misp-circl-feed/feeds/circl/stix-2.1/545b456e-b8a4-45e0-a895-41c7950d210b.json

856 lines
35 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--545b456e-b8a4-45e0-a895-41c7950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T10:21:48.000Z",
"modified": "2014-11-06T10:21:48.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--545b456e-b8a4-45e0-a895-41c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T10:21:48.000Z",
"modified": "2014-11-06T10:21:48.000Z",
"name": "OSINT Banking Trojan DRIDEX Uses Macros for Infection blog post from Trend Micro",
"published": "2016-02-22T15:14:10Z",
"object_refs": [
"observed-data--545b457c-0d98-4574-8c52-469c950d210b",
"url--545b457c-0d98-4574-8c52-469c950d210b",
"x-misp-attribute--545b4588-c140-469c-b13f-4eff950d210b",
"x-misp-attribute--545b4594-0a98-4b30-8e30-42d3950d210b",
"x-misp-attribute--545b45c0-df7c-4297-8f2c-4b39950d210b",
"indicator--545b45f0-9f58-499e-a51d-413b950d210b",
"indicator--545b45f0-da20-4cbc-b8e1-4aaa950d210b",
"indicator--545b45f0-7da4-412d-a291-4812950d210b",
"indicator--545b45f0-d2ec-4309-9f47-409d950d210b",
"indicator--545b45f0-54fc-45bf-a0fb-46ca950d210b",
"indicator--545b45f0-de0c-4e6f-93af-4351950d210b",
"indicator--545b45f0-7314-417e-8a40-49a8950d210b",
"indicator--545b45f0-ad84-43be-9999-4160950d210b",
"indicator--545b45f0-87c0-4550-9fab-4d3e950d210b",
"indicator--545b45f0-2624-488d-a557-461d950d210b",
"indicator--545b45f0-8360-441e-8c22-4db1950d210b",
"indicator--545b45f0-60f4-43a8-a152-4e10950d210b",
"indicator--545b45f0-3ffc-4fd1-82c1-45bc950d210b",
"indicator--545b45f0-f514-481f-adc2-46f1950d210b",
"indicator--545b45f1-faa4-4768-abe8-43ec950d210b",
"indicator--545b45f1-1dc0-42d3-8a58-41a2950d210b",
"observed-data--545b463c-96e4-4244-905f-472f950d210b",
"url--545b463c-96e4-4244-905f-472f950d210b",
"observed-data--545b4773-2f60-4675-ac08-44fa950d210b",
"url--545b4773-2f60-4675-ac08-44fa950d210b",
"indicator--545b4789-ccec-4dc6-b6f7-4b84950d210b",
"indicator--545b4789-8524-46b7-ba8c-4849950d210b",
"observed-data--545b4bbc-4b2c-4a24-af11-065a950d210b",
"url--545b4bbc-4b2c-4a24-af11-065a950d210b",
"indicator--545b4bdf-4524-4339-ae0d-0ec3950d210b",
"indicator--545b4bdf-ce20-4271-b157-0ec3950d210b",
"indicator--545b4bdf-0178-4414-98a7-0ec3950d210b",
"indicator--56c64081-b468-4aca-9607-499a950d210f",
"indicator--56c64084-84a8-441e-a019-5f51950d210f",
"indicator--56c64086-c808-4ab2-8ae8-599c950d210f",
"indicator--56c64083-070c-4f29-9b4b-4d83950d210f",
"indicator--56c64085-9854-412c-9de4-59a4950d210f",
"indicator--56c64087-1b5c-4e66-a1f9-c651950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--545b457c-0d98-4574-8c52-469c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:55:08.000Z",
"modified": "2014-11-06T09:55:08.000Z",
"first_observed": "2014-11-06T09:55:08Z",
"last_observed": "2014-11-06T09:55:08Z",
"number_observed": 1,
"object_refs": [
"url--545b457c-0d98-4574-8c52-469c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--545b457c-0d98-4574-8c52-469c950d210b",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojan-dridex-uses-macros-for-infection/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--545b4588-c140-469c-b13f-4eff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:55:20.000Z",
"modified": "2014-11-06T09:55:20.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--545b4594-0a98-4b30-8e30-42d3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:55:50.000Z",
"modified": "2014-11-06T09:55:50.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Dridex"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--545b45c0-df7c-4297-8f2c-4b39950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:56:16.000Z",
"modified": "2014-11-06T09:56:16.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_comment": "Trend Micro",
"x_misp_type": "text",
"x_misp_value": "TSPY_DRIDEX.WQJ"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-9f58-499e-a51d-413b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = 'c2c980297d985c0e62e461b76fa584e79a6b3822']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-da20-4cbc-b8e1-4aaa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = '4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-7da4-412d-a291-4812950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = 'cbd005db36efbdf3aeed5d26fad54554cd734da4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-d2ec-4309-9f47-409d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = 'bdc7c47001852a8e915f29eaebcf99ffa857c3b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-54fc-45bf-a0fb-46ca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = 'b4f4b426457124ecfeec4d5b59b9c2a6c25baaf7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-de0c-4e6f-93af-4351950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = 'b54b06e01c6f735e98d17b156ee8c7a2437b2d68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-7314-417e-8a40-49a8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = 'f5bf8963f99bd6ad5addcbcf0c81b95eab1cc1ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-ad84-43be-9999-4160950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = 'bf1fca6f81b3d5a9054ceab9a56c58f248560b34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-87c0-4550-9fab-4d3e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = 'a7b1a30386928e6320c31279b3473610e0e96192']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-2624-488d-a557-461d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = '01eeb1debb21dc8933e7b6c1280f7e3f87a88dd0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-8360-441e-8c22-4db1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = '0f9c49e08683b811a6c713afc1a37b3a33f58fd8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-60f4-43a8-a152-4e10950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = 'f3a65b6828bee8da06daeb1619b9f1265c4c38c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-3ffc-4fd1-82c1-45bc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = 'ae6fe7d7e80d7271b902a482d1ece2a73f082eba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f0-f514-481f-adc2-46f1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = '46ff15b415407babb60becc19d259752c2be77cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f1-faa4-4768-abe8-43ec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:04.000Z",
