2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--594d1a36-8ca8-451c-83a6-6266950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--594d1a36-8ca8-451c-83a6-6266950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"name": "OSINT Following the Trail of BlackTech\u00e2\u20ac\u2122s Cyber Espionage Campaigns by TrendMicro",
|
|
|
|
"published": "2017-06-26T12:40:19Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--594d1b0a-4de0-4f24-85f6-3252950d210f",
|
|
|
|
"url--594d1b0a-4de0-4f24-85f6-3252950d210f",
|
|
|
|
"observed-data--594d1b0c-f570-42f3-b4bc-3252950d210f",
|
|
|
|
"url--594d1b0c-f570-42f3-b4bc-3252950d210f",
|
|
|
|
"indicator--594d1b5c-f2f0-4dcd-a4ec-1911950d210f",
|
|
|
|
"indicator--594d1b5d-fecc-45a9-a88a-1911950d210f",
|
|
|
|
"indicator--594d1b5e-9be4-4988-af41-1911950d210f",
|
|
|
|
"indicator--594d1b5e-7234-4ff1-9776-1911950d210f",
|
|
|
|
"indicator--594d1b5f-3ff4-45da-b5be-1911950d210f",
|
|
|
|
"indicator--594d1b61-3504-48b0-95a7-1911950d210f",
|
|
|
|
"indicator--594d1b62-5148-468f-a4bc-1911950d210f",
|
|
|
|
"indicator--594d1b63-6cb0-43ed-9f8a-1911950d210f",
|
|
|
|
"indicator--594d1b64-7ed8-4a4f-9da8-1911950d210f",
|
|
|
|
"indicator--594d1b65-eee8-4ac6-9441-1911950d210f",
|
|
|
|
"indicator--594d1b66-b210-4abd-996a-1911950d210f",
|
|
|
|
"indicator--594d1b67-ba84-4550-ac07-1911950d210f",
|
|
|
|
"indicator--594d1b69-b700-4ca8-b769-1911950d210f",
|
|
|
|
"indicator--594d1b6a-fcc0-4a2e-8d45-1911950d210f",
|
|
|
|
"indicator--594d1b6b-23ac-4b1b-a665-1911950d210f",
|
|
|
|
"indicator--594d1b6c-b9c0-4f2d-addf-1911950d210f",
|
|
|
|
"indicator--594d1b6d-6688-453c-aaa6-1911950d210f",
|
|
|
|
"indicator--594d1b6f-4574-4047-a987-1911950d210f",
|
|
|
|
"indicator--594d1b70-5f04-422b-8e15-1911950d210f",
|
|
|
|
"indicator--594d1b71-9a1c-40ef-8f4d-1911950d210f",
|
|
|
|
"indicator--594d1b72-f174-4a40-9537-1911950d210f",
|
|
|
|
"indicator--594d1b73-a8ec-4672-9919-1911950d210f",
|
|
|
|
"indicator--594d1b75-01d8-4641-b8b1-1911950d210f",
|
|
|
|
"indicator--594d1b76-538c-4760-829b-1911950d210f",
|
|
|
|
"indicator--594d1b77-5770-4b08-af49-1911950d210f",
|
|
|
|
"indicator--594d1b78-b1d8-4417-a4a1-1911950d210f",
|
|
|
|
"indicator--594d1b7a-7d28-41b0-8adc-1911950d210f",
|
|
|
|
"indicator--594d1b7b-b268-462b-9d49-1911950d210f",
|
|
|
|
"indicator--594d1ba5-6d90-40d3-9659-6b98950d210f",
|
|
|
|
"indicator--594d1ba7-ce68-4138-9523-6b98950d210f",
|
|
|
|
"indicator--594d1ba7-0f6c-4c27-81f0-6b98950d210f",
|
|
|
|
"indicator--594d1ba7-eb68-4662-9892-6b98950d210f",
|
|
|
|
"indicator--594d1ba8-6314-4adc-9a58-6b98950d210f",
|
|
|
|
"indicator--594d1ba8-5010-4c55-af93-6b98950d210f",
|
|
|
|
"indicator--594d1ba8-39f0-41fe-b74a-6b98950d210f",
|
|
|
|
"indicator--594d1ba8-0220-418b-a854-6b98950d210f",
|
|
|
|
"indicator--594d1ba8-a274-477c-94ee-6b98950d210f",
|
|
|
|
"indicator--594d1ba9-6cf0-4d4e-8c4c-6b98950d210f",
|
|
|
|
"indicator--5950f7d7-3500-43bb-8d99-4e50950d210f",
|
|
|
|
"indicator--5950f7d7-e830-4685-8e2e-46c2950d210f",
|
|
|
|
"indicator--5950f7d7-ca20-4b8e-921e-46e4950d210f",
|
|
|
|
"indicator--5950f7d7-1638-42ef-a30d-4c36950d210f",
|
|
|
|
"indicator--5950f7d7-51e8-472e-9b58-4a90950d210f",
|
|
|
|
"indicator--5950f8b1-5308-4c4e-992c-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-eb60-4c51-90cd-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-76ac-464c-9951-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-2a58-4082-90dc-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-20f4-49d0-8a29-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-f12c-4432-85c1-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-0d90-4dba-911f-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-0728-46f5-aa98-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-f558-4d37-a4a5-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-c830-4466-9f7c-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-7718-4a7a-9a44-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-02d0-4d34-9fe4-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-c6f8-4e79-8198-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-69c8-42f3-83f9-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-c8a0-49fd-b9dc-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-3074-4eb3-b14e-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-82cc-4474-9dd7-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-badc-4527-a451-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-ff88-40c1-b46e-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-327c-4aa6-8b24-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-d1c8-424f-a9e6-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-bbf8-4ec8-870c-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-4868-4ac5-b7f0-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-4094-45a4-a702-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-fdc8-49f0-8f57-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-8dfc-4d63-aa40-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-6844-45b2-b966-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-a01c-475c-881b-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-9ae8-4c2b-8c25-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-9f14-43fa-96c0-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-e178-49c7-a179-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-4978-4968-9597-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-7500-49ec-ad89-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-0e70-495e-88c6-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-8a64-487a-85ca-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-7e20-4200-b766-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-6efc-4a58-bd9e-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-3b8c-46b5-ac7c-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-f9e8-418f-9ccb-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-3ec8-4c39-854f-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-0a2c-49bb-bc9e-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-2c38-43cf-8a48-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-5920-4b50-ae86-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-0814-4c5b-8453-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-0cb8-42a8-b068-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-9f8c-4311-89d2-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-c074-46f1-b67d-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-dd74-4e4a-aae9-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-0920-4a88-9640-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-bb90-4de0-8bf5-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-2b34-42c1-b93b-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-dd40-4dc2-ad52-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-8ac0-4a8d-93ae-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-d9b8-48dd-abc6-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-b9dc-4698-8af6-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-bcc4-4d0c-a0e7-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-9e78-49be-b8a3-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-c84c-4c4f-9fd3-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-5964-46aa-9a84-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-a46c-4075-bdea-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-ed98-4687-9bc4-8c36950d210f",
|
|
|
|
"indicator--5950f8b1-0be8-487f-a16e-8c36950d210f",
|
|
|
|
"indicator--5950fe58-1464-4c51-b33b-4fd7950d210f",
|
|
|
|
"indicator--5950fe58-9234-4ac6-b634-4e2a950d210f",
|
|
|
|
"indicator--5950fe58-cd5c-443b-b1cd-4788950d210f",
|
|
|
|
"indicator--5950fe58-919c-47a0-bad5-48b9950d210f",
|
|
|
|
"indicator--5950fe58-2a1c-44d2-8b76-4ea7950d210f",
|
|
|
|
"indicator--5950fe58-26c0-402a-86d6-495c950d210f",
|
|
|
|
"indicator--5950fe58-5758-42fb-a60d-4890950d210f",
|
|
|
|
"indicator--5950fe58-6b08-4743-84c9-4a1f950d210f",
|
|
|
|
"indicator--5950fe58-d05c-41d4-b89d-479b950d210f",
|
|
|
|
"indicator--5950fe58-2930-4966-b4ee-440b950d210f",
|
|
|
|
"indicator--5950fe58-4c1c-4ce2-95cb-4c75950d210f",
|
|
|
|
"indicator--5950fe58-692c-42f4-816f-4375950d210f",
|
|
|
|
"indicator--5950fe58-85d8-49e7-9d2e-4046950d210f",
|
|
|
|
"indicator--5950fe58-859c-40d4-b1e8-4ef1950d210f",
|
|
|
|
"indicator--5950fe58-bc74-48cd-9b9f-4777950d210f",
|
|
|
|
"indicator--5950fe58-0ea4-4547-ba48-4b45950d210f",
|
|
|
|
"indicator--5950fe58-4a90-4dfc-8a0a-4337950d210f",
|
|
|
|
"indicator--5950fe58-4d10-4d1a-8a1e-40d1950d210f",
|
|
|
|
"indicator--5950fe58-9af4-4c66-9c50-4877950d210f",
|
|
|
|
"indicator--5950fe58-7ca4-4a6a-8941-48ea950d210f",
|
|
|
|
"indicator--5950fe58-7a10-4e0d-98ee-46a8950d210f",
