2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--57722fef-c208-4297-a3bc-40be950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:39.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:39.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--57722fef-c208-4297-a3bc-40be950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:39.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:39.000Z",
|
|
|
|
"name": "OSINT - Linux/GafGyt - DVR devices compromised/infected",
|
|
|
|
"published": "2016-06-28T08:14:14Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--57722ffb-0054-4c6e-9207-041d950d210f",
|
|
|
|
"url--57722ffb-0054-4c6e-9207-041d950d210f",
|
|
|
|
"observed-data--57723009-c638-4c2d-aa9a-4165950d210f",
|
|
|
|
"url--57723009-c638-4c2d-aa9a-4165950d210f",
|
|
|
|
"observed-data--57723021-e848-4ca6-99d5-041e950d210f",
|
|
|
|
"url--57723021-e848-4ca6-99d5-041e950d210f",
|
|
|
|
"observed-data--57723021-e568-4950-b8a7-041e950d210f",
|
|
|
|
"url--57723021-e568-4950-b8a7-041e950d210f",
|
|
|
|
"observed-data--57723022-56b0-4b83-83f6-041e950d210f",
|
|
|
|
"url--57723022-56b0-4b83-83f6-041e950d210f",
|
|
|
|
"indicator--5772305d-b714-4708-b12e-4c06950d210f",
|
|
|
|
"indicator--5772305d-d1d4-4a97-8d9c-45a2950d210f",
|
|
|
|
"indicator--5772305e-5e44-4e1e-9be2-4e9d950d210f",
|
|
|
|
"indicator--5772305e-8ec8-4903-badd-41dc950d210f",
|
|
|
|
"indicator--57723088-74c8-4a50-91db-4010950d210f",
|
|
|
|
"indicator--5772314c-7068-4b8a-9b5e-450d950d210f",
|
|
|
|
"indicator--5772314d-3aa8-465b-810b-47d7950d210f",
|
|
|
|
"indicator--5772314d-7398-4c5b-a449-4199950d210f",
|
|
|
|
"indicator--5772314e-a8d0-4c2e-9703-44ff950d210f",
|
|
|
|
"indicator--5772314e-dd24-4b0c-a407-4492950d210f",
|
|
|
|
"indicator--5772314f-0d60-45aa-b971-4b87950d210f",
|
|
|
|
"indicator--5772314f-d918-4463-9046-4ee2950d210f",
|
|
|
|
"indicator--5772314f-681c-4e87-8118-4ee0950d210f",
|
|
|
|
"indicator--57723150-04e0-49cd-b775-4e42950d210f",
|
|
|
|
"indicator--57723150-7a38-4f2d-a699-464f950d210f",
|
|
|
|
"indicator--57723151-e070-428d-811c-438a950d210f",
|
|
|
|
"indicator--57723151-c37c-41e1-ab85-42e4950d210f",
|
|
|
|
"indicator--57723152-d2c4-45bf-a1b8-4251950d210f",
|
|
|
|
"indicator--57723152-b0a8-4170-930f-4ad1950d210f",
|
|
|
|
"indicator--57723153-0f6c-4a59-99c8-4852950d210f",
|
|
|
|
"indicator--57723177-779c-4ec4-920f-06df02de0b81",
|
|
|
|
"indicator--57723177-8c24-4472-9e06-06df02de0b81",
|
|
|
|
"observed-data--57723178-7b94-479b-8c6f-06df02de0b81",
|
|
|
|
"url--57723178-7b94-479b-8c6f-06df02de0b81",
|
|
|
|
"indicator--57723178-8ab4-4802-85f1-06df02de0b81",
|
|
|
|
"indicator--57723179-da24-4a95-b5aa-06df02de0b81",
|
|
|
|
"observed-data--57723179-7478-4646-8a48-06df02de0b81",
|
|
|
|
"url--57723179-7478-4646-8a48-06df02de0b81",
|
|
|
|
"indicator--5772317a-ffb4-498f-91d5-06df02de0b81",
|
|
|
|
"indicator--5772317a-3b28-43db-81bb-06df02de0b81",
|
|
|
|
"observed-data--5772317b-d0d4-4852-9aac-06df02de0b81",
|
|
|
|
"url--5772317b-d0d4-4852-9aac-06df02de0b81",
|
|
|
|
"indicator--5772317b-2e64-4f7f-a2ee-06df02de0b81",
|
|
|
|
"indicator--5772317b-ee50-4057-96c0-06df02de0b81",
|
|
|
|
"observed-data--5772317c-4e34-48a2-a9ee-06df02de0b81",
|
|
|
|
"url--5772317c-4e34-48a2-a9ee-06df02de0b81",
|
|
|
|
"indicator--5772317c-83d4-4100-9444-06df02de0b81",
|
|
|
|
"indicator--5772317d-a874-4f41-b5c5-06df02de0b81",
|
|
|
|
"observed-data--5772317d-978c-417c-85d2-06df02de0b81",
|
|
|
|
"url--5772317d-978c-417c-85d2-06df02de0b81",
|
|
|
|
"indicator--5772317e-7194-4049-995a-06df02de0b81",
|
|
|
|
"indicator--5772317e-2b60-4333-9d78-06df02de0b81",
|
|
|
|
"observed-data--5772317f-3a00-4614-a100-06df02de0b81",
|
|
|
|
"url--5772317f-3a00-4614-a100-06df02de0b81",
|
|
|
|
"indicator--5772317f-cae0-4143-97fd-06df02de0b81",
|
|
|
|
"indicator--57723180-403c-466d-bc66-06df02de0b81",
|
|
|
|
"observed-data--57723180-7034-442c-ac8d-06df02de0b81",
|
|
|
|
"url--57723180-7034-442c-ac8d-06df02de0b81",
|
|
|
|
"indicator--57723181-3494-421f-9ec2-06df02de0b81",
|
|
|
|
"indicator--57723181-6154-41ac-a3c2-06df02de0b81",
|
|
|
|
"observed-data--57723181-cbdc-44f4-93d4-06df02de0b81",
|
|
|
|
"url--57723181-cbdc-44f4-93d4-06df02de0b81",
|
|
|
|
"indicator--57723182-2b08-4709-a208-06df02de0b81",
|
|
|
|
"indicator--57723182-f490-45f5-b6cf-06df02de0b81",
|
|
|
|
"observed-data--57723183-1108-4569-8c11-06df02de0b81",
|
|
|
|
"url--57723183-1108-4569-8c11-06df02de0b81",
|
|
|
|
"indicator--57723183-fd88-4056-bc0f-06df02de0b81",
|
|
|
|
"indicator--57723184-ae3c-452b-8ae4-06df02de0b81",
|
|
|
|
"observed-data--57723184-df08-49ad-a697-06df02de0b81",
|
|
|
|
"url--57723184-df08-49ad-a697-06df02de0b81",
|
|
|
|
"indicator--57723185-5660-4856-abb0-06df02de0b81",
|
|
|
|
"indicator--57723185-a24c-4031-9612-06df02de0b81",
|
|
|
|
"observed-data--57723186-5170-4f70-9a04-06df02de0b81",
|
|
|
|
"url--57723186-5170-4f70-9a04-06df02de0b81",
|
|
|
|
"indicator--57723186-01e4-4697-9065-06df02de0b81",
|
|
|
|
"indicator--57723187-1084-45a4-911b-06df02de0b81",
|
|
|
|
"observed-data--57723187-fe08-406b-ba40-06df02de0b81",
|
|
|
|
"url--57723187-fe08-406b-ba40-06df02de0b81",
|
|
|
|
"indicator--57723188-8a28-45b9-86e2-06df02de0b81",
|
|
|
|
"indicator--57723188-9684-47a4-b914-06df02de0b81",
|
|
|
|
"observed-data--57723189-e7b0-4f6a-879c-06df02de0b81",
|
|
|
|
"url--57723189-e7b0-4f6a-879c-06df02de0b81",
|
|
|
|
"indicator--57723189-3b7c-45e6-bb3d-06df02de0b81",
|
|
|
|
"indicator--5772318a-d948-4ac2-bfc0-06df02de0b81",
|
|
|
|
"observed-data--5772318a-f0fc-40e6-a1ad-06df02de0b81",
|
|
|
|
"url--5772318a-f0fc-40e6-a1ad-06df02de0b81",
|
|
|
|
"indicator--5772318a-6884-4f00-b7ac-06df02de0b81",
|
|
|
|
"indicator--5772318b-ac78-4cee-adb9-06df02de0b81",
|
|
|
|
"observed-data--5772318b-3358-406a-921b-06df02de0b81",
|
|
|
|
"url--5772318b-3358-406a-921b-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"circl:topic=\"ict\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57722ffb-0054-4c6e-9207-041d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:06:19.000Z",
|
|
|
|
"modified": "2016-06-28T08:06:19.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:06:19Z",
|
|
|
|
"last_observed": "2016-06-28T08:06:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57722ffb-0054-4c6e-9207-041d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57722ffb-0054-4c6e-9207-041d950d210f",
|
|
|
|
"value": "https://otx.alienvault.com/pulse/57711ad9609200013550ca4f/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723009-c638-4c2d-aa9a-4165950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:06:33.000Z",
|
|
|
|
"modified": "2016-06-28T08:06:33.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:06:33Z",
|
|
|
|
"last_observed": "2016-06-28T08:06:33Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723009-c638-4c2d-aa9a-4165950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723009-c638-4c2d-aa9a-4165950d210f",
|
|
|
|
"value": "https://www.reddit.com/r/Malware/comments/4px0gi/telnet_malware_on_the_rise_infecting_dvr_devices/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723021-e848-4ca6-99d5-041e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:06:57.000Z",
|
|
|
|
"modified": "2016-06-28T08:06:57.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:06:57Z",
|
|
|
|
"last_observed": "2016-06-28T08:06:57Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723021-e848-4ca6-99d5-041e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723021-e848-4ca6-99d5-041e950d210f",
|
|
|
|
"value": "https://isc.sans.edu/diary/More+Multi-Architecture+IoT+Malware/20731"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723021-e568-4950-b8a7-041e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:06:57.000Z",
|
|
|
|
"modified": "2016-06-28T08:06:57.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:06:57Z",
|
|
|
|
"last_observed": "2016-06-28T08:06:57Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723021-e568-4950-b8a7-041e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723021-e568-4950-b8a7-041e950d210f",
|
|
|
|
"value": "https://bitninja.io/2016/01/11/port-honeypot-is-ready-for-action/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723022-56b0-4b83-83f6-041e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:06:58.000Z",
|
|
|
|
"modified": "2016-06-28T08:06:58.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:06:58Z",
|
|
|
|
"last_observed": "2016-06-28T08:06:58Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723022-56b0-4b83-83f6-041e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723022-56b0-4b83-83f6-041e950d210f",
|
|
|
|
"value": "https://twitter.com/bartblaze/status/747409050434945024"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772305d-b714-4708-b12e-4c06950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:07:57.000Z",
|
|
|
|
"modified": "2016-06-28T08:07:57.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.222.66.214']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:07:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772305d-d1d4-4a97-8d9c-45a2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:07:57.000Z",
|
|
|
|
"modified": "2016-06-28T08:07:57.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.202.242.80']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:07:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772305e-5e44-4e1e-9be2-4e9d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:07:58.000Z",
|
|
|
|
"modified": "2016-06-28T08:07:58.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.118.193.239']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:07:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772305e-8ec8-4903-badd-41dc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:07:58.000Z",
|
|
|
|
"modified": "2016-06-28T08:07:58.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.67.1.15']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:07:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723088-74c8-4a50-91db-4010950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:08:40.000Z",
|
|
|
|
"modified": "2016-06-28T08:08:40.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.30.210.254']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:08:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772314c-7068-4b8a-9b5e-450d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:11:56.000Z",
|
|
|
|
"modified": "2016-06-28T08:11:56.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '23899602a260225156a757c871eb2654']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:11:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772314d-3aa8-465b-810b-47d7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:11:57.000Z",
|
|
|
|
"modified": "2016-06-28T08:11:57.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '49fe0263b252b5b2709ac2bdcbecfe46']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:11:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772314d-7398-4c5b-a449-4199950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:11:57.000Z",
|
|
|
|
"modified": "2016-06-28T08:11:57.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'dce199485b21563df8609f4bb0c0b5c3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:11:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772314e-a8d0-4c2e-9703-44ff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:11:58.000Z",
|
|
|
|
"modified": "2016-06-28T08:11:58.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '69477ca5eed0f6ceefa34ec8cf655246']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:11:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772314e-dd24-4b0c-a407-4492950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:11:58.000Z",
