2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5b0d3d49-7be8-4be1-9d15-5d4d0acd0835",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T12:19:16.000Z",
|
|
|
|
"modified": "2018-05-29T12:19:16.000Z",
|
|
|
|
"name": "Synovus Financial",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5b0d3d49-7be8-4be1-9d15-5d4d0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T12:19:16.000Z",
|
|
|
|
"modified": "2018-05-29T12:19:16.000Z",
|
|
|
|
"name": "Talos Blog: Threat Roundup for May 18-25",
|
|
|
|
"published": "2019-05-07T08:24:20Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5b0d3d86-3794-4828-b08a-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-b454-48c3-870d-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-0798-4739-8e37-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-d604-4adc-973c-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-5ef0-4bc5-92e8-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-b1b4-433b-9308-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-c2c8-45c6-b20d-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-3914-4b30-8ece-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-c270-4df3-9443-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-6dfc-4fbe-b62d-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-7554-4a40-9b7a-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-85f4-4140-b3b6-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-287c-4e1f-9247-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-9718-423f-bae5-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-c3f4-4e27-88e3-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-b4c8-4563-9aef-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-e314-4f8a-adff-5c740acd0835",
|
|
|
|
"indicator--5b0d3d86-12cc-4e10-8ca6-5c740acd0835",
|
|
|
|
"indicator--5b0d3d96-e39c-41fc-80b9-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-d03c-4c84-8dc4-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-74cc-4818-b256-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-f32c-471d-b699-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-1fa0-45f7-8e28-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-9a3c-43c1-9c10-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-5700-4f13-a069-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-88d0-4732-a837-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-7f8c-44de-8d31-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-fd08-46b4-91de-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-2cc0-46e3-bc86-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-e0c8-4d8f-b64c-5d880acd0835",
|
|
|
|
"indicator--5b0d3d96-508c-437f-b852-5d880acd0835",
|
|
|
|
"indicator--5b0d3dad-6694-4a12-bf49-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-866c-4fba-aef4-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-8534-4730-9a89-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-afbc-4e55-baea-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-6640-437b-9467-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-402c-47c3-ae54-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-8b20-44c1-9058-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-1454-4656-ab35-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-58a4-4e33-96c1-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-79cc-4bb8-ac4b-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-2178-4fe5-bc48-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-dfcc-444a-bee4-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-b784-4fca-8080-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-d58c-4148-bc19-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-5668-41ab-a4d8-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-4fb8-4126-bad8-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-0aec-4dc3-9dd4-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-5964-4279-8978-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-2008-4653-ad88-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-c23c-4443-bfeb-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-dd5c-4317-a871-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-fa30-488a-98e7-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-8720-4570-a0db-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-7758-4d89-882d-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dad-4038-411c-a59c-5d2b0acd0835",
|
|
|
|
"indicator--5b0d3dd5-67d4-45e6-8f56-5d4d0acd0835",
|
|
|
|
"indicator--5b0d3dd5-a67c-475d-ad6c-5d4d0acd0835",
|
|
|
|
"indicator--5b0d3dd5-8d20-456c-9fed-5d4d0acd0835",
|
|
|
|
"indicator--5b0d3dfb-c540-42aa-9f04-5df00acd0835",
|
|
|
|
"indicator--5b0d3e0c-8334-4228-80f9-5df10acd0835",
|
|
|
|
"indicator--5b0d3e0c-d450-489c-9939-5df10acd0835",
|
|
|
|
"observed-data--5b0d3e26-c800-49a4-b5dc-5c760acd0835",
|
|
|
|
"url--5b0d3e26-c800-49a4-b5dc-5c760acd0835",
|
|
|
|
"indicator--5b0d3e61-4390-47b7-82fa-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-c2cc-4891-983c-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-2a58-4de7-9e95-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-7f18-41b2-9c94-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-a874-46a5-91a7-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-a564-4fe0-a83e-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-8294-406f-95f1-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-6828-4c4c-941e-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-7884-4db8-829f-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-b950-487f-b924-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-9c94-44d9-ba6e-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-240c-4741-b42e-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-c0e4-4d73-8ac8-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-8e24-4da2-b394-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-2ae0-448b-add2-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-8950-4d1e-8f97-5d060acd0835",
|
|
|
|
"indicator--5b0d3e61-5a1c-4a03-834a-5d060acd0835"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-3794-4828-b08a-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2e7d24541da31ab5a130cf7df030e1c3d2ee31241713cd2a55733ac2557888fb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-b454-48c3-870d-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c98038f1367e8fced0f902e73ea97dfe07d6b2863ce5fad439e87f3a75eee2d2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-0798-4739-8e37-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '90c33b025fea52ec12cab793625eccf08fc55e544976d8aeed82c883c78ea8d6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-d604-4adc-973c-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'db88e8ce7f0015c132e1a5924c0d51888b3c7edad698d7dd99a62408dded21d4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-5ef0-4bc5-92e8-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '77f546ee92e7466eb3950374e5afad7af73daed911af1c17482b6ab0abb44500']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-b1b4-433b-9308-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '38fa0b6386e446ee7e1678f3a883bdc93681d5038da66486cfea4a2d9d9c4fc0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-c2c8-45c6-b20d-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1b6d23ded662ec5bfb5d34904fda6f337be2069557dddc139e69d48672bf5c96']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-3914-4b30-8ece-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1f3f15ea6539c98148ef586de273b29d698986317354f2312e2dba6c4c5c5cbb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-c270-4df3-9443-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '87cd1118be63b7fc999c715f5a54877b72db273cff33d95427518a489959a755']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-6dfc-4fbe-b62d-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c7f53968de7b8c7c0f8311c9df55717844afe6f63a8e4ab7f0fddc6b31c5aa7e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-7554-4a40-9b7a-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a9ae093f49608d3220681a69f8873156369f86a4b5dbb135a5ed295dfb01a6df']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-85f4-4140-b3b6-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3c2c7e48c16c4f9ba5238d397243f0aac758a37feea57f08ae0df78a957324da']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-287c-4e1f-9247-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b666016a21c083b8e528f8175ae2d6417ba2ec3e5dc2a6336e29e52efe960a89']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-9718-423f-bae5-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'aed6353688be80e822dd4d9c214d939632fe0db9930a3149b7bc865c9daa5b01']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-c3f4-4e27-88e3-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b5eee79eb0cddb48fedce82ed4ae4ba364b995a97c536d528c739b01d7503eb4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-b4c8-4563-9aef-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bb8213867ea8ba9a16071d4e4f817fdf66f70e2a18a7fea1791efa885701ba87']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-e314-4f8a-adff-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '27d159cc11b0eab97c37e8cde3c13cd2d7e9720e7ffa41a7e8451d08c8e9da0a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d86-12cc-4e10-8ca6-5c740acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:14.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:14.000Z",
|
|
|
|
"description": "Win.Dropper.Fareit-6544485-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '47f7b3ccdc0a8a91da054181d31a15f756762608e577750bd4c90c892fd47768']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-e39c-41fc-80b9-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'cf30e3d3df78f487c056a09d220ea29ee17f1478304146f1395dcd4273db6deb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-d03c-4c84-8dc4-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ad71f36a2cfdd5cd113a12009ef4e56e21fe028ac449841ab2effa87292292ec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-74cc-4818-b256-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8c28892b44b95c2f04ceedb0be68e8fdaa6eb444b2f1fd9f1db5eed9be8a4147']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-f32c-471d-b699-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5761e20e73dadf7be05f7fafcb40d9b816885c8331fc69448eab3965ac8ae940']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-1fa0-45f7-8e28-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c6739a0e1151cb69ab43089901da6c5f1b932dc41048d02e4bd242b0e38e91fc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-9a3c-43c1-9c10-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '422851acbc75b521896e06a5158e32d94a0a652212843fd87a00d88bc47dc52a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-5700-4f13-a069-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3e7df4da29ac871c46a77e4bbc4dc1c080f73370a7db820cd6fc87884db7bf89']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-88d0-4732-a837-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '80382158e2bb303c7e046d5144fa0f49d3c525f84fde81f4bb9fbb8e162927f5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-7f8c-44de-8d31-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5a6a4807e91e3a706999d60a44cadd362f89ec94ff19088b24aad9239c676f78']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-fd08-46b4-91de-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'cec042b98f1ca6d223a4a3ce911098493ef656c7f628e0404325b5f143fd26b8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-2cc0-46e3-bc86-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5c712a999755291a8cd0204a2e18cf876117e10074d89c8ba1f4fbafaf4fcaf0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-e0c8-4d8f-b64c-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e4b12046b82cdf5a6d30f08b11134e3e1caf321fabd2424f2c3873041eb1c1b0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3d96-508c-437f-b852-5d880acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:30.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5a74303325990d5beb7f46f91429a6178fb1fbb0daf64e82d72906608b8a1e90']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-6694-4a12-bf49-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0a5fe807dec1750e12787b96aa1fb5f8ddfc46f48d36af32049a2f1750ae9bff']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-866c-4fba-aef4-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '81102d69100b4ee91bd1247a22ed5959f2da57c2bcc064bdd531264284a8763e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-8534-4730-9a89-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1e7bfdd44e0e8331ce3f03cb37b6ae8f30667a4ab0fc5fa7b417cc9feeb4a7f8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-afbc-4e55-baea-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f573a18c7b57275b2737e62c5c0468acf688a9c2fad9a3c5b83d5209bc96cceb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-6640-437b-9467-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c08e6b6708db6621a434275fa085516873cdd6ff39e818b741891b2377dfca2d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-402c-47c3-ae54-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ef50d5e5dcc2a1ea6f546304b266b5c8960b0ee9c87305fc63c3cca26019d7d6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-8b20-44c1-9058-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '800a0533147b774a1fd6940e948772ec20114ad4d2856ae1160dd09708695b38']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-1454-4656-ab35-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a4f236efc26615e3ade5ff9c961d698b0aafc40b1b257a441dccd8ca060dfa90']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-58a4-4e33-96c1-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2f6f1cf599cef00e89b826b408f62d0949dc3dd8a1f6ef7b64a4d3368f7f0e6b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-79cc-4bb8-ac4b-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '554098adf01c6e799494a0415fff359bce2cf1543c23d7b46c464c9ec49982d6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-2178-4fe5-bc48-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ac1164f631b5ca03ee6e2dd39a492ca0b49c9d14a2ae4b2714e135ed48669dbf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-dfcc-444a-bee4-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8054fdaa9d6c198ee592d03b236c3e78272f699e3149b288f8a1a4109a5aadd9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-b784-4fca-8080-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd721a98df1592e152d2a096ca936bbe776d76e013478ceebac99114b07330e89']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-d58c-4148-bc19-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '743375f8d3d42ed1fb2b02193e4366d718edd0b8b6b70ad0c69d937392bb82c9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-5668-41ab-a4d8-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '524c3716396d539e0ab0b4801fe784e81a32395a9ce0222cd4ab8348831c2a70']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-4fb8-4126-bad8-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '44eeef3be66e7530c1201ade7a5e9e8ea15066bc91916173aa104d4576ce4b18']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-0aec-4dc3-9dd4-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '94afc3856a03eab297025cfc6f5f3ed81cb81a925b745103b619d409baeb4b13']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-5964-4279-8978-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9148c9000dfd4a1fe9a1fb64301c84eba312b578bc2c605ca1644169f8ab8916']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-2008-4653-ad88-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '572fd355a7ee18c8c3b3f14f4864597038eb76beca81527128e4eeba0d630706']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-c23c-4443-bfeb-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '54765436d9bfea2116fbff7a9069e4ca643f55eb5e722237cdd5d3a350e4b0ac']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-dd5c-4317-a871-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7b4abf2b425c28e2130cb43022fb18ca52c545f28cd74fff09db9a6ff4082b56']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-fa30-488a-98e7-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0698f016609e0c86abe57e6e5ebb547802d3ac77ac63714cfdbe0eb3c8eece03']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-8720-4570-a0db-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e35d8a62870f2d1ab0fb56fe6e35fb50f980aa2dc83c01e8509b4fed170ee1b4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-7758-4d89-882d-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7b7bce1098190011792b81b744fb21870fc99f3060882112a305b153d7140d4a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dad-4038-411c-a59c-5d2b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:46:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:46:53.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2b0fb049cb28726bef4586260e67d28e627ddc5421691d0fd32cce9a487d35ce']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:46:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dd5-67d4-45e6-8f56-5d4d0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:47:33.000Z",
|
|
|
|
"modified": "2018-05-29T11:47:33.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.28.21.191']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:47:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dd5-a67c-475d-ad6c-5d4d0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:47:33.000Z",
|
|
|
|
"modified": "2018-05-29T11:47:33.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.28.20.191']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:47:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dd5-8d20-456c-9fed-5d4d0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:47:33.000Z",
|
|
|
|
"modified": "2018-05-29T11:47:33.000Z",
|
|
|
|
"description": "Win.Dropper.Snojan-6553195-0",
|
|
|
|
"pattern": "[domain-name:value = 'reason0monster-meadow.tk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:47:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3dfb-c540-42aa-9f04-5df00acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:48:11.000Z",
|
|
|
|
"modified": "2018-05-29T11:48:11.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[domain-name:value = 'ec2-35-158-168-189.eu-central-1.compute.amazonaws.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:48:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e0c-8334-4228-80f9-5df10acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:32.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:32.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.42.242.245']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e0c-d450-489c-9939-5df10acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:30.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:30.000Z",
|
|
|
|
"description": "Win.Dropper.Icloader-6553203-0",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '35.158.168.189']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5b0d3e26-c800-49a4-b5dc-5c760acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:48:54.000Z",
|
|
|
|
"modified": "2018-05-29T11:48:54.000Z",
|
|
|
|
"first_observed": "2018-05-29T11:48:54Z",
|
|
|
|
"last_observed": "2018-05-29T11:48:54Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5b0d3e26-c800-49a4-b5dc-5c760acd0835"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5b0d3e26-c800-49a4-b5dc-5c760acd0835",
|
|
|
|
"value": "https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-4390-47b7-82fa-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '723a41aee74c1dbda6649f6b4d97836d1eca0d5c82b36b3215abb0ee6559bf6a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-c2cc-4891-983c-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '27a498db8bf71b58aa53acbe01e96d9c5823badf808dfe201a566ab2f510af10']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-2a58-4de7-9e95-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fecd0ee9dde36132141660d0d6bdf70ae9c8de12f982a3eba3d187934553892a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-7f18-41b2-9c94-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b7fb44c2c32afad596829db9aee32e6e97710435b5e48b78a4dab12b22a723f1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-a874-46a5-91a7-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e40b578a8122101de0df16884f1dfd08d1a1b49a47bf5c39ede5ece9573a03c9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-a564-4fe0-a83e-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8e35333bc6db1fed6d63b0da78a84dbc422a5b403975ed5513b8eab4670dbbab']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-8294-406f-95f1-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '340bd1ed4f96ca6f3877a57493fa647ff155045d28026d998e75a1225bdc5e62']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-6828-4c4c-941e-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b6b9c98e7b2f61ecb6710d8415d02db230732f6b7b972fcb41ebcebcde256b41']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-7884-4db8-829f-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '47acb7051c8a0bc9c30f5691fae38750a25714d4fec10bcbcb2092559784fc30']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-b950-487f-b924-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fad370e039e311cb76ca9d100f77409f3145a000e1b951b54bfd08fa4df07828']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-9c94-44d9-ba6e-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ad0c94d8bb7fa915a87895ef17fb96446c045b4a4c78c0b67171752615ae48e6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-240c-4741-b42e-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '070308a72056f5eb6ed95cf22fe97a582bacf825e31c0f0a7826ece1b604186e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-c0e4-4d73-8ac8-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '17abdd1ae8ca74e061c6b3f2ef93c70a0278cf6fd272f186de43f6c3a605c61b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-8e24-4da2-b394-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5a6c010c9f54051c031aab95f1c9237553569d5d29638f163ef75b62ecf97e36']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-2ae0-448b-add2-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '75bec7ec1132adefb053663c654569d65874cf829ac4180748d7df2b7cb8bdb4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-8950-4d1e-8f97-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '18d8a4dd9fe6949724546b197809f9c0f9542f1dbc6aded5462b7e0aee35c7f8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b0d3e61-5a1c-4a03-834a-5d060acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-05-29T11:49:53.000Z",
|
|
|
|
"modified": "2018-05-29T11:49:53.000Z",
|
|
|
|
"description": "Win.Dropper.Zbot-6553346-0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '36a22ec97078427aff2fc35483a637e24188c371b8cfba6dac01377b06d634a7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-05-29T11:49:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|