1641 lines
7.2 MiB
JSON
1641 lines
7.2 MiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--58539031-aa78-4da1-9289-487102de0b81",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-17T08:59:32.000Z",
|
||
|
"modified": "2016-12-17T08:59:32.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--58539031-aa78-4da1-9289-487102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-17T08:59:32.000Z",
|
||
|
"modified": "2016-12-17T08:59:32.000Z",
|
||
|
"name": "OSINT - PROMETHIUM and NEODYMIUM: Parallel zeroday attacks targeting individuals in Europe",
|
||
|
"published": "2016-12-17T08:59:47Z",
|
||
|
"object_refs": [
|
||
|
"vulnerability--5853905d-4928-46d4-b210-41c102de0b81",
|
||
|
"indicator--58539081-8128-43ed-8788-416002de0b81",
|
||
|
"indicator--58539081-56ac-408a-8216-4a0902de0b81",
|
||
|
"indicator--58539082-1e00-49f3-abf3-411702de0b81",
|
||
|
"indicator--585390a4-ef50-4aad-8ed4-443102de0b81",
|
||
|
"indicator--585390a4-1c90-412f-abbe-46dc02de0b81",
|
||
|
"indicator--585390a4-72d8-4ce8-80fe-41d902de0b81",
|
||
|
"indicator--585390a5-0688-4cb5-be33-4a0702de0b81",
|
||
|
"indicator--585390a5-6f74-4410-847c-4fc302de0b81",
|
||
|
"indicator--585390a5-24b0-4f30-9ca9-4f3b02de0b81",
|
||
|
"indicator--585390a5-5e24-4734-92f7-406d02de0b81",
|
||
|
"indicator--585390a6-4578-49fc-a09b-42e302de0b81",
|
||
|
"indicator--585390a6-c264-48a7-9321-4db202de0b81",
|
||
|
"indicator--585390a6-fa5c-45f4-a560-494f02de0b81",
|
||
|
"indicator--585390a6-2c98-457d-a40b-42c402de0b81",
|
||
|
"indicator--585390a7-6588-493d-b875-4b4202de0b81",
|
||
|
"indicator--585390a7-7e3c-4018-a3e6-4ed502de0b81",
|
||
|
"indicator--585390a7-3e68-43ef-b491-485e02de0b81",
|
||
|
"indicator--585390a7-a39c-4b48-ac55-473302de0b81",
|
||
|
"indicator--585390a8-18e0-40c6-b563-4d4002de0b81",
|
||
|
"indicator--585390a8-9ecc-468c-b2ca-41ac02de0b81",
|
||
|
"indicator--585390a8-5388-4043-80cb-4a1c02de0b81",
|
||
|
"indicator--585390b7-1340-4e40-9d74-4df502de0b81",
|
||
|
"indicator--585390b7-9150-4e98-b4b4-44f902de0b81",
|
||
|
"indicator--585390ce-a3ac-4c9e-8782-4aaf02de0b81",
|
||
|
"indicator--585390ce-e2c8-4feb-a41c-430c02de0b81",
|
||
|
"indicator--585390ce-1428-49f4-ad6e-4efa02de0b81",
|
||
|
"indicator--585390cf-8664-47c7-bf36-4d8202de0b81",
|
||
|
"indicator--585390cf-c15c-4c84-9bc5-45ce02de0b81",
|
||
|
"indicator--585390cf-f728-4204-bf18-4f3802de0b81",
|
||
|
"indicator--585390d0-6a08-4853-8df0-498902de0b81",
|
||
|
"indicator--585390ef-3858-4e86-b0c0-4cff02de0b81",
|
||
|
"indicator--585390ef-4a30-4d0f-a2a6-400502de0b81",
|
||
|
"indicator--585390ef-0774-45c4-befe-4fb202de0b81",
|
||
|
"indicator--585390f0-d98c-4528-a053-4bfc02de0b81",
|
||
|
"indicator--585390f0-de28-4da3-84a0-4fb102de0b81",
|
||
|
"indicator--585390f1-17d0-45c1-92a3-4a4402de0b81",
|
||
|
"indicator--58539106-92a8-4745-9c0a-4a5602de0b81",
|
||
|
"indicator--58539106-8824-4570-b6c9-448502de0b81",
|
||
|
"observed-data--58539107-9978-4652-9132-46dc02de0b81",
|
||
|
"url--58539107-9978-4652-9132-46dc02de0b81",
|
||
|
"indicator--58539107-fac4-4b1e-b260-4ce402de0b81",
|
||
|
"indicator--58539107-e068-4fdb-a005-405202de0b81",
|
||
|
"observed-data--58539107-e354-4d13-92a8-461202de0b81",
|
||
|
"url--58539107-e354-4d13-92a8-461202de0b81",
|
||
|
"indicator--58539108-4fa0-4c24-9d14-4f6b02de0b81",
|
||
|
"indicator--58539108-5080-48ac-9474-4ac802de0b81",
|
||
|
"observed-data--58539108-9f40-41a0-a730-406502de0b81",
|
||
|
"url--58539108-9f40-41a0-a730-406502de0b81",
|
||
|
"indicator--58539108-2aa4-424f-8ac9-4eae02de0b81",
|
||
|
"indicator--58539108-22bc-497d-8cd2-433102de0b81",
|
||
|
"observed-data--58539109-f4c0-442a-8cbe-401502de0b81",
|
||
|
"url--58539109-f4c0-442a-8cbe-401502de0b81",
|
||
|
"indicator--58539109-0c7c-4505-bd31-43e902de0b81",
|
||
|
"indicator--58539109-0218-4b25-a54f-42e802de0b81",
|
||
|
"observed-data--58539109-dfa8-4107-ac61-4ea802de0b81",
|
||
|
"url--58539109-dfa8-4107-ac61-4ea802de0b81",
|
||
|
"indicator--5853910a-af4c-4b6e-aa08-42fc02de0b81",
|
||
|
"indicator--5853910a-6c60-4379-9dc3-4ce302de0b81",
|
||
|
"observed-data--5853910a-7d90-48b9-bee5-41c902de0b81",
|
||
|
"url--5853910a-7d90-48b9-bee5-41c902de0b81",
|
||
|
"indicator--5853910a-36b0-4240-8fff-4d0902de0b81",
|
||
|
"indicator--5853910b-3f30-4146-bbc8-4e5902de0b81",
|
||
|
"observed-data--5853910b-20b8-46f6-9bb7-4c9202de0b81",
|
||
|
"url--5853910b-20b8-46f6-9bb7-4c9202de0b81",
|
||
|
"indicator--5853910b-f2e0-475a-9799-4ead02de0b81",
|
||
|
"indicator--5853910b-bf10-4200-8856-4b6602de0b81",
|
||
|
"observed-data--5853910b-3d00-4dcf-a1b6-4c4202de0b81",
|
||
|
"url--5853910b-3d00-4dcf-a1b6-4c4202de0b81",
|
||
|
"observed-data--58539167-e790-4e4c-9363-4cce02de0b81",
|
||
|
"file--58539167-e790-4e4c-9363-4cce02de0b81",
|
||
|
"artifact--58539167-e790-4e4c-9363-4cce02de0b81",
|
||
|
"observed-data--5854fe74-7f0c-4b2a-b258-4a0b950d210f",
|
||
|
"url--5854fe74-7f0c-4b2a-b258-4a0b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"misp-galaxy:threat-actor=\"PROMETHIUM\"",
|
||
|
"misp-galaxy:threat-actor=\"NEODYMIUM\"",
|
||
|
"ecsirt:malicious-code=\"malware\"",
|
||
|
"osint:source-type=\"technical-report\"",
|
||
|
"osint:source-type=\"blog-post\"",
|
||
|
"misp-galaxy:microsoft-activity-group=\"PROMETHIUM\"",
|
||
|
"misp-galaxy:microsoft-activity-group=\"NEODYMIUM\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--5853905d-4928-46d4-b210-41c102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:57:33.000Z",
|
||
|
"modified": "2016-12-16T06:57:33.000Z",
|
||
|
"name": "CVE-2016-4117",
|
||
|
"labels": [
|
||
|
"misp:type=\"vulnerability\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2016-4117"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539081-8128-43ed-8788-416002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:09.000Z",
|
||
|
"modified": "2016-12-16T06:58:09.000Z",
|
||
|
"description": "Malicious document",
|
||
|
"pattern": "[file:hashes.SHA1 = '21a3862dfe21d6b216359c6baa3d3c2beb50c7a3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539081-56ac-408a-8216-4a0902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:09.000Z",
|
||
|
"modified": "2016-12-16T06:58:09.000Z",
|
||
|
"description": "Malicious document",
|
||
|
"pattern": "[file:hashes.SHA1 = '0b16135d008f6952df0caca104449c33d736e5fc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539082-1e00-49f3-abf3-411702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:10.000Z",
|
||
|
"modified": "2016-12-16T06:58:10.000Z",
|
||
|
"description": "Malicious document",
|
||
|
"pattern": "[file:hashes.SHA1 = '0852aa6b8df78069d75fa2f09b53d4476cdd252b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a4-ef50-4aad-8ed4-443102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:44.000Z",
|
||
|
"modified": "2016-12-16T06:58:44.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = '05dbe59a7690e28ca295e0f939a0c1213cb42eb0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a4-1c90-412f-abbe-46dc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:44.000Z",
|
||
|
"modified": "2016-12-16T06:58:44.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = '3c2c7ac8fddbc3ee25ce0f73f01e668855ccdb80']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a4-72d8-4ce8-80fe-41d902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:44.000Z",
|
||
|
"modified": "2016-12-16T06:58:44.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = '211a111586cb5914876adb929ccae736928d8363']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a5-0688-4cb5-be33-4a0702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:45.000Z",
|
||
|
"modified": "2016-12-16T06:58:45.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c972bf5751438c99fe3e02ecacf6fa759388c40e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a5-6f74-4410-847c-4fc302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:45.000Z",
|
||
|
"modified": "2016-12-16T06:58:45.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = '72722073f0adba1919dc31ffa26638555ad5867f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a5-24b0-4f30-9ca9-4f3b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:45.000Z",
|
||
|
"modified": "2016-12-16T06:58:45.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = '2fb49455d65ad8baf18e3c604cd1b992b7ebbefa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a5-5e24-4734-92f7-406d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:45.000Z",
|
||
|
"modified": "2016-12-16T06:58:45.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f41b999f41312f2a0fe4eaf08e90824f73e0e186']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a6-4578-49fc-a09b-42e302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:46.000Z",
|
||
|
"modified": "2016-12-16T06:58:46.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd8d54574a082162220c3c2f3d3f4c1b1bd4d6255']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a6-c264-48a7-9321-4db202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:46.000Z",
|
||
|
"modified": "2016-12-16T06:58:46.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = '86580603f5e1d817af87e8bf3ba4dc4ea9e3069d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a6-fa5c-45f4-a560-494f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:46.000Z",
|
||
|
"modified": "2016-12-16T06:58:46.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cb5d0d1d557a1266f77357a951358c78196e97ff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a6-2c98-457d-a40b-42c402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:46.000Z",
|
||
|
"modified": "2016-12-16T06:58:46.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd75d12d250e7a36f9ef1173d630a0059b8ea5349']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a7-6588-493d-b875-4b4202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:47.000Z",
|
||
|
"modified": "2016-12-16T06:58:47.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a77db6e89d604eabf29a6114a30345a705b05107']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a7-7e3c-4018-a3e6-4ed502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:47.000Z",
|
||
|
"modified": "2016-12-16T06:58:47.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b32b0d52fff7c09c60bb64bc396dc7522a457399']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a7-3e68-43ef-b491-485e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:47.000Z",
|
||
|
"modified": "2016-12-16T06:58:47.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ade19bde9716770bef84ce4414a45c0462c2eba2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a7-a39c-4b48-ac55-473302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:47.000Z",
|
||
|
"modified": "2016-12-16T06:58:47.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e4d82ab117b86fd44c02ff3289976d15a9d9ced4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a8-18e0-40c6-b563-4d4002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:48.000Z",
|
||
|
"modified": "2016-12-16T06:58:48.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = '88cb78d99fa0275db8123c17a2bd3b3d58f541da']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a8-9ecc-468c-b2ca-41ac02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:48.000Z",
|
||
|
"modified": "2016-12-16T06:58:48.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a248f9ad5d757d589a06a253dc46637f4128eea9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390a8-5388-4043-80cb-4a1c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:58:48.000Z",
|
||
|
"modified": "2016-12-16T06:58:48.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[file:hashes.SHA1 = '532b0d52fff7c09c60bb64bc396dc7522a457399']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:58:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390b7-1340-4e40-9d74-4df502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:03.000Z",
|
||
|
"modified": "2016-12-16T06:59:03.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[domain-name:value = 'srv601.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390b7-9150-4e98-b4b4-44f902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:03.000Z",
|
||
|
"modified": "2016-12-16T06:59:03.000Z",
|
||
|
"description": "Wingbird",
|
||
|
"pattern": "[domain-name:value = 'srv602.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390ce-a3ac-4c9e-8782-4aaf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:26.000Z",
|
||
|
"modified": "2016-12-16T06:59:26.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[file:hashes.SHA1 = '980d96d83f0bae8132fd13eb7d0e799999141492']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390ce-e2c8-4feb-a41c-430c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:26.000Z",
|
||
|
"modified": "2016-12-16T06:59:26.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[file:hashes.SHA1 = '7ab2d32b2603c2b12e814264230572584e157d42']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390ce-1428-49f4-ad6e-4efa02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:26.000Z",
|
||
|
"modified": "2016-12-16T06:59:26.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a4f72ee3d337e5a0db78f33fd31958b41e9e9d4f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390cf-8664-47c7-bf36-4d8202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:27.000Z",
|
||
|
"modified": "2016-12-16T06:59:27.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[file:hashes.SHA1 = '6de50cf42cd3ff8429a405e9c62d38c11fb2edd6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390cf-c15c-4c84-9bc5-45ce02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:27.000Z",
|
||
|
"modified": "2016-12-16T06:59:27.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[file:hashes.SHA1 = '8d847ea0ffa06b8d48bbd9c943c50b05b23d310b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390cf-f728-4204-bf18-4f3802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:27.000Z",
|
||
|
"modified": "2016-12-16T06:59:27.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[file:hashes.SHA1 = '7047ed9ae510377f4625db256e52af02694ef153']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390d0-6a08-4853-8df0-498902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:28.000Z",
|
||
|
"modified": "2016-12-16T06:59:28.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bb66c7d655021234ede01bc59e808c6b8f3fa91b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390ef-3858-4e86-b0c0-4cff02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:59.000Z",
|
||
|
"modified": "2016-12-16T06:59:59.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[domain-name:value = 'www.updatesync.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390ef-4a30-4d0f-a2a6-400502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:59.000Z",
|
||
|
"modified": "2016-12-16T06:59:59.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[domain-name:value = 'www.svnservices.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390ef-0774-45c4-befe-4fb202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T06:59:59.000Z",
|
||
|
"modified": "2016-12-16T06:59:59.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[domain-name:value = 'ftp.mynetenergy.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T06:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390f0-d98c-4528-a053-4bfc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:00.000Z",
|
||
|
"modified": "2016-12-16T07:00:00.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[domain-name:value = 'www.windriversupport.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390f0-de28-4da3-84a0-4fb102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:00.000Z",
|
||
|
"modified": "2016-12-16T07:00:00.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[domain-name:value = 'www.truecrypte.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--585390f1-17d0-45c1-92a3-4a4402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:01.000Z",
|
||
|
"modified": "2016-12-16T07:00:01.000Z",
|
||
|
"description": "Truvasys",
|
||
|
"pattern": "[domain-name:value = 'www.edicupd002.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539106-92a8-4745-9c0a-4a5602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:22.000Z",
|
||
|
"modified": "2016-12-16T07:00:22.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: bb66c7d655021234ede01bc59e808c6b8f3fa91b",
|
||
|
"pattern": "[file:hashes.SHA256 = '15ededb19ec5ab6f03db1106d2ccdeeacacdb8cd708518d065cacb1b0d7e955d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539106-8824-4570-b6c9-448502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:22.000Z",
|
||
|
"modified": "2016-12-16T07:00:22.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: bb66c7d655021234ede01bc59e808c6b8f3fa91b",
|
||
|
"pattern": "[file:hashes.MD5 = 'f680654dd3421941cd46d6875bd501a6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58539107-9978-4652-9132-46dc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:23.000Z",
|
||
|
"modified": "2016-12-16T07:00:23.000Z",
|
||
|
"first_observed": "2016-12-16T07:00:23Z",
|
||
|
"last_observed": "2016-12-16T07:00:23Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58539107-9978-4652-9132-46dc02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58539107-9978-4652-9132-46dc02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/15ededb19ec5ab6f03db1106d2ccdeeacacdb8cd708518d065cacb1b0d7e955d/analysis/1481869936/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539107-fac4-4b1e-b260-4ce402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:23.000Z",
|
||
|
"modified": "2016-12-16T07:00:23.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: 7047ed9ae510377f4625db256e52af02694ef153",
|
||
|
"pattern": "[file:hashes.SHA256 = '2f98ac11c78ad1b4c5c5c10a88857baf7af43acb9162e8077709db9d563bcf02']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539107-e068-4fdb-a005-405202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:23.000Z",
|
||
|
"modified": "2016-12-16T07:00:23.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: 7047ed9ae510377f4625db256e52af02694ef153",
|
||
|
"pattern": "[file:hashes.MD5 = '2041cc8de9dab93b44434d7f748c63ad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58539107-e354-4d13-92a8-461202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:23.000Z",
|
||
|
"modified": "2016-12-16T07:00:23.000Z",
|
||
|
"first_observed": "2016-12-16T07:00:23Z",
|
||
|
"last_observed": "2016-12-16T07:00:23Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58539107-e354-4d13-92a8-461202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58539107-e354-4d13-92a8-461202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2f98ac11c78ad1b4c5c5c10a88857baf7af43acb9162e8077709db9d563bcf02/analysis/1476225590/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539108-4fa0-4c24-9d14-4f6b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:24.000Z",
|
||
|
"modified": "2016-12-16T07:00:24.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: 8d847ea0ffa06b8d48bbd9c943c50b05b23d310b",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e12031da58c0b08e8b610c3786ca2b66fcfea8ddc9ac558d08a29fd27e95a3e7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539108-5080-48ac-9474-4ac802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:24.000Z",
|
||
|
"modified": "2016-12-16T07:00:24.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: 8d847ea0ffa06b8d48bbd9c943c50b05b23d310b",
|
||
|
"pattern": "[file:hashes.MD5 = 'b31ea9acb9d35d9631e316a93a723ec6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58539108-9f40-41a0-a730-406502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:24.000Z",
|
||
|
"modified": "2016-12-16T07:00:24.000Z",
|
||
|
"first_observed": "2016-12-16T07:00:24Z",
|
||
|
"last_observed": "2016-12-16T07:00:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58539108-9f40-41a0-a730-406502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58539108-9f40-41a0-a730-406502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e12031da58c0b08e8b610c3786ca2b66fcfea8ddc9ac558d08a29fd27e95a3e7/analysis/1481869015/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539108-2aa4-424f-8ac9-4eae02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:24.000Z",
|
||
|
"modified": "2016-12-16T07:00:24.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: 6de50cf42cd3ff8429a405e9c62d38c11fb2edd6",
|
||
|
"pattern": "[file:hashes.SHA256 = 'dbd8cbbaf59d19cf7566042945e36409cd090bc711e339d3f2ec652bc26d6a03']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539108-22bc-497d-8cd2-433102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:24.000Z",
|
||
|
"modified": "2016-12-16T07:00:24.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: 6de50cf42cd3ff8429a405e9c62d38c11fb2edd6",
|
||
|
"pattern": "[file:hashes.MD5 = 'c43accf1c69c3020583aa587924ac9a5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58539109-f4c0-442a-8cbe-401502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:25.000Z",
|
||
|
"modified": "2016-12-16T07:00:25.000Z",
|
||
|
"first_observed": "2016-12-16T07:00:25Z",
|
||
|
"last_observed": "2016-12-16T07:00:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58539109-f4c0-442a-8cbe-401502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58539109-f4c0-442a-8cbe-401502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/dbd8cbbaf59d19cf7566042945e36409cd090bc711e339d3f2ec652bc26d6a03/analysis/1481833653/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539109-0c7c-4505-bd31-43e902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:25.000Z",
|
||
|
"modified": "2016-12-16T07:00:25.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: a4f72ee3d337e5a0db78f33fd31958b41e9e9d4f",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a8b7e3edaa18c6127e98741503c3a2a66b7720d2abd967c94b8a5f2e99575ac5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58539109-0218-4b25-a54f-42e802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:25.000Z",
|
||
|
"modified": "2016-12-16T07:00:25.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: a4f72ee3d337e5a0db78f33fd31958b41e9e9d4f",
|
||
|
"pattern": "[file:hashes.MD5 = '9a313b0c9f9fe6636826d57eed48f9af']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58539109-dfa8-4107-ac61-4ea802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:25.000Z",
|
||
|
"modified": "2016-12-16T07:00:25.000Z",
|
||
|
"first_observed": "2016-12-16T07:00:25Z",
|
||
|
"last_observed": "2016-12-16T07:00:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58539109-dfa8-4107-ac61-4ea802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58539109-dfa8-4107-ac61-4ea802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a8b7e3edaa18c6127e98741503c3a2a66b7720d2abd967c94b8a5f2e99575ac5/analysis/1481807924/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5853910a-af4c-4b6e-aa08-42fc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:26.000Z",
|
||
|
"modified": "2016-12-16T07:00:26.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: 7ab2d32b2603c2b12e814264230572584e157d42",
|
||
|
"pattern": "[file:hashes.SHA256 = '1aef507c385a234e8b10db12852ad1bd66a04730451547b2dcb26f7fae16e01f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5853910a-6c60-4379-9dc3-4ce302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:26.000Z",
|
||
|
"modified": "2016-12-16T07:00:26.000Z",
|
||
|
"description": "Truvasys - Xchecked via VT: 7ab2d32b2603c2b12e814264230572584e157d42",
|
||
|
"pattern": "[file:hashes.MD5 = '85b60957872f7e03089ef7c758020e61']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5853910a-7d90-48b9-bee5-41c902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:26.000Z",
|
||
|
"modified": "2016-12-16T07:00:26.000Z",
|
||
|
"first_observed": "2016-12-16T07:00:26Z",
|
||
|
"last_observed": "2016-12-16T07:00:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5853910a-7d90-48b9-bee5-41c902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5853910a-7d90-48b9-bee5-41c902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1aef507c385a234e8b10db12852ad1bd66a04730451547b2dcb26f7fae16e01f/analysis/1468402677/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5853910a-36b0-4240-8fff-4d0902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:26.000Z",
|
||
|
"modified": "2016-12-16T07:00:26.000Z",
|
||
|
"description": "Malicious document - Xchecked via VT: 0b16135d008f6952df0caca104449c33d736e5fc",
|
||
|
"pattern": "[file:hashes.SHA256 = '3ce407b441b324142e9f2cd2a5aad8eab1a73f772df0155f362d9ba9f5cb1da8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5853910b-3f30-4146-bbc8-4e5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:27.000Z",
|
||
|
"modified": "2016-12-16T07:00:27.000Z",
|
||
|
"description": "Malicious document - Xchecked via VT: 0b16135d008f6952df0caca104449c33d736e5fc",
|
||
|
"pattern": "[file:hashes.MD5 = 'aaf90c9cf2a35fa1f56e0d0338173d2b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5853910b-20b8-46f6-9bb7-4c9202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:27.000Z",
|
||
|
"modified": "2016-12-16T07:00:27.000Z",
|
||
|
"first_observed": "2016-12-16T07:00:27Z",
|
||
|
"last_observed": "2016-12-16T07:00:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5853910b-20b8-46f6-9bb7-4c9202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5853910b-20b8-46f6-9bb7-4c9202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3ce407b441b324142e9f2cd2a5aad8eab1a73f772df0155f362d9ba9f5cb1da8/analysis/1481807923/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5853910b-f2e0-475a-9799-4ead02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:27.000Z",
|
||
|
"modified": "2016-12-16T07:00:27.000Z",
|
||
|
"description": "Malicious document - Xchecked via VT: 21a3862dfe21d6b216359c6baa3d3c2beb50c7a3",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b488eea412b121d77b5d27d51888485bb640f8c61da8fa3140bd734b315d6ad2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5853910b-bf10-4200-8856-4b6602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:27.000Z",
|
||
|
"modified": "2016-12-16T07:00:27.000Z",
|
||
|
"description": "Malicious document - Xchecked via VT: 21a3862dfe21d6b216359c6baa3d3c2beb50c7a3",
|
||
|
"pattern": "[file:hashes.MD5 = '50f77cd868f6804e9a3bd1b0745ba36c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-12-16T07:00:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5853910b-3d00-4dcf-a1b6-4c4202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:00:27.000Z",
|
||
|
"modified": "2016-12-16T07:00:27.000Z",
|
||
|
"first_observed": "2016-12-16T07:00:27Z",
|
||
|
"last_observed": "2016-12-16T07:00:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5853910b-3d00-4dcf-a1b6-4c4202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5853910b-3d00-4dcf-a1b6-4c4202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b488eea412b121d77b5d27d51888485bb640f8c61da8fa3140bd734b315d6ad2/analysis/1481806086/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58539167-e790-4e4c-9363-4cce02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-16T07:01:59.000Z",
|
||
|
"modified": "2016-12-16T07:01:59.000Z",
|
||
|
"first_observed": "2016-12-16T07:01:59Z",
|
||
|
"last_observed": "2016-12-16T07:01:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--58539167-e790-4e4c-9363-4cce02de0b81",
|
||
|
"artifact--58539167-e790-4e4c-9363-4cce02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--58539167-e790-4e4c-9363-4cce02de0b81",
|
||
|
"name": "Microsoft_Security_Intelligence_Report_Volume_21_English.pdf",
|
||
|
"content_ref": "artifact--58539167-e790-4e4c-9363-4cce02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--58539167-e790-4e4c-9363-4cce02de0b81",
|
||
|
"payload_bin": "JVBERi0xLjUNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFIvTGFuZyhlbi1VUykgL1N0cnVjdFRyZWVSb290IDEzMTggMCBSL091dGxpbmVzIDEyMjQgMCBSL01hcmtJbmZvPDwvTWFya2VkIHRydWU+Pi9NZXRhZGF0YSAxMTQ2MiAwIFIvVmlld2VyUHJlZmVyZW5jZXMgMTE0NjMgMCBSPj4NCmVuZG9iag0KMiAwIG9iag0KPDwvVHlwZS9QYWdlcy9Db3VudCAxODAvS2lkc1sgMyAwIFIgMTMgMCBSIDE0IDAgUiAyMyAwIFIgMzEgMCBSIDM0IDAgUiAzNSAwIFIgNDEgMCBSIDQzIDAgUiA0NCAwIFIgNDUgMCBSIDQ3IDAgUiA0OCAwIFIgNTIgMCBSIDUzIDAgUiA1NCAwIFIgNTUgMCBSIDU3IDAgUiA1OCAwIFIgNTkgMCBSIDYwIDAgUiA2MiAwIFIgNjMgMCBSIDY0IDAgUiA2NSAwIFIgNjYgMCBSIDY3IDAgUiA2OCAwIFIgNjkgMCBSIDcwIDAgUiA3MiAwIFIgNzUgMCBSIDc3IDAgUiA3OSAwIFIgODAgMCBSIDgxIDAgUiA4MiAwIFIgODMgMCBSIDg0IDAgUiA4NiAwIFIgODcgMCBSIDg4IDAgUiA5MSAwIFIgOTIgMCBSIDkzIDAgUiA5NiAwIFIgOTcgMCBSIDk4IDAgUiA5OSAwIFIgMTAwIDAgUiAxMDEgMCBSIDEwMyAwIFIgMTA0IDAgUiAxMDcgMCBSIDEwOSAwIFIgMTEwIDAgUiAxMTIgMCBSIDExNCAwIFIgMTE1IDAgUiAxMTggMCBSIDExOSAwIFIgMTIxIDAgUiAxMjIgMCBSIDEyNCAwIFIgMTI2IDAgUiAxMjcgMCBSIDEyOCAwIFIgMTMxIDAgUiAxMzIgMCBSIDEzNCAwIFIgMTM1IDAgUiAxMzcgMCBSIDEzOSAwIFIgMTQwIDAgUiAxNDIgMCBSIDE0NCAwIFIgMTQ2IDAgUiAxNDcgMCBSIDE0OCAwIFIgMTQ5IDAgUiAxNTAgMCBSIDE1MiAwIFIgMTUzIDAgUiAxNTYgMCBSIDE1NyAwIFIgMTU4IDAgUiAxNTkgMCBSIDE2MCAwIFIgMTYxIDAgUiAxNjIgMCBSIDE2MyAwIFIgMTY1IDAgUiAxNjYgMCBSIDE2NyAwIFIgMTY4IDAgUiAxNzAgMCBSIDE3MSAwIFIgMTcyIDAgUiAxNzMgMCBSIDE3NCAwIFIgMTc1IDAgUiAxNzYgMCBSIDE3OCAwIFIgMTc5IDAgUiAxODAgMCBSIDE4MSAwIFIgMTgyIDAgUiAxODQgMCBSIDE4NSAwIFIgMTg2IDAgUiAxODcgMCBSIDE4OSAwIFIgMTkwIDAgUiAxOTEgMCBSIDE5MyAwIFIgMTk0IDAgUiAxOTUgMCBSIDE5NiAwIFIgMTk3IDAgUiAxOTkgMCBSIDIwMCAwIFIgMjAyIDAgUiAyMDQgMCBSIDIwNSAwIFIgMjA2IDAgUiAyMDcgMCBSIDIwOSAwIFIgMjEwIDAgUiAyMTEgMCBSIDIxMyAwIFIgMjE0IDAgUiAyMTUgMCBSIDIxNyAwIFIgMjIwIDAgUiAyMjIgMCBSIDIyMyAwIFIgMjI0IDAgUiAyMjYgMCBSIDIyNyAwIFIgMjI5IDAgUiAyMzAgMCBSIDIzMSAwIFIgMjMyIDAgUiAyMzQgMCBSIDIzNSAwIFIgMjM3IDAgUiAyMzggMCBSIDI0MCAwIFIgMjQxIDAgUiAyNDIgMCBSIDI0NCAwIFIgMjQ1IDAgUiAyNDYgMCBSIDI0NyAwIFIgMjQ4IDAgUiAyNTAgMCBSIDI1MSAwIFIgMjUyIDAgUiAyNTMgMCBSIDI1NCAwIFIgMjU1IDAgUiAyNTYgMCBSIDI1NyAwIFIgMjU4IDAgUiAyNTkgMCBSIDI2MSAwIFIgMjYyIDAgUiAyNjMgMCBSIDI2NCAwIFIgMjY1IDAgUiAyNjYgMCBSIDI2NyAwIFIgMTIwOSAwIFIgMTIxMSAwIFIgMTIxMyAwIFIgMTIxNSAwIFIgMTIxNyAwIFIgMTIxOSAwIFIgMTIyMSAwIFIgMTIyMiAwIFJdID4+DQplbmRvYmoNCjMgMCBvYmoNCjw8L1R5cGUvUGFnZS9QYXJlbnQgMiAwIFIvUmVzb3VyY2VzPDwvWE9iamVjdDw8L0ltYWdlNSA1IDAgUi9NZXRhNyA3IDAgUj4+L0V4dEdTdGF0ZTw8L0dTNiA2IDAgUi9HUzEwIDEwIDAgUj4+L0ZvbnQ8PC9GMSA4IDAgUi9GMiAxMSAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUIvSW1hZ2VDL0ltYWdlSV0gPj4vTWVkaWFCb3hbIDAgMCA2MTIgNzkyXSAvQ29udGVudHMgNCAwIFIvR3JvdXA8PC9UeXBlL0dyb3VwL1MvVHJhbnNwYXJlbmN5L0NTL0RldmljZVJHQj4+L1RhYnMvUy9TdHJ1Y3RQYXJlbnRzIDA+Pg0KZW5kb2JqDQo0IDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDU5Nz4+DQpzdHJlYW0NCnicrZRNT9tAEIbvlvwf5mijZr2zO7Z3JYTEd4kUCUrUHhAHN2xCJGJTszkg9ceza4eS4rioJDlF4/E+zzs7CSSXsL+fjI4vToAfHMDRyTEk59cZzJ7C4FcYcOCMc45KIkKGAnItoDZh8GMPyjDwFdfSVF9bheA5TBZhkFwsiplJ4aSCqzCA09ExwBoON+H8Ce5DJNvTBBHSBrBgHLVs2JyR0CoDkq5JakZpSx8ZW+Qr+B9GY5Ec1nY+LSbWuxxaW0zuzR3cJOPq8TYZPz+a5LKYzcvCzqsyuV7+tL701RR3pl45v6nqZgJdwaOxo54hIDJOMJ6GATa2CIMsZ2kGueJMZjBe+KOkCzlrNJE3nm3pPAxuIohvYTwMg1N34tX6lPrQVx/EPKqsrRb9Sc+qyn4iqXofVLsXBYF0E1CrnEja52y/bJdufZXEmuy/96Z5rMkpujtAqL0MENdMN82oNJNp0z/d28ySO1iB1WRyrjor0H/xHRPanUmmJUvVf5k4akpAqFmqQWrl54Y5d4N8467bpm+2H77X+gog9ZdshkxA6n/ieaOKXhNbxdF8UldP1dTCtZks67l97izWZ7GE7t9G9oG7C7xVPMqJ5bpDuSiteXiYz0w5MfDNPFa13V0+oT2yh/zRFmafuFek93vYZpfC7VzH4Hv1EKfRchEPRGRiikDEA4oQYhX9hmFRLgtXrLe4764O+llQn9AWV74JlTOt+lA2Rh7d19Vydr9TqhA5y3QfdbgsY0Q37IGMvsTST5wijtlODVTGqNfgXdjXxXsBm6jGTQ0KZW5kc3RyZWFtDQplbmRvYmoNCjUgMCBvYmoNCjw8L1R5cGUvWE9iamVjdC9TdWJ0eXBlL0ltYWdlL1dpZHRoIDgxNi9IZWlnaHQgMTA1Ni9Db2xvclNwYWNlL0RldmljZVJHQi9CaXRzUGVyQ29tcG9uZW50IDgvRmlsdGVyL0RDVERlY29kZS9JbnRlcnBvbGF0ZSB0cnVlL0xlbmd0aCA3NTczODA+Pg0Kc3RyZWFtDQr/2P/gABBKRklGAAEBAQBgAGAAAP/hBYRFeGlmAABNTQAqAAAACAATAP4ABAAAAAEAAAAAAQAAAwAAAAEJNwAAAQEAAwAAAAEOEAAAAQIAAwAAAAQAAADyAQMAAwAAAAEABQAAAQYAAwAAAAEABQAAAQ8AAgAAAAYAAAD6ARAAAgAAABYAAAEAAREABAAAAIYAAAEWARUAAwAAAAEABAAAARYAAwAAAAEAGwAAARcABAAAAIYAAAMuARoABQAAAAEAAAVGARsABQAAAAEAAAVOARwAAwAAAAEAAQAAASgAAwAAAAEAAgAAATEAAgAAABEAAAVWATIAAgAAABQAAAVoAT0AAwAAAAE
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5854fe74-7f0c-4b2a-b258-4a0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-12-17T08:59:32.000Z",
|
||
|
"modified": "2016-12-17T08:59:32.000Z",
|
||
|
"first_observed": "2016-12-17T08:59:32Z",
|
||
|
"last_observed": "2016-12-17T08:59:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5854fe74-7f0c-4b2a-b258-4a0b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5854fe74-7f0c-4b2a-b258-4a0b950d210f",
|
||
|
"value": "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|