adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/55f93f51-b288-4da8-b9eb-4416950d210b.json

1119 lines
46 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--55f93f51-b288-4da8-b9eb-4416950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:34.000Z",
"modified": "2015-09-16T12:19:34.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--55f93f51-b288-4da8-b9eb-4416950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:34.000Z",
"modified": "2015-09-16T12:19:34.000Z",
"name": "OSINT The Shade Encryptor: a Double Threat by Kaspersky",
"published": "2015-09-16T12:20:45Z",
"object_refs": [
"observed-data--55f93f5e-21b8-45b8-834b-4450950d210b",
"url--55f93f5e-21b8-45b8-834b-4450950d210b",
"x-misp-attribute--55f93f96-e8e0-4964-b2d8-4318950d210b",
"x-misp-attribute--55f93f97-64a4-4955-9b1e-419c950d210b",
"x-misp-attribute--55f93f97-30bc-410d-a71f-4e24950d210b",
"indicator--55f9402a-7ba0-4739-8c84-4064950d210b",
"indicator--55f9402b-ec40-4ec3-97a8-451f950d210b",
"indicator--55f9402b-bb0c-4f2a-ad1c-4c9f950d210b",
"indicator--55f9402b-80e8-4f6f-a87e-4e0e950d210b",
"indicator--55f9402c-d780-4b80-9826-484c950d210b",
"indicator--55f9402d-beb0-42d4-99c8-48e2950d210b",
"indicator--55f9402d-1264-422c-9658-4477950d210b",
"indicator--55f9402d-ee00-461c-b0b9-4d8a950d210b",
"x-misp-attribute--55f94092-0d18-4bc9-b72d-4113950d210b",
"x-misp-attribute--55f94092-3930-457c-b962-4f59950d210b",
"x-misp-attribute--55f94093-fcc0-45d6-91cb-4355950d210b",
"x-misp-attribute--55f94093-20e0-4fbf-8172-490a950d210b",
"indicator--55f940e3-e8d4-40bb-9402-4d2c950d210b",
"indicator--55f940e3-fa18-470f-b245-4296950d210b",
"indicator--55f940e4-26fc-495a-808e-44a2950d210b",
"indicator--55f940e4-5998-4ebc-b6dc-47c3950d210b",
"indicator--55f940e4-7a10-4bf7-8191-4537950d210b",
"indicator--55f940e4-6328-4f0c-a721-4ada950d210b",
"indicator--55f940e5-1b58-47a8-a2de-4e5f950d210b",
"indicator--55f940e5-f654-4f1c-9465-4d94950d210b",
"indicator--55f940e5-bc0c-4269-ab0f-403a950d210b",
"indicator--55f940e5-ca2c-4988-a30a-49b5950d210b",
"indicator--55f940e5-1d48-46b7-9fc1-4a06950d210b",
"indicator--55f940e6-31b0-4baa-8b90-48d5950d210b",
"indicator--55f940e6-222c-412c-8fb4-4832950d210b",
"indicator--55f940e6-4adc-42b2-af27-4b01950d210b",
"indicator--55f940e6-0220-4732-8cc1-4eeb950d210b",
"indicator--55f940e7-2e8c-4868-9c7e-42f5950d210b",
"indicator--55f940e7-ff6c-4912-a30c-4486950d210b",
"indicator--55f940e7-7744-4591-8c3d-427a950d210b",
"indicator--55f94115-a694-4aeb-9a2d-4c57950d210b",
"indicator--55f94115-28ac-4993-8211-4466950d210b",
"indicator--55f94115-46ec-49b8-8d7a-44ac950d210b",
"indicator--55f95e56-7580-478d-a35c-6ff9950d210b",
"indicator--55f95e56-90ac-40a2-991d-6ff9950d210b",
"observed-data--55f95e56-bb58-49a9-b100-6ff9950d210b",
"url--55f95e56-bb58-49a9-b100-6ff9950d210b",
"indicator--55f95e57-70a4-4c04-880d-6ff9950d210b",
"indicator--55f95e57-8fd0-4222-afab-6ff9950d210b",
"observed-data--55f95e57-15ac-4e23-b13a-6ff9950d210b",
"url--55f95e57-15ac-4e23-b13a-6ff9950d210b",
"indicator--55f95e57-bd98-4366-b475-6ff9950d210b",
"indicator--55f95e57-75a0-427d-a431-6ff9950d210b",
"observed-data--55f95e58-7704-4951-8acc-6ff9950d210b",
"url--55f95e58-7704-4951-8acc-6ff9950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55f93f5e-21b8-45b8-834b-4450950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:07:26.000Z",
"modified": "2015-09-16T10:07:26.000Z",
"first_observed": "2015-09-16T10:07:26Z",
"last_observed": "2015-09-16T10:07:26Z",
"number_observed": 1,
"object_refs": [
"url--55f93f5e-21b8-45b8-834b-4450950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55f93f5e-21b8-45b8-834b-4450950d210b",
"value": "https://securelist.com/analysis/publications/72087/the-shade-encryptor-a-double-threat/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55f93f96-e8e0-4964-b2d8-4318950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:08:22.000Z",
"modified": "2015-09-16T10:08:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan-Ransom.Win32.Shade"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55f93f97-64a4-4955-9b1e-419c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:08:23.000Z",
"modified": "2015-09-16T10:08:23.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Encoder.858"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55f93f97-30bc-410d-a71f-4e24950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:08:23.000Z",
"modified": "2015-09-16T10:08:23.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Ransom:Win32/Troldesh"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f9402a-7ba0-4739-8c84-4064950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:10:50.000Z",
"modified": "2015-09-16T10:10:50.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'oc_dlea podpisi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:10:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f9402b-ec40-4ec3-97a8-451f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:10:51.000Z",
"modified": "2015-09-16T10:10:51.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'doc_dlea podpisi.rar']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:10:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f9402b-bb0c-4f2a-ad1c-4c9f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:10:51.000Z",
"modified": "2015-09-16T10:10:51.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'documenti_589965465_documenti.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:10:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f9402b-80e8-4f6f-a87e-4e0e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:10:51.000Z",
"modified": "2015-09-16T10:10:51.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'documenti_589965465_documenti.rar']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:10:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f9402c-d780-4b80-9826-484c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:10:52.000Z",
"modified": "2015-09-16T10:10:52.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'documenti_589965465_doc.scr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:10:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f9402d-beb0-42d4-99c8-48e2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:10:53.000Z",
"modified": "2015-09-16T10:10:53.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = '\u00d0\u00bd\u00d0\u00b5\u00d0\u00bf\u00d0\u00be\u00d0\u00b4\u00d1\u201a\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b6\u00d0\u00b4\u00d0\u00b5\u00d0\u00bd 308853.scr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:10:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f9402d-1264-422c-9658-4477950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:10:53.000Z",
"modified": "2015-09-16T10:10:53.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'documenti dlea podpisi 05.08.2015.scr.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:10:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f9402d-ee00-461c-b0b9-4d8a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:10:53.000Z",
"modified": "2015-09-16T10:10:53.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'akt sverki za 17082015.scr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:10:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55f94092-0d18-4bc9-b72d-4113950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:12:34.000Z",
"modified": "2015-09-16T10:12:34.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Antivirus detection",
"x_misp_comment": "Secondary payload downloaded",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.CMSBrute"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55f94092-3930-457c-b962-4f59950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:12:34.000Z",
"modified": "2015-09-16T10:12:34.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Antivirus detection",
"x_misp_comment": "Secondary payload downloaded",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Muref"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55f94093-fcc0-45d6-91cb-4355950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:12:35.000Z",
"modified": "2015-09-16T10:12:35.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Antivirus detection",
"x_misp_comment": "Secondary payload downloaded",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Kovter"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55f94093-20e0-4fbf-8172-490a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:12:35.000Z",
"modified": "2015-09-16T10:12:35.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Antivirus detection",
"x_misp_comment": "Secondary payload downloaded",
"x_misp_type": "text",
"x_misp_value": "Trojan-Downloader.Win32.Zemot"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e3-e8d4-40bb-9402-4d2c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:55.000Z",
"modified": "2015-09-16T10:13:55.000Z",
"pattern": "[email-message:to_refs[*].value = 'decode00001@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e3-fa18-470f-b245-4296950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:55.000Z",
"modified": "2015-09-16T10:13:55.000Z",
"pattern": "[email-message:to_refs[*].value = 'decode00002@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e4-26fc-495a-808e-44a2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:56.000Z",
"modified": "2015-09-16T10:13:56.000Z",
"pattern": "[email-message:to_refs[*].value = 'decode010@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e4-5998-4ebc-b6dc-47c3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:56.000Z",
"modified": "2015-09-16T10:13:56.000Z",
"pattern": "[email-message:to_refs[*].value = 'decode0987@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e4-7a10-4bf7-8191-4537950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:56.000Z",
"modified": "2015-09-16T10:13:56.000Z",
"pattern": "[email-message:to_refs[*].value = 'decode098@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e4-6328-4f0c-a721-4ada950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:56.000Z",
"modified": "2015-09-16T10:13:56.000Z",
"pattern": "[email-message:to_refs[*].value = 'decode1110@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e5-1b58-47a8-a2de-4e5f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:57.000Z",
"modified": "2015-09-16T10:13:57.000Z",
"pattern": "[email-message:to_refs[*].value = 'decodefile001@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e5-f654-4f1c-9465-4d94950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:57.000Z",
"modified": "2015-09-16T10:13:57.000Z",
"pattern": "[email-message:to_refs[*].value = 'decodefile002@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e5-bc0c-4269-ab0f-403a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:57.000Z",
"modified": "2015-09-16T10:13:57.000Z",
"pattern": "[email-message:to_refs[*].value = 'decodefiles1@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e5-ca2c-4988-a30a-49b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:57.000Z",
"modified": "2015-09-16T10:13:57.000Z",
"pattern": "[email-message:to_refs[*].value = 'decodefiles@india.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e5-1d48-46b7-9fc1-4a06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:57.000Z",
"modified": "2015-09-16T10:13:57.000Z",
"pattern": "[email-message:to_refs[*].value = 'deshifrovka01@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e6-31b0-4baa-8b90-48d5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:58.000Z",
"modified": "2015-09-16T10:13:58.000Z",
"pattern": "[email-message:to_refs[*].value = 'deshifrovka@india.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e6-222c-412c-8fb4-4832950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:58.000Z",
"modified": "2015-09-16T10:13:58.000Z",
"pattern": "[email-message:to_refs[*].value = 'files08880@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e6-4adc-42b2-af27-4b01950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:58.000Z",
"modified": "2015-09-16T10:13:58.000Z",
"pattern": "[email-message:to_refs[*].value = 'files08881@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e6-0220-4732-8cc1-4eeb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:58.000Z",
"modified": "2015-09-16T10:13:58.000Z",
"pattern": "[email-message:to_refs[*].value = 'files1147@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e7-2e8c-4868-9c7e-42f5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:59.000Z",
"modified": "2015-09-16T10:13:59.000Z",
"pattern": "[email-message:to_refs[*].value = 'post100023@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e7-ff6c-4912-a30c-4486950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:59.000Z",
"modified": "2015-09-16T10:13:59.000Z",
"pattern": "[email-message:to_refs[*].value = 'post24932@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f940e7-7744-4591-8c3d-427a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:13:59.000Z",
"modified": "2015-09-16T10:13:59.000Z",
"pattern": "[email-message:to_refs[*].value = 'post8881@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:13:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f94115-a694-4aeb-9a2d-4c57950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:14:45.000Z",
"modified": "2015-09-16T10:14:45.000Z",
"pattern": "[file:hashes.MD5 = '21723762c841b2377e06472dd9691da2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f94115-28ac-4993-8211-4466950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:14:45.000Z",
"modified": "2015-09-16T10:14:45.000Z",
"pattern": "[file:hashes.MD5 = 'bb159b6fe30e3c914feac5d4e1b85a61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f94115-46ec-49b8-8d7a-44ac950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T10:14:45.000Z",
"modified": "2015-09-16T10:14:45.000Z",
"pattern": "[file:hashes.MD5 = '543d1620ce976cb13fec190ccc1bc83a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f95e56-7580-478d-a35c-6ff9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:34.000Z",
"modified": "2015-09-16T12:19:34.000Z",
"description": "- Xchecked via VT: 543d1620ce976cb13fec190ccc1bc83a",
"pattern": "[file:hashes.SHA256 = '01aa0cc7081760ad0b7259f35a3e4b37b1d8c6c4ed6a03606e74646046c64481']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T12:19:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f95e56-90ac-40a2-991d-6ff9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:34.000Z",
"modified": "2015-09-16T12:19:34.000Z",
"description": "- Xchecked via VT: 543d1620ce976cb13fec190ccc1bc83a",
"pattern": "[file:hashes.SHA1 = '3fe92f2e449dc7709b6ce8a9a48f6db3b60daf33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T12:19:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55f95e56-bb58-49a9-b100-6ff9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:34.000Z",
"modified": "2015-09-16T12:19:34.000Z",
"first_observed": "2015-09-16T12:19:34Z",
"last_observed": "2015-09-16T12:19:34Z",
"number_observed": 1,
"object_refs": [
"url--55f95e56-bb58-49a9-b100-6ff9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55f95e56-bb58-49a9-b100-6ff9950d210b",
"value": "https://www.virustotal.com/file/01aa0cc7081760ad0b7259f35a3e4b37b1d8c6c4ed6a03606e74646046c64481/analysis/1441135477/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f95e57-70a4-4c04-880d-6ff9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:35.000Z",
"modified": "2015-09-16T12:19:35.000Z",
"description": "- Xchecked via VT: bb159b6fe30e3c914feac5d4e1b85a61",
"pattern": "[file:hashes.SHA256 = 'f5eb1e8b5561dc0f861d1edbf43bbc3eeda62ff8ce1cb9b286386248b158dfc5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T12:19:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f95e57-8fd0-4222-afab-6ff9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:35.000Z",
"modified": "2015-09-16T12:19:35.000Z",
"description": "- Xchecked via VT: bb159b6fe30e3c914feac5d4e1b85a61",
"pattern": "[file:hashes.SHA1 = 'a3b639e1cf9d0ed3a73d2061dc40049508ea4e37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T12:19:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55f95e57-15ac-4e23-b13a-6ff9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:35.000Z",
"modified": "2015-09-16T12:19:35.000Z",
"first_observed": "2015-09-16T12:19:35Z",
"last_observed": "2015-09-16T12:19:35Z",
"number_observed": 1,
"object_refs": [
"url--55f95e57-15ac-4e23-b13a-6ff9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55f95e57-15ac-4e23-b13a-6ff9950d210b",
"value": "https://www.virustotal.com/file/f5eb1e8b5561dc0f861d1edbf43bbc3eeda62ff8ce1cb9b286386248b158dfc5/analysis/1440605490/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f95e57-bd98-4366-b475-6ff9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:35.000Z",
"modified": "2015-09-16T12:19:35.000Z",
"description": "- Xchecked via VT: 21723762c841b2377e06472dd9691da2",
"pattern": "[file:hashes.SHA256 = 'e6154d1c2850170fa81d1405886d0227a7548dc8f012b1b73c84646707e42d27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T12:19:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55f95e57-75a0-427d-a431-6ff9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:35.000Z",
"modified": "2015-09-16T12:19:35.000Z",
"description": "- Xchecked via VT: 21723762c841b2377e06472dd9691da2",
"pattern": "[file:hashes.SHA1 = '1f491c497fedd020894a74a6647ab3b7b1c1a90e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-16T12:19:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55f95e58-7704-4951-8acc-6ff9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-16T12:19:36.000Z",
"modified": "2015-09-16T12:19:36.000Z",
"first_observed": "2015-09-16T12:19:36Z",
"last_observed": "2015-09-16T12:19:36Z",
"number_observed": 1,
"object_refs": [
"url--55f95e58-7704-4951-8acc-6ff9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55f95e58-7704-4951-8acc-6ff9950d210b",
"value": "https://www.virustotal.com/file/e6154d1c2850170fa81d1405886d0227a7548dc8f012b1b73c84646707e42d27/analysis/1437292382/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink