1349 lines
56 KiB
JSON
1349 lines
56 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--55db9387-6a70-4fdd-8fee-6e76950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2017-06-22T20:18:30.000Z",
|
||
|
"modified": "2017-06-22T20:18:30.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--55db9387-6a70-4fdd-8fee-6e76950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2017-06-22T20:18:30.000Z",
|
||
|
"modified": "2017-06-22T20:18:30.000Z",
|
||
|
"name": "OSINT New activity of the Blue Termite APT by AlienVault",
|
||
|
"published": "2017-06-22T20:18:58Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--55db939f-46d4-4867-9d87-6070950d210b",
|
||
|
"url--55db939f-46d4-4867-9d87-6070950d210b",
|
||
|
"x-misp-attribute--55db93a9-df84-40b7-89e1-4c28950d210b",
|
||
|
"vulnerability--55dc1201-38e4-424b-b789-44a1950d210b",
|
||
|
"indicator--55dc1213-5904-442e-9cba-449a950d210b",
|
||
|
"indicator--55dc1213-463c-4c3d-96a1-4119950d210b",
|
||
|
"indicator--55dc1213-0e34-4583-ad80-47c6950d210b",
|
||
|
"indicator--55dc1214-c82c-4aef-afe6-445f950d210b",
|
||
|
"indicator--55dc1214-6018-4397-8532-4edd950d210b",
|
||
|
"indicator--55dc1214-67b0-48ab-8eda-4aa6950d210b",
|
||
|
"indicator--55dc1214-b0cc-44ec-bf92-48ae950d210b",
|
||
|
"indicator--55dc1214-6ba8-478a-96b6-432b950d210b",
|
||
|
"indicator--55dc1215-5360-40c9-8525-47a6950d210b",
|
||
|
"indicator--55dc1215-ebe4-4e89-9dd3-4c54950d210b",
|
||
|
"indicator--55dc1215-82c0-4ed3-93d5-401c950d210b",
|
||
|
"indicator--55dc1215-51dc-4c23-bd6e-4cb7950d210b",
|
||
|
"indicator--55dc1215-1d90-4dec-b586-4093950d210b",
|
||
|
"indicator--55dc1216-0044-43e7-84e4-4d1e950d210b",
|
||
|
"indicator--55dc1216-f97c-481a-ac7a-41b1950d210b",
|
||
|
"indicator--55dc1216-32a0-403b-88c9-4635950d210b",
|
||
|
"indicator--55dc1216-cad4-49e4-b6f0-4fe1950d210b",
|
||
|
"indicator--55dc1216-bd24-4e15-b0d9-40c2950d210b",
|
||
|
"indicator--55dc1216-b3e0-49c8-85dd-4a7d950d210b",
|
||
|
"indicator--55dc1217-4ed0-40c0-ac32-43db950d210b",
|
||
|
"indicator--55dc1963-4b34-418d-810c-4593950d210b",
|
||
|
"indicator--55dc1964-e2e0-40b6-ae55-4c42950d210b",
|
||
|
"observed-data--55dc1964-98c0-4a77-a6f5-40ed950d210b",
|
||
|
"url--55dc1964-98c0-4a77-a6f5-40ed950d210b",
|
||
|
"indicator--55dc1964-58c8-4161-99cb-4c74950d210b",
|
||
|
"indicator--55dc1964-f858-4bf8-aad7-4667950d210b",
|
||
|
"observed-data--55dc1964-2ac0-4644-8fde-49ab950d210b",
|
||
|
"url--55dc1964-2ac0-4644-8fde-49ab950d210b",
|
||
|
"indicator--55dc1965-5a00-4e1e-9400-41e7950d210b",
|
||
|
"indicator--55dc1965-9a94-4135-ad58-4e79950d210b",
|
||
|
"observed-data--55dc1965-77a8-44c5-be6c-4b02950d210b",
|
||
|
"url--55dc1965-77a8-44c5-be6c-4b02950d210b",
|
||
|
"indicator--55dc1965-e704-4cf0-89c1-40c4950d210b",
|
||
|
"indicator--55dc1965-1fb4-4bac-9e22-40c8950d210b",
|
||
|
"observed-data--55dc1966-d0d0-4eb4-b38f-458c950d210b",
|
||
|
"url--55dc1966-d0d0-4eb4-b38f-458c950d210b",
|
||
|
"indicator--55dc1966-ca20-40fc-9581-4052950d210b",
|
||
|
"indicator--55dc1966-f1e4-423c-9c3f-4e7b950d210b",
|
||
|
"observed-data--55dc1966-3338-4325-8bb7-400e950d210b",
|
||
|
"url--55dc1966-3338-4325-8bb7-400e950d210b",
|
||
|
"indicator--55dc1966-b224-4fa7-b241-42dc950d210b",
|
||
|
"indicator--55dc1967-b370-4622-b41b-4604950d210b",
|
||
|
"observed-data--55dc1967-deec-4044-b468-4e83950d210b",
|
||
|
"url--55dc1967-deec-4044-b468-4e83950d210b",
|
||
|
"indicator--55dc1967-5cd0-4fb1-a672-4a35950d210b",
|
||
|
"indicator--55dc1967-acbc-482c-abeb-42b8950d210b",
|
||
|
"observed-data--55dc1967-fa48-4bc8-9350-494f950d210b",
|
||
|
"url--55dc1967-fa48-4bc8-9350-494f950d210b",
|
||
|
"indicator--55dc1968-7b38-4679-b642-4b15950d210b",
|
||
|
"indicator--55dc1968-8f2c-47fd-8709-4a35950d210b",
|
||
|
"observed-data--55dc1968-7d4c-4456-b885-446b950d210b",
|
||
|
"url--55dc1968-7d4c-4456-b885-446b950d210b",
|
||
|
"indicator--55dc1968-500c-47f7-95e9-42d7950d210b",
|
||
|
"indicator--55dc1969-fa74-4784-b76c-414e950d210b",
|
||
|
"observed-data--55dc1969-6bb8-4c62-bc9f-4c09950d210b",
|
||
|
"url--55dc1969-6bb8-4c62-bc9f-4c09950d210b",
|
||
|
"indicator--55dc1969-7d50-447a-81e9-4cab950d210b",
|
||
|
"indicator--55dc1969-0dbc-425e-8520-4491950d210b",
|
||
|
"observed-data--55dc1969-3994-4e37-8e05-47a1950d210b",
|
||
|
"url--55dc1969-3994-4e37-8e05-47a1950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"misp-galaxy:threat-actor=\"Blue Termite\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55db939f-46d4-4867-9d87-6070950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-24T21:58:55.000Z",
|
||
|
"modified": "2015-08-24T21:58:55.000Z",
|
||
|
"first_observed": "2015-08-24T21:58:55Z",
|
||
|
"last_observed": "2015-08-24T21:58:55Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55db939f-46d4-4867-9d87-6070950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55db939f-46d4-4867-9d87-6070950d210b",
|
||
|
"value": "https://otx.alienvault.com/pulse/55db51554637f21c54c19363/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--55db93a9-df84-40b7-89e1-4c28950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-24T21:59:05.000Z",
|
||
|
"modified": "2015-08-24T21:59:05.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Blue Termite"
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--55dc1201-38e4-424b-b789-44a1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:09.000Z",
|
||
|
"modified": "2015-08-25T06:58:09.000Z",
|
||
|
"name": "CVE-2015-5119",
|
||
|
"labels": [
|
||
|
"misp:type=\"vulnerability\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2015-5119"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1213-5904-442e-9cba-449a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:27.000Z",
|
||
|
"modified": "2015-08-25T06:58:27.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '07aa0340ec0bfbb2e59f1cc50382c055']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1213-463c-4c3d-96a1-4119950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:27.000Z",
|
||
|
"modified": "2015-08-25T06:58:27.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '23f23e1345f6bc70af34604246d6300d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1213-0e34-4583-ad80-47c6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:27.000Z",
|
||
|
"modified": "2015-08-25T06:58:27.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '302fbe13736403921ad7f9d310d7beb2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1214-c82c-4aef-afe6-445f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:28.000Z",
|
||
|
"modified": "2015-08-25T06:58:28.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3b42577bbd602934a728744f242ffe26']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1214-6018-4397-8532-4edd950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:28.000Z",
|
||
|
"modified": "2015-08-25T06:58:28.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '438a3b6783fb290197d3023ce441229c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1214-67b0-48ab-8eda-4aa6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:28.000Z",
|
||
|
"modified": "2015-08-25T06:58:28.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '512d93c711f006891cbc124392c2e8d9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1214-b0cc-44ec-bf92-48ae950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:28.000Z",
|
||
|
"modified": "2015-08-25T06:58:28.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '8cc0f235189efcf3fe1c4ccc7527fcfc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1214-6ba8-478a-96b6-432b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:28.000Z",
|
||
|
"modified": "2015-08-25T06:58:28.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a421f5145eae2c68950cc3174e88870f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1215-5360-40c9-8525-47a6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:29.000Z",
|
||
|
"modified": "2015-08-25T06:58:29.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b3bc4b5f17fd5f87ec3714c6587f6906']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1215-ebe4-4e89-9dd3-4c54950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:29.000Z",
|
||
|
"modified": "2015-08-25T06:58:29.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'bb3f0ad472aac26ae6dc8c0e7969cc30']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1215-82c0-4ed3-93d5-401c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:29.000Z",
|
||
|
"modified": "2015-08-25T06:58:29.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'f07216c34689a9104b29bbdcba17325f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1215-51dc-4c23-bd6e-4cb7950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:29.000Z",
|
||
|
"modified": "2015-08-25T06:58:29.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'f46019f795bd721262dc69988d7e53bc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1215-1d90-4dec-b586-4093950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:29.000Z",
|
||
|
"modified": "2015-08-25T06:58:29.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'f60cdde57bd9ca9412c32a08ef068abc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1216-0044-43e7-84e4-4d1e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:30.000Z",
|
||
|
"modified": "2015-08-25T06:58:30.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'f8d9af763e64c420ffa6e8930727f779']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1216-f97c-481a-ac7a-41b1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:30.000Z",
|
||
|
"modified": "2015-08-25T06:58:30.000Z",
|
||
|
"pattern": "[url:value = 'http://www.ishopsg.com/sites.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1216-32a0-403b-88c9-4635950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:30.000Z",
|
||
|
"modified": "2015-08-25T06:58:30.000Z",
|
||
|
"pattern": "[url:value = 'http://www.motoavanti.com/shinyo/backup/look/index.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1216-cad4-49e4-b6f0-4fe1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:30.000Z",
|
||
|
"modified": "2015-08-25T06:58:30.000Z",
|
||
|
"pattern": "[url:value = 'http://www.n-fit-sub.com/ec/index.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1216-bd24-4e15-b0d9-40c2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:30.000Z",
|
||
|
"modified": "2015-08-25T06:58:30.000Z",
|
||
|
"pattern": "[url:value = 'http://www.nichiiko-golf.com/news/index.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1216-b3e0-49c8-85dd-4a7d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:30.000Z",
|
||
|
"modified": "2015-08-25T06:58:30.000Z",
|
||
|
"pattern": "[url:value = 'http://www.pikogrm.jp/index.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1217-4ed0-40c0-ac32-43db950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T06:58:31.000Z",
|
||
|
"modified": "2015-08-25T06:58:31.000Z",
|
||
|
"pattern": "[url:value = 'http://www.upgs.com/css/bin/index.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T06:58:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1963-4b34-418d-810c-4593950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:39.000Z",
|
||
|
"modified": "2015-08-25T07:29:39.000Z",
|
||
|
"description": "- Xchecked via VT: f60cdde57bd9ca9412c32a08ef068abc",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e03e6f7d98b214b5051b7484e4099ce5bd8c46e49faf44002c8ba146977127ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1964-e2e0-40b6-ae55-4c42950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:40.000Z",
|
||
|
"modified": "2015-08-25T07:29:40.000Z",
|
||
|
"description": "- Xchecked via VT: f60cdde57bd9ca9412c32a08ef068abc",
|
||
|
"pattern": "[file:hashes.SHA1 = '3573a9d03211e3935a48a947d1152d7611539f68']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc1964-98c0-4a77-a6f5-40ed950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:40.000Z",
|
||
|
"modified": "2015-08-25T07:29:40.000Z",
|
||
|
"first_observed": "2015-08-25T07:29:40Z",
|
||
|
"last_observed": "2015-08-25T07:29:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc1964-98c0-4a77-a6f5-40ed950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc1964-98c0-4a77-a6f5-40ed950d210b",
|
||
|
"value": "https://www.virustotal.com/file/e03e6f7d98b214b5051b7484e4099ce5bd8c46e49faf44002c8ba146977127ef/analysis/1436519315/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1964-58c8-4161-99cb-4c74950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:40.000Z",
|
||
|
"modified": "2015-08-25T07:29:40.000Z",
|
||
|
"description": "- Xchecked via VT: f46019f795bd721262dc69988d7e53bc",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e9302fe774e22e2b34a395f8e56c6976fe354bb88b5dcfda4ee36984eebd9340']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1964-f858-4bf8-aad7-4667950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:40.000Z",
|
||
|
"modified": "2015-08-25T07:29:40.000Z",
|
||
|
"description": "- Xchecked via VT: f46019f795bd721262dc69988d7e53bc",
|
||
|
"pattern": "[file:hashes.SHA1 = 'de51aa21847c1268a708351992a0f95b9a823ffb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc1964-2ac0-4644-8fde-49ab950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:40.000Z",
|
||
|
"modified": "2015-08-25T07:29:40.000Z",
|
||
|
"first_observed": "2015-08-25T07:29:40Z",
|
||
|
"last_observed": "2015-08-25T07:29:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc1964-2ac0-4644-8fde-49ab950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc1964-2ac0-4644-8fde-49ab950d210b",
|
||
|
"value": "https://www.virustotal.com/file/e9302fe774e22e2b34a395f8e56c6976fe354bb88b5dcfda4ee36984eebd9340/analysis/1439629438/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1965-5a00-4e1e-9400-41e7950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:41.000Z",
|
||
|
"modified": "2015-08-25T07:29:41.000Z",
|
||
|
"description": "- Xchecked via VT: bb3f0ad472aac26ae6dc8c0e7969cc30",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e919ae6a3bdc6abe6b695215a53b74072a39b86757e049f930866b3f69000957']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1965-9a94-4135-ad58-4e79950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:41.000Z",
|
||
|
"modified": "2015-08-25T07:29:41.000Z",
|
||
|
"description": "- Xchecked via VT: bb3f0ad472aac26ae6dc8c0e7969cc30",
|
||
|
"pattern": "[file:hashes.SHA1 = '7e8c4127902dbb0fd3f714d2e6b50acc57d4fcc1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc1965-77a8-44c5-be6c-4b02950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:41.000Z",
|
||
|
"modified": "2015-08-25T07:29:41.000Z",
|
||
|
"first_observed": "2015-08-25T07:29:41Z",
|
||
|
"last_observed": "2015-08-25T07:29:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc1965-77a8-44c5-be6c-4b02950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc1965-77a8-44c5-be6c-4b02950d210b",
|
||
|
"value": "https://www.virustotal.com/file/e919ae6a3bdc6abe6b695215a53b74072a39b86757e049f930866b3f69000957/analysis/1440461268/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1965-e704-4cf0-89c1-40c4950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:41.000Z",
|
||
|
"modified": "2015-08-25T07:29:41.000Z",
|
||
|
"description": "- Xchecked via VT: b3bc4b5f17fd5f87ec3714c6587f6906",
|
||
|
"pattern": "[file:hashes.SHA256 = 'dc3c90084e8c47414ccb17fd70d3c2b051a293efcc29dc57a6d273293e0001ec']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1965-1fb4-4bac-9e22-40c8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:41.000Z",
|
||
|
"modified": "2015-08-25T07:29:41.000Z",
|
||
|
"description": "- Xchecked via VT: b3bc4b5f17fd5f87ec3714c6587f6906",
|
||
|
"pattern": "[file:hashes.SHA1 = '07aba67978294a8757bb58fd99f8e1fa151fc348']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc1966-d0d0-4eb4-b38f-458c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:42.000Z",
|
||
|
"modified": "2015-08-25T07:29:42.000Z",
|
||
|
"first_observed": "2015-08-25T07:29:42Z",
|
||
|
"last_observed": "2015-08-25T07:29:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc1966-d0d0-4eb4-b38f-458c950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc1966-d0d0-4eb4-b38f-458c950d210b",
|
||
|
"value": "https://www.virustotal.com/file/dc3c90084e8c47414ccb17fd70d3c2b051a293efcc29dc57a6d273293e0001ec/analysis/1440387368/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1966-ca20-40fc-9581-4052950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:42.000Z",
|
||
|
"modified": "2015-08-25T07:29:42.000Z",
|
||
|
"description": "- Xchecked via VT: a421f5145eae2c68950cc3174e88870f",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f4d9660502220c22e367e084c7f5647c21ad4821d8c41ce68e1ac89975175051']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1966-f1e4-423c-9c3f-4e7b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:42.000Z",
|
||
|
"modified": "2015-08-25T07:29:42.000Z",
|
||
|
"description": "- Xchecked via VT: a421f5145eae2c68950cc3174e88870f",
|
||
|
"pattern": "[file:hashes.SHA1 = '5c9b84f587cd1a79caae46d9b7cee30c4857f4a2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc1966-3338-4325-8bb7-400e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:42.000Z",
|
||
|
"modified": "2015-08-25T07:29:42.000Z",
|
||
|
"first_observed": "2015-08-25T07:29:42Z",
|
||
|
"last_observed": "2015-08-25T07:29:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc1966-3338-4325-8bb7-400e950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc1966-3338-4325-8bb7-400e950d210b",
|
||
|
"value": "https://www.virustotal.com/file/f4d9660502220c22e367e084c7f5647c21ad4821d8c41ce68e1ac89975175051/analysis/1438873061/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1966-b224-4fa7-b241-42dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:42.000Z",
|
||
|
"modified": "2015-08-25T07:29:42.000Z",
|
||
|
"description": "- Xchecked via VT: 8cc0f235189efcf3fe1c4ccc7527fcfc",
|
||
|
"pattern": "[file:hashes.SHA256 = '6aed51b108d9f9f197842e17b0f58d4dec3709ca1eae4d42146d0bba0c145eaf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1967-b370-4622-b41b-4604950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:43.000Z",
|
||
|
"modified": "2015-08-25T07:29:43.000Z",
|
||
|
"description": "- Xchecked via VT: 8cc0f235189efcf3fe1c4ccc7527fcfc",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cdbbcd70452fd84fe4612a7fe2208077fb8fa8ee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc1967-deec-4044-b468-4e83950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:43.000Z",
|
||
|
"modified": "2015-08-25T07:29:43.000Z",
|
||
|
"first_observed": "2015-08-25T07:29:43Z",
|
||
|
"last_observed": "2015-08-25T07:29:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc1967-deec-4044-b468-4e83950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc1967-deec-4044-b468-4e83950d210b",
|
||
|
"value": "https://www.virustotal.com/file/6aed51b108d9f9f197842e17b0f58d4dec3709ca1eae4d42146d0bba0c145eaf/analysis/1437032832/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1967-5cd0-4fb1-a672-4a35950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:43.000Z",
|
||
|
"modified": "2015-08-25T07:29:43.000Z",
|
||
|
"description": "- Xchecked via VT: 438a3b6783fb290197d3023ce441229c",
|
||
|
"pattern": "[file:hashes.SHA256 = '85a5b524a07d2a37e56876495c1a3a67a1217998a45283fe87f4ab1f97f6a973']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1967-acbc-482c-abeb-42b8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:43.000Z",
|
||
|
"modified": "2015-08-25T07:29:43.000Z",
|
||
|
"description": "- Xchecked via VT: 438a3b6783fb290197d3023ce441229c",
|
||
|
"pattern": "[file:hashes.SHA1 = 'dfd74765a126a0fff4122d9b101720e148c179cb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc1967-fa48-4bc8-9350-494f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:43.000Z",
|
||
|
"modified": "2015-08-25T07:29:43.000Z",
|
||
|
"first_observed": "2015-08-25T07:29:43Z",
|
||
|
"last_observed": "2015-08-25T07:29:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc1967-fa48-4bc8-9350-494f950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc1967-fa48-4bc8-9350-494f950d210b",
|
||
|
"value": "https://www.virustotal.com/file/85a5b524a07d2a37e56876495c1a3a67a1217998a45283fe87f4ab1f97f6a973/analysis/1437031062/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1968-7b38-4679-b642-4b15950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:44.000Z",
|
||
|
"modified": "2015-08-25T07:29:44.000Z",
|
||
|
"description": "- Xchecked via VT: 302fbe13736403921ad7f9d310d7beb2",
|
||
|
"pattern": "[file:hashes.SHA256 = '008f4f14cf64dc9d323b6cb5942da4a99979c4c7d750ec1228d8c8285883771e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1968-8f2c-47fd-8709-4a35950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:44.000Z",
|
||
|
"modified": "2015-08-25T07:29:44.000Z",
|
||
|
"description": "- Xchecked via VT: 302fbe13736403921ad7f9d310d7beb2",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd87315166be5e3aa2d0962563e0b2edaf371d959']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc1968-7d4c-4456-b885-446b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:44.000Z",
|
||
|
"modified": "2015-08-25T07:29:44.000Z",
|
||
|
"first_observed": "2015-08-25T07:29:44Z",
|
||
|
"last_observed": "2015-08-25T07:29:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc1968-7d4c-4456-b885-446b950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc1968-7d4c-4456-b885-446b950d210b",
|
||
|
"value": "https://www.virustotal.com/file/008f4f14cf64dc9d323b6cb5942da4a99979c4c7d750ec1228d8c8285883771e/analysis/1438870784/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1968-500c-47f7-95e9-42d7950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:44.000Z",
|
||
|
"modified": "2015-08-25T07:29:44.000Z",
|
||
|
"description": "- Xchecked via VT: 23f23e1345f6bc70af34604246d6300d",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a1fa7c5216737e96359452dcbf121afc251b225abd00f6a464392591caaf52e1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1969-fa74-4784-b76c-414e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:45.000Z",
|
||
|
"modified": "2015-08-25T07:29:45.000Z",
|
||
|
"description": "- Xchecked via VT: 23f23e1345f6bc70af34604246d6300d",
|
||
|
"pattern": "[file:hashes.SHA1 = '26fc5977b2d235e36b084e2f5b2c1cb23ea834be']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc1969-6bb8-4c62-bc9f-4c09950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:45.000Z",
|
||
|
"modified": "2015-08-25T07:29:45.000Z",
|
||
|
"first_observed": "2015-08-25T07:29:45Z",
|
||
|
"last_observed": "2015-08-25T07:29:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc1969-6bb8-4c62-bc9f-4c09950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc1969-6bb8-4c62-bc9f-4c09950d210b",
|
||
|
"value": "https://www.virustotal.com/file/a1fa7c5216737e96359452dcbf121afc251b225abd00f6a464392591caaf52e1/analysis/1436513718/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1969-7d50-447a-81e9-4cab950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:45.000Z",
|
||
|
"modified": "2015-08-25T07:29:45.000Z",
|
||
|
"description": "- Xchecked via VT: 07aa0340ec0bfbb2e59f1cc50382c055",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a94bf485cebeda8e4b74bbe2c0a0567903a13c36b9bf60fab484a9b55207fe0d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--55dc1969-0dbc-425e-8520-4491950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:45.000Z",
|
||
|
"modified": "2015-08-25T07:29:45.000Z",
|
||
|
"description": "- Xchecked via VT: 07aa0340ec0bfbb2e59f1cc50382c055",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f0a73f20bc6c986d5e09a11f5606cf0aff271b2f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-08-25T07:29:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--55dc1969-3994-4e37-8e05-47a1950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-08-25T07:29:45.000Z",
|
||
|
"modified": "2015-08-25T07:29:45.000Z",
|
||
|
"first_observed": "2015-08-25T07:29:45Z",
|
||
|
"last_observed": "2015-08-25T07:29:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--55dc1969-3994-4e37-8e05-47a1950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--55dc1969-3994-4e37-8e05-47a1950d210b",
|
||
|
"value": "https://www.virustotal.com/file/a94bf485cebeda8e4b74bbe2c0a0567903a13c36b9bf60fab484a9b55207fe0d/analysis/1440402672/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|