adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a214d9a-ed50-4a33-8812-491a950d210f.json

707 lines
29 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5a214d9a-ed50-4a33-8812-491a950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-04T03:00:24.000Z",
"modified": "2017-12-04T03:00:24.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a214d9a-ed50-4a33-8812-491a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-04T03:00:24.000Z",
"modified": "2017-12-04T03:00:24.000Z",
"name": "OSINT - Fake Windows Troubleshooting Support Scam Uploads Screenshots & Uses Paypal",
"published": "2017-12-28T13:26:19Z",
"object_refs": [
"x-misp-attribute--5a214dd9-0f8c-48c0-b299-492c950d210f",
"observed-data--5a214e5a-cae4-4fb6-a72c-48cf950d210f",
"url--5a214e5a-cae4-4fb6-a72c-48cf950d210f",
"indicator--5a2155c0-1370-4213-9807-4856950d210f",
"indicator--5a2155c0-86f0-404d-ae51-4953950d210f",
"indicator--5a2155c0-c7c8-4ccb-9d52-47f3950d210f",
"indicator--5a2155c0-bda0-43aa-adce-44b7950d210f",
"indicator--5a2155c0-d894-4f87-a651-4cd6950d210f",
"indicator--5a2155c0-0110-4c25-85c9-463e950d210f",
"indicator--5a2155c0-bd6c-44c1-a51e-474a950d210f",
"indicator--5a2155c0-c154-48fb-8661-43f4950d210f",
"indicator--5a2155c0-3130-47b9-8209-4a8e950d210f",
"indicator--5a2155c0-75f0-431b-80eb-4edb950d210f",
"indicator--5a2156ad-4e20-4ae2-a900-458d950d210f",
"indicator--5a2156ad-4934-47c8-a301-4e1b950d210f",
"indicator--5a2156ad-29bc-4081-9ea4-4c81950d210f",
"indicator--5a2156ad-a598-4489-b7cd-48e7950d210f",
"indicator--5a2156ad-4650-47b2-b440-4897950d210f",
"indicator--5a2156ad-8f00-4a67-ace8-4d4a950d210f",
"indicator--5a2156ad-bb74-4e42-bacb-4036950d210f",
"observed-data--5a2156ad-1f7c-4ed1-be78-40b9950d210f",
"windows-registry-key--5a2156ad-1f7c-4ed1-be78-40b9950d210f",
"observed-data--5a2156ad-36d0-4ff2-8200-4368950d210f",
"windows-registry-key--5a2156ad-36d0-4ff2-8200-4368950d210f",
"observed-data--5a2156ad-d080-4b04-998e-4bce950d210f",
"windows-registry-key--5a2156ad-d080-4b04-998e-4bce950d210f",
"indicator--5a2150e6-d8d0-41aa-878e-4f9d950d210f",
"indicator--5a215175-0b44-43ae-88c8-f375950d210f",
"indicator--5a2151ea-d8fc-41fd-bf32-4369950d210f",
"indicator--5a2152f2-f344-43b3-af64-4d98950d210f",
"indicator--5a2155a0-5950-434e-b70e-4a1b950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a214dd9-0f8c-48c0-b299-492c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T12:43:49.000Z",
"modified": "2017-12-01T12:43:49.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "A new tech support scam has been discovered that shows a fake BSOD, or Blue Screen of Death, on the infected computer and then displays an application that pretends to be a Troubleshooter for Windows. This Troubleshooter will then state that your computer cannot be fixed, blocks you from using Windows, and prompts you to purchase a program using PayPal to fix the \"detected problems\" and unlock the screen."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a214e5a-cae4-4fb6-a72c-48cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T12:44:17.000Z",
"modified": "2017-12-01T12:44:17.000Z",
"first_observed": "2017-12-01T12:44:17Z",
"last_observed": "2017-12-01T12:44:17Z",
"number_observed": 1,
"object_refs": [
"url--5a214e5a-cae4-4fb6-a72c-48cf950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a214e5a-cae4-4fb6-a72c-48cf950d210f",
"value": "https://www.bleepingcomputer.com/news/security/fake-windows-troubleshooting-support-scam-uploads-screenshots-and-uses-paypal/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155c0-1370-4213-9807-4856950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:40.000Z",
"modified": "2017-12-01T13:14:40.000Z",
"description": "Network Connections",
"pattern": "[url:value = 'http://hitechnovation.com/Extra/Downloads/BSOD.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155c0-86f0-404d-ae51-4953950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:40.000Z",
"modified": "2017-12-01T13:14:40.000Z",
"description": "Network Connections",
"pattern": "[url:value = 'http://hitechnovation.com/Extra/Downloads/csrvc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155c0-c7c8-4ccb-9d52-47f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:40.000Z",
"modified": "2017-12-01T13:14:40.000Z",
"description": "Network Connections",
"pattern": "[url:value = 'http://hitechnovation.com/Extra/Downloads/adwizz.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155c0-bda0-43aa-adce-44b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:40.000Z",
"modified": "2017-12-01T13:14:40.000Z",
"description": "Network Connections",
"pattern": "[url:value = 'http://hitechnovation.com/Extra/Downloads/Troubleshoot.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155c0-d894-4f87-a651-4cd6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:40.000Z",
"modified": "2017-12-01T13:14:40.000Z",
"description": "Network Connections",
"pattern": "[url:value = 'http://hitechnovation.com/extra/downloads/scshtrv.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155c0-0110-4c25-85c9-463e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:40.000Z",
"modified": "2017-12-01T13:14:40.000Z",
"description": "Network Connections",
"pattern": "[url:value = 'http://hitechnovation.com/Extra/Downloads/Windows\\\\%20Chat\\\\%20Support.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155c0-bd6c-44c1-a51e-474a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:40.000Z",
"modified": "2017-12-01T13:14:40.000Z",
"description": "Network Connections",
"pattern": "[url:value = 'http://hitechnovation.com/thankyou.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155c0-c154-48fb-8661-43f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:40.000Z",
"modified": "2017-12-01T13:14:40.000Z",
"description": "Network Connections",
"pattern": "[url:value = 'http://hitechnovation.com/Downloads/DList.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155c0-3130-47b9-8209-4a8e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:40.000Z",
"modified": "2017-12-01T13:14:40.000Z",
"description": "Network Connections",
"pattern": "[url:value = 'http://freegeoip.net/xml']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155c0-75f0-431b-80eb-4edb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:40.000Z",
"modified": "2017-12-01T13:14:40.000Z",
"description": "Network Connections",
"pattern": "[url:value = 'ftp://182.50.132.48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2156ad-4e20-4ae2-a900-458d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:18:36.000Z",
"modified": "2017-12-01T13:18:36.000Z",
"pattern": "[file:name = '\\\\%Temp\\\\%\\\\csrvc\\\\BSOD.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:18:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2156ad-4934-47c8-a301-4e1b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:18:37.000Z",
"modified": "2017-12-01T13:18:37.000Z",
"pattern": "[file:name = '\\\\%Temp\\\\%\\\\csrvc\\\\csrvc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:18:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2156ad-29bc-4081-9ea4-4c81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:18:37.000Z",
"modified": "2017-12-01T13:18:37.000Z",
"pattern": "[file:name = '\\\\%Temp\\\\%\\\\csrvc\\\\csrvc.InstallLog']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:18:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2156ad-a598-4489-b7cd-48e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:18:37.000Z",
"modified": "2017-12-01T13:18:37.000Z",
"pattern": "[file:name = '\\\\%Temp\\\\%\\\\csrvc\\\\csrvc.InstallState']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:18:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2156ad-4650-47b2-b440-4897950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:18:37.000Z",
"modified": "2017-12-01T13:18:37.000Z",
"pattern": "[file:name = '\\\\%Temp\\\\%\\\\csrvc\\\\scshtrv.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:18:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2156ad-8f00-4a67-ace8-4d4a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:18:37.000Z",
"modified": "2017-12-01T13:18:37.000Z",
"pattern": "[file:name = '\\\\%Temp\\\\%\\\\csrvc\\\\Troubleshoot.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:18:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2156ad-bb74-4e42-bacb-4036950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:18:37.000Z",
"modified": "2017-12-01T13:18:37.000Z",
"pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\adwizz\\\\adwizz.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:18:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a2156ad-1f7c-4ed1-be78-40b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:18:37.000Z",
"modified": "2017-12-01T13:18:37.000Z",
"first_observed": "2017-12-01T13:18:37Z",
"last_observed": "2017-12-01T13:18:37Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5a2156ad-1f7c-4ed1-be78-40b9950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5a2156ad-1f7c-4ed1-be78-40b9950d210f",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\adwizz"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a2156ad-36d0-4ff2-8200-4368950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:18:37.000Z",
"modified": "2017-12-01T13:18:37.000Z",
"first_observed": "2017-12-01T13:18:37Z",
"last_observed": "2017-12-01T13:18:37Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5a2156ad-36d0-4ff2-8200-4368950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5a2156ad-36d0-4ff2-8200-4368950d210f",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\csrvc"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a2156ad-d080-4b04-998e-4bce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:18:37.000Z",
"modified": "2017-12-01T13:18:37.000Z",
"first_observed": "2017-12-01T13:18:37Z",
"last_observed": "2017-12-01T13:18:37Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5a2156ad-d080-4b04-998e-4bce950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5a2156ad-d080-4b04-998e-4bce950d210f",
"key": "HKLM\\SYSTEM\\CurrentControlSet\\services\\csrvc"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2150e6-d8d0-41aa-878e-4f9d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T12:53:58.000Z",
"modified": "2017-12-01T12:53:58.000Z",
"pattern": "[file:hashes.SHA256 = '5becf86e5ad1703345fa243458f6a3b6189619f87e67ffab6bc874d6bdf7c03f' AND file:name = 'adwizz.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T12:53:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a215175-0b44-43ae-88c8-f375950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T12:56:21.000Z",
"modified": "2017-12-01T12:56:21.000Z",
"pattern": "[file:hashes.SHA256 = '9a95f7e477cede36981a6a1e01a849d9c6aeac3985ee3a492cf4136bb6dab69c' AND file:name = 'BSOD.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T12:56:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2151ea-d8fc-41fd-bf32-4369950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T12:58:18.000Z",
"modified": "2017-12-01T12:58:18.000Z",
"pattern": "[file:hashes.SHA256 = '1b1e48f2ee9940c1965c00ee1226fd7c3b9ee9c179ba29b9aeb586c6211cb223' AND file:name = 'csrvc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T12:58:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2152f2-f344-43b3-af64-4d98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:02:42.000Z",
"modified": "2017-12-01T13:02:42.000Z",
"pattern": "[file:hashes.SHA256 = '0cc8ad791dc4061ce1f492d651ed2a9baeed02413c5940240bf47bb023f509ef' AND file:name = 'scshtrv.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:02:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2155a0-5950-434e-b70e-4a1b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-01T13:14:08.000Z",
"modified": "2017-12-01T13:14:08.000Z",
"pattern": "[file:hashes.SHA256 = 'f34185d5124690815f089b06cc1629a3d1a42cd7d51aee602823c98e03116a98' AND file:name = 'Troubleshoot.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-01T13:14:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink