856 lines
35 KiB
JSON
856 lines
35 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--545b456e-b8a4-45e0-a895-41c7950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T10:21:48.000Z",
|
||
|
"modified": "2014-11-06T10:21:48.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--545b456e-b8a4-45e0-a895-41c7950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T10:21:48.000Z",
|
||
|
"modified": "2014-11-06T10:21:48.000Z",
|
||
|
"name": "OSINT Banking Trojan DRIDEX Uses Macros for Infection blog post from Trend Micro",
|
||
|
"published": "2016-02-22T15:14:10Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--545b457c-0d98-4574-8c52-469c950d210b",
|
||
|
"url--545b457c-0d98-4574-8c52-469c950d210b",
|
||
|
"x-misp-attribute--545b4588-c140-469c-b13f-4eff950d210b",
|
||
|
"x-misp-attribute--545b4594-0a98-4b30-8e30-42d3950d210b",
|
||
|
"x-misp-attribute--545b45c0-df7c-4297-8f2c-4b39950d210b",
|
||
|
"indicator--545b45f0-9f58-499e-a51d-413b950d210b",
|
||
|
"indicator--545b45f0-da20-4cbc-b8e1-4aaa950d210b",
|
||
|
"indicator--545b45f0-7da4-412d-a291-4812950d210b",
|
||
|
"indicator--545b45f0-d2ec-4309-9f47-409d950d210b",
|
||
|
"indicator--545b45f0-54fc-45bf-a0fb-46ca950d210b",
|
||
|
"indicator--545b45f0-de0c-4e6f-93af-4351950d210b",
|
||
|
"indicator--545b45f0-7314-417e-8a40-49a8950d210b",
|
||
|
"indicator--545b45f0-ad84-43be-9999-4160950d210b",
|
||
|
"indicator--545b45f0-87c0-4550-9fab-4d3e950d210b",
|
||
|
"indicator--545b45f0-2624-488d-a557-461d950d210b",
|
||
|
"indicator--545b45f0-8360-441e-8c22-4db1950d210b",
|
||
|
"indicator--545b45f0-60f4-43a8-a152-4e10950d210b",
|
||
|
"indicator--545b45f0-3ffc-4fd1-82c1-45bc950d210b",
|
||
|
"indicator--545b45f0-f514-481f-adc2-46f1950d210b",
|
||
|
"indicator--545b45f1-faa4-4768-abe8-43ec950d210b",
|
||
|
"indicator--545b45f1-1dc0-42d3-8a58-41a2950d210b",
|
||
|
"observed-data--545b463c-96e4-4244-905f-472f950d210b",
|
||
|
"url--545b463c-96e4-4244-905f-472f950d210b",
|
||
|
"observed-data--545b4773-2f60-4675-ac08-44fa950d210b",
|
||
|
"url--545b4773-2f60-4675-ac08-44fa950d210b",
|
||
|
"indicator--545b4789-ccec-4dc6-b6f7-4b84950d210b",
|
||
|
"indicator--545b4789-8524-46b7-ba8c-4849950d210b",
|
||
|
"observed-data--545b4bbc-4b2c-4a24-af11-065a950d210b",
|
||
|
"url--545b4bbc-4b2c-4a24-af11-065a950d210b",
|
||
|
"indicator--545b4bdf-4524-4339-ae0d-0ec3950d210b",
|
||
|
"indicator--545b4bdf-ce20-4271-b157-0ec3950d210b",
|
||
|
"indicator--545b4bdf-0178-4414-98a7-0ec3950d210b",
|
||
|
"indicator--56c64081-b468-4aca-9607-499a950d210f",
|
||
|
"indicator--56c64084-84a8-441e-a019-5f51950d210f",
|
||
|
"indicator--56c64086-c808-4ab2-8ae8-599c950d210f",
|
||
|
"indicator--56c64083-070c-4f29-9b4b-4d83950d210f",
|
||
|
"indicator--56c64085-9854-412c-9de4-59a4950d210f",
|
||
|
"indicator--56c64087-1b5c-4e66-a1f9-c651950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--545b457c-0d98-4574-8c52-469c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:55:08.000Z",
|
||
|
"modified": "2014-11-06T09:55:08.000Z",
|
||
|
"first_observed": "2014-11-06T09:55:08Z",
|
||
|
"last_observed": "2014-11-06T09:55:08Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--545b457c-0d98-4574-8c52-469c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--545b457c-0d98-4574-8c52-469c950d210b",
|
||
|
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojan-dridex-uses-macros-for-infection/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--545b4588-c140-469c-b13f-4eff950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:55:20.000Z",
|
||
|
"modified": "2014-11-06T09:55:20.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--545b4594-0a98-4b30-8e30-42d3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:55:50.000Z",
|
||
|
"modified": "2014-11-06T09:55:50.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Dridex"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--545b45c0-df7c-4297-8f2c-4b39950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:56:16.000Z",
|
||
|
"modified": "2014-11-06T09:56:16.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Antivirus detection\""
|
||
|
],
|
||
|
"x_misp_category": "Antivirus detection",
|
||
|
