adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5462a024-eed8-4057-9a85-3030950d210b.json

1780 lines
72 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5462a024-eed8-4057-9a85-3030950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:25:26.000Z",
"modified": "2014-11-13T14:25:26.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5462a024-eed8-4057-9a85-3030950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:25:26.000Z",
"modified": "2014-11-13T14:25:26.000Z",
"name": "OSINT The Rotten Tomato Campaign",
"published": "2016-02-22T15:14:26Z",
"object_refs": [
"observed-data--5462a0cf-c80c-425a-b3b9-42c9950d210b",
"url--5462a0cf-c80c-425a-b3b9-42c9950d210b",
"observed-data--5462a0cf-9b84-4402-83eb-4761950d210b",
"url--5462a0cf-9b84-4402-83eb-4761950d210b",
"observed-data--5462a0cf-f9d0-4de3-8497-4d61950d210b",
"url--5462a0cf-f9d0-4de3-8497-4d61950d210b",
"x-misp-attribute--5462a0de-b6f0-4ac9-b880-4459950d210b",
"x-misp-attribute--5462a0ea-4114-461d-b355-baa5950d210b",
"vulnerability--5462a116-c38c-4e6b-8025-56b7950d210b",
"vulnerability--5462a116-dbdc-46e5-bc97-56b7950d210b",
"indicator--5462a161-2a34-480a-8cf3-bf0d950d210b",
"indicator--5462a185-34e4-4a8a-a64d-5857950d210b",
"indicator--5462a19f-1db0-42cd-80bf-4910950d210b",
"indicator--5462a1d7-cc38-44a3-8ef9-56b7950d210b",
"indicator--5462a1d7-aac8-4538-998f-56b7950d210b",
"indicator--54631564-22b8-41f8-a5c6-4878950d210b",
"indicator--54631564-4c00-4d20-bb35-49f6950d210b",
"indicator--54631564-8c3c-49f2-a715-4b42950d210b",
"indicator--54631564-5bac-472a-b63d-421c950d210b",
"indicator--54631564-6378-46bb-9c4d-4f1a950d210b",
"indicator--54631564-5e10-418b-a037-4e06950d210b",
"indicator--54631564-9ddc-443d-addd-40df950d210b",
"indicator--54631565-0f2c-495b-9391-48c1950d210b",
"indicator--54631565-5968-4198-837a-46c8950d210b",
"indicator--54631565-7d44-4f3c-9d04-4315950d210b",
"indicator--54631565-be38-4a2f-adef-49bf950d210b",
"indicator--54631565-ef80-41b4-adbc-452c950d210b",
"indicator--54631565-a510-4dd3-960d-4799950d210b",
"indicator--54631565-72a4-4205-90d3-4747950d210b",
"indicator--54631565-9d20-4a19-95be-4865950d210b",
"indicator--54631565-65ec-4c5f-b9d9-4a5c950d210b",
"indicator--54631565-65e8-4539-a075-4649950d210b",
"observed-data--5463168b-5518-4ecc-a527-4f03950d210b",
"file--5463168b-5518-4ecc-a527-4f03950d210b",
"indicator--546318d7-4808-413e-b122-baa5950d210b",
"indicator--546318d7-b56c-40a6-ab4e-baa5950d210b",
"indicator--546318d7-6c0c-43df-af55-baa5950d210b",
"indicator--546318d7-8018-41b7-bc55-baa5950d210b",
"indicator--546318d7-d7c4-48ff-b49f-baa5950d210b",
"indicator--546318d7-af34-4176-8d7c-baa5950d210b",
"indicator--546318d7-765c-4690-8086-baa5950d210b",
"indicator--546318d7-ae08-467a-9e40-baa5950d210b",
"indicator--546318d7-56e0-414a-b3b5-baa5950d210b",
"indicator--546318d7-378c-435c-aa3f-baa5950d210b",
"indicator--546318d7-72b4-4295-807a-baa5950d210b",
"indicator--546318d7-5d2c-43d5-b5ba-baa5950d210b",
"indicator--546318d7-7044-4ed6-a037-baa5950d210b",
"indicator--546318d8-a1f4-47a3-adc7-baa5950d210b",
"indicator--546318d8-2030-4aea-8184-baa5950d210b",
"indicator--546318d8-3e14-476c-892f-baa5950d210b",
"indicator--546318d8-727c-464f-a9ed-baa5950d210b",
"indicator--5464bb6e-0058-43dd-b5dc-5d0f950d210b",
"indicator--5464bb6e-4d04-487d-aa4f-5d0f950d210b",
"indicator--5464bb6e-ce84-43ea-b047-5d0f950d210b",
"indicator--5464bb6e-14e4-4f87-b644-5d0f950d210b",
"indicator--5464bb6e-d914-4ed8-be54-5d0f950d210b",
"indicator--5464bb6e-e144-42d9-b5f0-5d0f950d210b",
"indicator--5464bb6e-6eb0-4681-9a3d-5d0f950d210b",
"indicator--5464bb6e-a3a8-42a7-a54d-5d0f950d210b",
"indicator--5464bb6f-cda8-4e5a-88c2-5d0f950d210b",
"indicator--5464bb6f-1e1c-488b-9251-5d0f950d210b",
"indicator--5464bb6f-1dc8-470a-8135-5d0f950d210b",
"indicator--5464bb6f-2db8-4a65-96b0-5d0f950d210b",
"indicator--5464bb6f-fc2c-4d68-8cf1-5d0f950d210b",
"indicator--5464bb6f-b204-47b7-baad-5d0f950d210b",
"indicator--5464bb6f-1af0-4cd6-8381-5d0f950d210b",
"indicator--5464bb6f-4e34-41c7-9cad-5d0f950d210b",
"indicator--5464bc4f-1ea4-489c-b8c8-637d950d210b",
"indicator--5464bc4f-18b0-4436-affb-637d950d210b",
"indicator--5464bc4f-0b04-42a6-b085-637d950d210b",
"indicator--5464bc4f-a100-4f1c-9fce-637d950d210b",
"indicator--5464bc4f-fc78-423f-9276-637d950d210b",
"x-misp-attribute--5464bf56-9edc-45db-8bf7-51e4950d210b",
"x-misp-attribute--5464bf56-330c-4ec0-b962-51e4950d210b",
"x-misp-attribute--5464bf56-74fc-4eef-a489-51e4950d210b",
"x-misp-attribute--5464bf57-385c-4932-ac40-51e4950d210b",
"indicator--56c64519-01b4-4d37-bc35-599d950d210f",
"indicator--56c6451b-57dc-4903-825e-5ca1950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5462a0cf-c80c-425a-b3b9-42c9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:50:39.000Z",
"modified": "2014-11-11T23:50:39.000Z",
"first_observed": "2014-11-11T23:50:39Z",
"last_observed": "2014-11-11T23:50:39Z",
"number_observed": 1,
"object_refs": [
"url--5462a0cf-c80c-425a-b3b9-42c9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5462a0cf-c80c-425a-b3b9-42c9950d210b",
"value": "http://blogs.sophos.com/2014/10/30/the-rotten-tomato-campaign-new-sophoslabs-research-on-apts/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5462a0cf-9b84-4402-83eb-4761950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:50:39.000Z",
"modified": "2014-11-11T23:50:39.000Z",
"first_observed": "2014-11-11T23:50:39Z",
"last_observed": "2014-11-11T23:50:39Z",
"number_observed": 1,
"object_refs": [
"url--5462a0cf-9b84-4402-83eb-4761950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5462a0cf-9b84-4402-83eb-4761950d210b",
"value": "http://blogs.sophos.com/tag/rotten-tomato/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5462a0cf-f9d0-4de3-8497-4d61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:50:39.000Z",
"modified": "2014-11-11T23:50:39.000Z",
"first_observed": "2014-11-11T23:50:39Z",
"last_observed": "2014-11-11T23:50:39Z",
"number_observed": 1,
"object_refs": [
"url--5462a0cf-f9d0-4de3-8497-4d61950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5462a0cf-f9d0-4de3-8497-4d61950d210b",
"value": "http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-rotten-tomato-campaign.pdf"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5462a0de-b6f0-4ac9-b880-4459950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:50:54.000Z",
"modified": "2014-11-11T23:50:54.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5462a0ea-4114-461d-b355-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:51:06.000Z",
"modified": "2014-11-11T23:51:06.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Rotten Tomato"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--5462a116-c38c-4e6b-8025-56b7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:51:50.000Z",
"modified": "2014-11-11T23:51:50.000Z",
"name": "CVE-2012-0158",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2012-0158"
}
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--5462a116-dbdc-46e5-bc97-56b7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:51:50.000Z",
"modified": "2014-11-11T23:51:50.000Z",
"name": "CVE-2014-1761",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2014-1761"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5462a161-2a34-480a-8cf3-bf0d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:53:05.000Z",
"modified": "2014-11-11T23:53:05.000Z",
"pattern": "[file:hashes.SHA1 = '13effaca957cc362bdcbfdd05b5763205b53d9ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-11T23:53:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5462a185-34e4-4a8a-a64d-5857950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:54:26.000Z",
"modified": "2014-11-11T23:54:26.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\DRM\\\\AShld\\\\BlackBox.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-11T23:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5462a19f-1db0-42cd-80bf-4910950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:54:07.000Z",
"modified": "2014-11-11T23:54:07.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\DRM\\\\AShld\\\\BlackBox.BOX']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-11T23:54:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5462a1d7-cc38-44a3-8ef9-56b7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:55:03.000Z",
"modified": "2014-11-11T23:55:03.000Z",
"pattern": "[domain-name:value = 'chromeupdate.authorizeddns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-11T23:55:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5462a1d7-aac8-4538-998f-56b7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-11T23:55:03.000Z",
"modified": "2014-11-11T23:55:03.000Z",
"pattern": "[domain-name:value = 'googlesupport.proxydns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-11T23:55:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631564-22b8-41f8-a5c6-4878950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:04.000Z",
"modified": "2014-11-12T08:08:04.000Z",
"pattern": "[file:hashes.SHA1 = 'e2474cc0da5a79af876771217eb81974e73c39e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631564-4c00-4d20-bb35-49f6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:04.000Z",
"modified": "2014-11-12T08:08:04.000Z",
"pattern": "[file:hashes.SHA1 = '21b3e540746816c85e5270a1b8bb58bf713ff5f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631564-8c3c-49f2-a715-4b42950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:04.000Z",
"modified": "2014-11-12T08:08:04.000Z",
"pattern": "[file:hashes.SHA1 = '80f965432ce872fc3592d9f907d5a4f66ab07f9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631564-5bac-472a-b63d-421c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:04.000Z",
"modified": "2014-11-12T08:08:04.000Z",
"pattern": "[file:hashes.SHA1 = '176273806e6fe338123ff660e70145935bac77c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631564-6378-46bb-9c4d-4f1a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:04.000Z",
"modified": "2014-11-12T08:08:04.000Z",
"pattern": "[file:hashes.SHA1 = '4ad76ce333b38c5bdd558e3d76640fa322e3cca6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631564-5e10-418b-a037-4e06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:04.000Z",
"modified": "2014-11-12T08:08:04.000Z",
"pattern": "[file:hashes.SHA1 = '0dfd883c1f205f0740d50688683f1869bcc0e9d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631564-9ddc-443d-addd-40df950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:04.000Z",
"modified": "2014-11-12T08:08:04.000Z",
"pattern": "[file:hashes.SHA1 = '9bc128f120996677d3c4f7c1d7506315b232e49e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631565-0f2c-495b-9391-48c1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:05.000Z",
"modified": "2014-11-12T08:08:05.000Z",
"pattern": "[file:hashes.SHA1 = '712df1f1f11f63e2154eb9023d584be62ef100b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631565-5968-4198-837a-46c8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:05.000Z",
"modified": "2014-11-12T08:08:05.000Z",
"pattern": "[file:hashes.SHA1 = '960ac7329a6e80682959d6da0469921f8167e79a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631565-7d44-4f3c-9d04-4315950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:05.000Z",
"modified": "2014-11-12T08:08:05.000Z",
"pattern": "[file:hashes.SHA1 = 'bb185efd35f7b4892a32e7853e044e94502a36af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631565-be38-4a2f-adef-49bf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:05.000Z",
"modified": "2014-11-12T08:08:05.000Z",
"pattern": "[file:hashes.SHA1 = 'a44308788bbd189e532745a79d126feaf708c3cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631565-ef80-41b4-adbc-452c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:05.000Z",
"modified": "2014-11-12T08:08:05.000Z",
"pattern": "[file:hashes.SHA1 = 'd05e586251b3a965b9c9af76568eff912e16432f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631565-a510-4dd3-960d-4799950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:05.000Z",
"modified": "2014-11-12T08:08:05.000Z",
"pattern": "[file:hashes.SHA1 = 'fa616b8e2f91810a8d036ba0adca6df50da2ad22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631565-72a4-4205-90d3-4747950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:05.000Z",
"modified": "2014-11-12T08:08:05.000Z",
"pattern": "[file:hashes.SHA1 = '6f845ef154a0b456afcf8b562a0387dabf4f5f85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631565-9d20-4a19-95be-4865950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:05.000Z",
"modified": "2014-11-12T08:08:05.000Z",
"pattern": "[file:hashes.SHA1 = 'a97827aef54e7969b9cbbec64d9ee81a835f2240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631565-65ec-4c5f-b9d9-4a5c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:05.000Z",
"modified": "2014-11-12T08:08:05.000Z",
"pattern": "[file:hashes.SHA1 = 'e8a29bb90422fa6116563073725fa54169998325']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54631565-65e8-4539-a075-4649950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:08:05.000Z",
"modified": "2014-11-12T08:08:05.000Z",
"pattern": "[file:hashes.SHA1 = '19e9dfabdb9b10a90b62c12f205ff0d1eeef3f14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5463168b-5518-4ecc-a527-4f03950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:12:59.000Z",
"modified": "2014-11-12T08:12:59.000Z",
"first_observed": "2014-11-12T08:12:59Z",
"last_observed": "2014-11-12T08:12:59Z",
"number_observed": 1,
"object_refs": [
"file--5463168b-5518-4ecc-a527-4f03950d210b"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5463168b-5518-4ecc-a527-4f03950d210b",
"name": "%ALLUSERSPROFILE%\\DRM\\AShld\\drmupgds.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-4808-413e-b122-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'www.notebookhk.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-b56c-40a6-ab4e-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'dwm.dnsedc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-6c0c-43df-af55-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'futuresgolda.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-8018-41b7-bc55-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'adobeflashupdate.dynu.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-d7c4-48ff-b49f-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'systemupdate5.dtdns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-af34-4176-8d7c-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'indiasceus.jetos.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-765c-4690-8086-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'indiasceus.justdied.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-ae08-467a-9e40-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'transactiona.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-56e0-414a-b3b5-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'buglaa.sportnewsa.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-378c-435c-aa3f-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'unisers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-72b4-4295-807a-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'www.starorder.ezua.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-5d2c-43d5-b5ba-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'pop3.sec-homeland.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d7-7044-4ed6-a037-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:47.000Z",
"modified": "2014-11-12T08:22:47.000Z",
"pattern": "[domain-name:value = 'sec-homeland.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d8-a1f4-47a3-adc7-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:48.000Z",
"modified": "2014-11-12T08:22:48.000Z",
"pattern": "[domain-name:value = 'supercat.strangled.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d8-2030-4aea-8184-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:48.000Z",
"modified": "2014-11-12T08:22:48.000Z",
"pattern": "[domain-name:value = 'nusteachers.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d8-3e14-476c-892f-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:48.000Z",
"modified": "2014-11-12T08:22:48.000Z",
"pattern": "[domain-name:value = 'ruchi.mysq1.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546318d8-727c-464f-a9ed-baa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-12T08:22:48.000Z",
"modified": "2014-11-12T08:22:48.000Z",
"pattern": "[domain-name:value = 'www.freetimes.dns05.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-12T08:22:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6e-0058-43dd-b5dc-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:46.000Z",
"modified": "2014-11-13T14:08:46.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\DRM\\\\usta\\\\ushata.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6e-4d04-487d-aa4f-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:46.000Z",
"modified": "2014-11-13T14:08:46.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\DRM\\\\usta\\\\ushata.dll.avp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6e-ce84-43ea-b047-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:46.000Z",
"modified": "2014-11-13T14:08:46.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\DRM\\\\AShld\\\\AShldRes.DLL']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6e-14e4-4f87-b644-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:46.000Z",
"modified": "2014-11-13T14:08:46.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\DRM\\\\AShld\\\\AShldRes.DLL.asr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6e-d914-4ed8-be54-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:46.000Z",
"modified": "2014-11-13T14:08:46.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\DRM\\\\KavSky\\\\msi.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6e-e144-42d9-b5f0-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:46.000Z",
"modified": "2014-11-13T14:08:46.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\DRM\\\\KavSky\\\\msi.dll.eng']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6e-6eb0-4681-9a3d-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:46.000Z",
"modified": "2014-11-13T14:08:46.000Z",
"pattern": "[file:name = '\\\\%WINDOWS\\\\%\\\\AppPatch\\\\AcProtect.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6e-a3a8-42a7-a54d-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:46.000Z",
"modified": "2014-11-13T14:08:46.000Z",
"pattern": "[file:name = '\\\\%WINDOWS\\\\%\\\\AppPatch\\\\msimain.mui']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6f-cda8-4e5a-88c2-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:47.000Z",
"modified": "2014-11-13T14:08:47.000Z",
"pattern": "[file:name = '\\\\%WINDOWS\\\\%\\\\AppPatch\\\\Custom\\\\{099BF1AE-6A93-493D-0C48-2453E7FBC801}.sdband']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6f-1e1c-488b-9251-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:47.000Z",
"modified": "2014-11-13T14:08:47.000Z",
"pattern": "[file:name = '\\\\%PROFILE\\\\%\\\\Local Settings\\\\Temp\\\\3.tmp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6f-1dc8-470a-8135-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:47.000Z",
"modified": "2014-11-13T14:08:47.000Z",
"pattern": "[file:name = '\\\\%PROFILE\\\\%\\\\Local Settings\\\\Temp\\\\msvcpdl100.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6f-2db8-4a65-96b0-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:47.000Z",
"modified": "2014-11-13T14:08:47.000Z",
"pattern": "[file:name = 'C:\\\\MsBuild\\\\Microsoft\\\\Windows\\\\System32\\\\svchost.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6f-fc2c-4d68-8cf1-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:47.000Z",
"modified": "2014-11-13T14:08:47.000Z",
"pattern": "[file:name = '\\\\%PROFILE\\\\%\\\\Application Data\\\\winlog.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6f-b204-47b7-baad-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:47.000Z",
"modified": "2014-11-13T14:08:47.000Z",
"pattern": "[file:name = '\\\\%PROFILE\\\\%\\\\Application Data\\\\winlog.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6f-1af0-4cd6-8381-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:47.000Z",
"modified": "2014-11-13T14:08:47.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\RasTls\\\\RasTls.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bb6f-4e34-41c7-9cad-5d0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:08:47.000Z",
"modified": "2014-11-13T14:08:47.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\RasTls\\\\RasTls.dll.msc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bc4f-1ea4-489c-b8c8-637d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:12:31.000Z",
"modified": "2014-11-13T14:12:31.000Z",
"pattern": "[file:hashes.SHA1 = 'c3a7cb43ec13299b758cb8ca25eace71329939f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:12:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bc4f-18b0-4436-affb-637d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:12:31.000Z",
"modified": "2014-11-13T14:12:31.000Z",
"pattern": "[file:hashes.SHA1 = '51346d70ea97a7aaef80f98c4891526443b2696c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:12:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bc4f-0b04-42a6-b085-637d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:12:31.000Z",
"modified": "2014-11-13T14:12:31.000Z",
"pattern": "[file:hashes.SHA1 = '994be9c340f57ba8cbb20b7ceedad49b00294f3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:12:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bc4f-a100-4f1c-9fce-637d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:12:31.000Z",
"modified": "2014-11-13T14:12:31.000Z",
"pattern": "[file:hashes.SHA1 = '2196770391bdbdd15bce5895427ec99b1bef0868']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:12:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464bc4f-fc78-423f-9276-637d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:12:31.000Z",
"modified": "2014-11-13T14:12:31.000Z",
"pattern": "[file:hashes.SHA1 = '511f2055a56c0f458b1b14cc207730d0fe639df4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:12:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5464bf56-9edc-45db-8bf7-51e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:25:26.000Z",
"modified": "2014-11-13T14:25:26.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Registrant",
"x_misp_type": "text",
"x_misp_value": "yuminga1@126.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5464bf56-330c-4ec0-b962-51e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:25:26.000Z",
"modified": "2014-11-13T14:25:26.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Registrant",
"x_misp_type": "text",
"x_misp_value": "bitumberls@163.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5464bf56-74fc-4eef-a489-51e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:25:26.000Z",
"modified": "2014-11-13T14:25:26.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Registrant",
"x_misp_type": "text",
"x_misp_value": "joiupnhs@163.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5464bf57-385c-4932-ac40-51e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:25:26.000Z",
"modified": "2014-11-13T14:25:26.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Registrant",
"x_misp_type": "text",
"x_misp_value": "stanlee@gmail.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c64519-01b4-4d37-bc35-599d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:26:33.000Z",
"modified": "2016-02-18T22:26:33.000Z",
"description": "Automatically added (via 511f2055a56c0f458b1b14cc207730d0fe639df4)",
"pattern": "[file:hashes.MD5 = '5c986d32add37bc11bd8f89c3d38df9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6451b-57dc-4903-825e-5ca1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T22:26:35.000Z",
"modified": "2016-02-18T22:26:35.000Z",
"description": "Automatically added (via 511f2055a56c0f458b1b14cc207730d0fe639df4)",
"pattern": "[file:hashes.SHA256 = '25339bfd0befe9f493a6b120755e5e87b47df4aeaf4ba9f1157ff1215f37db97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T22:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}
Reference in a new issue Copy permalink