|
|
|
|
"indicator--5950fe58-777c-4b62-a4e4-47e2950d210f",
|
|
|
|
"indicator--5950fe58-90a4-466e-a016-4c75950d210f",
|
|
|
|
"indicator--5950fe58-957c-4c53-b41f-45d1950d210f",
|
|
|
|
"indicator--5950fe58-6dcc-4fe6-9392-4388950d210f",
|
|
|
|
"indicator--5950fe58-68e0-4402-bd85-4a8d950d210f",
|
|
|
|
"indicator--5950fe58-4ce8-4fac-ab90-48cb950d210f",
|
|
|
|
"indicator--5950fe58-5b20-4cc4-81c5-4a3a950d210f",
|
|
|
|
"indicator--5950fe58-4b44-4737-a5a4-4af0950d210f",
|
|
|
|
"indicator--5950fe58-88c0-48e0-99f7-44e9950d210f",
|
|
|
|
"indicator--5950fe58-7ba0-4990-b8bf-427e950d210f",
|
|
|
|
"indicator--5950fe58-8014-4eef-bc59-4b21950d210f",
|
|
|
|
"indicator--5950fe58-8168-4ba9-82cd-4e80950d210f",
|
|
|
|
"indicator--5950fe58-6a84-4b2c-b15b-4e0e950d210f",
|
|
|
|
"indicator--5950fe58-3d5c-4e3e-82cf-45be950d210f",
|
|
|
|
"indicator--5950fe58-0e40-4e01-a569-4204950d210f",
|
|
|
|
"indicator--5950fe58-fae0-4ffb-8c19-496e950d210f",
|
|
|
|
"indicator--5950fe58-2470-4f54-9c50-4126950d210f",
|
|
|
|
"indicator--5950fe58-5634-4296-b022-4f36950d210f",
|
|
|
|
"indicator--5950fe58-b6d8-44cd-997a-4122950d210f",
|
|
|
|
"indicator--5950fe58-02c8-46e3-abe1-49e6950d210f",
|
|
|
|
"indicator--5950fe58-604c-4069-a3d0-4a0b950d210f",
|
|
|
|
"indicator--5950fe58-b8bc-4f7e-bca4-4498950d210f",
|
|
|
|
"indicator--5950fe58-0128-4029-acc2-42e2950d210f",
|
|
|
|
"indicator--5950fe58-e404-4eed-862f-4462950d210f",
|
|
|
|
"indicator--5950fe58-e74c-4a7b-85ba-4921950d210f",
|
|
|
|
"indicator--5950fe58-c4b0-4d3b-bc49-436b950d210f",
|
|
|
|
"indicator--5950feb8-e3c4-4f56-91b2-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-bc3c-4c7d-97ab-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-0400-49b3-82f2-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-5908-47e3-9a72-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-c9cc-4f70-b917-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-3894-413e-a44c-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-56f0-4897-92a5-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-6ecc-4e1c-bb85-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-6894-4926-ba5e-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-288c-4069-9196-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-5d90-4866-ac5d-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-0e28-4a0c-b7b5-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-1984-47d6-b600-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-1860-4678-b1f6-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-56c4-4a2a-b720-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-85ac-4f33-9921-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-fc74-4cbc-bfa1-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-01f4-4fa2-b250-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-c1ec-468b-abba-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-446c-43e6-9b65-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-7228-47d8-94d5-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-01b0-4efe-83fb-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-e1b0-40bd-9f56-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-9bcc-44bb-bc4e-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-1794-4df3-b5b2-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-7770-4cfe-ad39-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-4e94-42e9-8b79-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-4b38-4182-9d38-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-42c8-4438-a64f-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-d88c-4670-bca2-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-296c-4073-b0cc-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-6168-4ce5-889a-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-1724-471b-8269-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-884c-4ed7-8162-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-7b48-4096-bc51-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-7cb8-4271-b2b3-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-51a0-4797-ae8d-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-4d98-4260-87cc-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-5cb4-40a1-83a6-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-47e0-4cbe-9cf8-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-b458-4e26-8e72-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-9bdc-4140-b16a-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-af44-4c67-8ed4-8c2d950d210f",
|
|
|
|
"indicator--5950feb8-1db0-47f3-a845-8c2d950d210f",
|
|
|
|
"indicator--5950feb9-ba58-4557-883f-8c2d950d210f",
|
|
|
|
"indicator--5950feb9-1410-4929-8e38-8c2d950d210f",
|
|
|
|
"indicator--5950feb9-2ee4-4125-bd11-8c2d950d210f",
|
|
|
|
"indicator--5950feb9-7960-4f21-bc23-8c2d950d210f",
|
|
|
|
"indicator--5950feb9-d5d4-4262-bf12-8c2d950d210f",
|
|
|
|
"indicator--5950fee1-ca90-48c1-959b-49ad950d210f",
|
|
|
|
"indicator--5950fee1-3e98-4a4e-84a5-499b950d210f",
|
|
|
|
"indicator--5950fee1-c000-418d-8d3f-441e950d210f",
|
|
|
|
"indicator--5950fee1-279c-4f95-b69f-492e950d210f",
|
|
|
|
"indicator--5950fee1-cb4c-4740-b846-42bb950d210f",
|
|
|
|
"indicator--5950fee1-4e5c-48da-a3d8-461d950d210f",
|
|
|
|
"indicator--5950fee1-8efc-44a4-aebe-4c20950d210f",
|
|
|
|
"indicator--5950fee1-d8f4-4185-8eb7-4a01950d210f",
|
|
|
|
"indicator--5950fee1-d4a8-402a-bd71-42e0950d210f",
|
|
|
|
"indicator--5950fee1-94fc-4833-9294-4f7b950d210f",
|
|
|
|
"indicator--5950fee1-16d0-4b5e-a528-4c40950d210f",
|
|
|
|
"indicator--5950fee1-6fc4-4344-807a-4494950d210f",
|
|
|
|
"indicator--5950ff47-334c-4e7e-89b2-48cc950d210f",
|
|
|
|
"indicator--5950ff47-0a00-4b23-bbee-4066950d210f",
|
|
|
|
"indicator--5950ff47-3400-48d9-a80c-45f0950d210f",
|
|
|
|
"indicator--5950ff47-f084-4013-b71f-4959950d210f",
|
|
|
|
"indicator--5950ff47-c548-45f6-9655-40cb950d210f",
|
|
|
|
"indicator--5950ff47-8e54-4b4d-b8e1-492e950d210f",
|
|
|
|
"indicator--5950ff47-e3c0-4fa9-a486-4f5e950d210f",
|
|
|
|
"indicator--5950ff47-9ad4-4d14-a37a-4c25950d210f",
|
|
|
|
"indicator--5950ff47-5ee8-4aa3-bace-46f3950d210f",
|
|
|
|
"indicator--5950ff47-2578-4c96-b2f3-4ce7950d210f",
|
|
|
|
"indicator--5950ff47-6c7c-496c-b030-465f950d210f",
|
|
|
|
"indicator--5950ff47-1f24-4f99-ae90-4d79950d210f",
|
|
|
|
"indicator--5950ff47-ff88-461b-a77a-4ec4950d210f",
|
|
|
|
"indicator--5950ff47-9cb4-48ce-bc24-4574950d210f",
|
|
|
|
"indicator--5950ff47-3530-456b-bc2d-4781950d210f",
|
|
|
|
"indicator--5950ff47-d3ec-4092-8747-4564950d210f",
|
|
|
|
"indicator--5950ff47-fe38-4ac4-91cc-4f8a950d210f",
|
|
|
|
"indicator--5950ffb9-00f8-4b77-98b1-4211950d210f",
|
|
|
|
"indicator--5950ffb9-6128-4f7e-aad6-4c80950d210f",
|
|
|
|
"indicator--5950ffb9-2f78-4ce0-afaa-4f09950d210f",
|
|
|
|
"indicator--5950ffb9-8da0-46db-ac49-4b28950d210f",
|
|
|
|
"indicator--5950ffb9-8188-465b-bd21-4b5e950d210f",
|
|
|
|
"indicator--5950ffb9-3560-4ada-b86e-4c60950d210f",
|
|
|
|
"indicator--5950ffb9-6460-49fc-bfc3-463c950d210f",
|
|
|
|
"indicator--5950ffb9-2eb4-488a-bb3c-4ff0950d210f",
|
|
|
|
"indicator--5950ffb9-eea4-4228-b828-40e5950d210f",
|
|
|
|
"indicator--5950ffb9-f4a4-4d57-bc59-4961950d210f",
|
|
|
|
"indicator--5950ffb9-eb70-4123-b13e-4505950d210f",
|
|
|
|
"indicator--5950ffb9-c6d4-4c3a-a0f8-4822950d210f",
|
|
|
|
"indicator--5950ffb9-c568-435c-9ba8-4e29950d210f",
|
|
|
|
"indicator--5950ffb9-6ea4-4098-98e8-4bbf950d210f",
|
|
|
|
"indicator--5950ffb9-c8a0-40ab-b716-49d5950d210f",
|
|
|
|
"indicator--5950ffb9-8ec4-4cfa-849c-4fcc950d210f",
|
|
|
|
"indicator--5950ffb9-bf68-4d03-953a-4cc3950d210f",
|
|
|
|
"indicator--5950ffb9-9128-4ba2-ae3e-4f2d950d210f",
|
|
|
|
"indicator--5950ffb9-73c8-421a-a220-422b950d210f",
|
|
|
|
"indicator--5950ffb9-370c-45bc-aba2-4439950d210f",
|
|
|
|
"indicator--5950ffb9-36b8-4192-8ee1-49ca950d210f",
|
|
|
|
"indicator--5950ffb9-9130-48e1-91db-4ee9950d210f",
|
|
|
|
"indicator--5950ffb9-bef4-4c74-933f-4d89950d210f",
|
|
|
|
"indicator--5950ffb9-0db8-4d52-aec2-4162950d210f",
|
|
|
|
"indicator--5950ffb9-e5c4-4558-98e4-412c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"Threat Source:OSINT",
|
|
|
|
"type:OSINT",
|
|
|
|
"OSINT"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--594d1b0a-4de0-4f24-85f6-3252950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:43:38.000Z",
|
|
|
|
"modified": "2017-06-23T13:43:38.000Z",
|
|
|
|
"first_observed": "2017-06-23T13:43:38Z",
|
|
|
|
"last_observed": "2017-06-23T13:43:38Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--594d1b0a-4de0-4f24-85f6-3252950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--594d1b0a-4de0-4f24-85f6-3252950d210f",
|
|
|
|
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--594d1b0c-f570-42f3-b4bc-3252950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:43:40.000Z",
|
|
|
|
"modified": "2017-06-23T13:43:40.000Z",
|
|
|
|
"first_observed": "2017-06-23T13:43:40Z",
|
|
|
|
"last_observed": "2017-06-23T13:43:40Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--594d1b0c-f570-42f3-b4bc-3252950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--594d1b0c-f570-42f3-b4bc-3252950d210f",
|
|
|
|
"value": "https://documents.trendmicro.com/assets/appendix-following-the-trail-of-blacktechs-cyber-espionage-campaigns.pdf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b5c-f2f0-4dcd-a4ec-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:00.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:00.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '48fdc29e7f47e5d38c88a89667ed85740628bf4f4ce95045019f7ebfeb4bbb5c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b5d-fecc-45a9-a88a-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:01.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:01.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4b46e0d2eea8bb75bcdcd926e108f95688b3e24ffbd181519a4917ab102d41c7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b5e-9be4-4988-af41-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:02.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:02.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3411b5170fefbba198b1a5c3afa25e3417c683e994dc91a50e34f1234ec90ec5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b5e-7234-4ff1-9776-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:02.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:02.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b73c453126451c833fcb2c1e00e4f1291f17f6a3ac2c8ff4178e1091f5fc01ef']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b5f-3ff4-45da-b5be-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:03.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:03.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6a49771dbb9830e1bdba45137c3a1a22d7964df26e02c715dd6e606f8da4e275']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b61-3504-48b0-95a7-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:05.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:05.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3a24c2c7b3b54a799735e9e2db9fd648af34a18598b7c00b1b6e0d750f8529a9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b62-5148-468f-a4bc-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:06.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:06.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '608bc56bf511c203bb777ee57c9c919e2d320025d3595f3aba1fcfe226265189']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b63-6cb0-43ed-9f8a-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:07.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:07.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bbc4ff915584218c799878dfedfd8f2457b7d9e89026e0c1a425cf2a679aa81a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b64-7ed8-4a4f-9da8-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:08.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:08.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'efdf0b8da2047d16be281a1cfc1fc8f2c86c1269c5ce027d775112ff02f44f04']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b65-eee8-4ac6-9441-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:09.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:09.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'cd24fddfc8145754c9843117764da4d17aa820920ff9e82499385057ada3151c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b66-b210-4abd-996a-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:10.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:10.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '11f61d1756a781cd1968ebebb81ec1996324489d7cddd8d054b4ec00f8e1bf7e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b67-ba84-4550-ac07-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:11.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:11.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'cc1b0da22402c52a6989e266fdf47bc60344d5cc08e760373bf13369952e02e6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b69-b700-4ca8-b769-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:13.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:13.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2f845201fdc66da421bbc5265ed836080c5c16b3e51ce8c7b859d1b4d343fec5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b6a-fcc0-4a2e-8d45-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:14.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:14.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '658601a07943d36b37d3b3ec55d687d7753ddb278bf414ae91a64c6a3520777e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b6b-23ac-4b1b-a665-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:15.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:15.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9866ecef636d52fd0734039517bad855c7f8c6f78a4d890b9d8008504bd8a703']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b6c-b9c0-4f2d-addf-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:16.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:16.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '31d8e15310d1d2f347bdca5f4ef8bdf621722a807e98ec1d7b746843eb653041']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b6d-6688-453c-aaa6-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:17.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:17.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b6be9c10b9a20f969993027aee420076281d7a0c9935b9e34a714bcc9fc9e32c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b6f-4574-4047-a987-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:19.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:19.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9e9841b799956dfae0d88881100d45f3b49641ce32223a505246cb62b563e180']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b70-5f04-422b-8e15-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:20.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:20.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3fba692ab1e78a863dba735d074846869c84ff0d6bf091abcd34d2d546411a45']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b71-9a1c-40ef-8f4d-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:21.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:21.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4967a8b0dd5627ea6143d71f6e3598583aa475282200b8fdba0b7d92db051603']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b72-f174-4a40-9537-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:22.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:22.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fc83c9ebb49c190bf3044bac7c79297273ea00ef3843b48b7940a96813829fe5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b73-a8ec-4672-9919-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:23.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:23.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f88c49c14f1f788c6edd50e4c94af7b1a4c685e35554661ab521cc0501c017e9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b75-01d8-4641-b8b1-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:25.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:25.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6891aa78524e442f4dda66dff51db9798e1f92e6fefcdf21eb870b05b0293134']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b76-538c-4760-829b-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:26.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:26.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5361129e23dfadacc512297a28ab38e391667faf12ef3867b891deefb330e85e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b77-5770-4b08-af49-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:27.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:27.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1fa7cbe57eedea0ebc8eb37b91e7536c07be7da7775a6c01e5b14489387b9ca8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b78-b1d8-4417-a4a1-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:28.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:28.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '20f7f367f9cb8beca7ce1ba980fafa870863245f27fea48b971859a8cb47eb09']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b7a-7d28-41b0-8adc-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:30.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:30.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '96306202b0c4495cf93e805e9185ea6f2626650d6132a98a8f097f8c6a424a33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1b7b-b268-462b-9d49-1911950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:45:31.000Z",
|
|
|
|
"modified": "2017-06-23T13:45:31.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4842c5403372ead4fd28a26f2e1dfc139541e71bcf574e62c7c18b9cfc406674']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:45:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1ba5-6d90-40d3-9659-6b98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:46:13.000Z",
|
|
|
|
"modified": "2017-06-23T13:46:13.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'dcb5c350af76c590002a8ea00b01d862b4d89cccbec3908bfe92fdf25eaa6ea4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:46:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1ba7-ce68-4138-9523-6b98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:46:15.000Z",
|
|
|
|
"modified": "2017-06-23T13:46:15.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f16befd79b7f8ffdaf934ef337a91a5f1dc6da54c4b2bee5fe7a0eb38e8af39e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:46:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1ba7-0f6c-4c27-81f0-6b98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:46:15.000Z",
|
|
|
|
"modified": "2017-06-23T13:46:15.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2404f1d744722f47fc97dbc09a29011fa77c2de024fe0fa88fc8ec5aafbeb45c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:46:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1ba7-eb68-4662-9892-6b98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:46:15.000Z",
|
|
|
|
"modified": "2017-06-23T13:46:15.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '75a3b0f83b71a9c8470400b89b1c4dc18caca41de9a8c0dd31016f136cc4182b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:46:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1ba8-6314-4adc-9a58-6b98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:46:16.000Z",
|
|
|
|
"modified": "2017-06-23T13:46:16.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '36bbdcc636b3501093f9c29226fc49a36db035fd0ed96522fb8aab6800981eee']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:46:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1ba8-5010-4c55-af93-6b98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:46:16.000Z",
|
|
|
|
"modified": "2017-06-23T13:46:16.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b046b2e2569636c2fc3683a0da8cfad25ff47bc304145be0f282a969c7397ae8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:46:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1ba8-39f0-41fe-b74a-6b98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:46:16.000Z",
|
|
|
|
"modified": "2017-06-23T13:46:16.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '20b8c2d5bebd51d058d15ce1bba91fb5e0fc7e51cb2bd96a7869ca2ff5f6e663']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:46:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1ba8-0220-418b-a854-6b98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:46:16.000Z",
|
|
|
|
"modified": "2017-06-23T13:46:16.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '351d273d3df3fd49ec3adf4ff7e91acc528cbdea92b178e3676687d59d682dae']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:46:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1ba8-a274-477c-94ee-6b98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:46:16.000Z",
|
|
|
|
"modified": "2017-06-23T13:46:16.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8d348f63b0ef309d70d6a849ee0bafcbbd2c4567b1c02c8686ef7ecab6b77158']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:46:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594d1ba9-6cf0-4d4e-8c4c-6b98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-23T13:46:17.000Z",
|
|
|
|
"modified": "2017-06-23T13:46:17.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5543662606d0e6a27ba65969f47036aec531ae5b9c42036c1e49e65dc8377a81']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-23T13:46:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f7d7-3500-43bb-8d99-4e50950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:02:31.000Z",
|
|
|
|
"modified": "2017-06-26T12:02:31.000Z",
|
|
|
|
"description": "DRIGO",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '00a1068645dbe982a9aa95e7b8202a588989cd37de2fa1b344abbc0102c27d05']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:02:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f7d7-e830-4685-8e2e-46c2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:02:31.000Z",
|
|
|
|
"modified": "2017-06-26T12:02:31.000Z",
|
|
|
|
"description": "DRIGO",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '766689c80887668f36486ca38c4a2526588ab7a3e5ca920bd2b4add162de8e25']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:02:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f7d7-ca20-4b8e-921e-46e4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:02:31.000Z",
|
|
|
|
"modified": "2017-06-26T12:02:31.000Z",
|
|
|
|
"description": "DRIGO",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5dc97a61bf0fd09e1471b667b89f1c008fe4f81d837091a4b67ba467d4510d69']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:02:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f7d7-1638-42ef-a30d-4c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:02:31.000Z",
|
|
|
|
"modified": "2017-06-26T12:02:31.000Z",
|
|
|
|
"description": "DRIGO",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '61eb2320c388ddd6f122e90a49534a32543941da8d7b219bf12acf90dc0c71fc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:02:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f7d7-51e8-472e-9b58-4a90950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:02:31.000Z",
|
|
|
|
"modified": "2017-06-26T12:02:31.000Z",
|
|
|
|
"description": "DRIGO",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ff52027d9f951e6ec91d752057281973ac3ff1f1a7543210ad932b44bc2fe364']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:02:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-5308-4c4e-992c-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '734e5972ab5ac1e9bc5470c666a55e0d2bd57c4e2ea2da11dc9bf56fb2ea6f23']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-eb60-4c51-90cd-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7f4ff9fc37cd0f67a448645bbebb8b605eb3887a2c5306fbb2c2600122f10496']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-76ac-464c-9951-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd8f964fa4fd7851cad87c38ce48c254905899f19c08216b43c7612f9f664a7c5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-2a58-4082-90dc-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5f6f44e18ce24c296231eee0a1d658f2d52cbe448d67237a90cfd2293b2d5450']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-20f4-49d0-8a29-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd1de5db1d50532fecfd3a4bf5382c97892deae8a70ccdca71eca326f3940c616']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-f12c-4432-85c1-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '08d6ce9c4298f61635057bdba5eb663b4eabd36358467a9c89a40c30c1a40470']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-0d90-4dba-911f-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '982fa8a6cff82966f6badb5102c47b341b0519b34589bf9647529814c6c3f423']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-0728-46f5-aa98-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9f1b1c7588f84e0d759cc8d989532176f1133b79ade038d90ab814830118d9a8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-f558-4d37-a4a5-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'dce93f0f5689e14e6ac1515c7f8b9445fac71e4881228c5d89fd1c6ead116f1e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-c830-4466-9f7c-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ed535b36b021078aaa2b5818ea40f3d598a5b5e311b9ff486d6740818429383f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-7718-4a7a-9a44-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8c18ee0a0e81f5b07ba2bb970455a9c438f8184c866b68014f4f25b032680900']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-02d0-4d34-9fe4-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7db49a91d5da69e6e7fb2e58cdc9e08d89ea0abde01f41aa7ab44d317892243e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-c6f8-4e79-8198-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5f3197c5b00608a18ab6985b2c8460f4a3f977a2394dbd5eff2279c0dd5c65fb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-69c8-42f3-83f9-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4f7b17602909df2a6887fdbff41f854449705bc17ddb0fef5e3fa3d33017cd1c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-c8a0-49fd-b9dc-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1a236c74cbf286458fc93e92fd5be859f71525e2c8eef5cabf2fc1e69aa30bfe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-3074-4eb3-b14e-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8c39f6f5d58d57fbbdde3c816b0d2247d7204bcc7f51d48ce30c33c01a95378d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-82cc-4474-9dd7-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '409cd490feb40d08eb33808b78d52c00e1722eee163b60635df6c6fe2c43c230']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-badc-4527-a451-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '71e03e8ba79dbfdcb3aeae0252165fb12ae2928b03b6f5d74353fac1a56d9a65']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-ff88-40c1-b46e-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '956e7408a25a02f93c62d2b9f4f1f249e64571b9e9f94fae6f5631699adc82d3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-327c-4aa6-8b24-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'dd3676f478ee6f814077a12302d38426760b0701bb629f413f7bf2ec71319db5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-d1c8-424f-a9e6-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8a41feb71231d244be0639f5361d2781862a461a33ff882c401e3821cfe53ecf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-bbf8-4ec8-870c-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f7385ac953c91eab7a46041963270e08d0785b31df177965803d153a7ea51e7f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-4868-4ac5-b7f0-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '84a8f7acb68433d3eb47f3c994fa559eacb46da7e9f90452dd4540935eacad9d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-4094-45a4-a702-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '37217d2dd0f433bf1b607a7ada5a4b5d3036e0eccb677f53c6ba9f0e8039a094']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-fdc8-49f0-8f57-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '37758c795bb0abcc2daff888c79ce4704a3f6a1f75c0427c47a3106be20ee70d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-8dfc-4d63-aa40-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2f21b25c633895bd675fb7f5d179fb02c3a25cca346e6d2df7e54e926292a085']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-6844-45b2-b966-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5f61f8c2f7d1a0fa74860744d5f93afea98da4d79b5b47ecceaf2ac5012760e6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-a01c-475c-881b-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd35317ac4a4598ae08aa5aa21c019889bee2766675a93af877b021fbc05b6579']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-9ae8-4c2b-8c25-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b2199104ec12896e86eb9345f479f709dc5a25fd8a870bc1140c1efc848ee83e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-9f14-43fa-96c0-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a3fffa276089179837e30f8c2a1fcc917c03410762bda2882c61a8652b001613']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-e178-49c7-a179-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '18c7ad0ded9ea0669ebc70759437d858f668ec8ba2b000125eb8cf32c29ade4e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-4978-4968-9597-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bb2a1f68faa79132f4630014c3487c891b5db8c599f05c83eabe580691920b4f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-7500-49ec-ad89-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '43552319fe32b8fe7f220edb83cacb78bc4aa8b6ed41692187c17f43623251d6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-0e70-495e-88c6-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c1faa79a33beb8eed1583e395fb725e0758a17b51ad363976ffe7d56b990d880']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-8a64-487a-85ca-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'feaa645ef890c200a3122006c627beb05ae3630b1b660de86a84ae74931a86a8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-7e20-4200-b766-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ea7608b00dc9bbafc1c7175c6c49d9e8a865ffaf68bcb491ceb5933ffa98ef63']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-6efc-4a58-bd9e-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd7fe24a0a170744e4742b52ec8f575a7aa9c87d85155b4fe10ba9774cd76bb07']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-3b8c-46b5-ac7c-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8bde3f71575aa0d5f5a095d9d0ea10eceadba38be888e10d3ca3776f7b361fe7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-f9e8-418f-9ccb-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '64f9bedce0ee8d4cd209a60501b47ba28f1e06723600f0ee8b52777b2a8be820']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-3ec8-4c39-854f-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c4b3b0a7378bfc3824d4178fd7fb29475c42ab874d69abdfb4898d0bcd4f8ce1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-0a2c-49bb-bc9e-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c5af3047fec3dd58dbb2190de3dbf0f73f7b3dcb5f10eace367a7a1ca1d1b459']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-2c38-43cf-8a48-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '25717d8a97983019d3d47eca9434996b66a64ca4f472aa930640bc5ae2260d47']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-5920-4b50-ae86-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2976d4f7611900d90691adb4f3a3348831ee4b3aa076f2f7c2a2a4d247df6d94']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-0814-4c5b-8453-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9c42e92a242212f09362d965acc7bee0131c91019417748761e13397ee605668']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-0cb8-42a8-b068-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0a0d7bed3c8aa0e0e87e484a37e62b0bd0e97981b0bea55f6f3607316831ba5d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-9f8c-4311-89d2-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ee67ed217830b0d05d318e5bb36a6ce51d12c0d248825c179282df4a18396a7f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-c074-46f1-b67d-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'af8482b0dcd93d9512451a24f9c8cf0055213bf958956d2ac9a996f9d610d35c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-dd74-4e4a-aae9-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '046fa41987679f81760fb8f86ab4453f4638936c819a37d6a3624202dc08e295']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-0920-4a88-9640-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3d0a226ae62556103142c48605c5cc155d007e91fde1690f1cb11dfd5588053c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-bb90-4de0-8bf5-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ade2754f0effb5017c1c8c50416092087bc2534daac96d7f8d4032b050f0aba0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-2b34-42c1-b93b-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a9d16b7cd410ee5232d3748d7badffc97e6d7af03751da0a523ba4c5ae6d6e93']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-dd40-4dc2-ad52-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA224 = 'fc81bb8d48ef8a0d9a96965df28833d446c62e9a2d13c49bc0ac6e7e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha224\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-8ac0-4a8d-93ae-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8ea313cbcde54826ca06b8ed26edc453c7f38e88ccdf1ccf816f7dc32928ff8b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-d9b8-48dd-abc6-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '90499334ff49fcf1c60ad30532f7185b80c4d7669533968f522fccde429bf5c5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-b9dc-4698-8af6-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a7351c2237f1c266202075f633548ff4e7494afb3c6818a1b1dfae45316d4d4c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-bcc4-4d0c-a0e7-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0746686344e51301011b3f16fc7db918c799186cbf9d7991d0ed64f0d1c91f34']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-9e78-49be-b8a3-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '81e3cdd0cdc36fca31973a68f7af0b34be9b71bfb62ecc2e2514ef96379dff80']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-c84c-4c4f-9fd3-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c22bcf89cc9879af0c3f4f6106295075987b30ffdc55156841c8b98c0218238d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-5964-46aa-9a84-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2e9cb7cadb3478edc9ef714ca4ddebb45e99d35386480e12792950f8a7a766e1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-a46c-4075-bdea-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6c44732c7d50617e6ce0f65e4ea7605901dfbc3d185d731a70d07a1f440a2f4f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-ed98-4687-9bc4-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '08d43d76643361a0756a9b4b16de8244824f44e36b876778af5ee0561e94eae3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950f8b1-0be8-487f-a16e-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:06:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:06:09.000Z",
|
|
|
|
"description": "Crossbow",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1313b387f15cb6969ec4fd6621d5ab048c7896b91bce10e951d2815200e11bb9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:06:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-1464-4c51-b33b-4fd7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '00e51de5bd9f741d6679847d1d42c459c5e2cd44e5cbc4df235aaf3add529182']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-9234-4ac6-b634-4e2a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '01d4c1975ee01b42fcbe7e7571a2e43394e31c26874f570b8670aed59fcd7f77']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-cd5c-443b-b1cd-4788950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '264bd3f85e5bb5724fee51243a370b8505cf687d8c162d823054ebc65d2a8446']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-919c-47a0-bad5-48b9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '28ed670dfca9f8c440e5d4029c4f5a9b1d671e2995d182150aea1db286c44bed']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-2a1c-44d2-8b76-4ea7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2aa8d60ed1e81317bd5419a7669ad0d6ff432f76e445aa2a3183d0083fbc5bc2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-26c0-402a-86d6-495c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3b1e67e0e86d912d7bc6dee5b0f801260350e8ce831c93c3e9cfe5a39e766f41']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-5758-42fb-a60d-4890950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '47ac80d4e40c6fec545d4dd4b0de411e85dc539868c0a5beecb9a508d47af8dd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-6b08-4743-84c9-4a1f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4fbbcd0cf3f97a215f0780d7cd9bd87435d0e6e2e095c1f95412ebf477e25de0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-d05c-41d4-b89d-479b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '574437eebd49f06995cdef874408661b260a23a679df3f908acbef374d54b913']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-2930-4966-b4ee-440b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '60fd08fdf8837ff076d29c8e30df10c8a74567e185406140f5883b1ef2fdb548']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-4c1c-4ce2-95cb-4c75950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6566a8c1b8b73f10205b6b1e8757cee8489e8f756e4d0ad37a314f2a31a808bb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-692c-42f4-816f-4375950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6a0af71ac94704606b58438a15e1d0913ccf59479874282afc02886aee969e1d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-85d8-49e7-9d2e-4046950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8373e62a42780b306666957ed68db32cb557e724bc819b36c8700c049ce28435']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-859c-40d4-b1e8-4ef1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8d613f5690c226f017dc32f8a9ff15a0551f593bd43b08c00fa17c07e8af19e7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-bc74-48cd-9b9f-4777950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '940b1c2203e06ca3ff379c602dfb99addd766cff638d3b2d9ac64525131ced57']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-0ea4-4547-ba48-4b45950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9f5329196df7d1484a9cb5b36f5ef73539582e4a4e0751c4688e70582ebed368']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-4a90-4dfc-8a0a-4337950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a601dcc7fa2e6564851cf504a230d6a7e40a48831c6124acc26af42ef24034f9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-4d10-4d1a-8a1e-40d1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b6356bcfee09b2068190f6f51902771c7699cdd3110d9082a02c1c53818f142a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-9af4-4c66-9c50-4877950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bac5e805208044da8f9988d2c92fdcbf36a9d2403ca49b83367e8a25ef4740d0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-7ca4-4a6a-8941-48ea950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd1cbd783f3d383ee2ffb3109cbc5b4a9d58bdc6af90b6f7bd898302007a0e403']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-7a10-4e0d-98ee-46a8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e85946c4794043a6cb6da650afd90455a1233cfb20b52bf1fdba1d6ffc453af1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-777c-4b62-a4e4-47e2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e9096202f9bf355926bf7eec3477c64a8b441793a404e92a62ca50a5f9fef88e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-90a4-466e-a016-4c75950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fc55d58b0f2d19f5bffe8acc5a14fb13584ebbc2b471d37bf144640b789e84ba']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-957c-4c53-b41f-45d1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '04186eb1e23af78dc25d5593062e51aba359fb3ed02e73664711ef24a76ec40c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-6dcc-4fe6-9392-4388950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '23bd423b468e0edb41677af2079b19bcfc191eed7ca0049f0e0a0ba927dd2e15']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-68e0-4402-bd85-4a8d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2797927ed7237b96f1f78a6760ed0604d948c3102103d9699ebff2b5425c1738']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-4ce8-4fac-ab90-48cb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '33e7a0c91139e8238f879539b23cb0a53957e3a03e9928b7b4460b5a7e6e22d0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-5b20-4cc4-81c5-4a3a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4bdd3ca3cbe076fccfcce683db23b056a1a1a18e72872441c51bfb1f55aa9f1e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-4b44-4737-a5a4-4af0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5dba8ddf05cb204ef320a72a0c031e55285202570d7883f2ff65135ec35b3dd0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-88c0-48e0-99f7-44e9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6443206df3b5d9f9bfa8d19ba5d18b73fa050cf7917797d4072a70765c595910']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-7ba0-4990-b8bf-427e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6a3f59fda13bbb8c4aeaf1f0601d6a5ef0ead758a0c89e6757e8e5eb10ceb6f4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-8014-4eef-bc59-4b21950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '75148c20718b930ecc5478ffddbff0509097b6b7994df6e46d9dd44b196728fb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-8168-4ba9-82cd-4e80950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7924af6319456e8ccfd0c076c4f0509843f328ecfc8103c41adf217bd5bd56ff']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-6a84-4b2c-b15b-4e0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7cedbb63e8a499224232277511d82594453eefbf168707a36072d9dc8e19fed6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-3d5c-4e3e-82cf-45be950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8017f2424280b3f206972fa047c50c4792a3a3fac7026d03a5041e08efe8599a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-0e40-4e01-a569-4204950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '83f5c915a85fa33f961b047478301bf2788f860f8ddc6577e80f5b49968500ea']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-fae0-4ffb-8c19-496e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8d7ffb82db38428d97f9084aaf3d910fdce117f3300b3ba0debca90d108b4466']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-2470-4f54-9c50-4126950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8e4d953f4854393d04968bb4e1be741218174536c959223c4b75cfdce3c54d15']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-5634-4296-b022-4f36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b05f03de6777469a4e04e38368fdff300404a0c53b247bbdf0438c4954d3bd16']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-b6d8-44cd-997a-4122950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b1437dc824be321c751b3c568ca634c9b23f38931a764ab400b4075ec501482e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-02c8-46e3-abe1-49e6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bd06f6117a0abf1442826179f6f5e1932047b4a6c14add9149e8288ab4a902c3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-604c-4069-a3d0-4a0b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c7e00270a82c942ca7aefc112cc7704175fab6bc6e8e44cd10f91606afe6f7db']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-b8bc-4f7e-bca4-4498950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'cb78b85d239caec9e06e42ee6fcbb00de85972630e45d4e97076cb1053dbbbf4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-0128-4029-acc2-42e2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd0943a23e11b9bea50894e70f3832994d64b1217b8f8b4d1b351e6e001ea43e0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-e404-4eed-862f-4462950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd110654bb393137ff776807be27bed7dc6681351a8249447362868cc1c1a7f6d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-e74c-4a7b-85ba-4921950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ed4f37161df7c5ddca092b88e86b0220e887bd0f30167b05e6fe7596d5b302ec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fe58-c4b0-4d3b-bc49-436b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:30:16.000Z",
|
|
|
|
"modified": "2017-06-26T12:30:16.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fc74d2434d48b316c9368d3f90fea19d76a20c09847421d1469268a32f59664c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:30:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-e3c4-4f56-91b2-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.72.242.120']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-bc3c-4c7d-97ab-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'antivirsscan.strangled.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-0400-49b3-82f2-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'appinfo.fairuse.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-5908-47e3-9a72-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'appinfo.xpresit.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-c9cc-4f70-b917-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'babystats.dnset.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-3894-413e-a44c-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'bfyl.pixarworks.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-56f0-4897-92a5-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'blogtw.tk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-6ecc-4e1c-bb85-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'carcolors.effers.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-6894-4926-ba5e-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'carsails.allowed.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-288c-4069-9196-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'conderpay.etowns.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-5d90-4866-ac5d-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'csbc.itaiwans.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-0e28-4a0c-b7b5-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'dcns.soniceducation.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-1984-47d6-b600-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'docsedit.cleansite.us']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-1860-4678-b1f6-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'ediary.ezua.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-56c4-4a2a-b720-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'epayplus.flnet.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-85ac-4f33-9921-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'facebook.itsaol.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-fc74-4cbc-bfa1-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'fatgirls.fatdiary.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-01f4-4fa2-b250-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'foodinfo.serverpit.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-c1ec-468b-abba-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'httpstw.tk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-446c-43e6-9b65-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'iavrias.playop.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-7228-47d8-94d5-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'icst.ygto.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-01b0-4efe-83fb-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'idropx.serverpit.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-e1b0-40bd-9f56-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'iebay.serverpit.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-9bcc-44bb-bc4e-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'imusic.getce.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-1794-4df3-b5b2-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'inewdays.csproject.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-7770-4cfe-ad39-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'ipcheck.ignorelist.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-4e94-42e9-8b79-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'iphone7.pwnz.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-4b38-4182-9d38-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'iphone7s.effers.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-42c8-4438-a64f-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'iphone7s.homenet.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-d88c-4670-bca2-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'ipserver.suroot.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-296c-4073-b0cc-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'itaiwans.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-6168-4ce5-889a-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'jeff.jetos.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-1724-471b-8269-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'job.jobical.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-884c-4ed7-8162-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'longdays.csproject.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-7b48-4096-bc51-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'mathethic.ezua.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-7cb8-4271-b2b3-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'microsfot.ikwb.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-51a0-4797-ae8d-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'microsoft.myddns.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-4d98-4260-87cc-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'mirdc.happyforever.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-5cb4-40a1-83a6-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'momego.wesogo.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-47e0-4cbe-9cf8-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'mozila.strangled.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-b458-4e26-8e72-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'oop.jumpingcrab.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-9bdc-4140-b16a-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'opensslv3.csproject.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-af44-4c67-8ed4-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'opensslv971.ssl443.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb8-1db0-47f3-a845-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:52.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:52.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'paperspot.wikaba.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb9-ba58-4557-883f-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:53.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:53.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'pictures.jungleheart.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb9-1410-4929-8e38-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:53.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:53.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'pixtail.serverpit.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb9-2ee4-4125-bd11-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:53.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:53.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'rdec.compress.to']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb9-7960-4f21-bc23-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:53.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:53.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'savecars.dnset.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950feb9-d5d4-4262-bf12-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:31:53.000Z",
|
|
|
|
"modified": "2017-06-26T12:31:53.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'search.mynetav.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:31:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-ca90-48c1-959b-49ad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'seting.herbalsolo.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-3e98-4a4e-84a5-499b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'sexnet.homenet.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-c000-418d-8d3f-441e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'spotify.effers.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-279c-4f95-b69f-492e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'sslmaker.ssl443.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-cb4c-4740-b846-42bb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'timehigh.ddns.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-4e5c-48da-a3d8-461d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'tomomo.wesogo.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-8efc-44a4-aebe-4c20950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'twcert.compress.to']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-d8f4-4185-8eb7-4a01950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'twnic.ignorelist.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-d4a8-402a-bd71-42e0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'twnicsi.ignorelist.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-94fc-4833-9294-4f7b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'uipisa.ssl443.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-16d0-4b5e-a528-4c40950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'wendy.uberleet.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fee1-6fc4-4344-807a-4494950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:32:33.000Z",
|
|
|
|
"modified": "2017-06-26T12:32:33.000Z",
|
|
|
|
"description": "PLEAD",
|
|
|
|
"pattern": "[domain-name:value = 'wmxhao.fasionwiki.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:32:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-334c-4e7e-89b2-48cc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'acer.gotdns.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-0a00-4b23-bbee-4066950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'apt-scans.microsoftmse.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-3400-48d9-a80c-45f0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'chtd.microsoftmse.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-f084-4013-b71f-4959950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'futnsdike.xxuz.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-c548-45f6-9655-40cb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'ins.microsoftmse.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-8e54-4b4d-b8e1-492e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'linuxhome.jkub.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-e3c0-4fa9-a486-4f5e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'loop.microsoftmse.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-9ad4-4d14-a37a-4c25950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'microsoftmse.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-5ee8-4aa3-bace-46f3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'mitacbbs.etowns.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-2578-4c96-b2f3-4ce7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'register.authorizeddns.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-6c7c-496c-b030-465f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'support-esxi.slyip.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-1f24-4f99-ae90-4d79950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'tech.capital-db.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-ff88-461b-a77a-4ec4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'trustlive.zyns.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-9cb4-48ce-bc24-4574950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'unix108.jetos.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-3530-456b-bc2d-4781950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'vrdesign.microsoftmse.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-d3ec-4092-8747-4564950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'whoami.x24hr.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ff47-fe38-4ac4-91cc-4f8a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:34:15.000Z",
|
|
|
|
"modified": "2017-06-26T12:34:15.000Z",
|
|
|
|
"description": "Shrouded crossbow",
|
|
|
|
"pattern": "[domain-name:value = 'wikimachine.wikaba.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:34:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-00f8-4b77-98b1-4211950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'dvr.narllab.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-6128-4f7e-aad6-4c80950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'dy.skypetw.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-2f78-4ce0-afaa-4f09950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'emailcrypt.mobwork.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-8da0-46db-ac49-4b28950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'emailgov.mobwork.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-8188-465b-bd21-4b5e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'faq.narllab.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-3560-4ada-b86e-4c60950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'flajp.yahoomit.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-6460-49fc-bfc3-463c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'forest.itaiwans.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-2eb4-488a-bb3c-4ff0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'ftpfr.narllab.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-eea4-4228-b828-40e5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'gmail.faceboktw.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-f4a4-4d57-bc59-4961950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'login.narllab.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-eb70-4123-b13e-4505950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'menu.skypetw.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-c6d4-4c3a-a0f8-4822950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'mus.yahoomit.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-c568-435c-9ba8-4e29950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'norton.faceboktw.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-6ea4-4098-98e8-4bbf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'ntt.capital-db.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-c8a0-40ab-b716-49d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'pccus.narllab.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-8ec4-4cfa-849c-4fcc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'pus.skypetw.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-bf68-4d03-953a-4cc3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'sefsrv.mobwork.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-9128-4ba2-ae3e-4f2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'shopping.wesogo.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-73c8-421a-a220-422b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'smtp.skypetw.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-370c-45bc-aba2-4439950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'sqldb.cksogo.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-36b8-4192-8ee1-49ca950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'usr.narllab.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-9130-48e1-91db-4ee9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'version.vicycle.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-bef4-4c74-933f-4d89950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'voip.narllab.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-0db8-4d52-aec2-4162950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'w2k3-ap01.skypetw.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950ffb9-e5c4-4558-98e4-412c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2017-06-26T12:36:09.000Z",
|
|
|
|
"modified": "2017-06-26T12:36:09.000Z",
|
|
|
|
"description": "Waterbear",
|
|
|
|
"pattern": "[domain-name:value = 'web2008.rutentw.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-26T12:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|