3705 lines
161 KiB
JSON
3705 lines
161 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--59637327-79cc-430b-af94-0701950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T13:36:41.000Z",
|
||
|
"modified": "2017-07-10T13:36:41.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--59637327-79cc-430b-af94-0701950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T13:36:41.000Z",
|
||
|
"modified": "2017-07-10T13:36:41.000Z",
|
||
|
"name": "OSINT - SpyDealer: Android Trojan Spying on More Than 40 Apps",
|
||
|
"published": "2017-07-10T13:36:47Z",
|
||
|
"object_refs": [
|
||
|
"indicator--59637341-6ea0-494e-b5e9-74c9950d210f",
|
||
|
"indicator--59637341-33e0-4f58-86d4-74c9950d210f",
|
||
|
"indicator--59637341-adec-4464-a4c3-74c9950d210f",
|
||
|
"indicator--59637341-3f38-41dc-95f2-74c9950d210f",
|
||
|
"indicator--59637341-59e0-406b-9cef-74c9950d210f",
|
||
|
"indicator--59637341-9964-456c-b19d-74c9950d210f",
|
||
|
"indicator--59637341-564c-412d-a8af-74c9950d210f",
|
||
|
"indicator--59637341-e580-4c71-a388-74c9950d210f",
|
||
|
"indicator--59637341-113c-4d64-9892-74c9950d210f",
|
||
|
"indicator--59637341-a36c-4249-80e3-74c9950d210f",
|
||
|
"indicator--59637341-a788-43d5-8e94-74c9950d210f",
|
||
|
"indicator--59637341-ecc4-45f8-be34-74c9950d210f",
|
||
|
"indicator--59637341-de68-42b1-b492-74c9950d210f",
|
||
|
"indicator--5963734f-4454-42c3-8ead-4be0950d210f",
|
||
|
"indicator--59637397-6218-4390-99ae-74c9950d210f",
|
||
|
"indicator--59637397-65f8-465a-a26f-74c9950d210f",
|
||
|
"indicator--59637397-cb98-4b01-b469-74c9950d210f",
|
||
|
"indicator--59637397-0734-4be5-a89c-74c9950d210f",
|
||
|
"indicator--59637397-da28-48c9-8f67-74c9950d210f",
|
||
|
"indicator--59637397-d3ec-40bf-9b5d-74c9950d210f",
|
||
|
"indicator--59637397-1e4c-43a7-8570-74c9950d210f",
|
||
|
"indicator--59637397-b668-445a-9963-74c9950d210f",
|
||
|
"indicator--59637397-7850-4423-ab3d-74c9950d210f",
|
||
|
"indicator--59637397-4eec-4098-af58-74c9950d210f",
|
||
|
"indicator--59637397-ce6c-44a3-8f57-74c9950d210f",
|
||
|
"indicator--59637397-2678-454b-8ec3-74c9950d210f",
|
||
|
"indicator--59637397-afbc-469e-a589-74c9950d210f",
|
||
|
"indicator--59637397-ec4c-44e7-bbe2-74c9950d210f",
|
||
|
"indicator--59637397-566c-4deb-99bb-74c9950d210f",
|
||
|
"indicator--59637397-7290-4bcb-aa25-74c9950d210f",
|
||
|
"indicator--59637397-be5c-4d2d-a978-74c9950d210f",
|
||
|
"indicator--59637397-9ebc-4711-9670-74c9950d210f",
|
||
|
"indicator--59637397-6708-41d5-89f6-74c9950d210f",
|
||
|
"indicator--59637397-dce8-46f8-9210-74c9950d210f",
|
||
|
"indicator--59637397-3004-4bc2-a845-74c9950d210f",
|
||
|
"indicator--59637397-5de0-48fe-95e8-74c9950d210f",
|
||
|
"indicator--59637397-f2dc-4423-9ef1-74c9950d210f",
|
||
|
"indicator--59637397-5744-4971-8eeb-74c9950d210f",
|
||
|
"indicator--59637397-a504-4b3e-884b-74c9950d210f",
|
||
|
"indicator--59637397-54f4-4b8b-a8ee-74c9950d210f",
|
||
|
"indicator--59637397-2744-464b-9284-74c9950d210f",
|
||
|
"indicator--59637397-fac0-4cee-901f-74c9950d210f",
|
||
|
"indicator--59637397-be38-44ea-8272-74c9950d210f",
|
||
|
"indicator--59637397-db24-4972-b6e4-74c9950d210f",
|
||
|
"indicator--59637397-31e0-4911-8dbb-74c9950d210f",
|
||
|
"indicator--59637397-59bc-4191-8431-74c9950d210f",
|
||
|
"indicator--59637397-6a8c-4db2-8ecc-74c9950d210f",
|
||
|
"indicator--59637397-79e8-4230-a9b2-74c9950d210f",
|
||
|
"indicator--59637397-d254-43c4-b20c-74c9950d210f",
|
||
|
"indicator--59637397-83f0-4e1f-a888-74c9950d210f",
|
||
|
"indicator--59637397-034c-4b20-85e8-74c9950d210f",
|
||
|
"indicator--59637397-0b84-487a-b3b6-74c9950d210f",
|
||
|
"indicator--59637397-0d7c-4746-91b7-74c9950d210f",
|
||
|
"indicator--59637397-0678-4c18-8203-74c9950d210f",
|
||
|
"indicator--59637397-e1c4-4315-a058-74c9950d210f",
|
||
|
"indicator--59637397-15bc-4744-80a9-74c9950d210f",
|
||
|
"indicator--59637397-ea00-47c2-baf3-74c9950d210f",
|
||
|
"indicator--59637397-7b78-4054-9803-74c9950d210f",
|
||
|
"indicator--59637397-8370-40c7-b945-74c9950d210f",
|
||
|
"indicator--59637397-7f8c-48fc-8fec-74c9950d210f",
|
||
|
"indicator--59637397-d904-434b-b22f-74c9950d210f",
|
||
|
"indicator--59637397-b450-4671-b65a-74c9950d210f",
|
||
|
"indicator--59637397-bc88-4150-90ef-74c9950d210f",
|
||
|
"indicator--59637397-19e8-4e20-baac-74c9950d210f",
|
||
|
"indicator--59637397-2a54-4bec-9680-74c9950d210f",
|
||
|
"indicator--59637397-102c-4e72-a5e9-74c9950d210f",
|
||
|
"indicator--59637397-0220-47a4-b15a-74c9950d210f",
|
||
|
"indicator--59637397-5b34-478f-bb70-74c9950d210f",
|
||
|
"indicator--59637397-73d4-4809-ba4d-74c9950d210f",
|
||
|
"indicator--59637397-e264-4e45-b9e7-74c9950d210f",
|
||
|
"indicator--59637397-7e68-4796-9844-74c9950d210f",
|
||
|
"indicator--59637397-7c9c-49c5-96c0-74c9950d210f",
|
||
|
"indicator--59637397-d5b0-41b9-b299-74c9950d210f",
|
||
|
"indicator--59637397-fb90-47d6-ac7f-74c9950d210f",
|
||
|
"indicator--59637397-0c08-4d8b-bda5-74c9950d210f",
|
||
|
"indicator--59637397-8968-42e7-8229-74c9950d210f",
|
||
|
"indicator--59637397-38ec-4755-9557-74c9950d210f",
|
||
|
"indicator--59637397-2cf0-4779-9397-74c9950d210f",
|
||
|
"indicator--59637397-e1c0-4cbe-b31b-74c9950d210f",
|
||
|
"indicator--59637397-e708-4a44-acde-74c9950d210f",
|
||
|
"indicator--59637397-c4e4-4f4b-b568-74c9950d210f",
|
||
|
"indicator--59637397-e678-4e15-9772-74c9950d210f",
|
||
|
"indicator--59637397-90fc-4323-8255-74c9950d210f",
|
||
|
"indicator--59637397-d594-48be-8085-74c9950d210f",
|
||
|
"indicator--59637397-d650-4031-bc9d-74c9950d210f",
|
||
|
"indicator--59637397-6094-4100-b9bc-74c9950d210f",
|
||
|
"indicator--59637397-423c-4f52-8275-74c9950d210f",
|
||
|
"indicator--59637397-4fc0-4617-b92d-74c9950d210f",
|
||
|
"indicator--59637397-6358-4909-91bb-74c9950d210f",
|
||
|
"indicator--59637397-803c-48d1-9411-74c9950d210f",
|
||
|
"indicator--59637397-7548-4fbf-8e40-74c9950d210f",
|
||
|
"indicator--59637397-f45c-4337-a84f-74c9950d210f",
|
||
|
"indicator--59637397-2d84-44fc-ae6c-74c9950d210f",
|
||
|
"indicator--59637397-5814-4bb8-bebc-74c9950d210f",
|
||
|
"indicator--59637397-7788-41d0-8fa4-74c9950d210f",
|
||
|
"indicator--59637397-c97c-4383-a211-74c9950d210f",
|
||
|
"indicator--59637397-13f0-4750-a7cd-74c9950d210f",
|
||
|
"indicator--59637397-a300-46ce-be3e-74c9950d210f",
|
||
|
"indicator--59637397-9084-40cf-af51-74c9950d210f",
|
||
|
"indicator--59637397-3068-4bff-878a-74c9950d210f",
|
||
|
"indicator--59637397-44b4-4fb7-95d1-74c9950d210f",
|
||
|
"indicator--59637397-75e0-4cb7-8ec4-74c9950d210f",
|
||
|
"observed-data--596373c6-1710-4045-a7ce-44b5950d210f",
|
||
|
"url--596373c6-1710-4045-a7ce-44b5950d210f",
|
||
|
"x-misp-attribute--596373f8-7ad8-4fa8-9f2f-442d950d210f",
|
||
|
"indicator--59637711-6b48-44be-8df6-441702de0b81",
|
||
|
"indicator--59637711-54f8-4283-bf8a-40e102de0b81",
|
||
|
"observed-data--59637711-c608-42ae-b3c5-41bb02de0b81",
|
||
|
"url--59637711-c608-42ae-b3c5-41bb02de0b81",
|
||
|
"indicator--59637711-e8d4-4a67-88c6-430f02de0b81",
|
||
|
"indicator--59637711-8ff0-4446-a985-4c1f02de0b81",
|
||
|
"observed-data--59637711-7348-4dee-b796-45f402de0b81",
|
||
|
"url--59637711-7348-4dee-b796-45f402de0b81",
|
||
|
"indicator--59637711-2c94-45e3-be20-40a302de0b81",
|
||
|
"indicator--59637711-a95c-47a6-810d-4c5e02de0b81",
|
||
|
"observed-data--59637711-dbec-4934-94fb-470602de0b81",
|
||
|
"url--59637711-dbec-4934-94fb-470602de0b81",
|
||
|
"indicator--59637711-f5bc-42fd-ab43-40ad02de0b81",
|
||
|
"indicator--59637711-a5d4-4ca7-b1c7-439402de0b81",
|
||
|
"observed-data--59637711-c1a0-4be7-a7b2-46fe02de0b81",
|
||
|
"url--59637711-c1a0-4be7-a7b2-46fe02de0b81",
|
||
|
"indicator--59637711-0e1c-40e8-98b8-4b3d02de0b81",
|
||
|
"indicator--59637711-fd7c-41f6-8d9e-419402de0b81",
|
||
|
"observed-data--59637711-6a1c-4b3b-b99d-442d02de0b81",
|
||
|
"url--59637711-6a1c-4b3b-b99d-442d02de0b81",
|
||
|
"indicator--59637711-a138-40cc-9a83-445202de0b81",
|
||
|
"indicator--59637711-7e58-419e-8f2d-4bae02de0b81",
|
||
|
"observed-data--59637711-5904-4470-8063-4ea302de0b81",
|
||
|
"url--59637711-5904-4470-8063-4ea302de0b81",
|
||
|
"indicator--59637711-978c-429b-9086-4f5502de0b81",
|
||
|
"indicator--59637711-1758-414d-b4b6-4b8402de0b81",
|
||
|
"observed-data--59637711-ed28-40ed-be1a-47cd02de0b81",
|
||
|
"url--59637711-ed28-40ed-be1a-47cd02de0b81",
|
||
|
"indicator--59637711-9e74-44e3-bb4e-40b002de0b81",
|
||
|
"indicator--59637711-0d58-4f19-9985-47da02de0b81",
|
||
|
"observed-data--59637711-4f88-4e2e-90e7-45ba02de0b81",
|
||
|
"url--59637711-4f88-4e2e-90e7-45ba02de0b81",
|
||
|
"indicator--59637711-91f8-4bdf-9cb0-4fab02de0b81",
|
||
|
"indicator--59637711-05c4-411e-9c16-47da02de0b81",
|
||
|
"observed-data--59637711-3278-433a-b63a-47f802de0b81",
|
||
|
"url--59637711-3278-433a-b63a-47f802de0b81",
|
||
|
"indicator--59637711-71a4-41b2-8c31-430302de0b81",
|
||
|
"indicator--59637711-c780-4668-a6d9-4c6302de0b81",
|
||
|
"observed-data--59637712-f100-44c1-a240-46d402de0b81",
|
||
|
"url--59637712-f100-44c1-a240-46d402de0b81",
|
||
|
"indicator--59637712-fb68-4634-bb6d-490402de0b81",
|
||
|
"indicator--59637712-8e90-4b94-ab31-454e02de0b81",
|
||
|
"observed-data--59637712-d678-4974-ad54-47ca02de0b81",
|
||
|
"url--59637712-d678-4974-ad54-47ca02de0b81",
|
||
|
"indicator--59637712-5a74-449d-a836-4e8402de0b81",
|
||
|
"indicator--59637712-46bc-4406-9aab-47ac02de0b81",
|
||
|
"observed-data--59637712-52c4-4774-a574-4dbe02de0b81",
|
||
|
"url--59637712-52c4-4774-a574-4dbe02de0b81",
|
||
|
"indicator--59637712-e104-477a-92fe-432602de0b81",
|
||
|
"indicator--59637712-70e4-4655-9758-498b02de0b81",
|
||
|
"observed-data--59637712-cbf8-4ae2-843e-448002de0b81",
|
||
|
"url--59637712-cbf8-4ae2-843e-448002de0b81",
|
||
|
"indicator--59637712-9294-4a32-a88e-482c02de0b81",
|
||
|
"indicator--59637712-7744-4fa3-b9de-4b4b02de0b81",
|
||
|
"observed-data--59637712-9db8-40b1-aeb9-425d02de0b81",
|
||
|
"url--59637712-9db8-40b1-aeb9-425d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"osint:source-type=\"blog-post\"",
|
||
|
"enisa:nefarious-activity-abuse=\"mobile-malware\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-6ea0-494e-b5e9-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ea472586b6f958fb79051aee5b7b7134dc37818b72ab97d1d542a9f94fdc63f7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-33e0-4f58-86d4-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = '9973133dcdaeea5a7d519359ba2272db5de9e9bb5759d169e0454632c3d91401']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-adec-4464-a4c3-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ec3b506c7fc80717d9ae19ca46ad2599d8d8d4880d6b980da03f054bbcf00cbd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-3f38-41dc-95f2-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e9a0b8b780999a64838c492b70032a076d052eb321c99d68ab1d230bd91d0100']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-59e0-406b-9cef-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = '4e4a31c89613704bcace4798335e6150b7492c753c95a6683531c2cb7d78b3a2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-9964-456c-b19d-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c39a2962c2734f6350cd45a399c58f203cd1b97aa12bec166a27c0fffc850280']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-564c-412d-a8af-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = '13aa7fdf838a7c0bb79a805db25c99d75ccf4088b65c4e1f3741d3c467376faf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-e580-4c71-a388-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = '77c196544a2a778c63579f1a205ffd631b1999d69043679ab60b13cedc13db0e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-113c-4d64-9892-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd991e1ef7c8a502079d71e2d779b3ae8f081e2af9d1e2709f08b72a7de2a519e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-a36c-4249-80e3-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = '1a941833df8434c7e96ca3cda4465f3cdbb6bd239e6bfd939eb603948b975cd7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-a788-43d5-8e94-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b913bdb396d87c1f71073cdfef901697b512bd409c59447bcde1ddab07e5b7e6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-ecc4-45f8-be34-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e4604fc23d2c89707748e42c8ae8631b8e1db235ec3c9b2488dae4963de46b1a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637341-de68-42b1-b492-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "Sample of SpyDealer",
|
||
|
"pattern": "[file:hashes.SHA256 = '8001e0258b13cd6971ef1d227cfc9c2f51036f1faf400cff7042fb099d1d11ab']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5963734f-4454-42c3-8ead-4be0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "The downloaded raw.zip which contains exploits stolen from \u00e2\u20ac\u0153Baidu Easy Root\u00e2\u20ac\u009d",
|
||
|
"pattern": "[file:hashes.SHA256 = 'cfd0a4f266a51c45ff7b33e5854bc62a49cfc769e62e1d73dd06ff92a7088f51']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-6218-4390-99ae-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '219.150.214.117']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-65f8-465a-a26f-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '110.167.201.44']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-cb98-4b01-b469-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.160.2.78']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-0734-4be5-a89c-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.208.85.119']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-da28-48c9-8f67-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '116.52.154.114']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-d3ec-40bf-9b5d-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.219.254']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-1e4c-43a7-8570-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.237.46']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-b668-445a-9963-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '116.53.130.192']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-7850-4423-ab3d-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.156.200.214']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-4eec-4098-af58-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.186.137.213']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-ce6c-44a3-8f57-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.10.2.237']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-2678-454b-8ec3-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.171.99.118']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-afbc-469e-a589-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.238.70']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-ec4c-44e7-bbe2-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.253.110']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-566c-4deb-99bb-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.26.229.201']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-7290-4bcb-aa25-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.103.207.227']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-be5c-4d2d-a978-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.65.18.193']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-9ebc-4711-9670-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.228.134']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-6708-41d5-89f6-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '219.146.144.162']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-dce8-46f8-9210-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.86.225.194']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-3004-4bc2-a845-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.12.154.233']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-5de0-48fe-95e8-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.249.126']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-f2dc-4423-9ef1-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '117.40.226.57']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-5744-4971-8eeb-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.246.78']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-a504-4b3e-884b-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.97.135.68']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-54f4-4b8b-a8ee-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.250.62']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-2744-464b-9284-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.254.194']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-fac0-4cee-901f-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.48.105.14']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-be38-44ea-8272-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.166.10.147']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-db24-4972-b6e4-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.68.194.138']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-31e0-4911-8dbb-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.33.110.101']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-59bc-4191-8431-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.238.62']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-6a8c-4db2-8ecc-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.88.100.148']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-79e8-4230-a9b2-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.10.191.6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-d254-43c4-b20c-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.103.202.227']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-83f0-4e1f-a888-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.223.252.190']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-034c-4b20-85e8-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.76.118.153']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-0b84-487a-b3b6-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.116.41.219']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-0d7c-4746-91b7-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.87.144.137']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-0678-4c18-8203-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.119.15.6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-e1c4-4315-a058-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.26.168.71']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-15bc-4744-80a9-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.252.18']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-ea00-47c2-baf3-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.236.226']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-7b78-4054-9803-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.160.2.76']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-8370-40c7-b945-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.84.75.243']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-7f8c-48fc-8fec-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.46.78.60']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-d904-434b-b22f-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.229.66']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-b450-4671-b65a-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.76.118.53']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-bc88-4150-90ef-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.68.46.150']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-19e8-4e20-baac-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.58.124.146']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-2a54-4bec-9680-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.172.200.200']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-102c-4e72-a5e9-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.242.244.70']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-0220-47a4-b15a-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.84.35.39']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-5b34-478f-bb70-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.249.170']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-73d4-4809-ba4d-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.232.114']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-e264-4e45-b9e7-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.252.138']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-7e68-4796-9844-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.212.218']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-7c9c-49c5-96c0-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.212.235.46']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-d5b0-41b9-b299-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.230.202']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-fb90-47d6-ac7f-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.122.180.173']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-0c08-4d8b-bda5-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.235.96.235']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-8968-42e7-8229-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.77.177.167']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-38ec-4755-9557-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.88.154.148']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-2cf0-4779-9397-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.30.134.99']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-e1c0-4cbe-b31b-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.230.146']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-e708-4a44-acde-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.68.203.46']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-c4e4-4f4b-b568-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.250.122']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-e678-4e15-9772-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.218.218']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-90fc-4323-8255-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.167.224.171']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-d594-48be-8085-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.164.210.48']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-d650-4031-bc9d-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.82.210.250']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-6094-4100-b9bc-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.88.118.104']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-423c-4f52-8275-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.31.175.32']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-4fc0-4617-b92d-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.191.191.2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-6358-4909-91bb-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.249.26']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-803c-48d1-9411-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.217.194']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-7548-4fbf-8e40-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[domain-name:value = 'softupdate.eicp.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-f45c-4337-a84f-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.235.152.85']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-2d84-44fc-ae6c-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.171.24.178']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-5814-4bb8-bebc-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.28.53.174']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-7788-41d0-8fa4-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.218.18']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-c97c-4383-a211-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.80.52.5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-13f0-4750-a7cd-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.12.190.254']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-a300-46ce-be3e-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.208.163.112']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-9084-40cf-af51-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.39.138.47']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-3068-4bff-878a-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.232.198']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-44b4-4fb7-95d1-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.46.177.140']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637397-75e0-4cb7-8ec4-74c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"description": "IP/Domain List of C2 Servers",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.117.236.194']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--596373c6-1710-4045-a7ce-44b5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:07Z",
|
||
|
"last_observed": "2017-07-10T12:46:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--596373c6-1710-4045-a7ce-44b5950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--596373c6-1710-4045-a7ce-44b5950d210f",
|
||
|
"value": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--596373f8-7ad8-4fa8-9f2f-442d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:07.000Z",
|
||
|
"modified": "2017-07-10T12:46:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "With the prevalence of Google Android smartphones and the popularity of feature-rich apps, more and more people rely on smartphones to store and handle kinds of personal and business information which attracts adversaries who want to steal that information. Recently, Palo Alto Networks researchers discovered an advanced Android malware we\u00e2\u20ac\u2122ve named \u00e2\u20ac\u0153SpyDealer\u00e2\u20ac\u009d which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature. SpyDealer uses exploits from a commercial rooting app to gain root privilege, which enables the subsequent data theft.\r\n\r\nSpyDealer has many capabilities, including:\r\n\r\nExfiltrate private data from more than 40 popular apps including: WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk\r\nAbuses the Android Accessibility Service feature to steal sensitive messages from popular communication and social apps such as WeChat, Skype, Viber, QQ\r\nTakes advantage of the commercial rooting app \u00e2\u20ac\u0153Baidu Easy Root\u00e2\u20ac\u009d to gain root privilege and maintain persistence on the compromised device\r\nHarvests an exhaustive list of personal information including phone number, IMEI, IMSI, SMS, MMS, contacts, accounts, phone call history, location, and connected Wi-Fi information\r\nAutomatically answer incoming phone calls from a specific number\r\nRemote control of the device via UDP, TCP and SMS channels\r\nSpy on the compromised user by:\r\nRecording the phone call and the surrounding audio & video.\r\nTaking photos via both the front and rear camera\r\nMonitoring the compromised device\u00e2\u20ac\u2122s location\r\nTaking screenshots\r\nThere are multiple factors that mitigate the risk of this threat to most users.\r\n\r\nAs far as we know, SpyDealer has not been distributed through the Google Play store\r\nWe do not know exactly how devices are initially infected with SpyDealer, but have seen evidence to suggest Chinese users becoming infected through compromised wireless networks.\r\nWe have reported information on this threat to Google, and they have created protections through Google Play Protect.\r\nSpyDealer is only completely effective against Android devices running versions between 2.2 and 4.4, as the rooting tool it uses only supports those versions. This represents approximately 25% of active Android devices worldwide. On devices running later versions of Android, it can still significant amounts of information, but it cannot take actions that require higher privileges.\r\nAs of June 2017, we have captured 1046 samples of SpyDealer. Our analysis shows that SpyDealer is currently under active development. There are three versions of this malware currently in the wild, 1.9.1, 1.9.2 and 1.9.3. Starting from 1.9.3, content of configuration files and almost all constant strings in the code are encrypted or encoded. An accessibility service was also introduced in 1.9.3 to steal targeted apps\u00e2\u20ac\u2122 messages. According to our dataset, most of these samples use the app name \u00e2\u20ac\u0153GoogleService\u00e2\u20ac\u009d or \u00e2\u20ac\u0153GoogleUpdate\u00e2\u20ac\u009d. The most recent sample we have observed was created in May, 2017 while the oldest sample dates back to October, 2015, indicating this malware family has been active for over a year and a half. We also observed evidence of infected users discussing the malware in October 2015 and February 2016 as shown in Figure 1."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-6b48-44be-8df6-441702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "The downloaded raw.zip which contains exploits stolen from \u00e2\u20ac\u0153Baidu Easy Root\u00e2\u20ac\u009d - Xchecked via VT: cfd0a4f266a51c45ff7b33e5854bc62a49cfc769e62e1d73dd06ff92a7088f51",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cab0563884d8f866fca49003045f0b7b8662f93d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-54f8-4283-bf8a-40e102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "The downloaded raw.zip which contains exploits stolen from \u00e2\u20ac\u0153Baidu Easy Root\u00e2\u20ac\u009d - Xchecked via VT: cfd0a4f266a51c45ff7b33e5854bc62a49cfc769e62e1d73dd06ff92a7088f51",
|
||
|
"pattern": "[file:hashes.MD5 = 'a785b302e213f0bebf282588b1389fb1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637711-c608-42ae-b3c5-41bb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:09Z",
|
||
|
"last_observed": "2017-07-10T12:46:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637711-c608-42ae-b3c5-41bb02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637711-c608-42ae-b3c5-41bb02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/cfd0a4f266a51c45ff7b33e5854bc62a49cfc769e62e1d73dd06ff92a7088f51/analysis/1499378507/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-e8d4-4a67-88c6-430f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 8001e0258b13cd6971ef1d227cfc9c2f51036f1faf400cff7042fb099d1d11ab",
|
||
|
"pattern": "[file:hashes.SHA1 = '04c10a373700327d81a7671933f343c9e8e7c7f9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-8ff0-4446-a985-4c1f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 8001e0258b13cd6971ef1d227cfc9c2f51036f1faf400cff7042fb099d1d11ab",
|
||
|
"pattern": "[file:hashes.MD5 = '5f2e3a898a03ed872cd968a1d5408d2f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637711-7348-4dee-b796-45f402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:09Z",
|
||
|
"last_observed": "2017-07-10T12:46:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637711-7348-4dee-b796-45f402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637711-7348-4dee-b796-45f402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8001e0258b13cd6971ef1d227cfc9c2f51036f1faf400cff7042fb099d1d11ab/analysis/1499418104/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-2c94-45e3-be20-40a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: e4604fc23d2c89707748e42c8ae8631b8e1db235ec3c9b2488dae4963de46b1a",
|
||
|
"pattern": "[file:hashes.SHA1 = '534bb2be12a55b5c3b197998431e49af2e61e5a1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-a95c-47a6-810d-4c5e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: e4604fc23d2c89707748e42c8ae8631b8e1db235ec3c9b2488dae4963de46b1a",
|
||
|
"pattern": "[file:hashes.MD5 = 'c742939eaa293ec55350adcc690de568']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637711-dbec-4934-94fb-470602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:09Z",
|
||
|
"last_observed": "2017-07-10T12:46:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637711-dbec-4934-94fb-470602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637711-dbec-4934-94fb-470602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e4604fc23d2c89707748e42c8ae8631b8e1db235ec3c9b2488dae4963de46b1a/analysis/1499378506/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-f5bc-42fd-ab43-40ad02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: b913bdb396d87c1f71073cdfef901697b512bd409c59447bcde1ddab07e5b7e6",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ea9e939f6d0b8fdb8825b62478615303160b4119']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-a5d4-4ca7-b1c7-439402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: b913bdb396d87c1f71073cdfef901697b512bd409c59447bcde1ddab07e5b7e6",
|
||
|
"pattern": "[file:hashes.MD5 = '113f3f9f4ef2d12919842f8b9849977a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637711-c1a0-4be7-a7b2-46fe02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:09Z",
|
||
|
"last_observed": "2017-07-10T12:46:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637711-c1a0-4be7-a7b2-46fe02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637711-c1a0-4be7-a7b2-46fe02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b913bdb396d87c1f71073cdfef901697b512bd409c59447bcde1ddab07e5b7e6/analysis/1499378506/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-0e1c-40e8-98b8-4b3d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 1a941833df8434c7e96ca3cda4465f3cdbb6bd239e6bfd939eb603948b975cd7",
|
||
|
"pattern": "[file:hashes.SHA1 = '7acf937aa42365aed9940d94c9630e00116ed003']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-fd7c-41f6-8d9e-419402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 1a941833df8434c7e96ca3cda4465f3cdbb6bd239e6bfd939eb603948b975cd7",
|
||
|
"pattern": "[file:hashes.MD5 = '33daeac2909d8939131624da0312be52']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637711-6a1c-4b3b-b99d-442d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:09Z",
|
||
|
"last_observed": "2017-07-10T12:46:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637711-6a1c-4b3b-b99d-442d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637711-6a1c-4b3b-b99d-442d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1a941833df8434c7e96ca3cda4465f3cdbb6bd239e6bfd939eb603948b975cd7/analysis/1499592840/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-a138-40cc-9a83-445202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: d991e1ef7c8a502079d71e2d779b3ae8f081e2af9d1e2709f08b72a7de2a519e",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cafebb6cb5f868ca4c6e9f9ce35094f4b924850b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-7e58-419e-8f2d-4bae02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: d991e1ef7c8a502079d71e2d779b3ae8f081e2af9d1e2709f08b72a7de2a519e",
|
||
|
"pattern": "[file:hashes.MD5 = '1cd72b1ded9e34810302fdc654e0ff5d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637711-5904-4470-8063-4ea302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:09Z",
|
||
|
"last_observed": "2017-07-10T12:46:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637711-5904-4470-8063-4ea302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637711-5904-4470-8063-4ea302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d991e1ef7c8a502079d71e2d779b3ae8f081e2af9d1e2709f08b72a7de2a519e/analysis/1499378505/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-978c-429b-9086-4f5502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 77c196544a2a778c63579f1a205ffd631b1999d69043679ab60b13cedc13db0e",
|
||
|
"pattern": "[file:hashes.SHA1 = '045d115f979cd8701946648b6960752a5a1138ea']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-1758-414d-b4b6-4b8402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 77c196544a2a778c63579f1a205ffd631b1999d69043679ab60b13cedc13db0e",
|
||
|
"pattern": "[file:hashes.MD5 = 'c5a3b1d89c642360d4a09a90fa7f4665']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637711-ed28-40ed-be1a-47cd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:09Z",
|
||
|
"last_observed": "2017-07-10T12:46:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637711-ed28-40ed-be1a-47cd02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637711-ed28-40ed-be1a-47cd02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/77c196544a2a778c63579f1a205ffd631b1999d69043679ab60b13cedc13db0e/analysis/1499378505/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-9e74-44e3-bb4e-40b002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 13aa7fdf838a7c0bb79a805db25c99d75ccf4088b65c4e1f3741d3c467376faf",
|
||
|
"pattern": "[file:hashes.SHA1 = '78d1c02f572fb082aaa9af9d2038536edb1ea099']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-0d58-4f19-9985-47da02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 13aa7fdf838a7c0bb79a805db25c99d75ccf4088b65c4e1f3741d3c467376faf",
|
||
|
"pattern": "[file:hashes.MD5 = 'd798eadd306bb8655d2ef1507e1e56da']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637711-4f88-4e2e-90e7-45ba02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:09Z",
|
||
|
"last_observed": "2017-07-10T12:46:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637711-4f88-4e2e-90e7-45ba02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637711-4f88-4e2e-90e7-45ba02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/13aa7fdf838a7c0bb79a805db25c99d75ccf4088b65c4e1f3741d3c467376faf/analysis/1499378504/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-91f8-4bdf-9cb0-4fab02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: c39a2962c2734f6350cd45a399c58f203cd1b97aa12bec166a27c0fffc850280",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e4a114510581eb30fc56718b8c4c5bf20d8352cf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-05c4-411e-9c16-47da02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: c39a2962c2734f6350cd45a399c58f203cd1b97aa12bec166a27c0fffc850280",
|
||
|
"pattern": "[file:hashes.MD5 = '211e7910d6d5c1b369a4de1dbdde4080']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637711-3278-433a-b63a-47f802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:09Z",
|
||
|
"last_observed": "2017-07-10T12:46:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637711-3278-433a-b63a-47f802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637711-3278-433a-b63a-47f802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c39a2962c2734f6350cd45a399c58f203cd1b97aa12bec166a27c0fffc850280/analysis/1499378504/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-71a4-41b2-8c31-430302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 4e4a31c89613704bcace4798335e6150b7492c753c95a6683531c2cb7d78b3a2",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ce3fa365d929f42fc8cc230fa669eb44ccd1df2d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637711-c780-4668-a6d9-4c6302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:09.000Z",
|
||
|
"modified": "2017-07-10T12:46:09.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 4e4a31c89613704bcace4798335e6150b7492c753c95a6683531c2cb7d78b3a2",
|
||
|
"pattern": "[file:hashes.MD5 = '042f2f3a0df4aef0460d1ee74f1df033']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637712-f100-44c1-a240-46d402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:10Z",
|
||
|
"last_observed": "2017-07-10T12:46:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637712-f100-44c1-a240-46d402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637712-f100-44c1-a240-46d402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4e4a31c89613704bcace4798335e6150b7492c753c95a6683531c2cb7d78b3a2/analysis/1499592920/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637712-fb68-4634-bb6d-490402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: e9a0b8b780999a64838c492b70032a076d052eb321c99d68ab1d230bd91d0100",
|
||
|
"pattern": "[file:hashes.SHA1 = '86c80f1b6c24f461bbee3834f8b9a0dcca004ddb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637712-8e90-4b94-ab31-454e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: e9a0b8b780999a64838c492b70032a076d052eb321c99d68ab1d230bd91d0100",
|
||
|
"pattern": "[file:hashes.MD5 = '8a266e277c61ffd6afa3d15b8691b9fb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637712-d678-4974-ad54-47ca02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:10Z",
|
||
|
"last_observed": "2017-07-10T12:46:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637712-d678-4974-ad54-47ca02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637712-d678-4974-ad54-47ca02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e9a0b8b780999a64838c492b70032a076d052eb321c99d68ab1d230bd91d0100/analysis/1499592939/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637712-5a74-449d-a836-4e8402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: ec3b506c7fc80717d9ae19ca46ad2599d8d8d4880d6b980da03f054bbcf00cbd",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a820124934ff6d6a57b18881db6f39338afd238a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637712-46bc-4406-9aab-47ac02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: ec3b506c7fc80717d9ae19ca46ad2599d8d8d4880d6b980da03f054bbcf00cbd",
|
||
|
"pattern": "[file:hashes.MD5 = '6a3ae5a916bc109e0186b40093084a78']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637712-52c4-4774-a574-4dbe02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:10Z",
|
||
|
"last_observed": "2017-07-10T12:46:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637712-52c4-4774-a574-4dbe02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637712-52c4-4774-a574-4dbe02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ec3b506c7fc80717d9ae19ca46ad2599d8d8d4880d6b980da03f054bbcf00cbd/analysis/1499378503/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637712-e104-477a-92fe-432602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 9973133dcdaeea5a7d519359ba2272db5de9e9bb5759d169e0454632c3d91401",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b49dc371e7651ef34fe2b06e52408c522f617c89']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637712-70e4-4655-9758-498b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: 9973133dcdaeea5a7d519359ba2272db5de9e9bb5759d169e0454632c3d91401",
|
||
|
"pattern": "[file:hashes.MD5 = '3b07862da0b78632d8e4486444adbbfd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637712-cbf8-4ae2-843e-448002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:10Z",
|
||
|
"last_observed": "2017-07-10T12:46:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637712-cbf8-4ae2-843e-448002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637712-cbf8-4ae2-843e-448002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9973133dcdaeea5a7d519359ba2272db5de9e9bb5759d169e0454632c3d91401/analysis/1499592898/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637712-9294-4a32-a88e-482c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: ea472586b6f958fb79051aee5b7b7134dc37818b72ab97d1d542a9f94fdc63f7",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bf09ab508ea67c2ff87dd45cd995fd3c1dab96bd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59637712-7744-4fa3-b9de-4b4b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"description": "Sample of SpyDealer - Xchecked via VT: ea472586b6f958fb79051aee5b7b7134dc37818b72ab97d1d542a9f94fdc63f7",
|
||
|
"pattern": "[file:hashes.MD5 = 'b64ad45480856719bf8fd348141791f5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-07-10T12:46:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59637712-9db8-40b1-aeb9-425d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-07-10T12:46:10.000Z",
|
||
|
"modified": "2017-07-10T12:46:10.000Z",
|
||
|
"first_observed": "2017-07-10T12:46:10Z",
|
||
|
"last_observed": "2017-07-10T12:46:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59637712-9db8-40b1-aeb9-425d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59637712-9db8-40b1-aeb9-425d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ea472586b6f958fb79051aee5b7b7134dc37818b72ab97d1d542a9f94fdc63f7/analysis/1499378502/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|