|
|
|
|
"modified": "2016-06-28T08:11:58.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e63de7dc3f0afcd20d10323d94d5b8d3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:11:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772314f-0d60-45aa-b971-4b87950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:11:59.000Z",
|
|
|
|
"modified": "2016-06-28T08:11:59.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '88aa4e588ac1edbaa93b34884444f21e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:11:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772314f-d918-4463-9046-4ee2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:11:59.000Z",
|
|
|
|
"modified": "2016-06-28T08:11:59.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '842d2f4423392de0fe20c6446280a991']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:11:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772314f-681c-4e87-8118-4ee0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:11:59.000Z",
|
|
|
|
"modified": "2016-06-28T08:11:59.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '321eb5472268010f2c15fe2e46651dd5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:11:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723150-04e0-49cd-b775-4e42950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:00.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:00.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '78dc4c517e826a8c29665d83ee118a96']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723150-7a38-4f2d-a699-464f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:00.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:00.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3c038f728b2d87869327f0b1d232f899']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723151-e070-428d-811c-438a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:01.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:01.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '512cfc1c441ae5348b7dc21442e55e2e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723151-c37c-41e1-ab85-42e4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:01.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:01.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fe8ee254e768ef2676aba92755f34c6a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723152-d2c4-45bf-a1b8-4251950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:02.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:02.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e14c0bb02273eef1c7a7c46709e474d8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723152-b0a8-4170-930f-4ad1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:02.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:02.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ca6c5776e776dd4de6904aaf4b6a547d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723153-0f6c-4a59-99c8-4852950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:03.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:03.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8dc6032667bb6ee266e32d7117d3ca80']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723177-779c-4ec4-920f-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:39.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:39.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 8dc6032667bb6ee266e32d7117d3ca80",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'dc15df4fd8ee7695ee8895d6c08fcfa24de8092c11d045143cd8d9e92330d48a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723177-8c24-4472-9e06-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:39.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:39.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 8dc6032667bb6ee266e32d7117d3ca80",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'b22229b8f7c006983e0c9cd1644378968c981b84']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723178-7b94-479b-8c6f-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:40.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:40.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:40Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:40Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723178-7b94-479b-8c6f-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723178-7b94-479b-8c6f-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/dc15df4fd8ee7695ee8895d6c08fcfa24de8092c11d045143cd8d9e92330d48a/analysis/1455801664/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723178-8ab4-4802-85f1-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:40.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:40.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: ca6c5776e776dd4de6904aaf4b6a547d",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bffedbd067c8c94e8c052dc49df08bd29606355498b84a5dd21c027cb8dd3ef4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723179-da24-4a95-b5aa-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:41.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:41.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: ca6c5776e776dd4de6904aaf4b6a547d",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '9f07a4e8528848ffe7b88a8cf1b891c6a053a8ae']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723179-7478-4646-8a48-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:41.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:41.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:41Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:41Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723179-7478-4646-8a48-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723179-7478-4646-8a48-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/bffedbd067c8c94e8c052dc49df08bd29606355498b84a5dd21c027cb8dd3ef4/analysis/1455801318/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772317a-ffb4-498f-91d5-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:42.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:42.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: e14c0bb02273eef1c7a7c46709e474d8",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6adb257b753301070b1de956ab6b935c6570ed6afac3628c25286e34401a716d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772317a-3b28-43db-81bb-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:42.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:42.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: e14c0bb02273eef1c7a7c46709e474d8",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'bd0af9998c8918c0bd8705164d24d1294b325b36']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5772317b-d0d4-4852-9aac-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:43.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:43.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:43Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:43Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5772317b-d0d4-4852-9aac-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5772317b-d0d4-4852-9aac-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/6adb257b753301070b1de956ab6b935c6570ed6afac3628c25286e34401a716d/analysis/1460103566/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772317b-2e64-4f7f-a2ee-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:43.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:43.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: fe8ee254e768ef2676aba92755f34c6a",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'dbce46b935cb4f05bfd14240b094e9eda16c0d4de22c257c9c35f1ee963b04d6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772317b-ee50-4057-96c0-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:43.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:43.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: fe8ee254e768ef2676aba92755f34c6a",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '394fc3526025bf379775babd5e8ed78d97ba8377']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5772317c-4e34-48a2-a9ee-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:44.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:44.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:44Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5772317c-4e34-48a2-a9ee-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5772317c-4e34-48a2-a9ee-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/dbce46b935cb4f05bfd14240b094e9eda16c0d4de22c257c9c35f1ee963b04d6/analysis/1460103680/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772317c-83d4-4100-9444-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:44.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:44.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 512cfc1c441ae5348b7dc21442e55e2e",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1db98a09bccd1b06d1b17c7697680a32827a6f64f311201f251dc8891eea42b2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772317d-a874-4f41-b5c5-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:45.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:45.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 512cfc1c441ae5348b7dc21442e55e2e",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'f84019211f7fc232defa56f5a87169afd7838db7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5772317d-978c-417c-85d2-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:45.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:45.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:45Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:45Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5772317d-978c-417c-85d2-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5772317d-978c-417c-85d2-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/1db98a09bccd1b06d1b17c7697680a32827a6f64f311201f251dc8891eea42b2/analysis/1460103501/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772317e-7194-4049-995a-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:46.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:46.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 3c038f728b2d87869327f0b1d232f899",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4b668014046dfc2e0b5595e2ea423d79cacb7b8275a2dcfb1376b5d6e8a7f27a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772317e-2b60-4333-9d78-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:46.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:46.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 3c038f728b2d87869327f0b1d232f899",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e7ec06e87e83a51ed07567251e8ade99e2af9c99']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5772317f-3a00-4614-a100-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:47.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:47.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:47Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:47Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5772317f-3a00-4614-a100-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5772317f-3a00-4614-a100-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/4b668014046dfc2e0b5595e2ea423d79cacb7b8275a2dcfb1376b5d6e8a7f27a/analysis/1452649990/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772317f-cae0-4143-97fd-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:47.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:47.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 78dc4c517e826a8c29665d83ee118a96",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '93d787c00b4f96eb1aedacefdcd21024d99fca630bcfca4051d097de6517d20f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723180-403c-466d-bc66-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:48.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:48.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 78dc4c517e826a8c29665d83ee118a96",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8cf359bfa882cec3567776daa2c2414409e355bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723180-7034-442c-ac8d-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:48.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:48.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:48Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723180-7034-442c-ac8d-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723180-7034-442c-ac8d-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/93d787c00b4f96eb1aedacefdcd21024d99fca630bcfca4051d097de6517d20f/analysis/1448320139/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723181-3494-421f-9ec2-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:49.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:49.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 321eb5472268010f2c15fe2e46651dd5",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '53dda69ad144382a07e38c7db53a6be5ba4ecafa726d4cac711107ba0bd97a80']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723181-6154-41ac-a3c2-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:49.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:49.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 321eb5472268010f2c15fe2e46651dd5",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '84e36ab9099ec6aa385670385cc853078b727be2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723181-cbdc-44f4-93d4-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:49.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:49.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:49Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723181-cbdc-44f4-93d4-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723181-cbdc-44f4-93d4-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/53dda69ad144382a07e38c7db53a6be5ba4ecafa726d4cac711107ba0bd97a80/analysis/1454154465/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723182-2b08-4709-a208-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:50.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:50.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 842d2f4423392de0fe20c6446280a991",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6c4dd25bad713dc8116ab1a6d4ae0febb2e51f0dd364a75097ea4de37ab7b935']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723182-f490-45f5-b6cf-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:50.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:50.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 842d2f4423392de0fe20c6446280a991",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'aa175e75773d46e5908678345a310057a6840c6f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723183-1108-4569-8c11-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:51.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:51.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:51Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723183-1108-4569-8c11-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723183-1108-4569-8c11-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/6c4dd25bad713dc8116ab1a6d4ae0febb2e51f0dd364a75097ea4de37ab7b935/analysis/1452650720/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723183-fd88-4056-bc0f-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:51.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:51.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 88aa4e588ac1edbaa93b34884444f21e",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7d80756e208cc14d86f84dd72191a76e6efdcce645b0467dc21bef4d82bda5a8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723184-ae3c-452b-8ae4-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:52.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:52.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 88aa4e588ac1edbaa93b34884444f21e",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '604d384c8264429ffcfe7d4f56dfde8a24037780']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723184-df08-49ad-a697-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:52.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:52.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:52Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723184-df08-49ad-a697-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723184-df08-49ad-a697-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/7d80756e208cc14d86f84dd72191a76e6efdcce645b0467dc21bef4d82bda5a8/analysis/1467029152/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723185-5660-4856-abb0-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:53.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:53.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: e63de7dc3f0afcd20d10323d94d5b8d3",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a33d258694568b7a2eb2fccc4419479c6c7482c87dcc73ab4a2c85ffbe27068b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723185-a24c-4031-9612-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:53.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:53.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: e63de7dc3f0afcd20d10323d94d5b8d3",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8932991f302b3bff67036edbd0bc1bbe3c36d9c3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723186-5170-4f70-9a04-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:54.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:54.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:54Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:54Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723186-5170-4f70-9a04-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723186-5170-4f70-9a04-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/a33d258694568b7a2eb2fccc4419479c6c7482c87dcc73ab4a2c85ffbe27068b/analysis/1467029150/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723186-01e4-4697-9065-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:54.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:54.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 69477ca5eed0f6ceefa34ec8cf655246",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b610378992e657d1aa211d27577a3745f8cc6514dc03787cf963916eb0bc6247']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723187-1084-45a4-911b-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:55.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:55.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 69477ca5eed0f6ceefa34ec8cf655246",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5175555630b66e5a01030cf4c62c32c272038d20']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723187-fe08-406b-ba40-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:55.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:55.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:55Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723187-fe08-406b-ba40-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723187-fe08-406b-ba40-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/b610378992e657d1aa211d27577a3745f8cc6514dc03787cf963916eb0bc6247/analysis/1467030142/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723188-8a28-45b9-86e2-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:56.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:56.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: dce199485b21563df8609f4bb0c0b5c3",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c1ac12ab98190d29bd29d4ddfb2da325e6db5124a248d824532055428d7b5970']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723188-9684-47a4-b914-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:56.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:56.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: dce199485b21563df8609f4bb0c0b5c3",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '03e7d7f6ca97e3359ee6958e53dd8be92833adb7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57723189-e7b0-4f6a-879c-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:57.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:57.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:57Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:57Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57723189-e7b0-4f6a-879c-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57723189-e7b0-4f6a-879c-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/c1ac12ab98190d29bd29d4ddfb2da325e6db5124a248d824532055428d7b5970/analysis/1466965905/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57723189-3b7c-45e6-bb3d-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:57.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:57.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 49fe0263b252b5b2709ac2bdcbecfe46",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5e131ab7d131d69238667545056e718c2ca290bfd660e12e1093ec0e9d78755a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772318a-d948-4ac2-bfc0-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:58.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:58.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 49fe0263b252b5b2709ac2bdcbecfe46",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '2f4e1c1781cb292b1f486113b8cbff3567aa3ef6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5772318a-f0fc-40e6-a1ad-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:58.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:58.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:58Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:58Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5772318a-f0fc-40e6-a1ad-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5772318a-f0fc-40e6-a1ad-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/5e131ab7d131d69238667545056e718c2ca290bfd660e12e1093ec0e9d78755a/analysis/1467030486/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772318a-6884-4f00-b7ac-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:58.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:58.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 23899602a260225156a757c871eb2654",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a78448f08a6f3dd58b2f1d3b7e61407ba7b9cce63f00f3568236132519d86e08']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5772318b-ac78-4cee-adb9-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:59.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:59.000Z",
|
|
|
|
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 23899602a260225156a757c871eb2654",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0674a065906c928f9b24817a1b5394f285eb4a9d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-06-28T08:12:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5772318b-3358-406a-921b-06df02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-06-28T08:12:59.000Z",
|
|
|
|
"modified": "2016-06-28T08:12:59.000Z",
|
|
|
|
"first_observed": "2016-06-28T08:12:59Z",
|
|
|
|
"last_observed": "2016-06-28T08:12:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5772318b-3358-406a-921b-06df02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5772318b-3358-406a-921b-06df02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/a78448f08a6f3dd58b2f1d3b7e61407ba7b9cce63f00f3568236132519d86e08/analysis/1467029148/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|