2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--55a8d7b5-9ab8-476f-982f-1e08950d210b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-22T20:23:29.000Z",
|
|
|
|
"modified": "2017-06-22T20:23:29.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--55a8d7b5-9ab8-476f-982f-1e08950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-22T20:23:29.000Z",
|
|
|
|
"modified": "2017-06-22T20:23:29.000Z",
|
|
|
|
"name": "OSINT Tracking MiniDionis: CozyCar\u00e2\u20ac\u2122s New Ride Is Related to Seaduke by Unit 42 Palo Alto Networks",
|
|
|
|
"published": "2017-06-22T20:23:40Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--55a8d7c6-d244-4227-b722-0a95950d210b",
|
|
|
|
"url--55a8d7c6-d244-4227-b722-0a95950d210b",
|
|
|
|
"x-misp-attribute--55a8d832-0574-4fca-b203-1e12950d210b",
|
|
|
|
"x-misp-attribute--55a8d832-74ec-4410-931a-1e12950d210b",
|
|
|
|
"x-misp-attribute--55a8d833-47ac-4cdd-80c3-1e12950d210b",
|
|
|
|
"x-misp-attribute--55a8d833-e4e0-452f-85fb-1e12950d210b",
|
|
|
|
"x-misp-attribute--55a8d833-eb14-47be-9ec2-1e12950d210b",
|
|
|
|
"indicator--55a8d87d-d740-4af4-9c4f-1e09950d210b",
|
|
|
|
"indicator--55a8d87d-603c-4816-b9c6-1e09950d210b",
|
|
|
|
"indicator--55a8d87d-9660-4f64-8346-1e09950d210b",
|
|
|
|
"indicator--55a8d87d-0ce4-4c7f-8336-1e09950d210b",
|
|
|
|
"indicator--55a8d87d-ccbc-4df1-9291-1e09950d210b",
|
|
|
|
"indicator--55a8d87e-6ecc-456d-a0b3-1e09950d210b",
|
|
|
|
"indicator--55a8d87e-dcc8-4977-b1a7-1e09950d210b",
|
|
|
|
"indicator--55a8d87e-24e8-45ca-8571-1e09950d210b",
|
|
|
|
"indicator--55a8d87e-70bc-4f1e-95c6-1e09950d210b",
|
|
|
|
"indicator--55a8d87e-2ea8-49b5-a63b-1e09950d210b",
|
|
|
|
"indicator--55a8d87e-86fc-45ce-ad84-1e09950d210b",
|
|
|
|
"indicator--55a8d87f-7f78-4cad-8b76-1e09950d210b",
|
|
|
|
"indicator--55a8d87f-dfac-48e8-b766-1e09950d210b",
|
|
|
|
"indicator--55a8d87f-d488-4f87-bebd-1e09950d210b",
|
|
|
|
"indicator--55a8d87f-eae4-4101-ab07-1e09950d210b",
|
|
|
|
"indicator--55a8d87f-c3fc-45a3-9f6d-1e09950d210b",
|
|
|
|
"indicator--55a8d87f-ad60-40f8-a44f-1e09950d210b",
|
|
|
|
"indicator--55a8d880-220c-4416-9802-1e09950d210b",
|
|
|
|
"indicator--55a8d880-1360-4bd0-8009-1e09950d210b",
|
|
|
|
"indicator--55a8d880-16a8-4a6e-9146-1e09950d210b",
|
|
|
|
"indicator--55a8d880-2520-4091-8ed7-1e09950d210b",
|
|
|
|
"indicator--55a8d880-a864-4c08-8561-1e09950d210b",
|
|
|
|
"indicator--55a8d880-31cc-4873-abb6-1e09950d210b",
|
|
|
|
"indicator--55a8d881-34fc-4888-8f09-1e09950d210b",
|
|
|
|
"indicator--55a8d881-e6b4-4bb7-8954-1e09950d210b",
|
|
|
|
"indicator--55a8d881-ed1c-4ea2-87c6-1e09950d210b",
|
|
|
|
"indicator--55a8d881-6f18-4bda-b8c8-1e09950d210b",
|
|
|
|
"indicator--55a8d881-afa0-4770-ba27-1e09950d210b",
|
|
|
|
"indicator--55a8d882-c3e4-44cf-a492-1e09950d210b",
|
|
|
|
"indicator--55a8d882-59cc-4c5e-ae3c-1e09950d210b",
|
|
|
|
"indicator--55a8d882-ee38-44af-a76b-1e09950d210b",
|
|
|
|
"indicator--55a8d882-aba8-45bf-b05f-1e09950d210b",
|
|
|
|
"indicator--55a8d882-c450-48f3-a2e2-1e09950d210b",
|
|
|
|
"indicator--55a8d882-90a8-4a2c-803b-1e09950d210b",
|
|
|
|
"indicator--55a8d883-95ec-4b82-81ce-1e09950d210b",
|
|
|
|
"indicator--55a8d883-4e34-4bc9-a3a6-1e09950d210b",
|
|
|
|
"indicator--55a8d883-4340-4526-9fba-1e09950d210b",
|
|
|
|
"indicator--55a8d883-fbec-4b6e-98da-1e09950d210b",
|
|
|
|
"indicator--56c66199-f660-442d-a56f-4018950d210f",
|
|
|
|
"indicator--56c6619b-364c-483a-a98c-5f51950d210f",
|
|
|
|
"indicator--56c6619d-dd70-4f78-a6df-c654950d210f",
|
|
|
|
"indicator--56c6619f-0140-465a-b935-46c4950d210f",
|
|
|
|
"indicator--56c661a1-c460-4e63-a598-c654950d210f",
|
|
|
|
"indicator--56c661a3-ad2c-4aa9-8031-449f950d210f",
|
|
|
|
"indicator--56c661a5-2f24-4f16-b1f8-59a0950d210f",
|
|
|
|
"indicator--56c661a7-1cd8-42a2-96bf-c650950d210f",
|
|
|
|
"indicator--56c661a8-987c-466c-bb08-4061950d210f",
|
|
|
|
"indicator--56c661aa-4af8-44cd-89fc-44f9950d210f",
|
|
|
|
"indicator--56c661ac-0bc8-47b1-b16e-5f51950d210f",
|
|
|
|
"indicator--56c661ad-50e4-40bc-86ff-4c1e950d210f",
|
|
|
|
"indicator--56c661af-bedc-4409-b7aa-59a3950d210f",
|
|
|
|
"indicator--56c661b1-73dc-43df-8956-599c950d210f",
|
|
|
|
"indicator--56c661b3-c16c-46ec-aa81-413e950d210f",
|
|
|
|
"indicator--56c661b4-cec0-4654-8680-c650950d210f",
|
|
|
|
"indicator--56c661b6-a010-4c3b-a8e1-5f51950d210f",
|
|
|
|
"indicator--56c6619b-541c-4004-b18c-59a1950d210f",
|
|
|
|
"indicator--56c6619c-dd34-4525-9a1f-599f950d210f",
|
|
|
|
"indicator--56c6619e-e154-4934-9b79-59a0950d210f",
|
|
|
|
"indicator--56c661a0-a904-4b8f-bea4-599d950d210f",
|
|
|
|
"indicator--56c661a2-f110-4175-982b-59a1950d210f",
|
|
|
|
"indicator--56c661a4-7468-4e15-b617-599c950d210f",
|
|
|
|
"indicator--56c661a6-9430-40a4-bf62-c654950d210f",
|
|
|
|
"indicator--56c661a8-5908-4640-9e06-59a2950d210f",
|
|
|
|
"indicator--56c661a9-ccd0-498e-8683-59a0950d210f",
|
|
|
|
"indicator--56c661ab-a3c4-4e42-aa11-599c950d210f",
|
|
|
|
"indicator--56c661ac-cb0c-4467-8401-599f950d210f",
|
|
|
|
"indicator--56c661ae-d8c4-4040-a829-59a1950d210f",
|
|
|
|
"indicator--56c661b0-91ec-4b98-a0d3-47f2950d210f",
|
|
|
|
"indicator--56c661b2-b4b8-45a2-9a03-59a0950d210f",
|
|
|
|
"indicator--56c661b4-b8e0-4a13-a360-599e950d210f",
|
|
|
|
"indicator--56c661b5-f4cc-4409-91a3-59a2950d210f",
|
|
|
|
"indicator--56c661b7-ceb0-46b5-9f45-5ca1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"misp-galaxy:threat-actor=\"APT 29\"",
|
|
|
|
"misp-galaxy:tool=\"Trojan.Seaduke\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--55a8d7c6-d244-4227-b722-0a95950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:24:06.000Z",
|
|
|
|
"modified": "2015-07-17T10:24:06.000Z",
|
|
|
|
"first_observed": "2015-07-17T10:24:06Z",
|
|
|
|
"last_observed": "2015-07-17T10:24:06Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--55a8d7c6-d244-4227-b722-0a95950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--55a8d7c6-d244-4227-b722-0a95950d210b",
|
|
|
|
"value": "http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--55a8d832-0574-4fca-b203-1e12950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:25:54.000Z",
|
|
|
|
"modified": "2015-07-17T10:25:54.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "CozyCar"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--55a8d832-74ec-4410-931a-1e12950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:25:54.000Z",
|
|
|
|
"modified": "2015-07-17T10:25:54.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Cozy Car"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--55a8d833-47ac-4cdd-80c3-1e12950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:25:55.000Z",
|
|
|
|
"modified": "2015-07-17T10:25:55.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Seaduke"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--55a8d833-e4e0-452f-85fb-1e12950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:25:55.000Z",
|
|
|
|
"modified": "2015-07-17T10:25:55.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Mini Dionis"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--55a8d833-eb14-47be-9ec2-1e12950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:25:55.000Z",
|
|
|
|
"modified": "2015-07-17T10:25:55.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Minidionis"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87d-d740-4af4-9c4f-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:09.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:09.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[domain-name:value = 'ff.whitebirchpaper.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87d-603c-4816-b9c6-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:09.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:09.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[domain-name:value = 'visionresearch.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87d-9660-4f64-8346-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:09.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:09.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[domain-name:value = 'betawebservices.ntnonline.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87d-0ce4-4c7f-8336-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:09.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:09.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[domain-name:value = 'staff.shasta.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87d-ccbc-4df1-9291-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:09.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:09.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[domain-name:value = 'extranet.qualityplanning.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87e-6ecc-456d-a0b3-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:10.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:10.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[domain-name:value = 'secure.hgl.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87e-dcc8-4977-b1a7-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:10.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:10.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[domain-name:value = 'illuminatistudios.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87e-24e8-45ca-8571-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:10.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:10.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.254.16.168']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87e-70bc-4f1e-95c6-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:10.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:10.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.226.132.7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87e-2ea8-49b5-a63b-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:10.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:10.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.228.193.115']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87e-86fc-45ce-ad84-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:10.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:10.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '01039a95e0a14767784acc8f07035935']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87f-7f78-4cad-8b76-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:11.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:11.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0f9534b63cb7af1e3aa34839d7d6e632']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87f-dfac-48e8-b766-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:11.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:11.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2e64131c0426a18c1c363ec69ae6b5f2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87f-d488-4f87-bebd-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:11.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:11.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '70f5574e4e7ad360f4f5c2117a7a1ca7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87f-eae4-4101-ab07-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:11.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:11.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1dd593ad084e1526c8facce834b0e124']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87f-c3fc-45a3-9f6d-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:11.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:11.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '42ffc84c6381a18b1f6d000b94c74b09']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d87f-ad60-40f8-a44f-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:11.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:11.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '719cf63a3922953ceaca6fb4dbed6584']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d880-220c-4416-9802-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:12.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:12.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'f415470b9f0edc1298b1f6ae75dfaf31']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d880-1360-4bd0-8009-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:12.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:12.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ca770a4c9881afcd610aad30aa53f651']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d880-16a8-4a6e-9146-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:12.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:12.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '24083e6186bc773cd9c2e70a49309763']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d880-2520-4091-8ed7-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:12.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:12.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b0a9a175e2407352214b2d005253bc0c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d880-a864-4c08-8561-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:12.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:12.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b55628a605a5dfb5005c44220ae03b8a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d880-31cc-4873-abb6-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:12.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:12.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '26bd36cc57e30656363ca89910579f63']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d881-34fc-4888-8f09-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:13.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:13.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a9c045c401afb9766e2ca838dc6f47a4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d881-e6b4-4bb7-8954-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:13.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:13.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'f8cb10b2ee8af6c5555e9cf3701b845f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d881-ed1c-4ea2-87c6-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:13.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:13.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c8b49b42e6ebb6b977ce7001b6bd96c8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d881-6f18-4bda-b8c8-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:13.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:13.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '030da7510113c28ee68df8a19c643bb0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d881-afa0-4770-ba27-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:13.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:13.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e07ef8ffe965ec8b72041ddf9527cac4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d882-c3e4-44cf-a492-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:14.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:14.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4cbd9a0832dcf23867b092de37c10d9d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d882-59cc-4c5e-ae3c-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:14.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:14.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3a04a5d7ed785daa16f4ebfd3acf0867']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d882-ee38-44af-a76b-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:14.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:14.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9018fa0826f237342471895f315dbf39']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d882-aba8-45bf-b05f-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:14.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:14.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '98613ecb3afde5fc48ca4204f8363f1d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d882-c450-48f3-a2e2-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:14.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:14.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e00bf9b8261410744c10ae3fe2ce9049']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d882-90a8-4a2c-803b-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:14.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:14.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '51ea28f4f3fa794d5b207475897b1eef']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d883-95ec-4b82-81ce-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:15.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:15.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3195110045f64a3c83fc3e043c46d253']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d883-4e34-4bc9-a3a6-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:15.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:15.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[domain-name:value = 'connectads.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d883-4340-4526-9fba-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:15.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:15.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[domain-name:value = 'kane-consulting.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--55a8d883-fbec-4b6e-98da-1e09950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-07-17T10:27:15.000Z",
|
|
|
|
"modified": "2015-07-17T10:27:15.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[domain-name:value = 'edadmin.kearsney.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-07-17T10:27:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c66199-f660-442d-a56f-4018950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:09.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:09.000Z",
|
|
|
|
"description": "Automatically added (via 0f9534b63cb7af1e3aa34839d7d6e632)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '890b943ba5c43b74ad2965874a21c7ef4ba896ff']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6619b-364c-483a-a98c-5f51950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:11.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:11.000Z",
|
|
|
|
"description": "Automatically added (via 2e64131c0426a18c1c363ec69ae6b5f2)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '6c95cdbe7d3c65104abd0912aa7dc99099887030']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6619d-dd70-4f78-a6df-c654950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:13.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:13.000Z",
|
|
|
|
"description": "Automatically added (via 70f5574e4e7ad360f4f5c2117a7a1ca7)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '84ba6b6a0a3999c0932f35298948f149ee05bc02']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6619f-0140-465a-b935-46c4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:15.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:15.000Z",
|
|
|
|
"description": "Automatically added (via 42ffc84c6381a18b1f6d000b94c74b09)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '47f26990d063c947debbde0e10bd267fb0f32719']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a1-c460-4e63-a598-c654950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:17.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:17.000Z",
|
|
|
|
"description": "Automatically added (via 719cf63a3922953ceaca6fb4dbed6584)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'f19873b6d0db1d2dde9134d69f5e2d5f6b939aa7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a3-ad2c-4aa9-8031-449f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:19.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:19.000Z",
|
|
|
|
"description": "Automatically added (via b0a9a175e2407352214b2d005253bc0c)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'cc15924d37e36060faa405e5fa8f6ca15a3cace2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a5-2f24-4f16-b1f8-59a0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:21.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:21.000Z",
|
|
|
|
"description": "Automatically added (via a9c045c401afb9766e2ca838dc6f47a4)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7b8851f98f765038f275489c69a485e1bed4f82d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a7-1cd8-42a2-96bf-c650950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:23.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:23.000Z",
|
|
|
|
"description": "Automatically added (via c8b49b42e6ebb6b977ce7001b6bd96c8)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '9eae02e8d4bc405afd78dd364e96650f3608bf3b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a8-987c-466c-bb08-4061950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:24.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:24.000Z",
|
|
|
|
"description": "Automatically added (via 030da7510113c28ee68df8a19c643bb0)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '4f977debaa25925e82f254080e8f7c42b70cb669']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661aa-4af8-44cd-89fc-44f9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:26.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:26.000Z",
|
|
|
|
"description": "Automatically added (via e07ef8ffe965ec8b72041ddf9527cac4)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '71031ebb535923722c8fcfdcba127e4fdef24f49']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661ac-0bc8-47b1-b16e-5f51950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:28.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:28.000Z",
|
|
|
|
"description": "Automatically added (via 4cbd9a0832dcf23867b092de37c10d9d)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '38dd05b9cc892491347f4347870a6b77d9aea856']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661ad-50e4-40bc-86ff-4c1e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:29.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:29.000Z",
|
|
|
|
"description": "Automatically added (via 3a04a5d7ed785daa16f4ebfd3acf0867)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '10b31a17449705be20890ddd8ad97a2feb093674']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661af-bedc-4409-b7aa-59a3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:31.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:31.000Z",
|
|
|
|
"description": "Automatically added (via 9018fa0826f237342471895f315dbf39)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '910dfe45905b63c12c6f93193f5dc08f5b012bc3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661b1-73dc-43df-8956-599c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:33.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:33.000Z",
|
|
|
|
"description": "Automatically added (via 98613ecb3afde5fc48ca4204f8363f1d)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5875e9e27607aab5d39e312cd141d8941b077462']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661b3-c16c-46ec-aa81-413e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:35.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:35.000Z",
|
|
|
|
"description": "Automatically added (via e00bf9b8261410744c10ae3fe2ce9049)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '44403a3e51e337c1372b0becdab74313125452c7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661b4-cec0-4654-8680-c650950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:36.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:36.000Z",
|
|
|
|
"description": "Automatically added (via 51ea28f4f3fa794d5b207475897b1eef)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '9eef49fc724b9f40be795a80bc6363eb0c6b6dd6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661b6-a010-4c3b-a8e1-5f51950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:38.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:38.000Z",
|
|
|
|
"description": "Automatically added (via 3195110045f64a3c83fc3e043c46d253)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'd7f7aef824265136ad077ae4f874d265ae45a6b0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6619b-541c-4004-b18c-59a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:11.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:11.000Z",
|
|
|
|
"description": "Automatically added (via 0f9534b63cb7af1e3aa34839d7d6e632)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '08b410d359ec2d6cab73bd6c0be138d9bdc475e3f63fec65794a74e5d5958b3b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6619c-dd34-4525-9a1f-599f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:12.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:12.000Z",
|
|
|
|
"description": "Automatically added (via 2e64131c0426a18c1c363ec69ae6b5f2)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '26fdc7682cf367d4d1e635a40beab0762cee43978a0f86867be03aab81244107']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6619e-e154-4934-9b79-59a0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:14.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:14.000Z",
|
|
|
|
"description": "Automatically added (via 70f5574e4e7ad360f4f5c2117a7a1ca7)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a713982d04d2048a575912a5fc37c93091619becd5b21e96f049890435940004']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a0-a904-4b8f-bea4-599d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:16.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:16.000Z",
|
|
|
|
"description": "Automatically added (via 42ffc84c6381a18b1f6d000b94c74b09)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c1ee4232d1b6504fc7f93cb0478e90049a71992498ed2d701925d852e91cfcc3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a2-f110-4175-982b-59a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:18.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:18.000Z",
|
|
|
|
"description": "Automatically added (via 719cf63a3922953ceaca6fb4dbed6584)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a544aa392c1f519aebdb2a7b6dc23290082b7f7103c7e3022af35dfd6bc10dde']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a4-7468-4e15-b617-599c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:20.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:20.000Z",
|
|
|
|
"description": "Automatically added (via b0a9a175e2407352214b2d005253bc0c)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a6-9430-40a4-bf62-c654950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:22.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:22.000Z",
|
|
|
|
"description": "Automatically added (via a9c045c401afb9766e2ca838dc6f47a4)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd3d503934c0dfe75e386d0fb8da2e32238d93739624b6c5a929fe5b722b35d36']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a8-5908-4640-9e06-59a2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:24.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:24.000Z",
|
|
|
|
"description": "Automatically added (via c8b49b42e6ebb6b977ce7001b6bd96c8)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '93ecd67c6102802e2e058eac512a2c75434912c28dc2eae6c108451272008bc5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661a9-ccd0-498e-8683-59a0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:25.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:25.000Z",
|
|
|
|
"description": "Automatically added (via 030da7510113c28ee68df8a19c643bb0)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7b3e344ea44a9b5fdcee89818435d377b4413e704f8c2ef5522a0255bd4eca74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661ab-a3c4-4e42-aa11-599c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:27.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:27.000Z",
|
|
|
|
"description": "Automatically added (via e07ef8ffe965ec8b72041ddf9527cac4)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '502e42dc99873c52c3ca11dd3df25aad40d2b083069e8c22dd45da887f81d14d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661ac-cb0c-4467-8401-599f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:28.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:28.000Z",
|
|
|
|
"description": "Automatically added (via 4cbd9a0832dcf23867b092de37c10d9d)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2a36823323b857921d056c0161fc15d47f29b7513443346a0aeb537cbf437f0d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661ae-d8c4-4040-a829-59a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:30.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:30.000Z",
|
|
|
|
"description": "Automatically added (via 3a04a5d7ed785daa16f4ebfd3acf0867)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ee5eb9d57c3611e91a27bb1fc2d0aaa6bbfa6c69ab16e65e7123c7c49d46f145']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661b0-91ec-4b98-a0d3-47f2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:32.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:32.000Z",
|
|
|
|
"description": "Automatically added (via 9018fa0826f237342471895f315dbf39)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ed7abf93963395ce9c9cba83a864acb4ed5b6e57fd9a6153f0248b8ccc4fdb46']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661b2-b4b8-45a2-9a03-59a0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:34.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:34.000Z",
|
|
|
|
"description": "Automatically added (via 98613ecb3afde5fc48ca4204f8363f1d)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7f8d8992dda6a48c54234e76cf0a0f445842aea1cd91d3252185c7b436e51cde']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661b4-b8e0-4a13-a360-599e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:36.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:36.000Z",
|
|
|
|
"description": "Automatically added (via e00bf9b8261410744c10ae3fe2ce9049)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '56ac764b81eb216ebed5a5ad38e703805ba3e1ca7d63501ba60a1fb52c7ebb6e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661b5-f4cc-4409-91a3-59a2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:37.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:37.000Z",
|
|
|
|
"description": "Automatically added (via 51ea28f4f3fa794d5b207475897b1eef)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c661b7-ceb0-46b5-9f45-5ca1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-19T00:28:39.000Z",
|
|
|
|
"modified": "2016-02-19T00:28:39.000Z",
|
|
|
|
"description": "Automatically added (via 3195110045f64a3c83fc3e043c46d253)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '88a40d5b679bccf9641009514b3d18b09e68b609ffaf414574a6eca6536e8b8f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-19T00:28:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|