1817 lines
74 KiB
JSON
1817 lines
74 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--56313e11-daf8-474d-9dae-4050950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:45.000Z",
|
||
|
"modified": "2015-11-02T21:26:45.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--56313e11-daf8-474d-9dae-4050950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:45.000Z",
|
||
|
"modified": "2015-11-02T21:26:45.000Z",
|
||
|
"name": "OSINT Digging for Groundhogs: Holes in Your Linux Server by Checkpoint",
|
||
|
"published": "2015-11-02T21:28:25Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--56313e31-6390-4757-99e8-48e6950d210b",
|
||
|
"url--56313e31-6390-4757-99e8-48e6950d210b",
|
||
|
"observed-data--56313e31-7560-4870-83a4-413a950d210b",
|
||
|
"url--56313e31-7560-4870-83a4-413a950d210b",
|
||
|
"x-misp-attribute--5637d395-ce80-4ad0-b0eb-7d4b950d210b",
|
||
|
"indicator--5637d408-7a34-45d3-bcf1-7d4a950d210b",
|
||
|
"indicator--5637d49d-6854-4052-b05c-4641950d210b",
|
||
|
"indicator--5637d49e-1d24-40d3-b324-4d1b950d210b",
|
||
|
"indicator--5637d49e-ebdc-4841-bcd9-49f4950d210b",
|
||
|
"indicator--5637d49f-683c-4b66-9816-43db950d210b",
|
||
|
"indicator--5637d49f-c77c-4de2-aeb0-41a7950d210b",
|
||
|
"indicator--5637d49f-a594-446c-aec0-414d950d210b",
|
||
|
"indicator--5637d4a0-018c-45f8-8659-47b3950d210b",
|
||
|
"indicator--5637d4a0-f498-4c0c-b5af-44e2950d210b",
|
||
|
"indicator--5637d4a1-66cc-4046-8404-49d6950d210b",
|
||
|
"indicator--5637d4a1-18a0-4e8a-b694-4004950d210b",
|
||
|
"indicator--5637d4a1-8ad8-44e2-90af-43f5950d210b",
|
||
|
"indicator--5637d4a2-d154-4481-bcc4-43b2950d210b",
|
||
|
"indicator--5637d4a2-aee8-4ca0-a5dc-45ce950d210b",
|
||
|
"indicator--5637d4a3-f2a4-4968-9f5f-42f2950d210b",
|
||
|
"indicator--5637d4a3-4f14-46ab-a225-4fa6950d210b",
|
||
|
"indicator--5637d4a3-8fb8-471b-a547-499d950d210b",
|
||
|
"indicator--5637d4a4-ae58-48b5-a035-4a1b950d210b",
|
||
|
"indicator--5637d4a4-d710-4b7c-8536-4d47950d210b",
|
||
|
"indicator--5637d4a5-d8c0-4393-a135-4733950d210b",
|
||
|
"indicator--5637d4a5-ca30-433c-935f-468d950d210b",
|
||
|
"indicator--5637d4a5-ad60-4456-a05c-48e3950d210b",
|
||
|
"indicator--5637d4a6-a8e8-4311-a14c-4ca7950d210b",
|
||
|
"indicator--5637d4d7-af18-4ebe-af6b-47d3950d210b",
|
||
|
"indicator--5637d4f3-a6d8-4edc-afa3-7d4b950d210b",
|
||
|
"indicator--5637d4f3-82c0-47f8-be0f-7d4b950d210b",
|
||
|
"indicator--5637d4f3-4af8-4c6b-8d61-7d4b950d210b",
|
||
|
"indicator--5637d4f4-729c-4916-99ea-7d4b950d210b",
|
||
|
"indicator--5637d4f4-c06c-4a8f-871a-7d4b950d210b",
|
||
|
"indicator--5637d4f5-8504-4705-99d9-7d4b950d210b",
|
||
|
"indicator--5637d4f5-5c00-4dbf-9cba-7d4b950d210b",
|
||
|
"indicator--5637d4f5-2f5c-4452-9870-7d4b950d210b",
|
||
|
"indicator--5637d4f6-51e8-43f7-9376-7d4b950d210b",
|
||
|
"indicator--5637d4f6-ff50-472b-8e32-7d4b950d210b",
|
||
|
"indicator--5637d4f7-4728-4ff6-b290-7d4b950d210b",
|
||
|
"indicator--5637d4f7-6b10-4e05-af13-7d4b950d210b",
|
||
|
"indicator--5637d4f7-43b8-4893-8905-7d4b950d210b",
|
||
|
"indicator--5637d4f8-8654-4329-b5aa-7d4b950d210b",
|
||
|
"indicator--5637d4f8-5904-48b2-9cfa-7d4b950d210b",
|
||
|
"indicator--5637d4f8-bde0-4334-bf1e-7d4b950d210b",
|
||
|
"indicator--5637d4f9-9818-414e-8aff-7d4b950d210b",
|
||
|
"indicator--5637d4f9-c89c-4ebe-80ee-7d4b950d210b",
|
||
|
"indicator--5637d4fa-de98-4e6e-ac7d-7d4b950d210b",
|
||
|
"indicator--5637d4fa-22a0-4d1e-ae55-7d4b950d210b",
|
||
|
"indicator--5637d4fa-5cb8-406f-a8a2-7d4b950d210b",
|
||
|
"indicator--5637d4fb-fe28-451a-a950-7d4b950d210b",
|
||
|
"indicator--5637d4fb-0654-4929-8b2f-7d4b950d210b",
|
||
|
"indicator--5637d4fc-bb04-4c7d-934c-7d4b950d210b",
|
||
|
"indicator--5637d4fc-8ef4-41fa-823b-7d4b950d210b",
|
||
|
"indicator--5637d4fc-1b94-4758-840b-7d4b950d210b",
|
||
|
"indicator--5637d4fd-8d14-4a36-89d5-7d4b950d210b",
|
||
|
"indicator--5637d4fd-a374-4b72-ac8f-7d4b950d210b",
|
||
|
"indicator--5637d4fe-9d1c-42ce-8282-7d4b950d210b",
|
||
|
"indicator--5637d4fe-e5c4-4240-8f2b-7d4b950d210b",
|
||
|
"indicator--5637d4fe-63e8-49e3-b30c-7d4b950d210b",
|
||
|
"indicator--5637d4ff-a538-4b28-a165-7d4b950d210b",
|
||
|
"indicator--5637d4ff-20e0-41cb-862a-7d4b950d210b",
|
||
|
"indicator--5637d500-1a34-4c89-bf51-7d4b950d210b",
|
||
|
"indicator--5637d500-b774-441b-a53a-7d4b950d210b",
|
||
|
"indicator--5637d500-f8a8-4594-aff3-7d4b950d210b",
|
||
|
"indicator--5637d501-9fc8-4b06-b04d-7d4b950d210b",
|
||
|
"indicator--5637d501-549c-4602-bf9f-7d4b950d210b",
|
||
|
"indicator--5637d502-bc20-411c-991a-7d4b950d210b",
|
||
|
"indicator--5637d502-c1f0-426c-a1fa-7d4b950d210b",
|
||
|
"indicator--5637d502-cc58-4b86-a821-7d4b950d210b",
|
||
|
"indicator--5637d503-2504-490a-94ea-7d4b950d210b",
|
||
|
"indicator--5637d503-4fd0-4248-bcf8-7d4b950d210b",
|
||
|
"indicator--5637d504-db18-41a0-b041-7d4b950d210b",
|
||
|
"indicator--5637d504-cf38-4a31-ab73-7d4b950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56313e31-6390-4757-99e8-48e6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-28T21:29:21.000Z",
|
||
|
"modified": "2015-10-28T21:29:21.000Z",
|
||
|
"first_observed": "2015-10-28T21:29:21Z",
|
||
|
"last_observed": "2015-10-28T21:29:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56313e31-6390-4757-99e8-48e6950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56313e31-6390-4757-99e8-48e6950d210b",
|
||
|
"value": "http://blog.checkpoint.com/2015/10/20/digging-for-groundhogs-holes-in-your-linux-server/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56313e31-7560-4870-83a4-413a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-28T21:29:21.000Z",
|
||
|
"modified": "2015-10-28T21:29:21.000Z",
|
||
|
"first_observed": "2015-10-28T21:29:21Z",
|
||
|
"last_observed": "2015-10-28T21:29:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56313e31-7560-4870-83a4-413a950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56313e31-7560-4870-83a4-413a950d210b",
|
||
|
"value": "http://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5637d395-ce80-4ad0-b0eb-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:20:21.000Z",
|
||
|
"modified": "2015-11-02T21:20:21.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "XOR Encryption Key",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "BB2FA36AAA9541F0"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d408-7a34-45d3-bcf1-7d4a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:22:16.000Z",
|
||
|
"modified": "2015-11-02T21:22:16.000Z",
|
||
|
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:22:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"user-agent\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d49d-6854-4052-b05c-4641950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:45.000Z",
|
||
|
"modified": "2015-11-02T21:24:45.000Z",
|
||
|
"pattern": "[domain-name:value = 'groundhog.mapsnode.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d49e-1d24-40d3-b324-4d1b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:46.000Z",
|
||
|
"modified": "2015-11-02T21:24:46.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.gggatat456.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d49e-ebdc-4841-bcd9-49f4950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:46.000Z",
|
||
|
"modified": "2015-11-02T21:24:46.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.xxxatat456.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d49f-683c-4b66-9816-43db950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:47.000Z",
|
||
|
"modified": "2015-11-02T21:24:47.000Z",
|
||
|
"pattern": "[domain-name:value = 'aaa.gggatat456.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d49f-c77c-4de2-aeb0-41a7950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:47.000Z",
|
||
|
"modified": "2015-11-02T21:24:47.000Z",
|
||
|
"pattern": "[domain-name:value = 'aaa.xxxatat456.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d49f-a594-446c-aec0-414d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:47.000Z",
|
||
|
"modified": "2015-11-02T21:24:47.000Z",
|
||
|
"pattern": "[domain-name:value = 'www1.gggatat456.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a0-018c-45f8-8659-47b3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:48.000Z",
|
||
|
"modified": "2015-11-02T21:24:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'jq.cfdddos.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a0-f498-4c0c-b5af-44e2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:48.000Z",
|
||
|
"modified": "2015-11-02T21:24:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'gh.dsaj2a1.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a1-66cc-4046-8404-49d6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:49.000Z",
|
||
|
"modified": "2015-11-02T21:24:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'ndns.dsaj2a1.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a1-18a0-4e8a-b694-4004950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:49.000Z",
|
||
|
"modified": "2015-11-02T21:24:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'ndns.dsaj2a.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a1-8ad8-44e2-90af-43f5950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:49.000Z",
|
||
|
"modified": "2015-11-02T21:24:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'ndns.hcxiaoao.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a2-d154-4481-bcc4-43b2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:50.000Z",
|
||
|
"modified": "2015-11-02T21:24:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'ndns.dsaj2a.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a2-aee8-4ca0-a5dc-45ce950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:50.000Z",
|
||
|
"modified": "2015-11-02T21:24:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'linux.bc5j.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a3-f2a4-4968-9f5f-42f2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:51.000Z",
|
||
|
"modified": "2015-11-02T21:24:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'uc.f1122.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a3-4f14-46ab-a225-4fa6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:51.000Z",
|
||
|
"modified": "2015-11-02T21:24:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'navert0p.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a3-8fb8-471b-a547-499d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:51.000Z",
|
||
|
"modified": "2015-11-02T21:24:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'wangzongfacai.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a4-ae58-48b5-a035-4a1b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:52.000Z",
|
||
|
"modified": "2015-11-02T21:24:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'ns1.hostasa.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a4-d710-4b7c-8536-4d47950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:52.000Z",
|
||
|
"modified": "2015-11-02T21:24:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'ns2.hostasa.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a5-d8c0-4393-a135-4733950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:53.000Z",
|
||
|
"modified": "2015-11-02T21:24:53.000Z",
|
||
|
"pattern": "[domain-name:value = 'ns3.hostasa.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a5-ca30-433c-935f-468d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:53.000Z",
|
||
|
"modified": "2015-11-02T21:24:53.000Z",
|
||
|
"pattern": "[domain-name:value = 'ns4.hostasa.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a5-ad60-4456-a05c-48e3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:53.000Z",
|
||
|
"modified": "2015-11-02T21:24:53.000Z",
|
||
|
"pattern": "[domain-name:value = 'zhegege.3322.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4a6-a8e8-4311-a14c-4ca7950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:24:54.000Z",
|
||
|
"modified": "2015-11-02T21:24:54.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.110.1.32']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:24:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4d7-af18-4ebe-af6b-47d3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:25:43.000Z",
|
||
|
"modified": "2015-11-02T21:25:43.000Z",
|
||
|
"description": "Groundhog",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c962232ca3780814389e56868363688d238ab1b714ff69f18cb2595d0b718825']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:25:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f3-a6d8-4edc-afa3-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:11.000Z",
|
||
|
"modified": "2015-11-02T21:26:11.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '292adb2a5917259e10fbfce5e936f993dad8bf1d813e3b9d5d9c9bf4ea4b8037']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f3-82c0-47f8-be0f-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:11.000Z",
|
||
|
"modified": "2015-11-02T21:26:11.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '34700258a7cd947c85c3465680c0f0855940fe1380efd65a0f99501248078a24']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f3-4af8-4c6b-8d61-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:11.000Z",
|
||
|
"modified": "2015-11-02T21:26:11.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '498f3348df1b6804db2692e4f937d7cbefd71916e83a9421347077fb1cdafa95']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f4-729c-4916-99ea-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:12.000Z",
|
||
|
"modified": "2015-11-02T21:26:12.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '9c79670d65ffd317d7f1a0ca75e4870720a0321f8634f7ec7fe2385e28222c26']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f4-c06c-4a8f-871a-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:12.000Z",
|
||
|
"modified": "2015-11-02T21:26:12.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '5f19e73c88d32148bde454e788d06ec8d9910d850cf1152cb2b29e354e100575']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f5-8504-4705-99d9-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:13.000Z",
|
||
|
"modified": "2015-11-02T21:26:13.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bf4495ba77e999d3fe391db1a7a08fda29f09a1bbf8cad403c4c8e3812f41e90']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f5-5c00-4dbf-9cba-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:13.000Z",
|
||
|
"modified": "2015-11-02T21:26:13.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a5afcc42f5eb61dc7992576195f8abb1c519d32d8c788b547d3b634277f16681']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f5-2f5c-4452-9870-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:13.000Z",
|
||
|
"modified": "2015-11-02T21:26:13.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '44153031700a019e8f9e434107e4706a705f032898d3a9819c4909b2af634f18']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f6-51e8-43f7-9376-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:14.000Z",
|
||
|
"modified": "2015-11-02T21:26:14.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '49963d925701fe5c7797a728a044f09562ca19edd157733bc10a6efd43356ea0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f6-ff50-472b-8e32-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:14.000Z",
|
||
|
"modified": "2015-11-02T21:26:14.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '74ea918b27f1952f47ab52e75de09f623e29928301da16ac5c27bd5ef8475520']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f7-4728-4ff6-b290-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:15.000Z",
|
||
|
"modified": "2015-11-02T21:26:15.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '4bf0b1243d9ced3740f86015eb9bbf610000ac342ff133e14cf1f783be8eb6dc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f7-6b10-4e05-af13-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:15.000Z",
|
||
|
"modified": "2015-11-02T21:26:15.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd8ebf75697902e883006fc46410558d98c667bc50ebf374d2acd5cc3bfcdc2ff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f7-43b8-4893-8905-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:15.000Z",
|
||
|
"modified": "2015-11-02T21:26:15.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '64eee462375810e00d0b262523a53ee405b274f29451f85cb1f9bcd1497b1f33']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f8-8654-4329-b5aa-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:16.000Z",
|
||
|
"modified": "2015-11-02T21:26:16.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '4240e265ad237382e5a2c22f65f022775c07463e5309439d226c2cc1f852624b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f8-5904-48b2-9cfa-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:16.000Z",
|
||
|
"modified": "2015-11-02T21:26:16.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a6b8d218bfa051b3234977290ad6c9af6c3ea7dcf26b643b381f8876f12e7d68']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f8-bde0-4334-bf1e-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:16.000Z",
|
||
|
"modified": "2015-11-02T21:26:16.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '2f20b41d601bde086a823e505ae0c1d6cfd3d40469373963ec3e15cd8df3baba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f9-9818-414e-8aff-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:17.000Z",
|
||
|
"modified": "2015-11-02T21:26:17.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '54e4e86a9c809e57e754411a4b735241dce631006310252e55aeed2663cbce7d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4f9-c89c-4ebe-80ee-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:17.000Z",
|
||
|
"modified": "2015-11-02T21:26:17.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e8cb63cc050c952c1168965f597105a128b56114835eb7d40bdec964a0e243dc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fa-de98-4e6e-ac7d-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:18.000Z",
|
||
|
"modified": "2015-11-02T21:26:18.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f7dd38bb822b09fae818c9cf7ccf38e147256966d2075b18d70b9295f3806b06']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fa-22a0-4d1e-ae55-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:18.000Z",
|
||
|
"modified": "2015-11-02T21:26:18.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '7b7cd047dc04cbb5c88c2768ba80d5caba572ea17d3ccec0a40af4a530def810']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fa-5cb8-406f-a8a2-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:18.000Z",
|
||
|
"modified": "2015-11-02T21:26:18.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b84cf164fde12dd07192aa44f1b943044610539fd979e0f9359d44062f21a612']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fb-fe28-451a-a950-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:19.000Z",
|
||
|
"modified": "2015-11-02T21:26:19.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '926bc6bbd17d86da5b7cb5fd4265217e8a289a14da8e85a7c5b9b10a84dea7b0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fb-0654-4929-8b2f-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:19.000Z",
|
||
|
"modified": "2015-11-02T21:26:19.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '19c25663f2912ab9dd1f7907e2907d6f4b332fda85d05ebec97ee29ea25ef5f4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fc-bb04-4c7d-934c-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:20.000Z",
|
||
|
"modified": "2015-11-02T21:26:20.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'dced727001cbddf74303de20211148ac8fad0794355c108b87531b3a4a2ad6d5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fc-8ef4-41fa-823b-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:20.000Z",
|
||
|
"modified": "2015-11-02T21:26:20.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '64f241c9724fd9065f9c68c67a767406df7cd60fd0ea94cc7a2cce485b0aa061']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fc-1b94-4758-840b-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:20.000Z",
|
||
|
"modified": "2015-11-02T21:26:20.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e95c0cea8a0e90c7670387512d1b99a8f6f78fa70e2cb35763e2ba5453b14cfa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fd-8d14-4a36-89d5-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:21.000Z",
|
||
|
"modified": "2015-11-02T21:26:21.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '82ea63f37f85e4853ae64473d933f73eed0bb484ae7db0d39104659b75a223f4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fd-a374-4b72-ac8f-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:21.000Z",
|
||
|
"modified": "2015-11-02T21:26:21.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '0b09ac166546cd7b4bcfb745e4098a1afb6d1d08d78d5bf77c04a67a8a0dd2f8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fe-9d1c-42ce-8282-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:22.000Z",
|
||
|
"modified": "2015-11-02T21:26:22.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '072ca4c25ca70e68af5e9f452176459ef4d0b2df24417ccb4448aab654fc22ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fe-e5c4-4240-8f2b-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:22.000Z",
|
||
|
"modified": "2015-11-02T21:26:22.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'edbfaba19072beeeb2cfdbf56d3f4f820f90404d5782f6bdbfb0583be1be0ddd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4fe-63e8-49e3-b30c-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:22.000Z",
|
||
|
"modified": "2015-11-02T21:26:22.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '8c459a7cf1337bca62c256717273bb49c1166b05c97b5afcd5b04932beb33b97']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4ff-a538-4b28-a165-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:23.000Z",
|
||
|
"modified": "2015-11-02T21:26:23.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '1bba5771b3c3412bd8a0cb060575f5b2aa2d498baa99e9e5405f3f5145d31973']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d4ff-20e0-41cb-862a-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:23.000Z",
|
||
|
"modified": "2015-11-02T21:26:23.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'eb0c0587cf20c81921b7b6d174177ef8b11133bb65a760d9016fbdce917a2ee6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d500-1a34-4c89-bf51-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:24.000Z",
|
||
|
"modified": "2015-11-02T21:26:24.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '9a8c589fbfa928bacea0f323fe61e398dc370e2fd72229fc36a9af53004f6c9c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d500-b774-441b-a53a-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:24.000Z",
|
||
|
"modified": "2015-11-02T21:26:24.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '5d6c8c82ed6d218478b6a6cb9e9808c5248de52eff4eaadabb94766c3c8e8e23']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d500-f8a8-4594-aff3-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:24.000Z",
|
||
|
"modified": "2015-11-02T21:26:24.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ce46658b3ec80b2d25eac5b629b488f5808cce2da8683daad58bb23204bb0aad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d501-9fc8-4b06-b04d-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:25.000Z",
|
||
|
"modified": "2015-11-02T21:26:25.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '859a952ff05806c9e0652a9ba18d521e57090d4e3ed3bef07442e42ca1df04b6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d501-549c-4602-bf9f-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:25.000Z",
|
||
|
"modified": "2015-11-02T21:26:25.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '24b9db26b4335fc7d8a230f04f49f87b1f20d1e60c2fe6a12c70070bf8427aff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d502-bc20-411c-991a-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:26.000Z",
|
||
|
"modified": "2015-11-02T21:26:26.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '2c37f104ec1e9f70a9fa316757e1a512241d72dbd95ad092a817ac3854e03036']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d502-c1f0-426c-a1fa-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:26.000Z",
|
||
|
"modified": "2015-11-02T21:26:26.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '022b8d68e117bc9107a4c22eac56548bcc96ac7430245644e3306d98b9010d05']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d502-cc58-4b86-a821-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:26.000Z",
|
||
|
"modified": "2015-11-02T21:26:26.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '6a4541d2b7b5f1b9ad3becefe257e0ebc3648d6275e663a921ec5fa905ad6cfd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d503-2504-490a-94ea-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:27.000Z",
|
||
|
"modified": "2015-11-02T21:26:27.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '6b901291d59efe98e34f245f8cf52aed5a10e94b591e66896d36bbe7717d53dd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d503-4fd0-4248-bcf8-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:27.000Z",
|
||
|
"modified": "2015-11-02T21:26:27.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f862de27e5d6c33e9de8b8ef907f2621fd86cbbadf6bfc019143cb546dbd9e14']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d504-db18-41a0-b041-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:28.000Z",
|
||
|
"modified": "2015-11-02T21:26:28.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '834eb864a29471d0abe178068c259470e4403eb546554247e2f5832acf9586ab']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5637d504-cf38-4a31-ab73-7d4b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-11-02T21:26:28.000Z",
|
||
|
"modified": "2015-11-02T21:26:28.000Z",
|
||
|
"description": "XOR.DDoS",
|
||
|
"pattern": "[file:hashes.SHA256 = '0c20826dc6d105cc7ff6fc79c68605bd1503c2de320d2d636384a8618f126552']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-11-02T21:26:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|