misp-circl-feed/feeds/circl/stix-2.1/5764778a-fdfc-43c0-9fcc-4166950d210f.json

641 lines
28 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5764778a-fdfc-43c0-9fcc-4166950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:07.000Z",
"modified": "2016-06-18T08:18:07.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5764778a-fdfc-43c0-9fcc-4166950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:07.000Z",
"modified": "2016-06-18T08:18:07.000Z",
"name": "OSINT - Setting Sights On Retail: AbaddonPOS Now Targeting Specific POS Software",
"published": "2016-06-18T08:41:38Z",
"object_refs": [
"observed-data--5764779a-8454-4160-aaa4-42e0950d210f",
"url--5764779a-8454-4160-aaa4-42e0950d210f",
"x-misp-attribute--576477a9-4bf0-4ae9-b31d-4b5f950d210f",
"indicator--57650265-6c8c-4de8-9e7f-41f1950d210f",
"indicator--57650265-8e60-4a78-8c8b-4349950d210f",
"indicator--57650265-7d44-4b05-bcf2-43d8950d210f",
"indicator--57650266-9f34-41c8-8b36-4361950d210f",
"indicator--5765029c-639c-4645-9c9a-40d7950d210f",
"indicator--5765029c-8754-4b3f-85fd-4867950d210f",
"indicator--576502bc-60a4-45c3-a48e-4b92950d210f",
"indicator--57650322-21fc-4640-b114-428f950d210f",
"indicator--57650322-c9e0-4067-ba78-41ed950d210f",
"indicator--57650322-a190-499b-9450-4f03950d210f",
"indicator--576503bf-05ec-4c41-9dbb-424302de0b81",
"indicator--576503bf-fba0-457a-8f9b-45d302de0b81",
"observed-data--576503bf-1428-4318-9e61-4bbe02de0b81",
"url--576503bf-1428-4318-9e61-4bbe02de0b81",
"indicator--576503bf-8798-454c-a17e-4c7c02de0b81",
"indicator--576503c0-f4a0-48ec-9328-412702de0b81",
"observed-data--576503c0-3f80-428c-afce-499b02de0b81",
"url--576503c0-3f80-428c-afce-499b02de0b81",
"indicator--576503c0-f908-4e8a-ad51-420d02de0b81",
"indicator--576503c0-ceb8-470c-86d4-4fdc02de0b81",
"observed-data--576503c0-4d08-44ba-82e4-4e5e02de0b81",
"url--576503c0-4d08-44ba-82e4-4e5e02de0b81",
"indicator--576503c1-0588-4197-a7c2-483102de0b81",
"indicator--576503c1-b33c-4bc5-8642-4a6402de0b81",
"observed-data--576503c1-8554-46d7-86d5-4a8802de0b81",
"url--576503c1-8554-46d7-86d5-4a8802de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5764779a-8454-4160-aaa4-42e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-17T22:20:10.000Z",
"modified": "2016-06-17T22:20:10.000Z",
"first_observed": "2016-06-17T22:20:10Z",
"last_observed": "2016-06-17T22:20:10Z",
"number_observed": 1,
"object_refs": [
"url--5764779a-8454-4160-aaa4-42e0950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5764779a-8454-4160-aaa4-42e0950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/abaddonpos-now-targeting-specific-pos-software"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--576477a9-4bf0-4ae9-b31d-4b5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-17T22:20:25.000Z",
"modified": "2016-06-17T22:20:25.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Much attention has been focused recently on ransomware and other threats that go after consumers and businesses directly for monetary payouts. Still, point-of-sale (POS) malware continues to be an important source of stolen credit card data and associated revenue for cyber criminals.\r\n\r\nThe ongoing rollout of chip-and-pin credit cards and tighter standards following the retail megabreaches of 2014 have put further pressure on the POS malware black market. But as we have seen with the AbaddonPOS malware described here, POS malware is not just alive and well\u00e2\u20ac\u201dit\u00e2\u20ac\u2122s being actively developed.\r\n\r\nOn May 5, a financially motivated actor whom Proofpoint has been tracking as TA530 (also featured in our previous blog post \"Phish Scales\" [1]) sent out a highly-personalized email campaign targeting primarily retail companies and attempting to install TinyLoader and AbaddonPOS point-of-sale malware. The retail vertical was likely chosen due to the higher likelihood of infecting a POS system. We first observed AbaddonPOS when it was delivered by Vawtrak [2] in October of 2015. We have also found that TinyLoader and AbaddonPOS have since been updated in several ways."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57650265-6c8c-4de8-9e7f-41f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:12:21.000Z",
"modified": "2016-06-18T08:12:21.000Z",
"description": "Example macro document",
"pattern": "[file:hashes.SHA256 = '7dc57aef76a1ddb5eef7bfd1a1350e1e951b5f216bfc805f51796545d04d80a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:12:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57650265-8e60-4a78-8c8b-4349950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:12:21.000Z",
"modified": "2016-06-18T08:12:21.000Z",
"description": "Initial TinyLoader download",
"pattern": "[file:hashes.SHA256 = 'e5fbfd61b19561a4c35d1f7aa385f4ca73a65adb2610504398e4ca47c109bace']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:12:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57650265-7d44-4b05-bcf2-43d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:12:21.000Z",
"modified": "2016-06-18T08:12:21.000Z",
"description": "TinyLoader update",
"pattern": "[file:hashes.SHA256 = 'b30ee5185c7f649da42efabe9512d79adcaa53f3f3647e0025b7c68bf7cc8734']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:12:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57650266-9f34-41c8-8b36-4361950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:12:22.000Z",
"modified": "2016-06-18T08:12:22.000Z",
"description": "AbaddonPOS",
"pattern": "[file:hashes.SHA256 = '24e39756c5b6bdbdc397dabde3ece587cdb987af9704d5e5329e00b5b2aaa312']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:12:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5765029c-639c-4645-9c9a-40d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:13:16.000Z",
"modified": "2016-06-18T08:13:16.000Z",
"description": "On port 30010 TinyLoader C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.7.124.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:13:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5765029c-8754-4b3f-85fd-4867950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:13:16.000Z",
"modified": "2016-06-18T08:13:16.000Z",
"description": "On port 50010 TinyLoader C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.93.5.136']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:13:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576502bc-60a4-45c3-a48e-4b92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:13:48.000Z",
"modified": "2016-06-18T08:13:48.000Z",
"pattern": "[mutex:name = 'CHAMEL1ON']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57650322-21fc-4640-b114-428f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:15:30.000Z",
"modified": "2016-06-18T08:15:30.000Z",
"description": "Example TinyLoader download",
"pattern": "[url:value = 'http://dolcheriva.com/img/del/a/cg-bn/word.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57650322-c9e0-4067-ba78-41ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:15:30.000Z",
"modified": "2016-06-18T08:15:30.000Z",
"description": "Example TinyLoader update download",
"pattern": "[url:value = 'http://50.7.124.178/file.e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57650322-a190-499b-9450-4f03950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:15:30.000Z",
"modified": "2016-06-18T08:15:30.000Z",
"description": "Example AbaddonPOS download",
"pattern": "[url:value = 'http://85.93.5.136/ZRH4J2/P_KYJ3gxEhTpasmJxz.d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576503bf-05ec-4c41-9dbb-424302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:07.000Z",
"modified": "2016-06-18T08:18:07.000Z",
"description": "AbaddonPOS - Xchecked via VT: 24e39756c5b6bdbdc397dabde3ece587cdb987af9704d5e5329e00b5b2aaa312",
"pattern": "[file:hashes.SHA1 = '00a46a475d56b0e56e0522d6736330935aa64984']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:18:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576503bf-fba0-457a-8f9b-45d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:07.000Z",
"modified": "2016-06-18T08:18:07.000Z",
"description": "AbaddonPOS - Xchecked via VT: 24e39756c5b6bdbdc397dabde3ece587cdb987af9704d5e5329e00b5b2aaa312",
"pattern": "[file:hashes.MD5 = 'e4709fb8bc86334096093f3c6a181caa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:18:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--576503bf-1428-4318-9e61-4bbe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:07.000Z",
"modified": "2016-06-18T08:18:07.000Z",
"first_observed": "2016-06-18T08:18:07Z",
"last_observed": "2016-06-18T08:18:07Z",
"number_observed": 1,
"object_refs": [
"url--576503bf-1428-4318-9e61-4bbe02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--576503bf-1428-4318-9e61-4bbe02de0b81",
"value": "https://www.virustotal.com/file/24e39756c5b6bdbdc397dabde3ece587cdb987af9704d5e5329e00b5b2aaa312/analysis/1463379262/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576503bf-8798-454c-a17e-4c7c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:07.000Z",
"modified": "2016-06-18T08:18:07.000Z",
"description": "TinyLoader update - Xchecked via VT: b30ee5185c7f649da42efabe9512d79adcaa53f3f3647e0025b7c68bf7cc8734",
"pattern": "[file:hashes.SHA1 = '87bbed4e4dcab272097ce13d44676c0e7b297762']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:18:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576503c0-f4a0-48ec-9328-412702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:08.000Z",
"modified": "2016-06-18T08:18:08.000Z",
"description": "TinyLoader update - Xchecked via VT: b30ee5185c7f649da42efabe9512d79adcaa53f3f3647e0025b7c68bf7cc8734",
"pattern": "[file:hashes.MD5 = '073c4a79ea91e463662fc6bddc1b86e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:18:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--576503c0-3f80-428c-afce-499b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:08.000Z",
"modified": "2016-06-18T08:18:08.000Z",
"first_observed": "2016-06-18T08:18:08Z",
"last_observed": "2016-06-18T08:18:08Z",
"number_observed": 1,
"object_refs": [
"url--576503c0-3f80-428c-afce-499b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--576503c0-3f80-428c-afce-499b02de0b81",
"value": "https://www.virustotal.com/file/b30ee5185c7f649da42efabe9512d79adcaa53f3f3647e0025b7c68bf7cc8734/analysis/1463397647/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576503c0-f908-4e8a-ad51-420d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:08.000Z",
"modified": "2016-06-18T08:18:08.000Z",
"description": "Initial TinyLoader download - Xchecked via VT: e5fbfd61b19561a4c35d1f7aa385f4ca73a65adb2610504398e4ca47c109bace",
"pattern": "[file:hashes.SHA1 = '8ecc4a4b2ecef4d59928a2a4a2096073358b630c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:18:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576503c0-ceb8-470c-86d4-4fdc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:08.000Z",
"modified": "2016-06-18T08:18:08.000Z",
"description": "Initial TinyLoader download - Xchecked via VT: e5fbfd61b19561a4c35d1f7aa385f4ca73a65adb2610504398e4ca47c109bace",
"pattern": "[file:hashes.MD5 = 'fac14aedb6a7fc0ec24274b0faf3fa43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:18:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--576503c0-4d08-44ba-82e4-4e5e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:08.000Z",
"modified": "2016-06-18T08:18:08.000Z",
"first_observed": "2016-06-18T08:18:08Z",
"last_observed": "2016-06-18T08:18:08Z",
"number_observed": 1,
"object_refs": [
"url--576503c0-4d08-44ba-82e4-4e5e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--576503c0-4d08-44ba-82e4-4e5e02de0b81",
"value": "https://www.virustotal.com/file/e5fbfd61b19561a4c35d1f7aa385f4ca73a65adb2610504398e4ca47c109bace/analysis/1465218852/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576503c1-0588-4197-a7c2-483102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:09.000Z",
"modified": "2016-06-18T08:18:09.000Z",
"description": "Example macro document - Xchecked via VT: 7dc57aef76a1ddb5eef7bfd1a1350e1e951b5f216bfc805f51796545d04d80a0",
"pattern": "[file:hashes.SHA1 = 'aa8f7ecefa5a2016abc5772bef0081739bfc592c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:18:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576503c1-b33c-4bc5-8642-4a6402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:09.000Z",
"modified": "2016-06-18T08:18:09.000Z",
"description": "Example macro document - Xchecked via VT: 7dc57aef76a1ddb5eef7bfd1a1350e1e951b5f216bfc805f51796545d04d80a0",
"pattern": "[file:hashes.MD5 = '65cc003a511c398c4aae145e883d0821']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-18T08:18:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--576503c1-8554-46d7-86d5-4a8802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-18T08:18:09.000Z",
"modified": "2016-06-18T08:18:09.000Z",
"first_observed": "2016-06-18T08:18:09Z",
"last_observed": "2016-06-18T08:18:09Z",
"number_observed": 1,
"object_refs": [
"url--576503c1-8554-46d7-86d5-4a8802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--576503c1-8554-46d7-86d5-4a8802de0b81",
"value": "https://www.virustotal.com/file/7dc57aef76a1ddb5eef7bfd1a1350e1e951b5f216bfc805f51796545d04d80a0/analysis/1464788426/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}