1579 lines
66 KiB
JSON
1579 lines
66 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--576afc2a-6fd8-4b0d-949b-347902de0b81",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:42.000Z",
|
||
|
"modified": "2016-06-22T21:02:42.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--576afc2a-6fd8-4b0d-949b-347902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:42.000Z",
|
||
|
"modified": "2016-06-22T21:02:42.000Z",
|
||
|
"name": "OSINT - The Curious Case of an Unknown Trojan Targeting German-Speaking Users",
|
||
|
"published": "2016-06-22T21:03:10Z",
|
||
|
"object_refs": [
|
||
|
"indicator--576afc56-f90c-4bbe-90aa-ed0e02de0b81",
|
||
|
"indicator--576afc7a-3970-48c8-a823-34a202de0b81",
|
||
|
"indicator--576afc7a-0fd4-475c-b0bf-34a202de0b81",
|
||
|
"indicator--576afc7b-1880-4d7e-834e-34a202de0b81",
|
||
|
"indicator--576afc7b-3464-4907-bfd4-34a202de0b81",
|
||
|
"indicator--576afc7c-7f58-4fb5-91e4-34a202de0b81",
|
||
|
"indicator--576afc7c-d25c-4c02-b088-34a202de0b81",
|
||
|
"indicator--576afc7c-f4a0-4cde-9d62-34a202de0b81",
|
||
|
"indicator--576afca5-8050-4ee0-82d1-347602de0b81",
|
||
|
"indicator--576afca5-92f4-416a-be70-347602de0b81",
|
||
|
"indicator--576afca6-e670-4045-b465-347602de0b81",
|
||
|
"indicator--576afca6-543c-4bd0-a13c-347602de0b81",
|
||
|
"indicator--576afca6-ea50-4e69-ac50-347602de0b81",
|
||
|
"indicator--576afca7-1d94-4d40-af6f-347602de0b81",
|
||
|
"indicator--576afca7-1f08-4086-a1e7-347602de0b81",
|
||
|
"indicator--576afca8-bd38-4746-8f03-347602de0b81",
|
||
|
"indicator--576afca8-8abc-4d03-9542-347602de0b81",
|
||
|
"indicator--576afca8-15cc-4be9-9768-347602de0b81",
|
||
|
"indicator--576afca9-c414-465b-8269-347602de0b81",
|
||
|
"indicator--576afca9-5638-41b5-a53e-347602de0b81",
|
||
|
"indicator--576afca9-082c-49df-aa2a-347602de0b81",
|
||
|
"indicator--576afca9-8b10-4c3c-a30e-347602de0b81",
|
||
|
"indicator--576afca9-83e8-4a0b-b3ae-347602de0b81",
|
||
|
"indicator--576afcaa-f518-426f-91fb-347602de0b81",
|
||
|
"indicator--576afcaa-1b54-4285-8824-347602de0b81",
|
||
|
"indicator--576afcaa-f148-45a5-a2c1-347602de0b81",
|
||
|
"indicator--576afcaa-7720-4615-9de9-347602de0b81",
|
||
|
"indicator--576afcaa-e120-4c03-b763-347602de0b81",
|
||
|
"indicator--576afcaa-2794-480b-ab84-347602de0b81",
|
||
|
"indicator--576afcab-e95c-4f8f-b0b8-347602de0b81",
|
||
|
"indicator--576afcab-5154-4bf9-826b-347602de0b81",
|
||
|
"indicator--576afcab-15c8-4001-8012-347602de0b81",
|
||
|
"indicator--576afcab-23c4-4361-a6f4-347602de0b81",
|
||
|
"indicator--576afcab-d818-4a28-9b77-347602de0b81",
|
||
|
"indicator--576afcab-124c-40d1-ac8d-347602de0b81",
|
||
|
"indicator--576afcac-0850-435b-b55d-347602de0b81",
|
||
|
"indicator--576afcac-61e8-4080-8bc2-347602de0b81",
|
||
|
"indicator--576afcac-b624-4ed2-9682-347602de0b81",
|
||
|
"indicator--576afcac-2d98-498e-a580-347602de0b81",
|
||
|
"observed-data--576afcd1-2ef8-447b-ac63-3cc102de0b81",
|
||
|
"url--576afcd1-2ef8-447b-ac63-3cc102de0b81",
|
||
|
"indicator--576afcf2-595c-452c-9b4c-4f0502de0b81",
|
||
|
"indicator--576afcf2-131c-4140-9e0c-4bf302de0b81",
|
||
|
"observed-data--576afcf2-8650-4b94-9554-4f9f02de0b81",
|
||
|
"url--576afcf2-8650-4b94-9554-4f9f02de0b81",
|
||
|
"indicator--576afcf2-8440-4dbf-bad6-4bd002de0b81",
|
||
|
"indicator--576afcf3-d39c-41ee-b8cd-486802de0b81",
|
||
|
"observed-data--576afcf3-9e90-4fcd-b365-4f4602de0b81",
|
||
|
"url--576afcf3-9e90-4fcd-b365-4f4602de0b81",
|
||
|
"indicator--576afcf3-bc34-4747-87df-459e02de0b81",
|
||
|
"indicator--576afcf3-8ce4-4fdf-aa4f-4edf02de0b81",
|
||
|
"observed-data--576afcf3-ff68-41c5-97cf-4d8402de0b81",
|
||
|
"url--576afcf3-ff68-41c5-97cf-4d8402de0b81",
|
||
|
"indicator--576afcf3-22d0-401d-a0f5-411a02de0b81",
|
||
|
"indicator--576afcf4-36c0-4221-9b96-450502de0b81",
|
||
|
"observed-data--576afcf4-b404-48a7-ba05-4cff02de0b81",
|
||
|
"url--576afcf4-b404-48a7-ba05-4cff02de0b81",
|
||
|
"indicator--576afcf4-7ed8-4ab3-9fb6-4a3702de0b81",
|
||
|
"indicator--576afcf4-8298-42fa-a794-44cf02de0b81",
|
||
|
"observed-data--576afcf4-8984-46db-b974-43aa02de0b81",
|
||
|
"url--576afcf4-8984-46db-b974-43aa02de0b81",
|
||
|
"indicator--576afcf5-b9bc-4e4a-aa0a-431902de0b81",
|
||
|
"indicator--576afcf5-53f4-4669-b311-4e8202de0b81",
|
||
|
"observed-data--576afcf5-813c-45cd-950d-412202de0b81",
|
||
|
"url--576afcf5-813c-45cd-950d-412202de0b81",
|
||
|
"indicator--576afcf5-2350-4ba0-a4c5-453f02de0b81",
|
||
|
"indicator--576afcf5-dd9c-4b6f-b8ed-41b102de0b81",
|
||
|
"observed-data--576afcf5-289c-4baf-8453-49a402de0b81",
|
||
|
"url--576afcf5-289c-4baf-8453-49a402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afc56-f90c-4bbe-90aa-ed0e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:00:06.000Z",
|
||
|
"modified": "2016-06-22T21:00:06.000Z",
|
||
|
"description": "Last week, an unidentified malware was discovered",
|
||
|
"pattern": "[file:hashes.SHA256 = '171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:00:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afc7a-3970-48c8-a823-34a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:00:42.000Z",
|
||
|
"modified": "2016-06-22T21:00:42.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):",
|
||
|
"pattern": "[file:hashes.SHA256 = '72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:00:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afc7a-0fd4-475c-b0bf-34a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:00:42.000Z",
|
||
|
"modified": "2016-06-22T21:00:42.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):",
|
||
|
"pattern": "[file:hashes.SHA256 = '5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:00:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afc7b-1880-4d7e-834e-34a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:00:43.000Z",
|
||
|
"modified": "2016-06-22T21:00:43.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:00:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afc7b-3464-4907-bfd4-34a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:00:43.000Z",
|
||
|
"modified": "2016-06-22T21:00:43.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):",
|
||
|
"pattern": "[file:hashes.SHA256 = '171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:00:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afc7c-7f58-4fb5-91e4-34a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:00:44.000Z",
|
||
|
"modified": "2016-06-22T21:00:44.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):",
|
||
|
"pattern": "[file:hashes.SHA256 = '5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:00:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afc7c-d25c-4c02-b088-34a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:00:44.000Z",
|
||
|
"modified": "2016-06-22T21:00:44.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):",
|
||
|
"pattern": "[file:hashes.SHA256 = '103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:00:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afc7c-f4a0-4cde-9d62-34a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:00:44.000Z",
|
||
|
"modified": "2016-06-22T21:00:44.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):",
|
||
|
"pattern": "[file:hashes.SHA256 = 'cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:00:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca5-8050-4ee0-82d1-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:25.000Z",
|
||
|
"modified": "2016-06-22T21:01:25.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'yberprojects22017.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca5-92f4-416a-be70-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:25.000Z",
|
||
|
"modified": "2016-06-22T21:01:25.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'masterhost8981.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca6-e670-4045-b465-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:26.000Z",
|
||
|
"modified": "2016-06-22T21:01:26.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'nov15mailmarketing.in']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca6-543c-4bd0-a13c-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:26.000Z",
|
||
|
"modified": "2016-06-22T21:01:26.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'auspostresponse22.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca6-ea50-4e69-ac50-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:26.000Z",
|
||
|
"modified": "2016-06-22T21:01:26.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'goodwinn8.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca7-1d94-4d40-af6f-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:27.000Z",
|
||
|
"modified": "2016-06-22T21:01:27.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'mastehost12312.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca7-1f08-4086-a1e7-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:27.000Z",
|
||
|
"modified": "2016-06-22T21:01:27.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'masterhost1333.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca8-bd38-4746-8f03-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:28.000Z",
|
||
|
"modified": "2016-06-22T21:01:28.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'marketingmas.in.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca8-8abc-4d03-9542-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:28.000Z",
|
||
|
"modified": "2016-06-22T21:01:28.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'remembermetoday4.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca8-15cc-4be9-9768-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:28.000Z",
|
||
|
"modified": "2016-06-22T21:01:28.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'startupproject33676.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca9-c414-465b-8269-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:29.000Z",
|
||
|
"modified": "2016-06-22T21:01:29.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'bestbrowser-2015.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca9-5638-41b5-a53e-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:29.000Z",
|
||
|
"modified": "2016-06-22T21:01:29.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'marketing5050.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca9-082c-49df-aa2a-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:29.000Z",
|
||
|
"modified": "2016-06-22T21:01:29.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'marketingking878.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca9-8b10-4c3c-a30e-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:29.000Z",
|
||
|
"modified": "2016-06-22T21:01:29.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'yidckntbrmhuuhmq.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afca9-83e8-4a0b-b3ae-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:29.000Z",
|
||
|
"modified": "2016-06-22T21:01:29.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'resdomactivationa.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcaa-f518-426f-91fb-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:30.000Z",
|
||
|
"modified": "2016-06-22T21:01:30.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'ukcompanymarketing.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcaa-1b54-4285-8824-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:30.000Z",
|
||
|
"modified": "2016-06-22T21:01:30.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'goodvin77787.in']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcaa-f148-45a5-a2c1-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:30.000Z",
|
||
|
"modified": "2016-06-22T21:01:30.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'jajajakala8212.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcaa-7720-4615-9de9-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:30.000Z",
|
||
|
"modified": "2016-06-22T21:01:30.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'masterhost122133.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcaa-e120-4c03-b763-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:30.000Z",
|
||
|
"modified": "2016-06-22T21:01:30.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'masterj.in']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcaa-2794-480b-ab84-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:30.000Z",
|
||
|
"modified": "2016-06-22T21:01:30.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'lalalababla.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcab-e95c-4f8f-b0b8-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:31.000Z",
|
||
|
"modified": "2016-06-22T21:01:31.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'responder201922.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcab-5154-4bf9-826b-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:31.000Z",
|
||
|
"modified": "2016-06-22T21:01:31.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'cyberprojects2727.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcab-15c8-4001-8012-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:31.000Z",
|
||
|
"modified": "2016-06-22T21:01:31.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'super-sexy-girl2015.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcab-23c4-4361-a6f4-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:31.000Z",
|
||
|
"modified": "2016-06-22T21:01:31.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'jxsraxhlccokkrob.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcab-d818-4a28-9b77-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:31.000Z",
|
||
|
"modified": "2016-06-22T21:01:31.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'mastehost88832.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcab-124c-40d1-ac8d-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:31.000Z",
|
||
|
"modified": "2016-06-22T21:01:31.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'masterlin888.pw']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcac-0850-435b-b55d-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:32.000Z",
|
||
|
"modified": "2016-06-22T21:01:32.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'mamba777.in']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcac-61e8-4080-8bc2-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:32.000Z",
|
||
|
"modified": "2016-06-22T21:01:32.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'copolsox.us']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcac-b624-4ed2-9682-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:32.000Z",
|
||
|
"modified": "2016-06-22T21:01:32.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = '10cyberprojects2016.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcac-2d98-498e-a580-347602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:01:32.000Z",
|
||
|
"modified": "2016-06-22T21:01:32.000Z",
|
||
|
"description": "Domains registered by sir777alex@outlook.com:",
|
||
|
"pattern": "[domain-name:value = 'startupproject336.asia']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:01:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--576afcd1-2ef8-447b-ac63-3cc102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:09.000Z",
|
||
|
"modified": "2016-06-22T21:02:09.000Z",
|
||
|
"first_observed": "2016-06-22T21:02:09Z",
|
||
|
"last_observed": "2016-06-22T21:02:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--576afcd1-2ef8-447b-ac63-3cc102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--576afcd1-2ef8-447b-ac63-3cc102de0b81",
|
||
|
"value": "https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf2-595c-452c-9b4c-4f0502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:42.000Z",
|
||
|
"modified": "2016-06-22T21:02:42.000Z",
|
||
|
"description": "Last week, an unidentified malware was discovered - Xchecked via VT: 171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b",
|
||
|
"pattern": "[file:hashes.SHA1 = '9fbbca0a32f609aea6c8b3794429fea6b1cef1f7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf2-131c-4140-9e0c-4bf302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:42.000Z",
|
||
|
"modified": "2016-06-22T21:02:42.000Z",
|
||
|
"description": "Last week, an unidentified malware was discovered - Xchecked via VT: 171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b",
|
||
|
"pattern": "[file:hashes.MD5 = '2e624f044f4cd086e3d49ef8b78a5cb6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload installation"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload installation\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--576afcf2-8650-4b94-9554-4f9f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:42.000Z",
|
||
|
"modified": "2016-06-22T21:02:42.000Z",
|
||
|
"first_observed": "2016-06-22T21:02:42Z",
|
||
|
"last_observed": "2016-06-22T21:02:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--576afcf2-8650-4b94-9554-4f9f02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--576afcf2-8650-4b94-9554-4f9f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b/analysis/1466577042/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf2-8440-4dbf-bad6-4bd002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:42.000Z",
|
||
|
"modified": "2016-06-22T21:02:42.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b8001fb6144f491226306194a08254d04f854cc7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf3-d39c-41ee-b8cd-486802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:43.000Z",
|
||
|
"modified": "2016-06-22T21:02:43.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892",
|
||
|
"pattern": "[file:hashes.MD5 = '9ab0746d527beb6bf141580eb7e39b9f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--576afcf3-9e90-4fcd-b365-4f4602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:43.000Z",
|
||
|
"modified": "2016-06-22T21:02:43.000Z",
|
||
|
"first_observed": "2016-06-22T21:02:43Z",
|
||
|
"last_observed": "2016-06-22T21:02:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--576afcf3-9e90-4fcd-b365-4f4602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--576afcf3-9e90-4fcd-b365-4f4602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892/analysis/1465950050/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf3-bc34-4747-87df-459e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:43.000Z",
|
||
|
"modified": "2016-06-22T21:02:43.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d",
|
||
|
"pattern": "[file:hashes.SHA1 = '88261bc52f2bd5a18ff29963b4f5300d66b794d4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf3-8ce4-4fdf-aa4f-4edf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:43.000Z",
|
||
|
"modified": "2016-06-22T21:02:43.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d",
|
||
|
"pattern": "[file:hashes.MD5 = 'ddf0134ee920b0b9930f7d7aa2d1e038']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--576afcf3-ff68-41c5-97cf-4d8402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:43.000Z",
|
||
|
"modified": "2016-06-22T21:02:43.000Z",
|
||
|
"first_observed": "2016-06-22T21:02:43Z",
|
||
|
"last_observed": "2016-06-22T21:02:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--576afcf3-ff68-41c5-97cf-4d8402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--576afcf3-ff68-41c5-97cf-4d8402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d/analysis/1466578390/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf3-22d0-401d-a0f5-411a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:43.000Z",
|
||
|
"modified": "2016-06-22T21:02:43.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c",
|
||
|
"pattern": "[file:hashes.SHA1 = '349f5250384621b0e0e29a02947c2bf263234eb4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf4-36c0-4221-9b96-450502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:44.000Z",
|
||
|
"modified": "2016-06-22T21:02:44.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c",
|
||
|
"pattern": "[file:hashes.MD5 = '04c5b2382eecf78729e3c7f28d18cb88']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--576afcf4-b404-48a7-ba05-4cff02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:44.000Z",
|
||
|
"modified": "2016-06-22T21:02:44.000Z",
|
||
|
"first_observed": "2016-06-22T21:02:44Z",
|
||
|
"last_observed": "2016-06-22T21:02:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--576afcf4-b404-48a7-ba05-4cff02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--576afcf4-b404-48a7-ba05-4cff02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c/analysis/1465147301/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf4-7ed8-4ab3-9fb6-4a3702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:44.000Z",
|
||
|
"modified": "2016-06-22T21:02:44.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca",
|
||
|
"pattern": "[file:hashes.SHA1 = 'aad3a9a14d91f4c371dab192e976b28772a9f5b7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf4-8298-42fa-a794-44cf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:44.000Z",
|
||
|
"modified": "2016-06-22T21:02:44.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca",
|
||
|
"pattern": "[file:hashes.MD5 = '533fc5d5a9d7c0e06de13af3af0662ba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--576afcf4-8984-46db-b974-43aa02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:44.000Z",
|
||
|
"modified": "2016-06-22T21:02:44.000Z",
|
||
|
"first_observed": "2016-06-22T21:02:44Z",
|
||
|
"last_observed": "2016-06-22T21:02:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--576afcf4-8984-46db-b974-43aa02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--576afcf4-8984-46db-b974-43aa02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca/analysis/1459406571/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf5-b9bc-4e4a-aa0a-431902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:45.000Z",
|
||
|
"modified": "2016-06-22T21:02:45.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e77be9eaa91ff9429c2837a8291c9ae4a58a76b6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf5-53f4-4669-b311-4e8202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:45.000Z",
|
||
|
"modified": "2016-06-22T21:02:45.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f",
|
||
|
"pattern": "[file:hashes.MD5 = 'a4232d262ebfafc8570c034f428e64cb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--576afcf5-813c-45cd-950d-412202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:45.000Z",
|
||
|
"modified": "2016-06-22T21:02:45.000Z",
|
||
|
"first_observed": "2016-06-22T21:02:45Z",
|
||
|
"last_observed": "2016-06-22T21:02:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--576afcf5-813c-45cd-950d-412202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--576afcf5-813c-45cd-950d-412202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f/analysis/1464162631/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf5-2350-4ba0-a4c5-453f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:45.000Z",
|
||
|
"modified": "2016-06-22T21:02:45.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891",
|
||
|
"pattern": "[file:hashes.SHA1 = '343878c85ff1b66e27e0d1d193fe8fde81bf1db1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--576afcf5-dd9c-4b6f-b8ed-41b102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:45.000Z",
|
||
|
"modified": "2016-06-22T21:02:45.000Z",
|
||
|
"description": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891",
|
||
|
"pattern": "[file:hashes.MD5 = 'd79c3cce5d103f387955c34a0e429f58']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-22T21:02:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--576afcf5-289c-4baf-8453-49a402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-22T21:02:45.000Z",
|
||
|
"modified": "2016-06-22T21:02:45.000Z",
|
||
|
"first_observed": "2016-06-22T21:02:45Z",
|
||
|
"last_observed": "2016-06-22T21:02:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--576afcf5-289c-4baf-8453-49a402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--576afcf5-289c-4baf-8453-49a402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891/analysis/1466153872/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|