256 = '26c672b2537f8a89f2d59674f00bcfe9825796ca9b1ec51c96e5675dd586b87b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-13T14:55:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink