1491 lines
60 KiB
JSON
1491 lines
60 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--55c9108c-43b4-4b9e-8cfb-4837950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2017-06-22T20:20:29.000Z",
|
||
|
"modified": "2017-06-22T20:20:29.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--55c9108c-43b4-4b9e-8cfb-4837950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2017-06-22T20:20:29.000Z",
|
||
|
"modified": "2017-06-22T20:20:29.000Z",
|
||
|
"name": "OSINT Darkhotel\u00e2\u20ac\u2122s attacks in 2015 by Kaspersky",
|
||
|
"published": "2017-06-22T20:21:11Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--55c91375-73b4-4930-bd0a-40d6950d210b",
|
||
|
"url--55c91375-73b4-4930-bd0a-40d6950d210b",
|
||
|
"indicator--55c913a0-1734-42af-bb25-80e8950d210b",
|
||
|
"indicator--55c913a1-a6e8-433c-a1ef-80e8950d210b",
|
||
|
"indicator--55c913a1-1954-413d-abe6-80e8950d210b",
|
||
|
"indicator--55c913a1-8264-46d8-9e5b-80e8950d210b",
|
||
|
"indicator--55c913a1-9c28-4bcf-993a-80e8950d210b",
|
||
|
"indicator--55c913a1-4ea4-4d99-89c8-80e8950d210b",
|
||
|
"indicator--55c913a2-0f5c-43be-b081-80e8950d210b",
|
||
|
"indicator--55c913a2-7f2c-4e41-855c-80e8950d210b",
|
||
|
"indicator--55c913a2-1e40-4f4d-a5e7-80e8950d210b",
|
||
|
"indicator--55c913a2-349c-4d44-bbf1-80e8950d210b",
|
||
|
"indicator--55c913a2-a22c-4080-a9e5-80e8950d210b",
|
||
|
"indicator--55c913a3-c8c8-4200-82c1-80e8950d210b",
|
||
|
"indicator--55c913a3-0d68-4af8-9b8b-80e8950d210b",
|
||
|
"indicator--55c913a3-42ec-45e3-82e2-80e8950d210b",
|
||
|
"indicator--55c913a3-c8bc-49a1-8a8d-80e8950d210b",
|
||
|
"indicator--55c913a3-56e4-48c8-baa5-80e8950d210b",
|
||
|
"indicator--55c913a4-6db4-47c5-8c12-80e8950d210b",
|
||
|
"indicator--55c913a4-1088-4bdb-ae28-80e8950d210b",
|
||
|
"indicator--55c913a4-0d74-40b4-92a4-80e8950d210b",
|
||
|
"indicator--55c913a4-cda8-4138-b885-80e8950d210b",
|
||
|
"indicator--55c913a4-78a0-47a3-8e73-80e8950d210b",
|
||
|
"indicator--55c913a4-9cb8-4fe6-83a2-80e8950d210b",
|
||
|
"indicator--55c913a5-39bc-409d-8659-80e8950d210b",
|
||
|
"indicator--55c913a5-645c-4492-b5a1-80e8950d210b",
|
||
|
"indicator--55c913a5-20f8-420c-8699-80e8950d210b",
|
||
|
"indicator--55c913a5-f1d0-4af7-9b7f-80e8950d210b",
|
||
|
"indicator--55c913a5-58e8-4fa9-ac73-80e8950d210b",
|
||
|
"indicator--55c913a6-4bf0-4f4d-99cf-80e8950d210b",
|
||
|
"indicator--55c913a6-3f24-4bea-813b-80e8950d210b",
|
||
|
"indicator--55c913a6-d320-4bbb-93f4-80e8950d210b",
|
||
|
"indicator--55c913a6-24e0-42f6-8da7-80e8950d210b",
|
||
|
"indicator--55c913a6-34ac-4b63-998d-80e8950d210b",
|
||
|
"indicator--55c913a7-7ce0-46f1-a145-80e8950d210b",
|
||
|
"indicator--55c913a7-5e7c-45a1-8df9-80e8950d210b",
|
||
|
"indicator--55c913a7-4fd8-4d19-b7c1-80e8950d210b",
|
||
|
"indicator--55c913a7-55d8-4b84-9e93-80e8950d210b",
|
||
|
"indicator--55c913a7-8660-4c32-b7a0-80e8950d210b",
|
||
|
"indicator--55c913a7-3fe8-4cf8-a86a-80e8950d210b",
|
||
|
"indicator--55c913a8-a800-419b-b488-80e8950d210b",
|
||
|
"indicator--55c913a8-b128-4465-a2c9-80e8950d210b",
|
||
|
"indicator--55c913a8-cca8-4a36-a11f-80e8950d210b",
|
||
|
"indicator--55c913a8-1f84-4dc8-8c75-80e8950d210b",
|
||
|
"indicator--55c913a8-e548-4e4f-8c1d-80e8950d210b",
|
||
|
"indicator--55c913a9-3f60-491a-8976-80e8950d210b",
|
||
|
"indicator--55c913a9-4574-4206-94bf-80e8950d210b",
|
||
|
"indicator--55c913a9-7f48-4e22-9f68-80e8950d210b",
|
||
|
"indicator--55c913a9-619c-4130-adf3-80e8950d210b",
|
||
|
"indicator--55c913a9-ed3c-4b88-8586-80e8950d210b",
|
||
|
"x-misp-attribute--55c913d5-7290-4d28-8ddd-e8f5950d210b",
|
||
|
"indicator--56c69e42-9dd4-42c7-bd76-c654950d210f",
|
||
|
"indicator--56c69e46-f08c-43a8-9d0d-c653950d210f",
|
||
|
"indicator--56c69e48-cef4-4e4e-9296-c654950d210f",
|
||
|
"indicator--56c69e4a-26c8-4500-82ba-c650950d210f",
|
||
|
"indicator--56c69e4c-9778-4b87-af14-59a0950d210f",
|
||
|
"indicator--56c69e44-22ec-46fe-8fe9-5ca1950d210f",
|
||
|
"indicator--56c69e47-8ea4-4b1a-bdb7-4bea950d210f",
|
||
|
"indicator--56c69e49-804c-4755-9311-59a3950d210f",
|
||
|
"indicator--56c69e4b-9a70-45c1-b63b-5ca1950d210f",
|
||
|
"indicator--56c69e4d-35d4-485d-b591-599e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"misp-galaxy:threat-actor=\"darkhotel\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55c91375-73b4-4930-bd0a-40d6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:11:17.000Z",
|
||
|
"modified": "2015-08-10T21:11:17.000Z",
|
||
|
"first_observed": "2015-08-10T21:11:17Z",
|
||
|
"last_observed": "2015-08-10T21:11:17Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55c91375-73b4-4930-bd0a-40d6950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55c91375-73b4-4930-bd0a-40d6950d210b",
|
||
|
"value": "https://securelist.com/blog/research/71713/darkhotels-attacks-in-2015/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a0-1734-42af-bb25-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:00.000Z",
|
||
|
"modified": "2015-08-10T21:12:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '021685613fb739dec7303247212c3b09']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a1-a6e8-433c-a1ef-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:01.000Z",
|
||
|
"modified": "2015-08-10T21:12:01.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '1ee3dfce97ab318b416c1ba7463ee405']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a1-1954-413d-abe6-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:01.000Z",
|
||
|
"modified": "2015-08-10T21:12:01.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2899f4099c76232d6362fd62ab730741']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a1-8264-46d8-9e5b-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:01.000Z",
|
||
|
"modified": "2015-08-10T21:12:01.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2dee887b20a06b8e556e878c62e46e13']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a1-9c28-4bcf-993a-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:01.000Z",
|
||
|
"modified": "2015-08-10T21:12:01.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6b9e9b2dc97ff0b26a8a61ba95ca8ff6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a1-4ea4-4d99-89c8-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:01.000Z",
|
||
|
"modified": "2015-08-10T21:12:01.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '852a9411a949add69386a72805c8cb05']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a2-0f5c-43be-b081-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:02.000Z",
|
||
|
"modified": "2015-08-10T21:12:02.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'be59994b5008a0be48934a9c5771dfa5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a2-7f2c-4e41-855c-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:02.000Z",
|
||
|
"modified": "2015-08-10T21:12:02.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e29693ce15acd552f1a0435e2d31d6df']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a2-1e40-4f4d-a5e7-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:02.000Z",
|
||
|
"modified": "2015-08-10T21:12:02.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'fa67142728e40a2a4e97ccc6db919f2b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a2-349c-4d44-bbf1-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:02.000Z",
|
||
|
"modified": "2015-08-10T21:12:02.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'fef8fda27deb3e950ba1a71968ec7466']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a2-a22c-4080-a9e5-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:02.000Z",
|
||
|
"modified": "2015-08-10T21:12:02.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '5c74db6f755555ea99b51e1c68e796f9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a3-c8c8-4200-82c1-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:03.000Z",
|
||
|
"modified": "2015-08-10T21:12:03.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'c3ae70b3012cc9b5c9ceb060a251715a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a3-0d68-4af8-9b8b-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:03.000Z",
|
||
|
"modified": "2015-08-10T21:12:03.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '560d68c31980c26d2adab7406b61c651']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a3-42ec-45e3-82e2-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:03.000Z",
|
||
|
"modified": "2015-08-10T21:12:03.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'da0717899e3ccc1ba0e8d32774566219']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a3-c8bc-49a1-8a8d-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:03.000Z",
|
||
|
"modified": "2015-08-10T21:12:03.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd965a5b3548047da27b503029440e77f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a3-56e4-48c8-baa5-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:03.000Z",
|
||
|
"modified": "2015-08-10T21:12:03.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'dc0de14d9d36d13a6c8a34b2c583e70a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a4-6db4-47c5-8c12-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:04.000Z",
|
||
|
"modified": "2015-08-10T21:12:04.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '39562e410bc3fb5a30aca8162b20bdd0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a4-1088-4bdb-ae28-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:04.000Z",
|
||
|
"modified": "2015-08-10T21:12:04.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e85e0365b6f77cc2e9862f987b152a89']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a4-0d74-40b4-92a4-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:04.000Z",
|
||
|
"modified": "2015-08-10T21:12:04.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '5e01b8bc78afc6ecb3376c06cbceb680']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a4-cda8-4138-b885-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:04.000Z",
|
||
|
"modified": "2015-08-10T21:12:04.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '61cc019c3141281073181c4ef1f4e524']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a4-78a0-47a3-8e73-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:04.000Z",
|
||
|
"modified": "2015-08-10T21:12:04.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3d2e941ac48ae9d79380ca0f133f4a49']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a4-9cb8-4fe6-83a2-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:04.000Z",
|
||
|
"modified": "2015-08-10T21:12:04.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'fc78b15507e920b3ee405f843f48a7b3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a5-39bc-409d-8659-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:05.000Z",
|
||
|
"modified": "2015-08-10T21:12:05.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'da360e94e60267dce08e6d47fc1fcecc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a5-645c-4492-b5a1-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:05.000Z",
|
||
|
"modified": "2015-08-10T21:12:05.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '33e278c5ba6bf1a545d45e17f7582512']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a5-20f8-420c-8699-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:05.000Z",
|
||
|
"modified": "2015-08-10T21:12:05.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b1f56a54309147b07dda54623fecbb89']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a5-f1d0-4af7-9b7f-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:05.000Z",
|
||
|
"modified": "2015-08-10T21:12:05.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '009d85773d519a9a97129102d8116305']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a5-58e8-4fa9-ac73-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:05.000Z",
|
||
|
"modified": "2015-08-10T21:12:05.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '61637a0637fb25c53f396c305efa5dc5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a6-4bf0-4f4d-99cf-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:06.000Z",
|
||
|
"modified": "2015-08-10T21:12:06.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a7e78fd4bf305509c2fc1b3706567acd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a6-3f24-4bea-813b-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:06.000Z",
|
||
|
"modified": "2015-08-10T21:12:06.000Z",
|
||
|
"pattern": "[url:value = 'tisone360.com/img_h/ims2/icon.swf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a6-d320-4bbb-93f4-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:06.000Z",
|
||
|
"modified": "2015-08-10T21:12:06.000Z",
|
||
|
"pattern": "[url:value = 'tisone360.com/img_h/ims2/1.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a6-24e0-42f6-8da7-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:06.000Z",
|
||
|
"modified": "2015-08-10T21:12:06.000Z",
|
||
|
"pattern": "[url:value = 'tisone360.com/img_h/ims2/icon.jpg']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a6-34ac-4b63-998d-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:06.000Z",
|
||
|
"modified": "2015-08-10T21:12:06.000Z",
|
||
|
"pattern": "[url:value = 'tisone360.com/noname/img/movie.swf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a7-7ce0-46f1-a145-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:07.000Z",
|
||
|
"modified": "2015-08-10T21:12:07.000Z",
|
||
|
"pattern": "[url:value = 'tisone360.com/noname/minky/face.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a7-5e7c-45a1-8df9-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:07.000Z",
|
||
|
"modified": "2015-08-10T21:12:07.000Z",
|
||
|
"pattern": "[url:value = 'tisone360.com/htdoc/imageview.hta']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a7-4fd8-4d19-b7c1-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:07.000Z",
|
||
|
"modified": "2015-08-10T21:12:07.000Z",
|
||
|
"pattern": "[url:value = 'tisone360.com/htdoc/page1/page.html']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a7-55d8-4b84-9e93-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:07.000Z",
|
||
|
"modified": "2015-08-10T21:12:07.000Z",
|
||
|
"pattern": "[url:value = 'daily.enewsbank.net/wmpsrx64']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a7-8660-4c32-b7a0-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:07.000Z",
|
||
|
"modified": "2015-08-10T21:12:07.000Z",
|
||
|
"pattern": "[url:value = 'daily.enewsbank.net/newsviewer.hta']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a7-3fe8-4cf8-a86a-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:07.000Z",
|
||
|
"modified": "2015-08-10T21:12:07.000Z",
|
||
|
"pattern": "[url:value = 'saytargetworld.net/season/nextpage.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a8-a800-419b-b488-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:08.000Z",
|
||
|
"modified": "2015-08-10T21:12:08.000Z",
|
||
|
"pattern": "[url:value = 'sendspace.servermsys.com/wnctprx']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a8-b128-4465-a2c9-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:08.000Z",
|
||
|
"modified": "2015-08-10T21:12:08.000Z",
|
||
|
"pattern": "[url:value = 'error-page.net/update/load.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a8-cca8-4a36-a11f-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:08.000Z",
|
||
|
"modified": "2015-08-10T21:12:08.000Z",
|
||
|
"pattern": "[url:value = 'photo.storyonboard.net/wmpsrx64']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a8-1f84-4dc8-8c75-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:08.000Z",
|
||
|
"modified": "2015-08-10T21:12:08.000Z",
|
||
|
"pattern": "[url:value = 'photo.storyonboard.net/photoviewer.hta']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a8-e548-4e4f-8c1d-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:08.000Z",
|
||
|
"modified": "2015-08-10T21:12:08.000Z",
|
||
|
"pattern": "[url:value = 'photo.storyonboard.net/readme.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a9-3f60-491a-8976-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:09.000Z",
|
||
|
"modified": "2015-08-10T21:12:09.000Z",
|
||
|
"pattern": "[url:value = 'unionnewsreport.net/aeroflot_bonus/ticket.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a9-4574-4206-94bf-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:09.000Z",
|
||
|
"modified": "2015-08-10T21:12:09.000Z",
|
||
|
"pattern": "[url:value = 'www.openofficev.info/xopen88/office2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a9-7f48-4e22-9f68-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:09.000Z",
|
||
|
"modified": "2015-08-10T21:12:09.000Z",
|
||
|
"pattern": "[url:value = 'www.openofficev.info/dec98/unzip.js']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a9-619c-4130-adf3-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:09.000Z",
|
||
|
"modified": "2015-08-10T21:12:09.000Z",
|
||
|
"pattern": "[url:value = 'www.openofficev.info/open99/office32']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55c913a9-ed3c-4b88-8586-80e8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:09.000Z",
|
||
|
"modified": "2015-08-10T21:12:09.000Z",
|
||
|
"pattern": "[url:value = 'www.openofficev.info/decod9/unzip.js']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-10T21:12:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--55c913d5-7290-4d28-8ddd-e8f5950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-10T21:12:53.000Z",
|
||
|
"modified": "2015-08-10T21:12:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Dark Hotel"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c69e42-9dd4-42c7-bd76-c654950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-19T04:46:58.000Z",
|
||
|
"modified": "2016-02-19T04:46:58.000Z",
|
||
|
"description": "Automatically added (via dc0de14d9d36d13a6c8a34b2c583e70a)",
|
||
|
"pattern": "[file:hashes.SHA1 = '33911793dc1db6ea2f2271a3d4ef57a8f141abc1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-19T04:46:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c69e46-f08c-43a8-9d0d-c653950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-19T04:47:02.000Z",
|
||
|
"modified": "2016-02-19T04:47:02.000Z",
|
||
|
"description": "Automatically added (via fc78b15507e920b3ee405f843f48a7b3)",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a041c1ebd3851cd738ed8366feecb64ed180faa5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-19T04:47:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c69e48-cef4-4e4e-9296-c654950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-19T04:47:04.000Z",
|
||
|
"modified": "2016-02-19T04:47:04.000Z",
|
||
|
"description": "Automatically added (via da360e94e60267dce08e6d47fc1fcecc)",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cdaba7cea55bd490f9d152796db4c86d1d58d0da']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-19T04:47:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c69e4a-26c8-4500-82ba-c650950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-19T04:47:06.000Z",
|
||
|
"modified": "2016-02-19T04:47:06.000Z",
|
||
|
"description": "Automatically added (via 33e278c5ba6bf1a545d45e17f7582512)",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cfc9cf21598961be0a9598b61403e9206c24ea19']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-19T04:47:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c69e4c-9778-4b87-af14-59a0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-19T04:47:08.000Z",
|
||
|
"modified": "2016-02-19T04:47:08.000Z",
|
||
|
"description": "Automatically added (via b1f56a54309147b07dda54623fecbb89)",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c6e77cb10563d7c4dcb20d4c5a4ea16ef2f01ee8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-19T04:47:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c69e44-22ec-46fe-8fe9-5ca1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-19T04:47:00.000Z",
|
||
|
"modified": "2016-02-19T04:47:00.000Z",
|
||
|
"description": "Automatically added (via dc0de14d9d36d13a6c8a34b2c583e70a)",
|
||
|
"pattern": "[file:hashes.SHA256 = '7c3193439b8490403d3d5608bc7b85482b408c38cfcfbc4dcf4142eb32c8a7e0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-19T04:47:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c69e47-8ea4-4b1a-bdb7-4bea950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-19T04:47:03.000Z",
|
||
|
"modified": "2016-02-19T04:47:03.000Z",
|
||
|
"description": "Automatically added (via fc78b15507e920b3ee405f843f48a7b3)",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bfaa6490bee525a9ea6671e3a3e1b7041f4cbdc4f37e401587101d649d8db810']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-19T04:47:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c69e49-804c-4755-9311-59a3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-19T04:47:05.000Z",
|
||
|
"modified": "2016-02-19T04:47:05.000Z",
|
||
|
"description": "Automatically added (via da360e94e60267dce08e6d47fc1fcecc)",
|
||
|
"pattern": "[file:hashes.SHA256 = '03607dbb3b2d164ee2e1fb8a399a044fb1867e63cc6d64b7cfa06331ad1eb3cb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-19T04:47:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c69e4b-9a70-45c1-b63b-5ca1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-19T04:47:07.000Z",
|
||
|
"modified": "2016-02-19T04:47:07.000Z",
|
||
|
"description": "Automatically added (via 33e278c5ba6bf1a545d45e17f7582512)",
|
||
|
"pattern": "[file:hashes.SHA256 = 'eca1437ededc3f8692516dc907a5bd4390bcc4be0ae65b5e261a1f5dd352d3ee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-19T04:47:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c69e4d-35d4-485d-b591-599e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-19T04:47:09.000Z",
|
||
|
"modified": "2016-02-19T04:47:09.000Z",
|
||
|
"description": "Automatically added (via b1f56a54309147b07dda54623fecbb89)",
|
||
|
"pattern": "[file:hashes.SHA256 = '9d480e8dd52b18dae237e48d88a621fa209b6c2ed43cc261de6a5b30d8c56b11']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-19T04:47:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|