754 lines
30 KiB
JSON
754 lines
30 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5485615b-86f4-4385-a7a3-f894950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:41:22.000Z",
|
||
|
"modified": "2014-12-08T08:41:22.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5485615b-86f4-4385-a7a3-f894950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:41:22.000Z",
|
||
|
"modified": "2014-12-08T08:41:22.000Z",
|
||
|
"name": "OSINT Assorted IOCs associated to Andromeda restlesz.su domain",
|
||
|
"published": "2014-12-08T12:47:37Z",
|
||
|
"object_refs": [
|
||
|
"indicator--54856166-173c-421b-891d-4564950d210b",
|
||
|
"x-misp-attribute--54856172-dac4-463e-a138-cfed950d210b",
|
||
|
"observed-data--54856197-2360-4f83-bdc2-cff0950d210b",
|
||
|
"url--54856197-2360-4f83-bdc2-cff0950d210b",
|
||
|
"observed-data--54856197-78a0-4d72-93bf-cff0950d210b",
|
||
|
"url--54856197-78a0-4d72-93bf-cff0950d210b",
|
||
|
"observed-data--54856198-e240-4e9d-a1be-cff0950d210b",
|
||
|
"url--54856198-e240-4e9d-a1be-cff0950d210b",
|
||
|
"observed-data--54856198-5e34-4dbd-a14c-cff0950d210b",
|
||
|
"url--54856198-5e34-4dbd-a14c-cff0950d210b",
|
||
|
"observed-data--54856198-2060-4164-b451-cff0950d210b",
|
||
|
"url--54856198-2060-4164-b451-cff0950d210b",
|
||
|
"x-misp-attribute--548561be-b478-4529-82e6-d673950d210b",
|
||
|
"indicator--548561f7-83b0-481b-a6a5-d67c950d210b",
|
||
|
"x-misp-attribute--54856204-e5f0-4933-a091-f894950d210b",
|
||
|
"indicator--54856227-8e98-4c29-a195-cfed950d210b",
|
||
|
"indicator--54856227-04b4-4fa4-a1de-cfed950d210b",
|
||
|
"indicator--54856227-fdb8-4be5-9ef9-cfed950d210b",
|
||
|
"indicator--54856227-d1a0-4777-b9de-cfed950d210b",
|
||
|
"indicator--54856227-ed30-449f-a832-cfed950d210b",
|
||
|
"indicator--54856228-59dc-4a34-8cbd-cfed950d210b",
|
||
|
"indicator--54856228-8cf8-4c09-8d45-cfed950d210b",
|
||
|
"indicator--54856228-5888-4f47-ae87-cfed950d210b",
|
||
|
"indicator--54856228-1368-4294-b6cb-cfed950d210b",
|
||
|
"indicator--54856228-7e18-48df-b2a1-cfed950d210b",
|
||
|
"indicator--54856228-1f9c-4a59-9086-cfed950d210b",
|
||
|
"indicator--54856228-7bd0-40f0-a606-cfed950d210b",
|
||
|
"indicator--54856228-0960-4b37-93a6-cfed950d210b",
|
||
|
"indicator--54856228-4c94-4cba-9f5e-cfed950d210b",
|
||
|
"indicator--54856228-bd60-45cd-887c-cfed950d210b",
|
||
|
"indicator--54856228-82b0-4a8d-aefd-cfed950d210b",
|
||
|
"indicator--54856228-5120-43d9-810e-cfed950d210b",
|
||
|
"indicator--54856228-9898-41ea-87e6-cfed950d210b",
|
||
|
"indicator--54856228-595c-48e0-a921-cfed950d210b",
|
||
|
"indicator--54856229-eddc-4fe6-bf7a-cfed950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856166-173c-421b-891d-4564950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:29:26.000Z",
|
||
|
"modified": "2014-12-08T08:29:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'restlesz.su']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:29:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54856172-dac4-463e-a138-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:29:38.000Z",
|
||
|
"modified": "2014-12-08T08:29:38.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--54856197-2360-4f83-bdc2-cff0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:30:15.000Z",
|
||
|
"modified": "2014-12-08T08:30:15.000Z",
|
||
|
"first_observed": "2014-12-08T08:30:15Z",
|
||
|
"last_observed": "2014-12-08T08:30:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--54856197-2360-4f83-bdc2-cff0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--54856197-2360-4f83-bdc2-cff0950d210b",
|
||
|
"value": "https://www.robtex.com/en/advisory/dns/su/restlesz/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--54856197-78a0-4d72-93bf-cff0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:30:15.000Z",
|
||
|
"modified": "2014-12-08T08:30:15.000Z",
|
||
|
"first_observed": "2014-12-08T08:30:15Z",
|
||
|
"last_observed": "2014-12-08T08:30:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--54856197-78a0-4d72-93bf-cff0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--54856197-78a0-4d72-93bf-cff0950d210b",
|
||
|
"value": "http://www.scam.cz/2014/10/account-reviewed-paypal-phishing.html"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--54856198-e240-4e9d-a1be-cff0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:30:16.000Z",
|
||
|
"modified": "2014-12-08T08:30:16.000Z",
|
||
|
"first_observed": "2014-12-08T08:30:16Z",
|
||
|
"last_observed": "2014-12-08T08:30:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--54856198-e240-4e9d-a1be-cff0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--54856198-e240-4e9d-a1be-cff0950d210b",
|
||
|
"value": "http://www.phishtank.com/phish_detail.php?phish_id=2307001&frame=details"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--54856198-5e34-4dbd-a14c-cff0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:30:16.000Z",
|
||
|
"modified": "2014-12-08T08:30:16.000Z",
|
||
|
"first_observed": "2014-12-08T08:30:16Z",
|
||
|
"last_observed": "2014-12-08T08:30:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--54856198-5e34-4dbd-a14c-cff0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--54856198-5e34-4dbd-a14c-cff0950d210b",
|
||
|
"value": "https://www.virustotal.com/en/domain/fe-cc.su/information/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--54856198-2060-4164-b451-cff0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:30:16.000Z",
|
||
|
"modified": "2014-12-08T08:30:16.000Z",
|
||
|
"first_observed": "2014-12-08T08:30:16Z",
|
||
|
"last_observed": "2014-12-08T08:30:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--54856198-2060-4164-b451-cff0950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--54856198-2060-4164-b451-cff0950d210b",
|
||
|
"value": "http://www.phishtank.com/phish_detail.php?phish_id=2295899&frame=details"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--548561be-b478-4529-82e6-d673950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:30:54.000Z",
|
||
|
"modified": "2014-12-08T08:30:54.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Registrant",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "rawixidawax@hotmail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--548561f7-83b0-481b-a6a5-d67c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:31:51.000Z",
|
||
|
"modified": "2014-12-08T08:31:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'devicesta.ru']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:31:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54856204-e5f0-4933-a091-f894950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:04.000Z",
|
||
|
"modified": "2014-12-08T08:32:04.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_comment": "Mostly",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Andromeda"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856227-8e98-4c29-a195-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:39.000Z",
|
||
|
"modified": "2014-12-08T08:32:39.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c3463de6074006586adb8693d50425ca92cf648d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856227-04b4-4fa4-a1de-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:39.000Z",
|
||
|
"modified": "2014-12-08T08:32:39.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '848c0e539ccb63ec255815887d30b00ac6656a79']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856227-fdb8-4be5-9ef9-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:39.000Z",
|
||
|
"modified": "2014-12-08T08:32:39.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f57f3a94d049f322450b45e70e1d40daf83283fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856227-d1a0-4777-b9de-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:39.000Z",
|
||
|
"modified": "2014-12-08T08:32:39.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '40204de2c697c0ba9645c397a4cbeba1fae132b6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856227-ed30-449f-a832-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:39.000Z",
|
||
|
"modified": "2014-12-08T08:32:39.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '375e3ea02f5132e8be658214c421baeeda0c1555']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-59dc-4a34-8cbd-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '0c8b800108969c750d8e99af742f6b92df6952ae']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-8cf8-4c09-8d45-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '0b999e887e055c2804de8c9ccbdf213d2bb8b7aa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-5888-4f47-ae87-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '0ba294c3a6385692c861df04b2981ef853044154']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-1368-4294-b6cb-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '0d5a395056322b94be09f67101eea7a318065a2e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-7e18-48df-b2a1-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e506c4f9e35d8fa04ef5c940165c3c8a05233d73']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-1f9c-4a59-9086-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '3fab1c6258e1732af9c3a1964a1949e9ee46a477']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-7bd0-40f0-a606-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '07c64c49356c2c5ede0293b94ef629155fb64a04']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-0960-4b37-93a6-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '4c46214a92680812bcb33ac363ecb51fca931a15']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-4c94-4cba-9f5e-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '3bb7e8888a3d4453c7953d3b5b9b81e3032e5e77']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-bd60-45cd-887c-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '9fba92bbe22de3efdfa70905df8858705a452852']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-82b0-4a8d-aefd-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '8e031c24a766c655b39cef1ff1b12b2698e69ca9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-5120-43d9-810e-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '351b87826564efebd7fc1c25f9068297d24331a2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-9898-41ea-87e6-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'df7870c693e98b298d5b321400c2c28216e43c5c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856228-595c-48e0-a921-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:40.000Z",
|
||
|
"modified": "2014-12-08T08:32:40.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '5091032c26177dbe8d0cf494f78385290b186d52']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54856229-eddc-4fe6-bf7a-cfed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-12-08T08:32:41.000Z",
|
||
|
"modified": "2014-12-08T08:32:41.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '04edc2f4376fab3b9d34bc117891e6c7f265feac']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-12-08T08:32:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:GREEN",
|
||
|
"definition": {
|
||
|
"tlp": "green"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|