1459 lines
59 KiB
JSON
1459 lines
59 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--59e9ec59-a888-48e4-afb4-441602de0b81",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:57.000Z",
|
||
|
"modified": "2017-10-21T11:34:57.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--59e9ec59-a888-48e4-afb4-441602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:57.000Z",
|
||
|
"modified": "2017-10-21T11:34:57.000Z",
|
||
|
"name": "OSINT - IoT_reaper: A Rappid Spreading New IoT Botnet",
|
||
|
"published": "2017-10-21T11:35:26Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--59e9ec90-ee0c-4b5e-aaec-492302de0b81",
|
||
|
"url--59e9ec90-ee0c-4b5e-aaec-492302de0b81",
|
||
|
"x-misp-attribute--59e9ecad-8c48-49dd-a92a-452902de0b81",
|
||
|
"indicator--59e9eeb7-a164-4f42-9652-461a02de0b81",
|
||
|
"indicator--59e9eeb7-6aa8-45c8-961c-4c2502de0b81",
|
||
|
"indicator--59e9eeb7-5ba8-498f-896e-485902de0b81",
|
||
|
"indicator--59e9eeb7-cbc8-469a-a116-423202de0b81",
|
||
|
"indicator--59e9eeb7-bbc8-4ae0-8af6-418602de0b81",
|
||
|
"indicator--59e9eeb7-15a4-4495-9b8f-4faa02de0b81",
|
||
|
"indicator--59e9eeb7-034c-4e17-8222-449802de0b81",
|
||
|
"indicator--59e9f00e-7a44-4700-8f9e-494702de0b81",
|
||
|
"indicator--59e9f0a4-3368-4f39-a74d-63a302de0b81",
|
||
|
"indicator--59e9f0a4-1278-4d91-8f95-63a302de0b81",
|
||
|
"indicator--59e9f0a4-cc8c-4703-8905-63a302de0b81",
|
||
|
"indicator--59e9f0a4-6074-432e-acfb-63a302de0b81",
|
||
|
"indicator--59e9f0a4-c9b4-459f-9101-63a302de0b81",
|
||
|
"indicator--59e9f0a4-875c-428a-b7ea-63a302de0b81",
|
||
|
"indicator--59e9f0a4-d810-46c8-a9a9-63a302de0b81",
|
||
|
"indicator--59e9f0a4-14f4-42b0-90a9-63a302de0b81",
|
||
|
"indicator--59e9f0a4-4e94-4313-a1e7-63a302de0b81",
|
||
|
"indicator--59e9f0a4-306c-4d0b-bd33-63a302de0b81",
|
||
|
"indicator--59e9f0a4-a548-4fc9-8b56-63a302de0b81",
|
||
|
"indicator--59e9f0a4-8018-4ce4-9a79-63a302de0b81",
|
||
|
"indicator--59e9f0a4-c038-4783-9ba5-63a302de0b81",
|
||
|
"indicator--59e9f0a4-25d8-4bab-97e0-63a302de0b81",
|
||
|
"indicator--59e9f0a4-10ac-4ae2-aa45-63a302de0b81",
|
||
|
"indicator--59e9f0a4-35b4-4b0f-8326-63a302de0b81",
|
||
|
"indicator--59e9f231-64ac-41b8-9297-414f02de0b81",
|
||
|
"indicator--59e9f231-f044-4860-9374-4ef802de0b81",
|
||
|
"indicator--59e9f231-a8d0-4e19-b894-468502de0b81",
|
||
|
"indicator--59e9f231-85f8-4634-bc2c-464f02de0b81",
|
||
|
"indicator--59e9f231-a050-49c0-8e85-443402de0b81",
|
||
|
"indicator--59e9f231-a1cc-444d-95de-4c7302de0b81",
|
||
|
"indicator--59e9f231-9858-4a32-8e8f-45bd02de0b81",
|
||
|
"indicator--59e9f231-4f9c-4a43-ae98-40c402de0b81",
|
||
|
"indicator--59e9f231-57fc-4a54-b8be-4c9c02de0b81",
|
||
|
"indicator--59e9f231-3698-48cc-b1f2-45bd02de0b81",
|
||
|
"indicator--59e9f231-b1d8-476d-8dad-48e302de0b81",
|
||
|
"indicator--59e9f231-6c3c-4cd8-bd62-460d02de0b81",
|
||
|
"indicator--59e9f231-b7f0-4ef6-9ef3-419702de0b81",
|
||
|
"indicator--59e9f231-1640-4c1a-be3c-42de02de0b81",
|
||
|
"indicator--59e9f231-068c-4219-b032-443f02de0b81",
|
||
|
"indicator--59e9f231-0af0-4c52-9467-466c02de0b81",
|
||
|
"indicator--59e9f231-d5bc-4e25-9c96-4c2102de0b81",
|
||
|
"indicator--59e9f232-b2f8-4dfd-824f-4db402de0b81",
|
||
|
"indicator--59e9f232-f124-44ba-ad41-4dfd02de0b81",
|
||
|
"indicator--59e9f232-a28c-4a15-8099-41c102de0b81",
|
||
|
"indicator--59eb30d9-1e08-4929-b460-4f0102de0b81",
|
||
|
"indicator--59eb30d9-1e68-4719-88f7-490202de0b81",
|
||
|
"observed-data--59eb30d9-d6f0-4fb1-8c54-47c502de0b81",
|
||
|
"url--59eb30d9-d6f0-4fb1-8c54-47c502de0b81",
|
||
|
"indicator--59eb30d9-a2ec-44a4-ad93-44e802de0b81",
|
||
|
"indicator--59eb30d9-e074-414f-91f9-409b02de0b81",
|
||
|
"observed-data--59eb30d9-6d24-43d6-a9c5-4d7102de0b81",
|
||
|
"url--59eb30d9-6d24-43d6-a9c5-4d7102de0b81",
|
||
|
"indicator--59eb30d9-cd84-4368-a26f-4d1102de0b81",
|
||
|
"indicator--59eb30d9-bcc8-45f0-8ed0-4c5102de0b81",
|
||
|
"observed-data--59eb30d9-f558-4a09-9f68-4e8d02de0b81",
|
||
|
"url--59eb30d9-f558-4a09-9f68-4e8d02de0b81",
|
||
|
"indicator--59eb30d9-d900-4cb8-a597-4f5602de0b81",
|
||
|
"indicator--59eb30d9-a72c-4f52-a587-44b102de0b81",
|
||
|
"observed-data--59eb30d9-fe98-4fb7-a08d-4a9b02de0b81",
|
||
|
"url--59eb30d9-fe98-4fb7-a08d-4a9b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"osint:source-type=\"blog-post\"",
|
||
|
"malware_classification:malware-category=\"Botnet\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59e9ec90-ee0c-4b5e-aaec-492302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"first_observed": "2017-10-21T11:34:48Z",
|
||
|
"last_observed": "2017-10-21T11:34:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59e9ec90-ee0c-4b5e-aaec-492302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59e9ec90-ee0c-4b5e-aaec-492302de0b81",
|
||
|
"value": "http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--59e9ecad-8c48-49dd-a92a-452902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "IoT_reaper is fairly large now and is actively expanding. For example, there are multiple C2s we are tracking, the most recently data (October 19) from just one C2 shows the number of unique active bot IP address is more than 10k per day. While at the same time, there are millions of potential vulnerable device IPs being queued into the c2 system waiting to be processed by an automatic loader that injects malicious code to the devices to expand the size of the botnet."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9eeb7-a164-4f42-9652-461a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"description": "Downloader server",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.211.183.192']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9eeb7-6aa8-45c8-961c-4c2502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"description": "Downloader subdomain",
|
||
|
"pattern": "[domain-name:value = 'd.hl852.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9eeb7-5ba8-498f-896e-485902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"description": "Controler server",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.102.101.121']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9eeb7-cbc8-469a-a116-423202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"description": "Controler subdomain",
|
||
|
"pattern": "[domain-name:value = 'e.hl852.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9eeb7-bbc8-4ae0-8af6-418602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"description": "Reporter server",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.112.82.231']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9eeb7-15a4-4495-9b8f-4faa02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"description": "Reporter subdomain",
|
||
|
"pattern": "[domain-name:value = 'f.hl852.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9eeb7-034c-4e17-8222-449802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"description": "loader server",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.82.26.157']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f00e-7a44-4700-8f9e-494702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'ca92a3b74a65ce06035fcc280740daf6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-3368-4f39-a74d-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://cbk99.com:8080/run.lua']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-1278-4d91-8f95-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://bbk80.com/api/api.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-cc8c-4703-8905-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://103.1.221.40/63ae01/39xjsda.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-6074-432e-acfb-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://162.211.183.192/down/server.armel']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-c9b4-459f-9101-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://162.211.183.192/sa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-875c-428a-b7ea-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://162.211.183.192/sa5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-d810-46c8-a9a9-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://162.211.183.192/server.armel']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-14f4-42b0-90a9-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://162.211.183.192/sm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-4e94-4313-a1e7-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://162.211.183.192/xget']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-306c-4d0b-bd33-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://198.44.241.220:8080/run.lua']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-a548-4fc9-8b56-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://23.234.51.91/control-ARM-LSB']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-8018-4ce4-9a79-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://23.234.51.91/control-MIPS32-MSB']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-c038-4783-9ba5-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://23.234.51.91/htam5le']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-25d8-4bab-97e0-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://23.234.51.91/htmpbe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-10ac-4ae2-aa45-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://27.102.101.121/down/1506753086']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f0a4-35b4-4b0f-8326-63a302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[url:value = 'http://27.102.101.121/down/1506851514']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-64ac-41b8-9297-414f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3182a132ee9ed2280ce02144e974220a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-f044-4860-9374-4ef802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3d680273377b67e6491051abe17759db']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-a8d0-4e19-b894-468502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '41ef6a5c5b2fde1b367685c7b8b3c154']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-85f8-4634-bc2c-464f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '4406bace3030446371df53ebbdc17785']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-a050-49c0-8e85-443402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '4e2f58ba9a8a2bf47bdc24ee74956c73']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-a1cc-444d-95de-4c7302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '596b3167fe0d13e3a0cfea6a53209be4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-9858-4a32-8e8f-45bd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6587173d571d2a587c144525195daec9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-4f9c-4a43-ae98-40c402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6f91694106bb6d5aaa7a7eac841141d9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-57fc-4a54-b8be-4c9c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '704098c8a8a6641a04d25af7406088e1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-3698-48cc-b1f2-45bd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '726d0626f66d5cacfeff36ed954dad70']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-b1d8-476d-8dad-48e302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '76be3db77c7eb56825fe60009de2a8f2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-6c3c-4cd8-bd62-460d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '95b448bdf6b6c97a33e1d1dbe41678eb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-b7f0-4ef6-9ef3-419702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '9ad8473148e994981454b3b04370d1ec']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-1640-4c1a-be3c-42de02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '9f8e8b62b5adaf9c4b5bdbce6b2b95d1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-068c-4219-b032-443f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a3401685d8d9c7977180a5c6df2f646a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-0af0-4c52-9467-466c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'abe79b8e66c623c771acf9e21c162f44']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f231-d5bc-4e25-9c96-4c2102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b2d4a77244cd4f704b65037baf82d897']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f232-b2f8-4dfd-824f-4db402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e9a03dbde09c6b0a83eefc9c295711d7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f232-f124-44ba-ad41-4dfd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'f9ec2427377cbc6afb4a7ff011e0de77']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59e9f232-a28c-4a15-8099-41c102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:48.000Z",
|
||
|
"modified": "2017-10-21T11:34:48.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'fb7c00afe00eeefb5d8a24d524f99370']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59eb30d9-1e08-4929-b460-4f0102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"description": "- Xchecked via VT: 726d0626f66d5cacfeff36ed954dad70",
|
||
|
"pattern": "[file:hashes.SHA256 = '2acb0bc56baddeb26a091ff12a39463130243321720d0789375887f4117d8c1a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59eb30d9-1e68-4719-88f7-490202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"description": "- Xchecked via VT: 726d0626f66d5cacfeff36ed954dad70",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cd078ef54430c9ef9aa24dfbb7c89456f13e86f6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59eb30d9-d6f0-4fb1-8c54-47c502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"first_observed": "2017-10-21T11:34:49Z",
|
||
|
"last_observed": "2017-10-21T11:34:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59eb30d9-d6f0-4fb1-8c54-47c502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59eb30d9-d6f0-4fb1-8c54-47c502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2acb0bc56baddeb26a091ff12a39463130243321720d0789375887f4117d8c1a/analysis/1508525830/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59eb30d9-a2ec-44a4-ad93-44e802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"description": "- Xchecked via VT: 704098c8a8a6641a04d25af7406088e1",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b8e489068780fff439268a4f3e5feb572356615be043596656d7a1624689b21a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59eb30d9-e074-414f-91f9-409b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"description": "- Xchecked via VT: 704098c8a8a6641a04d25af7406088e1",
|
||
|
"pattern": "[file:hashes.SHA1 = '694ab441edcd6da67312df7f006a9ab1951a5c24']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59eb30d9-6d24-43d6-a9c5-4d7102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"first_observed": "2017-10-21T11:34:49Z",
|
||
|
"last_observed": "2017-10-21T11:34:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59eb30d9-6d24-43d6-a9c5-4d7102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59eb30d9-6d24-43d6-a9c5-4d7102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b8e489068780fff439268a4f3e5feb572356615be043596656d7a1624689b21a/analysis/1508529398/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59eb30d9-cd84-4368-a26f-4d1102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"description": "- Xchecked via VT: 6f91694106bb6d5aaa7a7eac841141d9",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e2ed207461032f4bf96cfd36e54cd883186592860056bd96df94e73f5b7db035']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59eb30d9-bcc8-45f0-8ed0-4c5102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"description": "- Xchecked via VT: 6f91694106bb6d5aaa7a7eac841141d9",
|
||
|
"pattern": "[file:hashes.SHA1 = '8756fc70cf05d558d086c669e449ca007f2b2f05']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59eb30d9-f558-4a09-9f68-4e8d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"first_observed": "2017-10-21T11:34:49Z",
|
||
|
"last_observed": "2017-10-21T11:34:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59eb30d9-f558-4a09-9f68-4e8d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59eb30d9-f558-4a09-9f68-4e8d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e2ed207461032f4bf96cfd36e54cd883186592860056bd96df94e73f5b7db035/analysis/1508539638/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59eb30d9-d900-4cb8-a597-4f5602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"description": "- Xchecked via VT: 4406bace3030446371df53ebbdc17785",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c2978651935f9d2af532605509493c4f588fc332a458eaef3b01199eae1f1897']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59eb30d9-a72c-4f52-a587-44b102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"description": "- Xchecked via VT: 4406bace3030446371df53ebbdc17785",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bccdbe601b0b12183d55d8622c806f6dff181078']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-21T11:34:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59eb30d9-fe98-4fb7-a08d-4a9b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-21T11:34:49.000Z",
|
||
|
"modified": "2017-10-21T11:34:49.000Z",
|
||
|
"first_observed": "2017-10-21T11:34:49Z",
|
||
|
"last_observed": "2017-10-21T11:34:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59eb30d9-fe98-4fb7-a08d-4a9b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59eb30d9-fe98-4fb7-a08d-4a9b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c2978651935f9d2af532605509493c4f588fc332a458eaef3b01199eae1f1897/analysis/1508529259/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|