"modified": "2014-11-06T09:57:04.000Z",
"pattern": "[file:hashes.SHA1 = '911a77e67ababc355a2aa169149de88480ab1768']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b45f1-1dc0-42d3-8a58-41a2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:57:05.000Z",
"modified": "2014-11-06T09:57:05.000Z",
"pattern": "[file:hashes.SHA1 = '7714f4d42c7b1608be281cb288c07baf8ff35501']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T09:57:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--545b463c-96e4-4244-905f-472f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T09:58:20.000Z",
"modified": "2014-11-06T09:58:20.000Z",
"first_observed": "2014-11-06T09:58:20Z",
"last_observed": "2014-11-06T09:58:20Z",
"number_observed": 1,
"object_refs": [
"url--545b463c-96e4-4244-905f-472f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--545b463c-96e4-4244-905f-472f950d210b",
"value": "http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/TSPY_DRIDEX.WQJ"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--545b4773-2f60-4675-ac08-44fa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T10:03:31.000Z",
"modified": "2014-11-06T10:03:31.000Z",
"first_observed": "2014-11-06T10:03:31Z",
"last_observed": "2014-11-06T10:03:31Z",
"number_observed": 1,
"object_refs": [
"url--545b4773-2f60-4675-ac08-44fa950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--545b4773-2f60-4675-ac08-44fa950d210b",
"value": "https://www.virustotal.com/en/file/bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d/analysis/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b4789-ccec-4dc6-b6f7-4b84950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T10:03:53.000Z",
"modified": "2014-11-06T10:03:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.75.184.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T10:03:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b4789-8524-46b7-ba8c-4849950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T10:03:53.000Z",
"modified": "2014-11-06T10:03:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '116.48.157.176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T10:03:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--545b4bbc-4b2c-4a24-af11-065a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T10:21:48.000Z",
"modified": "2014-11-06T10:21:48.000Z",
"first_observed": "2014-11-06T10:21:48Z",
"last_observed": "2014-11-06T10:21:48Z",
"number_observed": 1,
"object_refs": [
"url--545b4bbc-4b2c-4a24-af11-065a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--545b4bbc-4b2c-4a24-af11-065a950d210b",
"value": "https://malwr.com/analysis/OGY0MmQ4MmNhNDllNGFlOWExZTg5YjI3MzI3ZTcyNDk/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b4bdf-4524-4339-ae0d-0ec3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T10:22:23.000Z",
"modified": "2014-11-06T10:22:23.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = '5fce64eb222aa41e4fb967e9d8fb6a22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T10:22:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b4bdf-ce20-4271-b157-0ec3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T10:22:23.000Z",
"modified": "2014-11-06T10:22:23.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA1 = 'c2c980297d985c0e62e461b76fa584e79a6b3822']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T10:22:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--545b4bdf-0178-4414-98a7-0ec3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-06T10:22:23.000Z",
"modified": "2014-11-06T10:22:23.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA256 = 'bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-06T10:22:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c64081-b468-4aca-9607-499a950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:06:57.000Z",
"modified": "2016-02-18T22:06:57.000Z",
"description": "Automatically added (via 4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9)",
"pattern": "[file:hashes.MD5 = '37e3ec6c9569bd7035b440c24af108fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:06:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c64084-84a8-441e-a019-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:07:00.000Z",
"modified": "2016-02-18T22:07:00.000Z",
"description": "Automatically added (via bdc7c47001852a8e915f29eaebcf99ffa857c3b5)",
"pattern": "[file:hashes.MD5 = 'bb0b440cbac54114d04648be6f2fe26d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:07:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c64086-c808-4ab2-8ae8-599c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:07:02.000Z",
"modified": "2016-02-18T22:07:02.000Z",
"description": "Automatically added (via b54b06e01c6f735e98d17b156ee8c7a2437b2d68)",
"pattern": "[file:hashes.MD5 = '071b380d6b422dd83f14fa0a3bceb347']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:07:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c64083-070c-4f29-9b4b-4d83950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:06:59.000Z",
"modified": "2016-02-18T22:06:59.000Z",
"description": "Automatically added (via 4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9)",
"pattern": "[file:hashes.SHA256 = '59e49cd21ff679582fbd65dd904ac9197c0b3d9d38de64184f67aecdd2b24f84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:06:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c64085-9854-412c-9de4-59a4950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:07:01.000Z",
"modified": "2016-02-18T22:07:01.000Z",
"description": "Automatically added (via bdc7c47001852a8e915f29eaebcf99ffa857c3b5)",
"pattern": "[file:hashes.SHA256 = 'd6d846ae3751495ef398ce5af5facfb460ec76b0cb02992905576542d6e548d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:07:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c64087-1b5c-4e66-a1f9-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:07:03.000Z",
"modified": "2016-02-18T22:07:03.000Z",
"description": "Automatically added (via b54b06e01c6f735e98d17b156ee8c7a2437b2d68)",
"pattern": "[file:hashes.SHA256 = 'f1e40b2c8e6669a1886f33644e99e43f862c7225e8704a959a325fb333c13741']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:07:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}