adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/56240d98-a524-4386-8e43-8371950d210b.json

1116 lines
46 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--56240d98-a524-4386-8e43-8371950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:27.000Z",
"modified": "2015-12-22T14:36:27.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56240d98-a524-4386-8e43-8371950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:27.000Z",
"modified": "2015-12-22T14:36:27.000Z",
"name": "OSINT Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites by Citizen Labs",
"published": "2015-10-21T09:04:31Z",
"object_refs": [
"observed-data--56240daf-5e40-4631-8a88-4416950d210b",
"url--56240daf-5e40-4631-8a88-4416950d210b",
"indicator--56240e02-0950-47e9-a84e-8371950d210b",
"indicator--56240e02-e808-4cb8-814b-8371950d210b",
"indicator--56240e03-aeac-42f9-a84b-8371950d210b",
"indicator--56240e03-3c84-470b-842a-8371950d210b",
"indicator--56240e58-8374-4e94-a379-985e950d210b",
"indicator--56240e59-ebcc-4a9a-a330-985e950d210b",
"indicator--56240e59-a624-435b-b7ef-985e950d210b",
"indicator--56240e59-e278-45da-a1b4-985e950d210b",
"indicator--56240e5a-b864-4d11-b021-985e950d210b",
"indicator--56240e5a-2900-4ca4-aa61-985e950d210b",
"indicator--56240eb7-8e04-40b4-97c2-7dd1950d210b",
"indicator--56240eb8-0958-41fa-ab85-7dd1950d210b",
"indicator--56240eb8-e438-4d89-8c76-7dd1950d210b",
"indicator--56240eb9-ac80-46dd-a90e-7dd1950d210b",
"indicator--56240eb9-608c-4b5d-aa05-7dd1950d210b",
"indicator--56240eba-d774-4119-b2d1-7dd1950d210b",
"indicator--56240eba-cea4-4d24-8d86-7dd1950d210b",
"indicator--56266cf4-7bbc-4601-9b87-771f950d210b",
"indicator--56266cf5-5d00-47a7-b5c0-771f950d210b",
"indicator--56266cf5-767c-4172-8a63-771f950d210b",
"indicator--56266cf6-fc08-4dfe-8cb6-771f950d210b",
"indicator--56266cf6-41c4-44b4-a591-771f950d210b",
"indicator--56266cf6-1c00-4670-907b-771f950d210b",
"indicator--56266cf7-da80-4dc4-9132-771f950d210b",
"indicator--56266cf7-e870-453d-8a9a-771f950d210b",
"indicator--56266cf8-5e70-4f2e-8240-771f950d210b",
"observed-data--56275518-82a4-42d4-b18a-4498950d210b",
"url--56275518-82a4-42d4-b18a-4498950d210b",
"indicator--56795feb-2f6c-419e-9ed4-45bd950d210f",
"indicator--56795feb-f20c-45cd-a22a-4db1950d210f",
"indicator--56795fec-2cb0-4de1-a7c0-42d7950d210f",
"indicator--56795fec-abfc-48ce-894e-4347950d210f",
"indicator--56795fec-0150-4dbc-ac02-422b950d210f",
"indicator--56795fec-7e3c-478a-a737-45fb950d210f",
"indicator--56795fed-cb88-486d-b125-4cc8950d210f",
"indicator--56795fed-25fc-46f2-80d4-4fe3950d210f",
"indicator--56795fed-c0e0-4847-a03d-4fde950d210f",
"indicator--56795fee-8410-463e-ae7e-4d19950d210f",
"indicator--56795fee-83a4-4b57-b858-4018950d210f",
"indicator--56795fee-d458-46aa-ac57-4785950d210f",
"indicator--56795fee-5084-4386-999a-4445950d210f",
"indicator--56795fef-dd6c-4d72-9a96-48fe950d210f",
"indicator--56795fef-89cc-4dbc-86ff-435d950d210f",
"indicator--56795fef-a068-4e7c-82ad-47fb950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56240daf-5e40-4631-8a88-4416950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:22:55.000Z",
"modified": "2015-10-18T21:22:55.000Z",
"first_observed": "2015-10-18T21:22:55Z",
"last_observed": "2015-10-18T21:22:55Z",
"number_observed": 1,
"object_refs": [
"url--56240daf-5e40-4631-8a88-4416950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56240daf-5e40-4631-8a88-4416950d210b",
"value": "https://citizenlab.org/2015/10/targeted-attacks-ngo-burma/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240e02-0950-47e9-a84e-8371950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:24:18.000Z",
"modified": "2015-10-18T21:24:18.000Z",
"pattern": "[domain-name:value = 'usafbi.websecexp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:24:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240e02-e808-4cb8-814b-8371950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:24:18.000Z",
"modified": "2015-10-18T21:24:18.000Z",
"pattern": "[domain-name:value = 'usacia.websecexp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:24:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240e03-aeac-42f9-a84b-8371950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:24:19.000Z",
"modified": "2015-10-18T21:24:19.000Z",
"pattern": "[domain-name:value = 'webhttps.websecexp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:24:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240e03-3c84-470b-842a-8371950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:24:19.000Z",
"modified": "2015-10-18T21:24:19.000Z",
"pattern": "[domain-name:value = 'appeur.gnway.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:24:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240e58-8374-4e94-a379-985e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:25:44.000Z",
"modified": "2015-10-18T21:25:44.000Z",
"pattern": "[file:hashes.MD5 = '884d46c01c762ad6ddd2759fd921bf71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:25:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240e59-ebcc-4a9a-a330-985e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:25:45.000Z",
"modified": "2015-10-18T21:25:45.000Z",
"pattern": "[domain-name:value = 't2.mailsecurityservice.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240e59-a624-435b-b7ef-985e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:25:45.000Z",
"modified": "2015-10-18T21:25:45.000Z",
"pattern": "[domain-name:value = 't1.mailsecurityservice.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240e59-e278-45da-a1b4-985e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:25:45.000Z",
"modified": "2015-10-18T21:25:45.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.212.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240e5a-b864-4d11-b021-985e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:25:46.000Z",
"modified": "2015-10-18T21:25:46.000Z",
"pattern": "[file:hashes.MD5 = '15c926d2602f65be0de65fa9c06aa6c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240e5a-2900-4ca4-aa61-985e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:25:46.000Z",
"modified": "2015-10-18T21:25:46.000Z",
"pattern": "[url:value = 'http://client.mailsecurityservice.com/viewclient/connect.php?n=zxishanchu1106.exe.']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240eb7-8e04-40b4-97c2-7dd1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-21T08:57:11.000Z",
"modified": "2015-10-21T08:57:11.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.44.190.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-21T08:57:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240eb8-0958-41fa-ab85-7dd1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:27:20.000Z",
"modified": "2015-10-18T21:27:20.000Z",
"pattern": "[domain-name:value = 'mailsecurityservice.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:27:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240eb8-e438-4d89-8c76-7dd1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:27:20.000Z",
"modified": "2015-10-18T21:27:20.000Z",
"pattern": "[domain-name:value = 'iyouthen.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:27:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240eb9-ac80-46dd-a90e-7dd1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-21T09:04:09.000Z",
"modified": "2015-10-21T09:04:09.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.20.222.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-21T09:04:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240eb9-608c-4b5d-aa05-7dd1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:27:21.000Z",
"modified": "2015-10-18T21:27:21.000Z",
"pattern": "[domain-name:value = 'gmail.iyouthen.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:27:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240eba-d774-4119-b2d1-7dd1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:27:22.000Z",
"modified": "2015-10-18T21:27:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.44.49.88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:27:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56240eba-cea4-4d24-8d86-7dd1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-18T21:27:22.000Z",
"modified": "2015-10-18T21:27:22.000Z",
"pattern": "[file:hashes.MD5 = '53f81415ccedf453d6e3ebcdc142b966']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-18T21:27:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266cf4-7bbc-4601-9b87-771f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:33:56.000Z",
"modified": "2015-10-20T16:33:56.000Z",
"pattern": "[file:hashes.MD5 = '56f0e67d981024ddcc215543698f44fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:33:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266cf5-5d00-47a7-b5c0-771f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:33:57.000Z",
"modified": "2015-10-20T16:33:57.000Z",
"pattern": "[file:hashes.SHA1 = 'bfaebb3e8a6768a2a5785ffa8dbb16cab43ba560']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:33:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266cf5-767c-4172-8a63-771f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:33:57.000Z",
"modified": "2015-10-20T16:33:57.000Z",
"pattern": "[file:hashes.SHA256 = '30995fe31f48d253ed864ce8f155222c251e7b5c7841597d1478324794de11cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:33:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266cf6-fc08-4dfe-8cb6-771f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:33:58.000Z",
"modified": "2015-10-20T16:33:58.000Z",
"pattern": "[file:hashes.MD5 = 'c4c147bdfddffec2eea6bf99661e69ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:33:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266cf6-41c4-44b4-a591-771f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:33:58.000Z",
"modified": "2015-10-20T16:33:58.000Z",
"pattern": "[file:hashes.MD5 = '7e0081fba718fcd71753d3199a290f03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:33:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266cf6-1c00-4670-907b-771f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:33:58.000Z",
"modified": "2015-10-20T16:33:58.000Z",
"pattern": "[file:hashes.MD5 = '6701662097e274f3cd089ceec35471d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:33:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266cf7-da80-4dc4-9132-771f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:33:59.000Z",
"modified": "2015-10-20T16:33:59.000Z",
"pattern": "[file:hashes.MD5 = '699b3d90b050cae37f65c855ec7f616a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:33:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266cf7-e870-453d-8a9a-771f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:33:59.000Z",
"modified": "2015-10-20T16:33:59.000Z",
"pattern": "[file:hashes.MD5 = '5710d567d98a8f4a6682859ce3a35336']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:33:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266cf8-5e70-4f2e-8240-771f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:34:00.000Z",
"modified": "2015-10-20T16:34:00.000Z",
"pattern": "[file:hashes.MD5 = '49ceba3347d39870f15f2ab0391af234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:34:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56275518-82a4-42d4-b18a-4498950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-21T09:04:24.000Z",
"modified": "2015-10-21T09:04:24.000Z",
"first_observed": "2015-10-21T09:04:24Z",
"last_observed": "2015-10-21T09:04:24Z",
"number_observed": 1,
"object_refs": [
"url--56275518-82a4-42d4-b18a-4498950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56275518-82a4-42d4-b18a-4498950d210b",
"value": "https://passivetotal.org/passive/103.20.222.244"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795feb-2f6c-419e-9ed4-45bd950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:27.000Z",
"modified": "2015-12-22T14:36:27.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/30995fe31f48d253ed864ce8f155222c251e7b5c7841597d1478324794de11cf/analysis/1447248301/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795feb-f20c-45cd-a22a-4db1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:27.000Z",
"modified": "2015-12-22T14:36:27.000Z",
"description": "- Xchecked via VT: 5710d567d98a8f4a6682859ce3a35336",
"pattern": "[file:hashes.SHA256 = '44f0ea8043a9498604a237dddd673d618d4a61eed9d3e42b6fbaa648f55aa5e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fec-2cb0-4de1-a7c0-42d7950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:28.000Z",
"modified": "2015-12-22T14:36:28.000Z",
"description": "- Xchecked via VT: 5710d567d98a8f4a6682859ce3a35336",
"pattern": "[file:hashes.SHA1 = '355e7fd36a18253358e6175842c7309f79629570']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fec-abfc-48ce-894e-4347950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:28.000Z",
"modified": "2015-12-22T14:36:28.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/44f0ea8043a9498604a237dddd673d618d4a61eed9d3e42b6fbaa648f55aa5e6/analysis/1447876975/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fec-0150-4dbc-ac02-422b950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:28.000Z",
"modified": "2015-12-22T14:36:28.000Z",
"description": "- Xchecked via VT: 7e0081fba718fcd71753d3199a290f03",
"pattern": "[file:hashes.SHA256 = 'd71138f169907f6c87a36f2dfe2d0696e74e59b39c717c6d58ca43942caf049f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fec-7e3c-478a-a737-45fb950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:28.000Z",
"modified": "2015-12-22T14:36:28.000Z",
"description": "- Xchecked via VT: 7e0081fba718fcd71753d3199a290f03",
"pattern": "[file:hashes.SHA1 = '4d994872ad4032282d140ac0a19844de6f252141']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fed-cb88-486d-b125-4cc8950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:29.000Z",
"modified": "2015-12-22T14:36:29.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/d71138f169907f6c87a36f2dfe2d0696e74e59b39c717c6d58ca43942caf049f/analysis/1438899341/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fed-25fc-46f2-80d4-4fe3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:29.000Z",
"modified": "2015-12-22T14:36:29.000Z",
"description": "- Xchecked via VT: c4c147bdfddffec2eea6bf99661e69ee",
"pattern": "[file:hashes.SHA256 = '365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fed-c0e0-4847-a03d-4fde950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:29.000Z",
"modified": "2015-12-22T14:36:29.000Z",
"description": "- Xchecked via VT: c4c147bdfddffec2eea6bf99661e69ee",
"pattern": "[file:hashes.SHA1 = '926b3576e75b49169e4fec6cbd070f02c8f33ed0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fee-8410-463e-ae7e-4d19950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:30.000Z",
"modified": "2015-12-22T14:36:30.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1/analysis/1445244286/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fee-83a4-4b57-b858-4018950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:30.000Z",
"modified": "2015-12-22T14:36:30.000Z",
"description": "- Xchecked via VT: 15c926d2602f65be0de65fa9c06aa6c6",
"pattern": "[file:hashes.SHA256 = '2cc4090638a28cde73e18e973e1f2b2ec24d3fa4ea1326dc0d715d5fef8b4a79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fee-d458-46aa-ac57-4785950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:30.000Z",
"modified": "2015-12-22T14:36:30.000Z",
"description": "- Xchecked via VT: 15c926d2602f65be0de65fa9c06aa6c6",
"pattern": "[file:hashes.SHA1 = '3425cdc99e28661d6c510a5167488ce0a6952b6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fee-5084-4386-999a-4445950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:30.000Z",
"modified": "2015-12-22T14:36:30.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/2cc4090638a28cde73e18e973e1f2b2ec24d3fa4ea1326dc0d715d5fef8b4a79/analysis/1442294210/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fef-dd6c-4d72-9a96-48fe950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:31.000Z",
"modified": "2015-12-22T14:36:31.000Z",
"description": "- Xchecked via VT: 884d46c01c762ad6ddd2759fd921bf71",
"pattern": "[file:hashes.SHA256 = '3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fef-89cc-4dbc-86ff-435d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:31.000Z",
"modified": "2015-12-22T14:36:31.000Z",
"description": "- Xchecked via VT: 884d46c01c762ad6ddd2759fd921bf71",
"pattern": "[file:hashes.SHA1 = 'd201b130232e0ea411daa23c1ba2892fe6468712']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fef-a068-4e7c-82ad-47fb950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:36:31.000Z",
"modified": "2015-12-22T14:36:31.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe/analysis/1450088702/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink