1168 lines
48 KiB
JSON
1168 lines
48 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--56b06135-452c-4b99-bd16-4981950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:28.000Z",
|
||
|
"modified": "2016-02-02T08:17:28.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--56b06135-452c-4b99-bd16-4981950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:28.000Z",
|
||
|
"modified": "2016-02-02T08:17:28.000Z",
|
||
|
"name": "OSINT Puttering into the Future...by Cylance",
|
||
|
"published": "2016-02-02T07:59:03Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--56b06148-c508-4ab5-a5be-4b16950d210f",
|
||
|
"url--56b06148-c508-4ab5-a5be-4b16950d210f",
|
||
|
"indicator--56b06164-c120-447d-b8d1-4f3f950d210f",
|
||
|
"indicator--56b06164-02b4-45c4-9aa8-4e00950d210f",
|
||
|
"indicator--56b06165-f6a8-4880-bc1c-43f7950d210f",
|
||
|
"indicator--56b06165-c70c-401c-b81b-451a950d210f",
|
||
|
"indicator--56b06166-1774-4a90-b9d1-4abb950d210f",
|
||
|
"indicator--56b06166-7080-4d26-9819-44cd950d210f",
|
||
|
"indicator--56b06166-74a4-4aca-bb28-421a950d210f",
|
||
|
"indicator--56b06167-3fd0-43d8-b31a-42ad950d210f",
|
||
|
"indicator--56b06167-b808-4c3f-aa4a-463a950d210f",
|
||
|
"indicator--56b06167-0940-4958-946f-4bd0950d210f",
|
||
|
"indicator--56b06168-aedc-40fa-ae0e-486e950d210f",
|
||
|
"indicator--56b06168-3cac-4d17-bbb6-457d950d210f",
|
||
|
"indicator--56b06168-a1dc-4e1b-a846-4cc7950d210f",
|
||
|
"indicator--56b06168-2908-4815-aadb-4cfb950d210f",
|
||
|
"indicator--56b06169-10b8-4c50-9b3e-4c83950d210f",
|
||
|
"indicator--56b06169-010c-4f5e-9e8e-4646950d210f",
|
||
|
"indicator--56b06169-7578-4e89-b972-4ad0950d210f",
|
||
|
"indicator--56b0616a-212c-430d-b167-421d950d210f",
|
||
|
"indicator--56b0616a-9914-449f-b5c1-42c3950d210f",
|
||
|
"indicator--56b0616a-b0ac-426b-8f4b-4195950d210f",
|
||
|
"indicator--56b06176-b1b0-4f5e-8fa3-49ca950d210f",
|
||
|
"indicator--56b06176-63e8-4b64-856b-417e950d210f",
|
||
|
"indicator--56b06177-804c-423b-8926-4445950d210f",
|
||
|
"vulnerability--56b061b8-019c-4aaa-a529-49bd950d210f",
|
||
|
"indicator--56b061b8-2c6c-480d-9609-436a950d210f",
|
||
|
"indicator--56b061b8-9c04-4a7d-a39e-42e3950d210f",
|
||
|
"indicator--56b061b9-4a64-4a96-b655-4525950d210f",
|
||
|
"indicator--56b061b9-747c-498d-8d40-48c9950d210f",
|
||
|
"indicator--56b061b9-7c4c-47c3-8e7a-4a86950d210f",
|
||
|
"indicator--56b061ba-86c8-41c5-a407-42c2950d210f",
|
||
|
"indicator--56b06618-e46c-4bc8-8290-455102de0b81",
|
||
|
"indicator--56b06619-4b40-4c6b-bc1c-4a2202de0b81",
|
||
|
"observed-data--56b06619-5fb0-4375-8332-4ddd02de0b81",
|
||
|
"url--56b06619-5fb0-4375-8332-4ddd02de0b81",
|
||
|
"indicator--56b06619-e874-432b-b834-4c9702de0b81",
|
||
|
"indicator--56b0661a-7c50-4ea7-a24c-4d9b02de0b81",
|
||
|
"observed-data--56b0661a-1fc0-4d53-ac63-431102de0b81",
|
||
|
"url--56b0661a-1fc0-4d53-ac63-431102de0b81",
|
||
|
"indicator--56b0661a-6624-4a5f-a25f-487602de0b81",
|
||
|
"indicator--56b0661b-08f4-421a-a32b-4db602de0b81",
|
||
|
"observed-data--56b0661b-0834-4bfc-9371-4a1702de0b81",
|
||
|
"url--56b0661b-0834-4bfc-9371-4a1702de0b81",
|
||
|
"indicator--56b0661b-e7c4-46fb-9cbe-4af402de0b81",
|
||
|
"indicator--56b0661c-12a0-418d-996d-4e9102de0b81",
|
||
|
"observed-data--56b0661c-4138-43d3-b531-4f3502de0b81",
|
||
|
"url--56b0661c-4138-43d3-b531-4f3502de0b81",
|
||
|
"indicator--56b0661c-a498-4afe-bbf2-4c2f02de0b81",
|
||
|
"indicator--56b0661d-7f04-4883-be1e-45cb02de0b81",
|
||
|
"observed-data--56b0661d-cf00-4f42-9cf6-403302de0b81",
|
||
|
"url--56b0661d-cf00-4f42-9cf6-403302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56b06148-c508-4ab5-a5be-4b16950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:56:56.000Z",
|
||
|
"modified": "2016-02-02T07:56:56.000Z",
|
||
|
"first_observed": "2016-02-02T07:56:56Z",
|
||
|
"last_observed": "2016-02-02T07:56:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56b06148-c508-4ab5-a5be-4b16950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56b06148-c508-4ab5-a5be-4b16950d210f",
|
||
|
"value": "http://blog.cylance.com/puttering-into-the-future"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06164-c120-447d-b8d1-4f3f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:24.000Z",
|
||
|
"modified": "2016-02-02T07:57:24.000Z",
|
||
|
"pattern": "[domain-name:value = 'accounts-google.firewall-gateway.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06164-02b4-45c4-9aa8-4e00950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:24.000Z",
|
||
|
"modified": "2016-02-02T07:57:24.000Z",
|
||
|
"pattern": "[domain-name:value = 'admin.spdns.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06165-f6a8-4880-bc1c-43f7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:25.000Z",
|
||
|
"modified": "2016-02-02T07:57:25.000Z",
|
||
|
"pattern": "[domain-name:value = 'creatnimei.dyndns-wiki.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06165-c70c-401c-b81b-451a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:25.000Z",
|
||
|
"modified": "2016-02-02T07:57:25.000Z",
|
||
|
"pattern": "[domain-name:value = 'detail43.myfirewall.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06166-1774-4a90-b9d1-4abb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:26.000Z",
|
||
|
"modified": "2016-02-02T07:57:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'docs.google.com.publicvm.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06166-7080-4d26-9819-44cd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:26.000Z",
|
||
|
"modified": "2016-02-02T07:57:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'economy.spdns.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06166-74a4-4aca-bb28-421a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:26.000Z",
|
||
|
"modified": "2016-02-02T07:57:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'economy.spdns.eu']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06167-3fd0-43d8-b31a-42ad950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:27.000Z",
|
||
|
"modified": "2016-02-02T07:57:27.000Z",
|
||
|
"pattern": "[domain-name:value = 'extension.spdns.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06167-b808-4c3f-aa4a-463a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:27.000Z",
|
||
|
"modified": "2016-02-02T07:57:27.000Z",
|
||
|
"pattern": "[domain-name:value = 'firefox.spdns.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06167-0940-4958-946f-4bd0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:27.000Z",
|
||
|
"modified": "2016-02-02T07:57:27.000Z",
|
||
|
"pattern": "[domain-name:value = 'firewallupdate.firewall-gateway.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06168-aedc-40fa-ae0e-486e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:28.000Z",
|
||
|
"modified": "2016-02-02T07:57:28.000Z",
|
||
|
"pattern": "[domain-name:value = 'intersecurity.firewall-gateway.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06168-3cac-4d17-bbb6-457d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:28.000Z",
|
||
|
"modified": "2016-02-02T07:57:28.000Z",
|
||
|
"pattern": "[domain-name:value = 'jdk.spdns.eu']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06168-a1dc-4e1b-a846-4cc7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:28.000Z",
|
||
|
"modified": "2016-02-02T07:57:28.000Z",
|
||
|
"pattern": "[domain-name:value = 'kaspersky.firewall-gateway.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06168-2908-4815-aadb-4cfb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:28.000Z",
|
||
|
"modified": "2016-02-02T07:57:28.000Z",
|
||
|
"pattern": "[domain-name:value = 'kissecurity.firewall-gateway.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06169-10b8-4c50-9b3e-4c83950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:29.000Z",
|
||
|
"modified": "2016-02-02T07:57:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'news.firewall-gateway.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06169-010c-4f5e-9e8e-4646950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:29.000Z",
|
||
|
"modified": "2016-02-02T07:57:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'opero.spdns.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06169-7578-4e89-b972-4ad0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:29.000Z",
|
||
|
"modified": "2016-02-02T07:57:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'sys.firewall-gateway.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b0616a-212c-430d-b167-421d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:30.000Z",
|
||
|
"modified": "2016-02-02T07:57:30.000Z",
|
||
|
"pattern": "[domain-name:value = 'sys.firewall-gateway.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b0616a-9914-449f-b5c1-42c3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:30.000Z",
|
||
|
"modified": "2016-02-02T07:57:30.000Z",
|
||
|
"pattern": "[domain-name:value = 'tally.myfirewall.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b0616a-b0ac-426b-8f4b-4195950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:30.000Z",
|
||
|
"modified": "2016-02-02T07:57:30.000Z",
|
||
|
"pattern": "[domain-name:value = 'zuni.spdns.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06176-b1b0-4f5e-8fa3-49ca950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:42.000Z",
|
||
|
"modified": "2016-02-02T07:57:42.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.129.252.159']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06176-63e8-4b64-856b-417e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:42.000Z",
|
||
|
"modified": "2016-02-02T07:57:42.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.117.229.26']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06177-804c-423b-8926-4445950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:57:43.000Z",
|
||
|
"modified": "2016-02-02T07:57:43.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.169.86.25']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:57:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--56b061b8-019c-4aaa-a529-49bd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:58:48.000Z",
|
||
|
"modified": "2016-02-02T07:58:48.000Z",
|
||
|
"name": "CVE-2012-0158",
|
||
|
"labels": [
|
||
|
"misp:type=\"vulnerability\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2012-0158"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b061b8-2c6c-480d-9609-436a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:58:48.000Z",
|
||
|
"modified": "2016-02-02T07:58:48.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:58:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b061b8-9c04-4a7d-a39e-42e3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:58:48.000Z",
|
||
|
"modified": "2016-02-02T07:58:48.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:58:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b061b9-4a64-4a96-b655-4525950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:58:49.000Z",
|
||
|
"modified": "2016-02-02T07:58:49.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:58:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b061b9-747c-498d-8d40-48c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:58:49.000Z",
|
||
|
"modified": "2016-02-02T07:58:49.000Z",
|
||
|
"pattern": "[file:name = 'Reappraisal_of_India_Tibet_Policy.doc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:58:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b061b9-7c4c-47c3-8e7a-4a86950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:58:49.000Z",
|
||
|
"modified": "2016-02-02T07:58:49.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:58:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b061ba-86c8-41c5-a407-42c2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T07:58:50.000Z",
|
||
|
"modified": "2016-02-02T07:58:50.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T07:58:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06618-e46c-4bc8-8290-455102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:28.000Z",
|
||
|
"modified": "2016-02-02T08:17:28.000Z",
|
||
|
"description": "- Xchecked via VT: 333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9",
|
||
|
"pattern": "[file:hashes.SHA1 = '4ca7d9755344d0f48f5838235d973649f798cf65']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T08:17:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06619-4b40-4c6b-bc1c-4a2202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:29.000Z",
|
||
|
"modified": "2016-02-02T08:17:29.000Z",
|
||
|
"description": "- Xchecked via VT: 333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9",
|
||
|
"pattern": "[file:hashes.MD5 = '2826b38efe609d0abebe83c2588d0825']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T08:17:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56b06619-5fb0-4375-8332-4ddd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:29.000Z",
|
||
|
"modified": "2016-02-02T08:17:29.000Z",
|
||
|
"first_observed": "2016-02-02T08:17:29Z",
|
||
|
"last_observed": "2016-02-02T08:17:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56b06619-5fb0-4375-8332-4ddd02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56b06619-5fb0-4375-8332-4ddd02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9/analysis/1452508817/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b06619-e874-432b-b834-4c9702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:29.000Z",
|
||
|
"modified": "2016-02-02T08:17:29.000Z",
|
||
|
"description": "- Xchecked via VT: 523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b",
|
||
|
"pattern": "[file:hashes.SHA1 = '893dc718a5b798679dc0e527704bd3f7e5ddac73']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T08:17:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b0661a-7c50-4ea7-a24c-4d9b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:30.000Z",
|
||
|
"modified": "2016-02-02T08:17:30.000Z",
|
||
|
"description": "- Xchecked via VT: 523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b",
|
||
|
