adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/56d42420-c838-4c85-80ee-1365950d210f.json

1391 lines
60 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--56d42420-c838-4c85-80ee-1365950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:52.000Z",
"modified": "2016-02-29T11:01:52.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56d42420-c838-4c85-80ee-1365950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:52.000Z",
"modified": "2016-02-29T11:01:52.000Z",
"name": "OSINT - ATMZombie: banking trojan in Israeli waters",
"published": "2016-02-29T11:02:21Z",
"object_refs": [
"observed-data--56d4243d-8880-4f2f-a4b8-49d3950d210f",
"url--56d4243d-8880-4f2f-a4b8-49d3950d210f",
"x-misp-attribute--56d42452-69c8-434e-9609-18f0950d210f",
"indicator--56d42468-6254-433d-b79d-18f2950d210f",
"indicator--56d42468-e430-42c1-af5f-18f2950d210f",
"indicator--56d42469-9174-4954-8e6a-18f2950d210f",
"indicator--56d42469-07d4-412d-9308-18f2950d210f",
"indicator--56d42478-dd34-408f-9189-49d1950d210f",
"indicator--56d42478-5890-4c55-b27c-49d1950d210f",
"indicator--56d42479-9f50-4c3f-978c-49d1950d210f",
"indicator--56d42479-5f9c-42dd-a40d-49d1950d210f",
"indicator--56d424cd-0a88-4d49-aedb-18f1950d210f",
"indicator--56d424ce-e0bc-4609-8eea-18f1950d210f",
"indicator--56d424cf-09c0-46b9-8200-18f1950d210f",
"indicator--56d424cf-0fa0-405a-b234-18f1950d210f",
"indicator--56d424d0-2454-4f64-b5df-18f1950d210f",
"indicator--56d424d0-2d60-4f0c-84ed-18f1950d210f",
"indicator--56d424d1-a3dc-4bb8-9e4b-18f1950d210f",
"indicator--56d424d1-9ec0-4d57-9620-18f1950d210f",
"indicator--56d424d2-58a0-4a99-8047-18f1950d210f",
"indicator--56d424d2-8998-48fb-a9a9-18f1950d210f",
"indicator--56d424d3-fab4-40b2-92f9-18f1950d210f",
"indicator--56d42520-66bc-461c-aec3-136b02de0b81",
"indicator--56d42521-e338-4251-8428-136b02de0b81",
"observed-data--56d42521-3344-4d72-88f6-136b02de0b81",
"url--56d42521-3344-4d72-88f6-136b02de0b81",
"indicator--56d42521-c944-4a0e-a511-136b02de0b81",
"indicator--56d42522-a070-4761-a5f3-136b02de0b81",
"observed-data--56d42522-3e6c-4af5-8980-136b02de0b81",
"url--56d42522-3e6c-4af5-8980-136b02de0b81",
"indicator--56d42522-9e6c-47a6-99f7-136b02de0b81",
"indicator--56d42523-e910-42d6-b138-136b02de0b81",
"observed-data--56d42523-0830-4db2-8b0f-136b02de0b81",
"url--56d42523-0830-4db2-8b0f-136b02de0b81",
"indicator--56d42523-08d8-4dca-8255-136b02de0b81",
"indicator--56d42524-d8cc-41ed-a85f-136b02de0b81",
"observed-data--56d42524-36b8-4213-bceb-136b02de0b81",
"url--56d42524-36b8-4213-bceb-136b02de0b81",
"indicator--56d42524-1fa4-4522-8630-136b02de0b81",
"indicator--56d42525-77c0-4fb8-8068-136b02de0b81",
"observed-data--56d42525-8f14-4f99-b1bc-136b02de0b81",
"url--56d42525-8f14-4f99-b1bc-136b02de0b81",
"indicator--56d42525-c62c-4eda-b534-136b02de0b81",
"indicator--56d42526-2cd8-4730-a95c-136b02de0b81",
"observed-data--56d42526-e5e0-4644-9409-136b02de0b81",
"url--56d42526-e5e0-4644-9409-136b02de0b81",
"indicator--56d42526-b940-421e-afec-136b02de0b81",
"indicator--56d42527-b530-4ded-897b-136b02de0b81",
"observed-data--56d42527-1b18-478b-8c79-136b02de0b81",
"url--56d42527-1b18-478b-8c79-136b02de0b81",
"indicator--56d42527-f594-4545-9380-136b02de0b81",
"indicator--56d42528-c570-4870-a192-136b02de0b81",
"observed-data--56d42528-27d0-4167-8efa-136b02de0b81",
"url--56d42528-27d0-4167-8efa-136b02de0b81",
"indicator--56d42529-c32c-4905-b701-136b02de0b81",
"indicator--56d42529-2ce0-4e55-971f-136b02de0b81",
"observed-data--56d42529-3b94-45f4-90cf-136b02de0b81",
"url--56d42529-3b94-45f4-90cf-136b02de0b81",
"indicator--56d42529-55b0-4eab-94fd-136b02de0b81",
"indicator--56d4252a-35bc-41ea-acb1-136b02de0b81",
"observed-data--56d4252a-bc68-498b-a953-136b02de0b81",
"url--56d4252a-bc68-498b-a953-136b02de0b81",
"indicator--56d4252a-4c40-4bb8-b5d2-136b02de0b81",
"indicator--56d4252b-e418-4b9c-b63b-136b02de0b81",
"observed-data--56d4252b-1c9c-4338-9754-136b02de0b81",
"url--56d4252b-1c9c-4338-9754-136b02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d4243d-8880-4f2f-a4b8-49d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T10:58:05.000Z",
"modified": "2016-02-29T10:58:05.000Z",
"first_observed": "2016-02-29T10:58:05Z",
"last_observed": "2016-02-29T10:58:05Z",
"number_observed": 1,
"object_refs": [
"url--56d4243d-8880-4f2f-a4b8-49d3950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d4243d-8880-4f2f-a4b8-49d3950d210f",
"value": "https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-waters/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56d42452-69c8-434e-9609-18f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T10:58:26.000Z",
"modified": "2016-02-29T10:58:26.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. It uses insidious injection and other sophisticated and stealthy methods. The first method, dubbed \u00e2\u20ac\u0153proxy-changing\u00e2\u20ac\u009d, is commonly used for HTTP packets inspections. It involves modifying browser proxy configurations and capturing traffic between a client and a server, acting as Man-In-The-Middle.\r\n\r\nAlthough this is efficient for testing, streaming bank details isn\u00e2\u20ac\u2122t as easy. Banks are using encrypted channels, signed with authorized certificates, to prevent the data from being streamed in clear-text. The attackers, however, realized the missing piece and have since issued a certificate of their own, which is embedded in the dropper and is inserted in the root CA list of common browsers in the victim\u00e2\u20ac\u2122s machine.\r\n\r\nThe method of using a \u00e2\u20ac\u0153proxy-changer\u00e2\u20ac\u009d Trojan to steal bank credentials has been around since the end of 2005, and is being actively used by Brazilian cybercriminals; however, it wasn\u00e2\u20ac\u2122t until 2012 that Kaspersky Lab researchers compiled a full attack analysis. \u00e2\u20ac\u0153In Brazil malicious PAC files in Trojan bankers have been increasingly common since 2009, when several families such as Trojan.Win32.ProxyChanger started to force the URLs of PAC files in the browser of infected machines.\u00e2\u20ac\u0153, said Fabio Assolini, Senior Security Researcher at GReAT Kaspersky Lab, in his article."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42468-6254-433d-b79d-18f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T10:58:48.000Z",
"modified": "2016-02-29T10:58:48.000Z",
"pattern": "[domain-name:value = 'retsback.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T10:58:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42468-e430-42c1-af5f-18f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T10:58:48.000Z",
"modified": "2016-02-29T10:58:48.000Z",
"pattern": "[domain-name:value = 'updconfs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T10:58:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42469-9174-4954-8e6a-18f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T10:58:49.000Z",
"modified": "2016-02-29T10:58:49.000Z",
"pattern": "[domain-name:value = 'systruster.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T10:58:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42469-07d4-412d-9308-18f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T10:58:49.000Z",
"modified": "2016-02-29T10:58:49.000Z",
"pattern": "[domain-name:value = 'msupdcheck.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T10:58:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42478-dd34-408f-9189-49d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T10:59:04.000Z",
"modified": "2016-02-29T10:59:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.230.211.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T10:59:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42478-5890-4c55-b27c-49d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T10:59:04.000Z",
"modified": "2016-02-29T10:59:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.77.153']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T10:59:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42479-9f50-4c3f-978c-49d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T10:59:05.000Z",
"modified": "2016-02-29T10:59:05.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.215.154.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T10:59:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42479-5f9c-42dd-a40d-49d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T10:59:05.000Z",
"modified": "2016-02-29T10:59:05.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.214.236.121']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T10:59:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424cd-0a88-4d49-aedb-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:29.000Z",
"modified": "2016-02-29T11:00:29.000Z",
"description": "Trojan-Banker.Win32.Capper.zym",
"pattern": "[file:hashes.MD5 = '6d11090c78e6621c21836c98808ff0f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424ce-e0bc-4609-8eea-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:30.000Z",
"modified": "2016-02-29T11:00:30.000Z",
"description": "Trojan-Banker.Win32.Capper.zyt",
"pattern": "[file:hashes.MD5 = '4c5b7a8187475be251d05655edcaccbe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424cf-09c0-46b9-8200-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:31.000Z",
"modified": "2016-02-29T11:00:31.000Z",
"description": "Trojan-Banker.Win32.Capper.zyk",
"pattern": "[file:hashes.MD5 = 'c0201ab2a45bc0e17ebd186059d5a59e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424cf-0fa0-405a-b234-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:31.000Z",
"modified": "2016-02-29T11:00:31.000Z",
"description": "Trojan-Banker.Win32.Capper.zyl",
"pattern": "[file:hashes.MD5 = '47b316e3227d618089eb1625c4202142']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424d0-2454-4f64-b5df-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:32.000Z",
"modified": "2016-02-29T11:00:32.000Z",
"description": "PAC",
"pattern": "[file:hashes.MD5 = '84bb5a77e28b3539a8022bc3612d4f4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424d0-2d60-4f0c-84ed-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:32.000Z",
"modified": "2016-02-29T11:00:32.000Z",
"description": "Trojan-Banker.Win32.Capper.zyp",
"pattern": "[file:hashes.MD5 = 'd2bf165284ab1953a96dfa7b642637a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424d1-a3dc-4bb8-9e4b-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:33.000Z",
"modified": "2016-02-29T11:00:33.000Z",
"description": "Trojan-Banker.Win32.Capper.zyq",
"pattern": "[file:hashes.MD5 = '80440e78a68583b180ad4d3e9a676a6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424d1-9ec0-4d57-9620-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:33.000Z",
"modified": "2016-02-29T11:00:33.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg",
"pattern": "[file:hashes.MD5 = 'd08e51f8187df278296a8c4ff5cff0de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424d2-58a0-4a99-8047-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:34.000Z",
"modified": "2016-02-29T11:00:34.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg",
"pattern": "[file:hashes.MD5 = 'efa5ea2c511b08d0f8259a10a49b27ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424d2-8998-48fb-a9a9-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:34.000Z",
"modified": "2016-02-29T11:00:34.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg",
"pattern": "[file:hashes.MD5 = '13d9352a27b626e501f5889bfd614b34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d424d3-fab4-40b2-92f9-18f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:00:35.000Z",
"modified": "2016-02-29T11:00:35.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg",
"pattern": "[file:hashes.MD5 = 'e5b7fd7eed59340027625ac39bae7c81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:00:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42520-66bc-461c-aec3-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:52.000Z",
"modified": "2016-02-29T11:01:52.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg - Xchecked via VT: e5b7fd7eed59340027625ac39bae7c81",
"pattern": "[file:hashes.SHA256 = '83c8f47fb756860134a06eb2241467450c106059849de0a4838811f2af02f93d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42521-e338-4251-8428-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:53.000Z",
"modified": "2016-02-29T11:01:53.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg - Xchecked via VT: e5b7fd7eed59340027625ac39bae7c81",
"pattern": "[file:hashes.SHA1 = '64e27e0cafff0c230b22489baae98100a5417a86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d42521-3344-4d72-88f6-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:53.000Z",
"modified": "2016-02-29T11:01:53.000Z",
"first_observed": "2016-02-29T11:01:53Z",
"last_observed": "2016-02-29T11:01:53Z",
"number_observed": 1,
"object_refs": [
"url--56d42521-3344-4d72-88f6-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d42521-3344-4d72-88f6-136b02de0b81",
"value": "https://www.virustotal.com/file/83c8f47fb756860134a06eb2241467450c106059849de0a4838811f2af02f93d/analysis/1447251902/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42521-c944-4a0e-a511-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:53.000Z",
"modified": "2016-02-29T11:01:53.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg - Xchecked via VT: 13d9352a27b626e501f5889bfd614b34",
"pattern": "[file:hashes.SHA256 = '76ef5d7d06e2a11bb3dd78b8a6e5f3042b79b69bec034d07f97540d8514dca3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42522-a070-4761-a5f3-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:54.000Z",
"modified": "2016-02-29T11:01:54.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg - Xchecked via VT: 13d9352a27b626e501f5889bfd614b34",
"pattern": "[file:hashes.SHA1 = '8df6716038b03ba3bc1e31ee0587f2c093cdca48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d42522-3e6c-4af5-8980-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:54.000Z",
"modified": "2016-02-29T11:01:54.000Z",
"first_observed": "2016-02-29T11:01:54Z",
"last_observed": "2016-02-29T11:01:54Z",
"number_observed": 1,
"object_refs": [
"url--56d42522-3e6c-4af5-8980-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d42522-3e6c-4af5-8980-136b02de0b81",
"value": "https://www.virustotal.com/file/76ef5d7d06e2a11bb3dd78b8a6e5f3042b79b69bec034d07f97540d8514dca3b/analysis/1447116816/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42522-9e6c-47a6-99f7-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:54.000Z",
"modified": "2016-02-29T11:01:54.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg - Xchecked via VT: efa5ea2c511b08d0f8259a10a49b27ad",
"pattern": "[file:hashes.SHA256 = 'd5a4b61207294f29c4f8abd317df38d8426ef9f0c7240132d9c33764e0b535d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42523-e910-42d6-b138-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:55.000Z",
"modified": "2016-02-29T11:01:55.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg - Xchecked via VT: efa5ea2c511b08d0f8259a10a49b27ad",
"pattern": "[file:hashes.SHA1 = 'c4df3656bdea8b78ec50a5fc296f9c0e869b1864']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d42523-0830-4db2-8b0f-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:55.000Z",
"modified": "2016-02-29T11:01:55.000Z",
"first_observed": "2016-02-29T11:01:55Z",
"last_observed": "2016-02-29T11:01:55Z",
"number_observed": 1,
"object_refs": [
"url--56d42523-0830-4db2-8b0f-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d42523-0830-4db2-8b0f-136b02de0b81",
"value": "https://www.virustotal.com/file/d5a4b61207294f29c4f8abd317df38d8426ef9f0c7240132d9c33764e0b535d4/analysis/1456742204/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42523-08d8-4dca-8255-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:55.000Z",
"modified": "2016-02-29T11:01:55.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg - Xchecked via VT: d08e51f8187df278296a8c4ff5cff0de",
"pattern": "[file:hashes.SHA256 = '23dad1d88a73b3e4e7a938e228aa87f6af1d035d1f258644a38c085342c8eda4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42524-d8cc-41ed-a85f-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:56.000Z",
"modified": "2016-02-29T11:01:56.000Z",
"description": "Trojan-Banker.Win32.Capper.zyg - Xchecked via VT: d08e51f8187df278296a8c4ff5cff0de",
"pattern": "[file:hashes.SHA1 = '79886aa3a13cd3ab782aa0e90bff665a70bc55b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d42524-36b8-4213-bceb-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:56.000Z",
"modified": "2016-02-29T11:01:56.000Z",
"first_observed": "2016-02-29T11:01:56Z",
"last_observed": "2016-02-29T11:01:56Z",
"number_observed": 1,
"object_refs": [
"url--56d42524-36b8-4213-bceb-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d42524-36b8-4213-bceb-136b02de0b81",
"value": "https://www.virustotal.com/file/23dad1d88a73b3e4e7a938e228aa87f6af1d035d1f258644a38c085342c8eda4/analysis/1456742000/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42524-1fa4-4522-8630-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:56.000Z",
"modified": "2016-02-29T11:01:56.000Z",
"description": "Trojan-Banker.Win32.Capper.zyq - Xchecked via VT: 80440e78a68583b180ad4d3e9a676a6e",
"pattern": "[file:hashes.SHA256 = 'dee548966f1e6f8d34684c98616da3021a2db5bd9b7de3543befa5a1c686ef20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42525-77c0-4fb8-8068-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:57.000Z",
"modified": "2016-02-29T11:01:57.000Z",
"description": "Trojan-Banker.Win32.Capper.zyq - Xchecked via VT: 80440e78a68583b180ad4d3e9a676a6e",
"pattern": "[file:hashes.SHA1 = 'e0514630ce24cef8b55f3d20dc43f40dd9564f13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d42525-8f14-4f99-b1bc-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:57.000Z",
"modified": "2016-02-29T11:01:57.000Z",
"first_observed": "2016-02-29T11:01:57Z",
"last_observed": "2016-02-29T11:01:57Z",
"number_observed": 1,
"object_refs": [
"url--56d42525-8f14-4f99-b1bc-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d42525-8f14-4f99-b1bc-136b02de0b81",
"value": "https://www.virustotal.com/file/dee548966f1e6f8d34684c98616da3021a2db5bd9b7de3543befa5a1c686ef20/analysis/1456739595/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42525-c62c-4eda-b534-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:57.000Z",
"modified": "2016-02-29T11:01:57.000Z",
"description": "Trojan-Banker.Win32.Capper.zyp - Xchecked via VT: d2bf165284ab1953a96dfa7b642637a8",
"pattern": "[file:hashes.SHA256 = '966d747a0dfdce90c32c9c8d33355c5493310b7abaa50eb0e208b35dc7614202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42526-2cd8-4730-a95c-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:58.000Z",
"modified": "2016-02-29T11:01:58.000Z",
"description": "Trojan-Banker.Win32.Capper.zyp - Xchecked via VT: d2bf165284ab1953a96dfa7b642637a8",
"pattern": "[file:hashes.SHA1 = '76efcf23219094f45a4acb289e772ca6c7fb38e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d42526-e5e0-4644-9409-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:58.000Z",
"modified": "2016-02-29T11:01:58.000Z",
"first_observed": "2016-02-29T11:01:58Z",
"last_observed": "2016-02-29T11:01:58Z",
"number_observed": 1,
"object_refs": [
"url--56d42526-e5e0-4644-9409-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d42526-e5e0-4644-9409-136b02de0b81",
"value": "https://www.virustotal.com/file/966d747a0dfdce90c32c9c8d33355c5493310b7abaa50eb0e208b35dc7614202/analysis/1448457095/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42526-b940-421e-afec-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:58.000Z",
"modified": "2016-02-29T11:01:58.000Z",
"description": "PAC - Xchecked via VT: 84bb5a77e28b3539a8022bc3612d4f4c",
"pattern": "[file:hashes.SHA256 = '0ea3e84cd40ee1a50a4161413154c983300b38aa4c78a910ba0f728618ec98e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42527-b530-4ded-897b-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:59.000Z",
"modified": "2016-02-29T11:01:59.000Z",
"description": "PAC - Xchecked via VT: 84bb5a77e28b3539a8022bc3612d4f4c",
"pattern": "[file:hashes.SHA1 = '926a44dcaf507955ad3ca9fa2fa0b8586036a2c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d42527-1b18-478b-8c79-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:59.000Z",
"modified": "2016-02-29T11:01:59.000Z",
"first_observed": "2016-02-29T11:01:59Z",
"last_observed": "2016-02-29T11:01:59Z",
"number_observed": 1,
"object_refs": [
"url--56d42527-1b18-478b-8c79-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d42527-1b18-478b-8c79-136b02de0b81",
"value": "https://www.virustotal.com/file/0ea3e84cd40ee1a50a4161413154c983300b38aa4c78a910ba0f728618ec98e3/analysis/1447258543/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42527-f594-4545-9380-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:01:59.000Z",
"modified": "2016-02-29T11:01:59.000Z",
"description": "Trojan-Banker.Win32.Capper.zyl - Xchecked via VT: 47b316e3227d618089eb1625c4202142",
"pattern": "[file:hashes.SHA256 = 'eb18f0d3abc6b9bfdd3d09082a027bebc4963c9bbee28b8708888cb276a00049']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:01:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42528-c570-4870-a192-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:00.000Z",
"modified": "2016-02-29T11:02:00.000Z",
"description": "Trojan-Banker.Win32.Capper.zyl - Xchecked via VT: 47b316e3227d618089eb1625c4202142",
"pattern": "[file:hashes.SHA1 = 'cd0c4f2ab5f20d28c3b5d76cc7d8623fd56c78b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:02:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d42528-27d0-4167-8efa-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:00.000Z",
"modified": "2016-02-29T11:02:00.000Z",
"first_observed": "2016-02-29T11:02:00Z",
"last_observed": "2016-02-29T11:02:00Z",
"number_observed": 1,
"object_refs": [
"url--56d42528-27d0-4167-8efa-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d42528-27d0-4167-8efa-136b02de0b81",
"value": "https://www.virustotal.com/file/eb18f0d3abc6b9bfdd3d09082a027bebc4963c9bbee28b8708888cb276a00049/analysis/1456743361/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42529-c32c-4905-b701-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:00.000Z",
"modified": "2016-02-29T11:02:00.000Z",
"description": "Trojan-Banker.Win32.Capper.zyk - Xchecked via VT: c0201ab2a45bc0e17ebd186059d5a59e",
"pattern": "[file:hashes.SHA256 = '294f44963b3d1e305fb4b3498a0ee616313660bdf8197d0cb2a94c0cdfaf7539']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:02:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42529-2ce0-4e55-971f-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:01.000Z",
"modified": "2016-02-29T11:02:01.000Z",
"description": "Trojan-Banker.Win32.Capper.zyk - Xchecked via VT: c0201ab2a45bc0e17ebd186059d5a59e",
"pattern": "[file:hashes.SHA1 = '987896a6befabeefcb0e42ff73ee3e1dda02f81b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d42529-3b94-45f4-90cf-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:01.000Z",
"modified": "2016-02-29T11:02:01.000Z",
"first_observed": "2016-02-29T11:02:01Z",
"last_observed": "2016-02-29T11:02:01Z",
"number_observed": 1,
"object_refs": [
"url--56d42529-3b94-45f4-90cf-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d42529-3b94-45f4-90cf-136b02de0b81",
"value": "https://www.virustotal.com/file/294f44963b3d1e305fb4b3498a0ee616313660bdf8197d0cb2a94c0cdfaf7539/analysis/1447092121/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d42529-55b0-4eab-94fd-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:01.000Z",
"modified": "2016-02-29T11:02:01.000Z",
"description": "Trojan-Banker.Win32.Capper.zyt - Xchecked via VT: 4c5b7a8187475be251d05655edcaccbe",
"pattern": "[file:hashes.SHA256 = '64225a6e0815bc5b6c3414985ef5b3f374d4797d357bd243a19afc08d75c87e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d4252a-35bc-41ea-acb1-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:02.000Z",
"modified": "2016-02-29T11:02:02.000Z",
"description": "Trojan-Banker.Win32.Capper.zyt - Xchecked via VT: 4c5b7a8187475be251d05655edcaccbe",
"pattern": "[file:hashes.SHA1 = 'cd7b3d641628851ba59ac2a5260fc318c57c7fd6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:02:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d4252a-bc68-498b-a953-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:02.000Z",
"modified": "2016-02-29T11:02:02.000Z",
"first_observed": "2016-02-29T11:02:02Z",
"last_observed": "2016-02-29T11:02:02Z",
"number_observed": 1,
"object_refs": [
"url--56d4252a-bc68-498b-a953-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d4252a-bc68-498b-a953-136b02de0b81",
"value": "https://www.virustotal.com/file/64225a6e0815bc5b6c3414985ef5b3f374d4797d357bd243a19afc08d75c87e9/analysis/1448376105/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d4252a-4c40-4bb8-b5d2-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:02.000Z",
"modified": "2016-02-29T11:02:02.000Z",
"description": "Trojan-Banker.Win32.Capper.zym - Xchecked via VT: 6d11090c78e6621c21836c98808ff0f4",
"pattern": "[file:hashes.SHA256 = '8662e3c0c564b85ee4af656dcf76fdafdacb41a2f13a3de509bca16b2e8928c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:02:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d4252b-e418-4b9c-b63b-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:03.000Z",
"modified": "2016-02-29T11:02:03.000Z",
"description": "Trojan-Banker.Win32.Capper.zym - Xchecked via VT: 6d11090c78e6621c21836c98808ff0f4",
"pattern": "[file:hashes.SHA1 = '6da3ea5941228a08113b643297d97078c4cafb4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T11:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d4252b-1c9c-4338-9754-136b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T11:02:03.000Z",
"modified": "2016-02-29T11:02:03.000Z",
"first_observed": "2016-02-29T11:02:03Z",
"last_observed": "2016-02-29T11:02:03Z",
"number_observed": 1,
"object_refs": [
"url--56d4252b-1c9c-4338-9754-136b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d4252b-1c9c-4338-9754-136b02de0b81",
"value": "https://www.virustotal.com/file/8662e3c0c564b85ee4af656dcf76fdafdacb41a2f13a3de509bca16b2e8928c7/analysis/1447502166/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink