626 lines
26 KiB
JSON
626 lines
26 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--54504af8-1394-43b4-a97d-a3ab950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:06:02.000Z",
|
||
|
"modified": "2014-10-29T02:06:02.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--54504af8-1394-43b4-a97d-a3ab950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:06:02.000Z",
|
||
|
"modified": "2014-10-29T02:06:02.000Z",
|
||
|
"name": "OSINT Emerging Threat Alert - CVE-2014-4114 blog post by Cylance",
|
||
|
"published": "2016-02-22T15:13:59Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--54504b04-e970-44ad-b24e-4f19950d210b",
|
||
|
"url--54504b04-e970-44ad-b24e-4f19950d210b",
|
||
|
"x-misp-attribute--54504b1b-3090-4da4-8591-8f41950d210b",
|
||
|
"vulnerability--54504b2d-fd18-4ef1-b8ec-48e5950d210b",
|
||
|
"x-misp-attribute--54504b3d-bc0c-4fc9-be95-4c03950d210b",
|
||
|
"x-misp-attribute--54504b3d-e584-4315-be7e-4548950d210b",
|
||
|
"indicator--54504b6e-c1d0-4535-8d41-4f2c950d210b",
|
||
|
"indicator--54504b6e-8348-41c3-bfd7-4d12950d210b",
|
||
|
"indicator--54504b6e-ce68-4385-a0dc-48d7950d210b",
|
||
|
"indicator--54504b6e-5264-448a-96b5-4abb950d210b",
|
||
|
"indicator--54504b6e-ce80-4ab5-bd72-40fe950d210b",
|
||
|
"indicator--54504b6e-626c-4b5e-880a-4607950d210b",
|
||
|
"indicator--54504b6e-22a8-46d9-a8c5-4c6b950d210b",
|
||
|
"indicator--54504b8a-b2b8-406d-8af6-4182950d210b",
|
||
|
"indicator--54504b8a-1d08-431c-a9ca-4804950d210b",
|
||
|
"indicator--54504b8a-f9f4-4412-b084-42a6950d210b",
|
||
|
"indicator--54504b8a-6e18-4418-9de8-4af9950d210b",
|
||
|
"indicator--54504b8a-2074-4899-8d09-43da950d210b",
|
||
|
"indicator--54504b8a-6eac-48d3-905a-47fe950d210b",
|
||
|
"indicator--54504b8a-1ac8-4590-9502-460f950d210b",
|
||
|
"indicator--56c63fda-e898-44bd-8a4a-5f51950d210f",
|
||
|
"indicator--56c63fdd-25fc-4b4a-b743-c654950d210f",
|
||
|
"indicator--56c63fdf-b504-48df-a63b-599d950d210f",
|
||
|
"indicator--56c63fdb-d94c-41d5-8a89-599c950d210f",
|
||
|
"indicator--56c63fde-4b54-4d53-9e96-c650950d210f",
|
||
|
"indicator--56c63fe0-cbac-4e9d-8d3e-4b3d950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--54504b04-e970-44ad-b24e-4f19950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:03:48.000Z",
|
||
|
"modified": "2014-10-29T02:03:48.000Z",
|
||
|
"first_observed": "2014-10-29T02:03:48Z",
|
||
|
"last_observed": "2014-10-29T02:03:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--54504b04-e970-44ad-b24e-4f19950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--54504b04-e970-44ad-b24e-4f19950d210b",
|
||
|
"value": "http://blog.cylance.com/emerging-threat-alert-cve-2014-4114"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54504b1b-3090-4da4-8591-8f41950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:04:11.000Z",
|
||
|
"modified": "2014-10-29T02:04:11.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "Data encoded by David Andr\u00c3\u00a9"
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--54504b2d-fd18-4ef1-b8ec-48e5950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:04:29.000Z",
|
||
|
"modified": "2014-10-29T02:04:29.000Z",
|
||
|
"name": "CVE-2014-4114",
|
||
|
"labels": [
|
||
|
"misp:type=\"vulnerability\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2014-4114"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54504b3d-bc0c-4fc9-be95-4c03950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:04:45.000Z",
|
||
|
"modified": "2014-10-29T02:04:45.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Sandworm"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54504b3d-e584-4315-be7e-4548950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:04:45.000Z",
|
||
|
"modified": "2014-10-29T02:04:45.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Black energy"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b6e-c1d0-4535-8d41-4f2c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:05:34.000Z",
|
||
|
"modified": "2014-10-29T02:05:34.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '70b8d220469c8071029795d32ea91829f683e3fbbaa8b978a31a0974daee8aaf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:05:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b6e-8348-41c3-bfd7-4d12950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:05:34.000Z",
|
||
|
"modified": "2014-10-29T02:05:34.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '4b2b9c147ed28b8f908f96f0c0db8bf8a0da0ac47864bbe0b31c976a4229a2ea']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:05:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b6e-ce68-4385-a0dc-48d7950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:05:34.000Z",
|
||
|
"modified": "2014-10-29T02:05:34.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '30175747dda628bc4ad8353d8e71f17e44ec8dde36c81891ff539dcec5693420']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:05:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b6e-5264-448a-96b5-4abb950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:05:34.000Z",
|
||
|
"modified": "2014-10-29T02:05:34.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '2baba003ef1858b22c1968a2699269cb12d1c3ec117c4951d9775466eb4c7f76']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:05:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b6e-ce80-4ab5-bd72-40fe950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:05:34.000Z",
|
||
|
"modified": "2014-10-29T02:05:34.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '65a8bf996bfc23405be764266d7409a65fa936d19cee52b61ef83e29dcdd6230']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:05:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b6e-626c-4b5e-880a-4607950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:05:34.000Z",
|
||
|
"modified": "2014-10-29T02:05:34.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bd2176b239d240232cdced2da9fc930e627a27190e7216142db93f6538b21006']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:05:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b6e-22a8-46d9-a8c5-4c6b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:05:34.000Z",
|
||
|
"modified": "2014-10-29T02:05:34.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '6732379efe230b522185cde9c186bc2640a5dfc7e154a6037ee3bbe067d6e705']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:05:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b8a-b2b8-406d-8af6-4182950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:06:02.000Z",
|
||
|
"modified": "2014-10-29T02:06:02.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f6a4c241b38226a8ba5cc7a954faef6d7dc0c308534722860d38f7b7aaadad75']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:06:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b8a-1d08-431c-a9ca-4804950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:06:02.000Z",
|
||
|
"modified": "2014-10-29T02:06:02.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '2731d7cfcde172e6dde879f9c26bddaa0d2b1beba9a27680fbd2fa37f9bf12b7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:06:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b8a-f9f4-4412-b084-42a6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:06:02.000Z",
|
||
|
"modified": "2014-10-29T02:06:02.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ea72c79d15fb1b7765d40733a251f8e3b8aeb278cd2bbf429d64921155214b36']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:06:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b8a-6e18-4418-9de8-4af9950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:06:02.000Z",
|
||
|
"modified": "2014-10-29T02:06:02.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '980d577d3448477dbfe65316b42f2b970c3972e5b01be9abe7abba3568aa1de7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:06:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b8a-2074-4899-8d09-43da950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:06:02.000Z",
|
||
|
"modified": "2014-10-29T02:06:02.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '0fda6c118fb7dc946440cb9225e32ab1825d87d4f088bb75a6eab7cef35433bc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:06:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b8a-6eac-48d3-905a-47fe950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:06:02.000Z",
|
||
|
"modified": "2014-10-29T02:06:02.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '0f63c8f8f080aff491ffb5bb4fcbb23a4719f86df9435e06af42f835b31dc79b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:06:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54504b8a-1ac8-4590-9502-460f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2014-10-29T02:06:02.000Z",
|
||
|
"modified": "2014-10-29T02:06:02.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '2e73379dab7819b3c8a1956ea1e7cb647763e96daf65024e05314bda8044df0b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2014-10-29T02:06:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c63fda-e898-44bd-8a4a-5f51950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:04:10.000Z",
|
||
|
"modified": "2016-02-18T22:04:10.000Z",
|
||
|
"description": "Automatically added (via f6a4c241b38226a8ba5cc7a954faef6d7dc0c308534722860d38f7b7aaadad75)",
|
||
|
"pattern": "[file:hashes.MD5 = '48937e732d0d11e99c68895ac8578374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:04:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c63fdd-25fc-4b4a-b743-c654950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:04:13.000Z",
|
||
|
"modified": "2016-02-18T22:04:13.000Z",
|
||
|
"description": "Automatically added (via 2e73379dab7819b3c8a1956ea1e7cb647763e96daf65024e05314bda8044df0b)",
|
||
|
"pattern": "[file:hashes.MD5 = '37ca2ecb5e1fc89f73c6adc188ff685d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:04:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c63fdf-b504-48df-a63b-599d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:04:15.000Z",
|
||
|
"modified": "2016-02-18T22:04:15.000Z",
|
||
|
"description": "Automatically added (via 0f63c8f8f080aff491ffb5bb4fcbb23a4719f86df9435e06af42f835b31dc79b)",
|
||
|
"pattern": "[file:hashes.MD5 = 'b0dc4c3402e7999d733fa2b668371ade']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:04:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c63fdb-d94c-41d5-8a89-599c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:04:11.000Z",
|
||
|
"modified": "2016-02-18T22:04:11.000Z",
|
||
|
"description": "Automatically added (via f6a4c241b38226a8ba5cc7a954faef6d7dc0c308534722860d38f7b7aaadad75)",
|
||
|
"pattern": "[file:hashes.SHA1 = '118206d910f0036357b04c154da8966bcccd31b4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:04:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c63fde-4b54-4d53-9e96-c650950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:04:14.000Z",
|
||
|
"modified": "2016-02-18T22:04:14.000Z",
|
||
|
"description": "Automatically added (via 2e73379dab7819b3c8a1956ea1e7cb647763e96daf65024e05314bda8044df0b)",
|
||
|
"pattern": "[file:hashes.SHA1 = '858c589842029616d75db616f2097ee98414bfbc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:04:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c63fe0-cbac-4e9d-8d3e-4b3d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T22:04:16.000Z",
|
||
|
"modified": "2016-02-18T22:04:16.000Z",
|
||
|
"description": "Automatically added (via 0f63c8f8f080aff491ffb5bb4fcbb23a4719f86df9435e06af42f835b31dc79b)",
|
||
|
"pattern": "[file:hashes.SHA1 = '2ff3b1e5a310983f7dd81daad89e9f1ba262a0e9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T22:04:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:GREEN",
|
||
|
"definition": {
|
||
|
"tlp": "green"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|