2185 lines
90 KiB
JSON
2185 lines
90 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--546daad5-425c-4ac4-82c7-e07f950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2017-06-22T20:33:24.000Z",
|
||
|
"modified": "2017-06-22T20:33:24.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--546daad5-425c-4ac4-82c7-e07f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2017-06-22T20:33:24.000Z",
|
||
|
"modified": "2017-06-22T20:33:24.000Z",
|
||
|
"name": "Turla digging using TotalHash",
|
||
|
"published": "2017-06-22T20:38:25Z",
|
||
|
"object_refs": [
|
||
|
"x-misp-attribute--546daaf6-c880-4216-b294-acf1950d210b",
|
||
|
"x-misp-attribute--546daaf6-507c-47da-9862-acf1950d210b",
|
||
|
"x-misp-attribute--546daaf6-8f7c-43b8-906f-acf1950d210b",
|
||
|
"x-misp-attribute--546dab03-47e8-49f9-a218-a67f950d210b",
|
||
|
"observed-data--546dab9c-10a4-406c-a0cf-3db0950d210b",
|
||
|
"url--546dab9c-10a4-406c-a0cf-3db0950d210b",
|
||
|
"observed-data--546dab9c-3fe0-4197-ab40-3db0950d210b",
|
||
|
"url--546dab9c-3fe0-4197-ab40-3db0950d210b",
|
||
|
"observed-data--546dab9c-b528-4d8b-bed0-3db0950d210b",
|
||
|
"url--546dab9c-b528-4d8b-bed0-3db0950d210b",
|
||
|
"observed-data--546dab9c-c8a0-4344-9454-3db0950d210b",
|
||
|
"url--546dab9c-c8a0-4344-9454-3db0950d210b",
|
||
|
"observed-data--546dab9c-2d94-482a-b32d-3db0950d210b",
|
||
|
"url--546dab9c-2d94-482a-b32d-3db0950d210b",
|
||
|
"observed-data--546dab9c-56f8-4258-b9fa-3db0950d210b",
|
||
|
"url--546dab9c-56f8-4258-b9fa-3db0950d210b",
|
||
|
"observed-data--546dab9c-4680-416d-b7ac-3db0950d210b",
|
||
|
"url--546dab9c-4680-416d-b7ac-3db0950d210b",
|
||
|
"observed-data--546dab9c-a20c-4cc3-9f50-3db0950d210b",
|
||
|
"url--546dab9c-a20c-4cc3-9f50-3db0950d210b",
|
||
|
"observed-data--546dab9c-3718-46b3-b6c6-3db0950d210b",
|
||
|
"url--546dab9c-3718-46b3-b6c6-3db0950d210b",
|
||
|
"observed-data--546dab9c-6c08-4f4e-8c0b-3db0950d210b",
|
||
|
"url--546dab9c-6c08-4f4e-8c0b-3db0950d210b",
|
||
|
"observed-data--546dab9c-6c20-4744-8ef8-3db0950d210b",
|
||
|
"url--546dab9c-6c20-4744-8ef8-3db0950d210b",
|
||
|
"observed-data--546dab9c-9034-427b-9d88-3db0950d210b",
|
||
|
"url--546dab9c-9034-427b-9d88-3db0950d210b",
|
||
|
"observed-data--546dab9c-4a3c-4597-ad15-3db0950d210b",
|
||
|
"url--546dab9c-4a3c-4597-ad15-3db0950d210b",
|
||
|
"observed-data--546dab9d-3738-45fb-a4d2-3db0950d210b",
|
||
|
"url--546dab9d-3738-45fb-a4d2-3db0950d210b",
|
||
|
"observed-data--546dab9d-28c0-457e-acca-3db0950d210b",
|
||
|
"url--546dab9d-28c0-457e-acca-3db0950d210b",
|
||
|
"observed-data--546dab9d-52a4-4422-979d-3db0950d210b",
|
||
|
"url--546dab9d-52a4-4422-979d-3db0950d210b",
|
||
|
"observed-data--546dab9d-b6b8-4ce5-8954-3db0950d210b",
|
||
|
"url--546dab9d-b6b8-4ce5-8954-3db0950d210b",
|
||
|
"observed-data--546dab9d-e6dc-40f0-a4f9-3db0950d210b",
|
||
|
"url--546dab9d-e6dc-40f0-a4f9-3db0950d210b",
|
||
|
"observed-data--546dab9d-312c-4096-a0af-3db0950d210b",
|
||
|
"url--546dab9d-312c-4096-a0af-3db0950d210b",
|
||
|
"observed-data--546dab9d-7668-4def-918d-3db0950d210b",
|
||
|
"url--546dab9d-7668-4def-918d-3db0950d210b",
|
||
|
"observed-data--546dab9d-dd3c-485e-a458-3db0950d210b",
|
||
|
"url--546dab9d-dd3c-485e-a458-3db0950d210b",
|
||
|
"observed-data--546dab9d-76f4-4008-8444-3db0950d210b",
|
||
|
"url--546dab9d-76f4-4008-8444-3db0950d210b",
|
||
|
"observed-data--546dab9d-ae20-47c2-871f-3db0950d210b",
|
||
|
"url--546dab9d-ae20-47c2-871f-3db0950d210b",
|
||
|
"observed-data--546dab9d-854c-46c6-ae34-3db0950d210b",
|
||
|
"url--546dab9d-854c-46c6-ae34-3db0950d210b",
|
||
|
"indicator--546dac59-d810-44ba-9521-5124950d210b",
|
||
|
"indicator--546dac59-e868-4684-ae30-5124950d210b",
|
||
|
"indicator--546dac59-fe84-4fff-ab84-5124950d210b",
|
||
|
"indicator--546dac59-8e7c-4bdf-a19e-5124950d210b",
|
||
|
"indicator--546dac59-ddbc-4277-8c22-5124950d210b",
|
||
|
"indicator--546dac59-3584-4c48-b6c5-5124950d210b",
|
||
|
"indicator--546dac59-d5e8-4cf8-b883-5124950d210b",
|
||
|
"indicator--546dac59-3bb4-456d-8e82-5124950d210b",
|
||
|
"indicator--546dac59-98e8-46df-91c1-5124950d210b",
|
||
|
"indicator--546dac59-fc0c-4a8d-abf5-5124950d210b",
|
||
|
"indicator--546dac59-c2c0-49ee-8305-5124950d210b",
|
||
|
"indicator--546dac59-9fe8-469a-86bb-5124950d210b",
|
||
|
"indicator--546dac5a-63d0-4fbe-9281-5124950d210b",
|
||
|
"indicator--546dac5a-6d88-4fa8-82be-5124950d210b",
|
||
|
"indicator--546dac5a-66dc-48e3-9e64-5124950d210b",
|
||
|
"indicator--546dac5a-6410-47a8-b6ef-5124950d210b",
|
||
|
"indicator--546dac5a-f2ec-4ee9-b2a2-5124950d210b",
|
||
|
"indicator--546dac5a-718c-47e4-963d-5124950d210b",
|
||
|
"indicator--546dac5a-58e4-4b1e-8f2d-5124950d210b",
|
||
|
"indicator--546dac5a-d598-4aa1-a346-5124950d210b",
|
||
|
"indicator--546dac5a-8fa0-423e-8788-5124950d210b",
|
||
|
"indicator--546dac5a-2814-4efd-a784-5124950d210b",
|
||
|
"indicator--546dac5a-e178-4add-b925-5124950d210b",
|
||
|
"indicator--546dac5a-5874-45a1-b54f-5124950d210b",
|
||
|
"indicator--546dac5a-a198-461c-b239-5124950d210b",
|
||
|
"indicator--546dac5a-83a8-4d55-8cd8-5124950d210b",
|
||
|
"indicator--546dac5a-88dc-48ad-89e6-5124950d210b",
|
||
|
"indicator--546dac5a-bc84-4b89-98a5-5124950d210b",
|
||
|
"indicator--546dac5b-d214-4a82-a14c-5124950d210b",
|
||
|
"indicator--546dac5b-beb0-4b4a-a20a-5124950d210b",
|
||
|
"indicator--546dac5b-0304-453a-8a37-5124950d210b",
|
||
|
"indicator--546dac5b-654c-42fd-8d32-5124950d210b",
|
||
|
"indicator--546dac5b-55e0-4905-8daf-5124950d210b",
|
||
|
"indicator--546dac5b-d2b8-433a-a191-5124950d210b",
|
||
|
"indicator--546dac5b-978c-4556-8856-5124950d210b",
|
||
|
"indicator--546dac5b-e908-4dac-908d-5124950d210b",
|
||
|
"indicator--546dac5b-d550-44be-834d-5124950d210b",
|
||
|
"indicator--546dac5b-f60c-4020-b0ce-5124950d210b",
|
||
|
"indicator--546dac5b-bb28-451a-a652-5124950d210b",
|
||
|
"indicator--546dac5b-9640-437d-b211-5124950d210b",
|
||
|
"indicator--546dac5b-ccbc-4b78-9786-5124950d210b",
|
||
|
"indicator--546dac5b-6994-405e-98cd-5124950d210b",
|
||
|
"indicator--546dac5b-85d4-4a87-9958-5124950d210b",
|
||
|
"indicator--546dac5b-3468-404b-aa09-5124950d210b",
|
||
|
"indicator--546dac5c-4398-4390-a5b4-5124950d210b",
|
||
|
"indicator--546dac5c-cd54-4409-bc76-5124950d210b",
|
||
|
"indicator--56c6460d-9b58-41f7-8a8c-599d950d210f",
|
||
|
"indicator--56c6460e-8334-48ca-9bf9-59a1950d210f",
|
||
|
"indicator--56c6460f-a41c-43e4-8931-5f51950d210f",
|
||
|
"indicator--56c64610-f1bc-4696-9afb-c653950d210f",
|
||
|
"indicator--56c64611-0470-4d19-891a-4469950d210f",
|
||
|
"indicator--56c64613-f07c-4c97-8a78-5ca1950d210f",
|
||
|
"indicator--56c64614-8e94-4976-a3f1-599f950d210f",
|
||
|
"indicator--56c64615-8c10-4596-a686-c651950d210f",
|
||
|
"indicator--56c64616-49c0-44b8-8687-59a2950d210f",
|
||
|
"indicator--56c64617-3a2c-4796-9535-c650950d210f",
|
||
|
"indicator--56c64618-ef38-4995-8a6b-c652950d210f",
|
||
|
"indicator--56c64619-d4f4-42c8-8426-599e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"misp-galaxy:tool=\"Turla\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--546daaf6-c880-4216-b294-acf1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:48:54.000Z",
|
||
|
"modified": "2014-11-20T08:48:54.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Turla"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--546daaf6-507c-47da-9862-acf1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:48:54.000Z",
|
||
|
"modified": "2014-11-20T08:48:54.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Snake"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--546daaf6-8f7c-43b8-906f-acf1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:48:54.000Z",
|
||
|
"modified": "2014-11-20T08:48:54.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Uroburos"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--546dab03-47e8-49f9-a218-a67f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:49:07.000Z",
|
||
|
"modified": "2014-11-20T08:49:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "Digging done by David Andr\u00c3\u00a9"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-10a4-406c-a0cf-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-10a4-406c-a0cf-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-10a4-406c-a0cf-3db0950d210b",
|
||
|
"value": "http://totalhash.com/search/av:*turla*%20or%20registry:*turla*"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-3fe0-4197-ab40-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-3fe0-4197-ab40-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-3fe0-4197-ab40-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/a269bf78ca6a8ecb800b0c41203133fb34e206ed"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-b528-4d8b-bed0-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-b528-4d8b-bed0-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-b528-4d8b-bed0-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/cc47f40b4c23c1bbe0240d73e15718c96d22b510"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-c8a0-4344-9454-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-c8a0-4344-9454-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-c8a0-4344-9454-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/61d3d693b71cbee4a0c17329066638ac53fa24ad"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-2d94-482a-b32d-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-2d94-482a-b32d-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-2d94-482a-b32d-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/5576358fdf4b281df1cc472d12c81060e8415ba2"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-56f8-4258-b9fa-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-56f8-4258-b9fa-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-56f8-4258-b9fa-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/cbde204e7641830017bb84b89223131b2126bc46"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-4680-416d-b7ac-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-4680-416d-b7ac-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-4680-416d-b7ac-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/66fd34e18a3a97880e1c5abea80ff396f786bb3c"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-a20c-4cc3-9f50-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-a20c-4cc3-9f50-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-a20c-4cc3-9f50-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/6e23aae168db7d6a4e3750d17f99b6964e0c7e4e"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-3718-46b3-b6c6-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-3718-46b3-b6c6-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-3718-46b3-b6c6-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/224e054fa704544e406eb5f651aa54896a8211fd"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-6c08-4f4e-8c0b-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-6c08-4f4e-8c0b-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-6c08-4f4e-8c0b-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/26db4fdc1fc72bbbf83a9e655ea167b30699662b"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-6c20-4744-8ef8-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-6c20-4744-8ef8-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-6c20-4744-8ef8-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/06cbb830510a98e6db5dbb36384684385fe3024c"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-9034-427b-9d88-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-9034-427b-9d88-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-9034-427b-9d88-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/ec4f98d56a41290d98de70fdb4baea14fac43a7e"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9c-4a3c-4597-ad15-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:40.000Z",
|
||
|
"modified": "2014-11-20T08:51:40.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:40Z",
|
||
|
"last_observed": "2014-11-20T08:51:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9c-4a3c-4597-ad15-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9c-4a3c-4597-ad15-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/8d422548c4f42937c827079cfbf5c973d38eddf4"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-3738-45fb-a4d2-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-3738-45fb-a4d2-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-3738-45fb-a4d2-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/560a9c2dfea9afd527f58b4810acd2c2cd93b952"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-28c0-457e-acca-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-28c0-457e-acca-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-28c0-457e-acca-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/afc77c48537a72533ad68df7baa12d03066edcd8"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-52a4-4422-979d-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-52a4-4422-979d-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-52a4-4422-979d-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/a59454982432c0cf33b7c0fde8c42aa504ba89d4"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-b6b8-4ce5-8954-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-b6b8-4ce5-8954-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-b6b8-4ce5-8954-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/929257f7564ace6b141fa999fbef481e11494fa4"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-e6dc-40f0-a4f9-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-e6dc-40f0-a4f9-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-e6dc-40f0-a4f9-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/15a71ddf58bfb0b3e916e7f9cca06457cead8b11"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-312c-4096-a0af-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-312c-4096-a0af-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-312c-4096-a0af-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/f9de3d39905cacc35c6a54fab30a92b4e30a695a"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-7668-4def-918d-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-7668-4def-918d-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-7668-4def-918d-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/f1310c4ee6f437a807094282ec288560ff9a9924"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-dd3c-485e-a458-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-dd3c-485e-a458-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-dd3c-485e-a458-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/eb447bc08f176c2c1f7d0363e36f5613ddf2f844"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-76f4-4008-8444-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-76f4-4008-8444-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-76f4-4008-8444-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/15b27c859b9d003d60c90ebadb587945f86275d8"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-ae20-47c2-871f-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-ae20-47c2-871f-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-ae20-47c2-871f-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/53490231aba29deb940c830a31629947ff0ec257"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--546dab9d-854c-46c6-ae34-3db0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:51:41.000Z",
|
||
|
"modified": "2014-11-20T08:51:41.000Z",
|
||
|
"first_observed": "2014-11-20T08:51:41Z",
|
||
|
"last_observed": "2014-11-20T08:51:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--546dab9d-854c-46c6-ae34-3db0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--546dab9d-854c-46c6-ae34-3db0950d210b",
|
||
|
"value": "http://totalhash.com/analysis/cd438b428ab8f67d5afbb46665e6e0187003137e"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-d810-44ba-9521-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '9c55ff92a1067e9b4524cb3e86dcc40e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-e868-4684-ae30-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cd438b428ab8f67d5afbb46665e6e0187003137e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-fe84-4fff-ab84-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'e2a7e1e7da9b00a6dac8f83332dbe7b3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-8e7c-4bdf-a19e-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '53490231aba29deb940c830a31629947ff0ec257']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-ddbc-4277-8c22-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'f293c9640aa70b49f35627ef7fb58f15']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-3584-4c48-b6c5-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '15b27c859b9d003d60c90ebadb587945f86275d8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-d5e8-4cf8-b883-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '9437f99053baf606cb860e520af23314']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-3bb4-456d-8e82-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'eb447bc08f176c2c1f7d0363e36f5613ddf2f844']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-98e8-46df-91c1-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '7ee97ab59152803636d44ac3b22632d2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-fc0c-4a8d-abf5-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f1310c4ee6f437a807094282ec288560ff9a9924']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-c2c0-49ee-8305-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '2786525baa5f2f2569ca15caff1ebf86']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac59-9fe8-469a-86bb-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:49.000Z",
|
||
|
"modified": "2014-11-20T08:54:49.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f9de3d39905cacc35c6a54fab30a92b4e30a695a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-63d0-4fbe-9281-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '8ebf7f768d7214f99905c99b6f8242dc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-6d88-4fa8-82be-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '15a71ddf58bfb0b3e916e7f9cca06457cead8b11']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-66dc-48e3-9e64-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '3fcc4b85c74c2393e5204ea0a853a5ca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-6410-47a8-b6ef-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '929257f7564ace6b141fa999fbef481e11494fa4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-f2ec-4ee9-b2a2-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '8c8e43a4b1d92f7156694f6e1890e93d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-718c-47e4-963d-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a59454982432c0cf33b7c0fde8c42aa504ba89d4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-58e4-4b1e-8f2d-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'd65919da5651fffd9da4c75b4976a3eb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-d598-4aa1-a346-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'afc77c48537a72533ad68df7baa12d03066edcd8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-8fa0-423e-8788-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'ca8d5f41c074dfb2f8fbb66a352aef06']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-2814-4efd-a784-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '560a9c2dfea9afd527f58b4810acd2c2cd93b952']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-e178-4add-b925-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '0482d1652c2a0e6c16ca3e2a53be0783']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-5874-45a1-b54f-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '8d422548c4f42937c827079cfbf5c973d38eddf4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-a198-461c-b239-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '15db56d6a1da48478b9659095f9333e8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-83a8-4d55-8cd8-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ec4f98d56a41290d98de70fdb4baea14fac43a7e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-88dc-48ad-89e6-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '3b65688bb7ac16857921fa0b82bef5ec']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5a-bc84-4b89-98a5-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:50.000Z",
|
||
|
"modified": "2014-11-20T08:54:50.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '06cbb830510a98e6db5dbb36384684385fe3024c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-d214-4a82-a14c-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'c82c631bf739936810c0297d31b15519']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-beb0-4b4a-a20a-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '26db4fdc1fc72bbbf83a9e655ea167b30699662b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-0304-453a-8a37-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'f40c0316b1bd1a0ebb1222840f9d3142']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-654c-42fd-8d32-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '224e054fa704544e406eb5f651aa54896a8211fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-55e0-4905-8daf-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '9bec941bec02c7fbe037a97db8c89f18']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-d2b8-433a-a191-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '6e23aae168db7d6a4e3750d17f99b6964e0c7e4e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-978c-4556-8856-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '66fe11cc4ef36c1d7f9fe80269442db8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-e908-4dac-908d-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '66fd34e18a3a97880e1c5abea80ff396f786bb3c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-d550-44be-834d-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'cb1b68d9971c2353c2d6a8119c49b51f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-f60c-4020-b0ce-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cbde204e7641830017bb84b89223131b2126bc46']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-bb28-451a-a652-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'e9580b6b13822090db018c320e80865f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-9640-437d-b211-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '5576358fdf4b281df1cc472d12c81060e8415ba2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-ccbc-4b78-9786-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '7c52c340ec5c6f57ef2fd174e6490433']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-6994-405e-98cd-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = '61d3d693b71cbee4a0c17329066638ac53fa24ad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-85d4-4a87-9958-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'af6efd3ddc0ad1f5000cfaf9d6fe519f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5b-3468-404b-aa09-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:51.000Z",
|
||
|
"modified": "2014-11-20T08:54:51.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cc47f40b4c23c1bbe0240d73e15718c96d22b510']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5c-4398-4390-a5b4-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:52.000Z",
|
||
|
"modified": "2014-11-20T08:54:52.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '2dd2a14fa28204e91730dd2c8293cf56']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--546dac5c-cd54-4409-bc76-5124950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-11-20T08:54:52.000Z",
|
||
|
"modified": "2014-11-20T08:54:52.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a269bf78ca6a8ecb800b0c41203133fb34e206ed']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-11-20T08:54:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c6460d-9b58-41f7-8a8c-599d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:37.000Z",
|
||
|
"modified": "2016-02-18T22:30:37.000Z",
|
||
|
"description": "Automatically added (via e2a7e1e7da9b00a6dac8f83332dbe7b3)",
|
||
|
"pattern": "[file:hashes.SHA256 = '2608eb844c2a1afe96d88d226a6178653390def35208f99dfa177dec4ea11dc7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c6460e-8334-48ca-9bf9-59a1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:38.000Z",
|
||
|
"modified": "2016-02-18T22:30:38.000Z",
|
||
|
"description": "Automatically added (via f293c9640aa70b49f35627ef7fb58f15)",
|
||
|
"pattern": "[file:hashes.SHA256 = '1321c78aa2abefd7f59994376b02159e5c2c81665f01b6a18707bd4fc3861116']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c6460f-a41c-43e4-8931-5f51950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:39.000Z",
|
||
|
"modified": "2016-02-18T22:30:39.000Z",
|
||
|
"description": "Automatically added (via 9437f99053baf606cb860e520af23314)",
|
||
|
"pattern": "[file:hashes.SHA256 = '44ff6c9117255ad008ae491b6179c4fa9aff8cf1fc7ce53059ffef8a80d5e772']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64610-f1bc-4696-9afb-c653950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:40.000Z",
|
||
|
"modified": "2016-02-18T22:30:40.000Z",
|
||
|
"description": "Automatically added (via 7ee97ab59152803636d44ac3b22632d2)",
|
||
|
"pattern": "[file:hashes.SHA256 = '24d3e1446e521c2b064c640254dfd63f1aefb681f92c736483966a0ed6c5e340']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64611-0470-4d19-891a-4469950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:41.000Z",
|
||
|
"modified": "2016-02-18T22:30:41.000Z",
|
||
|
"description": "Automatically added (via 8ebf7f768d7214f99905c99b6f8242dc)",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a89f27758bb6e207477f92527b2174090012e2ac23dfc44cdf6effd539c15ada']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64613-f07c-4c97-8a78-5ca1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:42.000Z",
|
||
|
"modified": "2016-02-18T22:30:42.000Z",
|
||
|
"description": "Automatically added (via 3fcc4b85c74c2393e5204ea0a853a5ca)",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f58e63499fdde08db762be918408fe8a5d876900ab010cabb0232a27ced96001']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64614-8e94-4976-a3f1-599f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:44.000Z",
|
||
|
"modified": "2016-02-18T22:30:44.000Z",
|
||
|
"description": "Automatically added (via d65919da5651fffd9da4c75b4976a3eb)",
|
||
|
"pattern": "[file:hashes.SHA256 = '1a6c1e91d06963e17c275c22b43dcabe2aa1174f1594cda1d0bf024b466434f7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64615-8c10-4596-a686-c651950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:45.000Z",
|
||
|
"modified": "2016-02-18T22:30:45.000Z",
|
||
|
"description": "Automatically added (via 0482d1652c2a0e6c16ca3e2a53be0783)",
|
||
|
"pattern": "[file:hashes.SHA256 = '61cf4ce2dd1875ebb0bd60465c4f4b5f1f9945e59178be9935e4cdf548b06dfb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64616-49c0-44b8-8687-59a2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:46.000Z",
|
||
|
"modified": "2016-02-18T22:30:46.000Z",
|
||
|
"description": "Automatically added (via 3b65688bb7ac16857921fa0b82bef5ec)",
|
||
|
"pattern": "[file:hashes.SHA256 = '20bbb82671e3d59a9cbc3e7f7cc6bc83dad95776d5d539751e90f7bc91b819dd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64617-3a2c-4796-9535-c650950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:47.000Z",
|
||
|
"modified": "2016-02-18T22:30:47.000Z",
|
||
|
"description": "Automatically added (via f40c0316b1bd1a0ebb1222840f9d3142)",
|
||
|
"pattern": "[file:hashes.SHA256 = '197f33ab4d66e9d47fa95659111a3c5ed76527c5f88dde98932036077fc2ecfa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64618-ef38-4995-8a6b-c652950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:48.000Z",
|
||
|
"modified": "2016-02-18T22:30:48.000Z",
|
||
|
"description": "Automatically added (via 9bec941bec02c7fbe037a97db8c89f18)",
|
||
|
"pattern": "[file:hashes.SHA256 = '4c49c9d601ebf16534d24d2dd1cab53fde6e03902758ef6cff86be740b720038']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c64619-d4f4-42c8-8426-599e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:30:49.000Z",
|
||
|
"modified": "2016-02-18T22:30:49.000Z",
|
||
|
"description": "Automatically added (via cb1b68d9971c2353c2d6a8119c49b51f)",
|
||
|
"pattern": "[file:hashes.SHA256 = '3b8bd0a0c6069f2d27d759340721b78fd289f92e0a13965262fea4e8907af122']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:30:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:GREEN",
|
||
|
"definition": {
|
||
|
"tlp": "green"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|