"x_misp_comment": "Trend Micro",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "TSPY_DRIDEX.WQJ"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-9f58-499e-a51d-413b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c2c980297d985c0e62e461b76fa584e79a6b3822']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-da20-4cbc-b8e1-4aaa950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-7da4-412d-a291-4812950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cbd005db36efbdf3aeed5d26fad54554cd734da4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-d2ec-4309-9f47-409d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bdc7c47001852a8e915f29eaebcf99ffa857c3b5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-54fc-45bf-a0fb-46ca950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b4f4b426457124ecfeec4d5b59b9c2a6c25baaf7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-de0c-4e6f-93af-4351950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b54b06e01c6f735e98d17b156ee8c7a2437b2d68']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-7314-417e-8a40-49a8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f5bf8963f99bd6ad5addcbcf0c81b95eab1cc1ba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-ad84-43be-9999-4160950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bf1fca6f81b3d5a9054ceab9a56c58f248560b34']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-87c0-4550-9fab-4d3e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a7b1a30386928e6320c31279b3473610e0e96192']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-2624-488d-a557-461d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '01eeb1debb21dc8933e7b6c1280f7e3f87a88dd0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-8360-441e-8c22-4db1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '0f9c49e08683b811a6c713afc1a37b3a33f58fd8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-60f4-43a8-a152-4e10950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f3a65b6828bee8da06daeb1619b9f1265c4c38c7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-3ffc-4fd1-82c1-45bc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ae6fe7d7e80d7271b902a482d1ece2a73f082eba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f0-f514-481f-adc2-46f1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '46ff15b415407babb60becc19d259752c2be77cd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f1-faa4-4768-abe8-43ec950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:04.000Z",
|
||
|
"modified": "2014-11-06T09:57:04.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '911a77e67ababc355a2aa169149de88480ab1768']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b45f1-1dc0-42d3-8a58-41a2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:57:05.000Z",
|
||
|
"modified": "2014-11-06T09:57:05.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '7714f4d42c7b1608be281cb288c07baf8ff35501']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T09:57:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--545b463c-96e4-4244-905f-472f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T09:58:20.000Z",
|
||
|
"modified": "2014-11-06T09:58:20.000Z",
|
||
|
"first_observed": "2014-11-06T09:58:20Z",
|
||
|
"last_observed": "2014-11-06T09:58:20Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--545b463c-96e4-4244-905f-472f950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--545b463c-96e4-4244-905f-472f950d210b",
|
||
|
"value": "http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/TSPY_DRIDEX.WQJ"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--545b4773-2f60-4675-ac08-44fa950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T10:03:31.000Z",
|
||
|
"modified": "2014-11-06T10:03:31.000Z",
|
||
|
"first_observed": "2014-11-06T10:03:31Z",
|
||
|
"last_observed": "2014-11-06T10:03:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--545b4773-2f60-4675-ac08-44fa950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--545b4773-2f60-4675-ac08-44fa950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d/analysis/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b4789-ccec-4dc6-b6f7-4b84950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T10:03:53.000Z",
|
||
|
"modified": "2014-11-06T10:03:53.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.75.184.70']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T10:03:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b4789-8524-46b7-ba8c-4849950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T10:03:53.000Z",
|
||
|
"modified": "2014-11-06T10:03:53.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '116.48.157.176']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T10:03:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--545b4bbc-4b2c-4a24-af11-065a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T10:21:48.000Z",
|
||
|
"modified": "2014-11-06T10:21:48.000Z",
|
||
|
"first_observed": "2014-11-06T10:21:48Z",
|
||
|
"last_observed": "2014-11-06T10:21:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--545b4bbc-4b2c-4a24-af11-065a950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--545b4bbc-4b2c-4a24-af11-065a950d210b",
|
||
|
"value": "https://malwr.com/analysis/OGY0MmQ4MmNhNDllNGFlOWExZTg5YjI3MzI3ZTcyNDk/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b4bdf-4524-4339-ae0d-0ec3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T10:22:23.000Z",
|
||
|
"modified": "2014-11-06T10:22:23.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '5fce64eb222aa41e4fb967e9d8fb6a22']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T10:22:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b4bdf-ce20-4271-b157-0ec3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T10:22:23.000Z",
|
||
|
"modified": "2014-11-06T10:22:23.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c2c980297d985c0e62e461b76fa584e79a6b3822']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T10:22:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--545b4bdf-0178-4414-98a7-0ec3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-06T10:22:23.000Z",
|
||
|
"modified": "2014-11-06T10:22:23.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-06T10:22:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64081-b468-4aca-9607-499a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:06:57.000Z",
|
||
|
"modified": "2016-02-18T22:06:57.000Z",
|
||
|
"description": "Automatically added (via 4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9)",
|
||
|
"pattern": "[file:hashes.MD5 = '37e3ec6c9569bd7035b440c24af108fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:06:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64084-84a8-441e-a019-5f51950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:07:00.000Z",
|
||
|
"modified": "2016-02-18T22:07:00.000Z",
|
||
|
"description": "Automatically added (via bdc7c47001852a8e915f29eaebcf99ffa857c3b5)",
|
||
|
"pattern": "[file:hashes.MD5 = 'bb0b440cbac54114d04648be6f2fe26d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64086-c808-4ab2-8ae8-599c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:07:02.000Z",
|
||
|
"modified": "2016-02-18T22:07:02.000Z",
|
||
|
"description": "Automatically added (via b54b06e01c6f735e98d17b156ee8c7a2437b2d68)",
|
||
|
"pattern": "[file:hashes.MD5 = '071b380d6b422dd83f14fa0a3bceb347']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:07:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64083-070c-4f29-9b4b-4d83950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:06:59.000Z",
|
||
|
"modified": "2016-02-18T22:06:59.000Z",
|
||
|
"description": "Automatically added (via 4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9)",
|
||
|
"pattern": "[file:hashes.SHA256 = '59e49cd21ff679582fbd65dd904ac9197c0b3d9d38de64184f67aecdd2b24f84']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:06:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64085-9854-412c-9de4-59a4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:07:01.000Z",
|
||
|
"modified": "2016-02-18T22:07:01.000Z",
|
||
|
"description": "Automatically added (via bdc7c47001852a8e915f29eaebcf99ffa857c3b5)",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd6d846ae3751495ef398ce5af5facfb460ec76b0cb02992905576542d6e548d7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64087-1b5c-4e66-a1f9-c651950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:07:03.000Z",
|
||
|
"modified": "2016-02-18T22:07:03.000Z",
|
||
|
"description": "Automatically added (via b54b06e01c6f735e98d17b156ee8c7a2437b2d68)",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f1e40b2c8e6669a1886f33644e99e43f862c7225e8704a959a325fb333c13741']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:07:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:GREEN",
|
||
|
"definition": {
|
||
|
"tlp": "green"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|