"pattern": "[file:hashes.MD5 = 'e1de033ce8015a2e529e7c42042108cb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T08:17:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56b0661a-1fc0-4d53-ac63-431102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:30.000Z",
|
||
|
"modified": "2016-02-02T08:17:30.000Z",
|
||
|
"first_observed": "2016-02-02T08:17:30Z",
|
||
|
"last_observed": "2016-02-02T08:17:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56b0661a-1fc0-4d53-ac63-431102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56b0661a-1fc0-4d53-ac63-431102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b/analysis/1453864468/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b0661a-6624-4a5f-a25f-487602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:30.000Z",
|
||
|
"modified": "2016-02-02T08:17:30.000Z",
|
||
|
"description": "- Xchecked via VT: a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6",
|
||
|
"pattern": "[file:hashes.SHA1 = '469b1304be203f796369dd242db10058f9586727']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T08:17:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b0661b-08f4-421a-a32b-4db602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:31.000Z",
|
||
|
"modified": "2016-02-02T08:17:31.000Z",
|
||
|
"description": "- Xchecked via VT: a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6",
|
||
|
"pattern": "[file:hashes.MD5 = '3dda36bb1749b907256f3b8fdfd6da07']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T08:17:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56b0661b-0834-4bfc-9371-4a1702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:31.000Z",
|
||
|
"modified": "2016-02-02T08:17:31.000Z",
|
||
|
"first_observed": "2016-02-02T08:17:31Z",
|
||
|
"last_observed": "2016-02-02T08:17:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56b0661b-0834-4bfc-9371-4a1702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56b0661b-0834-4bfc-9371-4a1702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6/analysis/1453983769/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b0661b-e7c4-46fb-9cbe-4af402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:31.000Z",
|
||
|
"modified": "2016-02-02T08:17:31.000Z",
|
||
|
"description": "- Xchecked via VT: 8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e2126ebc4910ea0308a150466f70534854ec201d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T08:17:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b0661c-12a0-418d-996d-4e9102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:32.000Z",
|
||
|
"modified": "2016-02-02T08:17:32.000Z",
|
||
|
"description": "- Xchecked via VT: 8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e",
|
||
|
"pattern": "[file:hashes.MD5 = '7735e571d0450e2a31e97e4f8e0f66fa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T08:17:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56b0661c-4138-43d3-b531-4f3502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:32.000Z",
|
||
|
"modified": "2016-02-02T08:17:32.000Z",
|
||
|
"first_observed": "2016-02-02T08:17:32Z",
|
||
|
"last_observed": "2016-02-02T08:17:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56b0661c-4138-43d3-b531-4f3502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56b0661c-4138-43d3-b531-4f3502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e/analysis/1437647138/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b0661c-a498-4afe-bbf2-4c2f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:32.000Z",
|
||
|
"modified": "2016-02-02T08:17:32.000Z",
|
||
|
"description": "- Xchecked via VT: 3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520",
|
||
|
"pattern": "[file:hashes.SHA1 = '95cecef175012f145df2e0f8255fe92f55f10414']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T08:17:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56b0661d-7f04-4883-be1e-45cb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:33.000Z",
|
||
|
"modified": "2016-02-02T08:17:33.000Z",
|
||
|
"description": "- Xchecked via VT: 3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520",
|
||
|
"pattern": "[file:hashes.MD5 = 'ea45265fe98b25e719d5a9cc3b412d66']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-02T08:17:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56b0661d-cf00-4f42-9cf6-403302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-02T08:17:33.000Z",
|
||
|
"modified": "2016-02-02T08:17:33.000Z",
|
||
|
"first_observed": "2016-02-02T08:17:33Z",
|
||
|
"last_observed": "2016-02-02T08:17:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56b0661d-cf00-4f42-9cf6-403302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56b0661d-cf00-4f42-9cf6-403302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520/analysis/1453744600/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|