misp-circl-feed/feeds/circl/stix-2.1/57a33020-bc70-4f69-96f9-118b950d210f.json

846 lines
36 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--57a33020-bc70-4f69-96f9-118b950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:12.000Z",
"modified": "2016-08-04T14:02:12.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57a33020-bc70-4f69-96f9-118b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:12.000Z",
"modified": "2016-08-04T14:02:12.000Z",
"name": "OSINT - NANHAISHU RATing the South China Sea",
"published": "2016-08-04T14:02:25Z",
"object_refs": [
"indicator--57a34524-d4ac-4726-93e7-22a8950d210f",
"indicator--57a34582-8218-4ef3-92aa-22a4950d210f",
"indicator--57a34582-65fc-45a6-abff-22a4950d210f",
"indicator--57a34583-b91c-42ae-973e-22a4950d210f",
"indicator--57a3461e-63e4-43aa-ba6d-22a4950d210f",
"indicator--57a3461f-38f0-4b14-a80b-22a4950d210f",
"indicator--57a34643-5a6c-40e0-98e3-22a9950d210f",
"indicator--57a34643-c924-4e5a-903e-22a9950d210f",
"indicator--57a3473e-0b34-46a7-a522-1cb7950d210f",
"indicator--57a3473e-37b4-40a5-9930-1cb7950d210f",
"indicator--57a34998-ba54-4cff-bf49-22ae950d210f",
"indicator--57a34998-0918-41f5-8b46-22ae950d210f",
"indicator--57a349dc-fad4-4d78-8806-22ae950d210f",
"indicator--57a349dc-d358-419b-a9d8-22ae950d210f",
"indicator--57a349fc-40f8-4218-970f-22b3950d210f",
"indicator--57a349fc-de7c-4f8a-9c75-22b3950d210f",
"indicator--57a34a18-8724-4dd0-8e04-22b3950d210f",
"indicator--57a34a18-7d8c-45de-a405-22b3950d210f",
"observed-data--57a34aa1-1038-4900-952d-22b0950d210f",
"url--57a34aa1-1038-4900-952d-22b0950d210f",
"observed-data--57a34ac8-2f7c-40f0-87ed-118b950d210f",
"url--57a34ac8-2f7c-40f0-87ed-118b950d210f",
"indicator--57a34ae4-6ec4-4df6-8404-22b402de0b81",
"indicator--57a34ae4-5750-4fc5-aa9f-22b402de0b81",
"observed-data--57a34ae4-12b8-4f62-ab4d-22b402de0b81",
"url--57a34ae4-12b8-4f62-ab4d-22b402de0b81",
"indicator--57a34ae5-61ac-40c3-bbbf-22b402de0b81",
"indicator--57a34ae5-ae24-4413-8de2-22b402de0b81",
"observed-data--57a34ae5-de80-4f90-99b7-22b402de0b81",
"url--57a34ae5-de80-4f90-99b7-22b402de0b81",
"indicator--57a34ae5-2d0c-4bce-aeb9-22b402de0b81",
"indicator--57a34ae5-4d90-4304-8b72-22b402de0b81",
"observed-data--57a34ae5-7574-446f-bed9-22b402de0b81",
"url--57a34ae5-7574-446f-bed9-22b402de0b81",
"indicator--57a34ae6-85e8-4129-851b-22b402de0b81",
"indicator--57a34ae6-d5d4-4764-886b-22b402de0b81",
"observed-data--57a34ae6-b7a0-49dd-a6fe-22b402de0b81",
"url--57a34ae6-b7a0-49dd-a6fe-22b402de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34524-d4ac-4726-93e7-22a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:59:26.000Z",
"modified": "2016-08-04T13:59:26.000Z",
"description": "First seen 2015-01-13",
"pattern": "[file:name = 'DOJ Staff bonus January 13, 2015.xls' AND file:hashes.SHA1 = 'a17769e8a2ac48f83076e3e1b6b24d71e6431d43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:59:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34582-8218-4ef3-92aa-22a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:00:04.000Z",
"modified": "2016-08-04T14:00:04.000Z",
"description": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07",
"pattern": "[file:name = 'The draft Foley Hoag reform of the distribution of shares and the remuneration system.xls' AND file:hashes.SHA1 = 'c66165a2fda061a2dc6415b99668c0b802bb26a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:00:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34582-65fc-45a6-abff-22a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:00:28.000Z",
"modified": "2016-08-04T14:00:28.000Z",
"description": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27",
"pattern": "[file:name = 'Salary and Bonus Data.xls' AND file:hashes.SHA1 = 'da799a043e077fd7bde1eaa1a1fa32fd32bcfb25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:00:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34583-b91c-42ae-973e-22a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:00:45.000Z",
"modified": "2016-08-04T14:00:45.000Z",
"description": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02",
"pattern": "[file:name = 'AELM Entertainment budget and Attendance allowance.xls' AND file:hashes.SHA1 = 'da3a8d1ea5b245f612da17ec7b252c45fd75adae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:00:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a3461e-63e4-43aa-ba6d-22a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:41:50.000Z",
"modified": "2016-08-04T13:41:50.000Z",
"description": "a17769e8a2ac48f83076e3e1b6b24d71e6431d43",
"pattern": "[domain-name:value = 'mines.port0.org' AND domain-name:resolves_to_refs[*].value = '54.87.87.13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:41:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a3461f-38f0-4b14-a80b-22a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:41:51.000Z",
"modified": "2016-08-04T13:41:51.000Z",
"description": "a17769e8a2ac48f83076e3e1b6b24d71e6431d43",
"pattern": "[domain-name:value = 'mines.port0.org' AND domain-name:resolves_to_refs[*].value = '103.238.224.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:41:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34643-5a6c-40e0-98e3-22a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:42:27.000Z",
"modified": "2016-08-04T13:42:27.000Z",
"description": "c66165a2fda061a2dc6415b99668c0b802bb26a0",
"pattern": "[domain-name:value = 'eholidays.mooo.com' AND domain-name:resolves_to_refs[*].value = '54.87.87.13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34643-c924-4e5a-903e-22a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:42:27.000Z",
"modified": "2016-08-04T13:42:27.000Z",
"description": "c66165a2fda061a2dc6415b99668c0b802bb26a0",
"pattern": "[domain-name:value = 'eholidays.mooo.com' AND domain-name:resolves_to_refs[*].value = '103.238.224.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a3473e-0b34-46a7-a522-1cb7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:46:38.000Z",
"modified": "2016-08-04T13:46:38.000Z",
"description": "da799a043e077fd7bde1eaa1a1fa32fd32bcfb25",
"pattern": "[domain-name:value = 'humans.mooo.info' AND domain-name:resolves_to_refs[*].value = '54.242.66.219']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:46:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a3473e-37b4-40a5-9930-1cb7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:46:38.000Z",
"modified": "2016-08-04T13:46:38.000Z",
"description": "da799a043e077fd7bde1eaa1a1fa32fd32bcfb25",
"pattern": "[domain-name:value = 'humans.mooo.info' AND domain-name:resolves_to_refs[*].value = '103.238.224.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:46:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34998-ba54-4cff-bf49-22ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:56:40.000Z",
"modified": "2016-08-04T13:56:40.000Z",
"description": "da3a8d1ea5b245f612da17ec7b252c45fd75adae",
"pattern": "[domain-name:value = 'presentation.twilightparadox.com' AND domain-name:resolves_to_refs[*].value = '64.62.189.196']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:56:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34998-0918-41f5-8b46-22ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:56:40.000Z",
"modified": "2016-08-04T13:56:40.000Z",
"description": "da3a8d1ea5b245f612da17ec7b252c45fd75adae",
"pattern": "[domain-name:value = 'presentation.twilightparadox.com' AND domain-name:resolves_to_refs[*].value = '103.238.224.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:56:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a349dc-fad4-4d78-8806-22ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:57:48.000Z",
"modified": "2016-08-04T13:57:48.000Z",
"pattern": "[domain-name:value = 'mintty.ignorelist.com' AND domain-name:resolves_to_refs[*].value = '64.62.189.221']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:57:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a349dc-d358-419b-a9d8-22ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:57:48.000Z",
"modified": "2016-08-04T13:57:48.000Z",
"pattern": "[domain-name:value = 'mintty.ignorelist.com' AND domain-name:resolves_to_refs[*].value = '103.238.224.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:57:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a349fc-40f8-4218-970f-22b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:58:20.000Z",
"modified": "2016-08-04T13:58:20.000Z",
"pattern": "[file:name = '\\\\%appdata\\\\%\\\\Microsoft\\\\Network\\\\network.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a349fc-de7c-4f8a-9c75-22b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:58:20.000Z",
"modified": "2016-08-04T13:58:20.000Z",
"pattern": "[file:name = '\\\\%appdata\\\\%\\\\Microsoft\\\\Protect\\\\CRED']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34a18-8724-4dd0-8e04-22b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:58:48.000Z",
"modified": "2016-08-04T13:58:48.000Z",
"pattern": "[windows-registry-key:key = '\\\\%regrun\\\\%\\\\network']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:58:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34a18-7d8c-45de-a405-22b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T13:58:48.000Z",
"modified": "2016-08-04T13:58:48.000Z",
"pattern": "[windows-registry-key:key = '\\\\%regrun\\\\%\\\\protect']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T13:58:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a34aa1-1038-4900-952d-22b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:01:05.000Z",
"modified": "2016-08-04T14:01:05.000Z",
"first_observed": "2016-08-04T14:01:05Z",
"last_observed": "2016-08-04T14:01:05Z",
"number_observed": 1,
"object_refs": [
"url--57a34aa1-1038-4900-952d-22b0950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a34aa1-1038-4900-952d-22b0950d210f",
"value": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a34ac8-2f7c-40f0-87ed-118b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:01:44.000Z",
"modified": "2016-08-04T14:01:44.000Z",
"first_observed": "2016-08-04T14:01:44Z",
"last_observed": "2016-08-04T14:01:44Z",
"number_observed": 1,
"object_refs": [
"url--57a34ac8-2f7c-40f0-87ed-118b950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a34ac8-2f7c-40f0-87ed-118b950d210f",
"value": "https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34ae4-6ec4-4df6-8404-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:12.000Z",
"modified": "2016-08-04T14:02:12.000Z",
"description": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02 - Xchecked via VT: da3a8d1ea5b245f612da17ec7b252c45fd75adae",
"pattern": "[file:hashes.SHA256 = 'b0de26080a84ba0b15ea3f471fe6be5392efe770c53dbe5c0a8ed439b05731c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:02:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34ae4-5750-4fc5-aa9f-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:12.000Z",
"modified": "2016-08-04T14:02:12.000Z",
"description": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02 - Xchecked via VT: da3a8d1ea5b245f612da17ec7b252c45fd75adae",
"pattern": "[file:hashes.MD5 = '97da0784fddfef932d7d31884f088b40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:02:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a34ae4-12b8-4f62-ab4d-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:12.000Z",
"modified": "2016-08-04T14:02:12.000Z",
"first_observed": "2016-08-04T14:02:12Z",
"last_observed": "2016-08-04T14:02:12Z",
"number_observed": 1,
"object_refs": [
"url--57a34ae4-12b8-4f62-ab4d-22b402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a34ae4-12b8-4f62-ab4d-22b402de0b81",
"value": "https://www.virustotal.com/file/b0de26080a84ba0b15ea3f471fe6be5392efe770c53dbe5c0a8ed439b05731c6/analysis/1445948371/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34ae5-61ac-40c3-bbbf-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:13.000Z",
"modified": "2016-08-04T14:02:13.000Z",
"description": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27 - Xchecked via VT: da799a043e077fd7bde1eaa1a1fa32fd32bcfb25",
"pattern": "[file:hashes.SHA256 = 'fd5706a5e45d2e0805221c3336c75167980916f39826eb6312aea7ea807d4ec0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:02:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34ae5-ae24-4413-8de2-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:13.000Z",
"modified": "2016-08-04T14:02:13.000Z",
"description": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27 - Xchecked via VT: da799a043e077fd7bde1eaa1a1fa32fd32bcfb25",
"pattern": "[file:hashes.MD5 = 'e1f88bc02e9bd15cecc7ae97a009e0d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:02:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a34ae5-de80-4f90-99b7-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:13.000Z",
"modified": "2016-08-04T14:02:13.000Z",
"first_observed": "2016-08-04T14:02:13Z",
"last_observed": "2016-08-04T14:02:13Z",
"number_observed": 1,
"object_refs": [
"url--57a34ae5-de80-4f90-99b7-22b402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a34ae5-de80-4f90-99b7-22b402de0b81",
"value": "https://www.virustotal.com/file/fd5706a5e45d2e0805221c3336c75167980916f39826eb6312aea7ea807d4ec0/analysis/1455828112/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34ae5-2d0c-4bce-aeb9-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:13.000Z",
"modified": "2016-08-04T14:02:13.000Z",
"description": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07 - Xchecked via VT: c66165a2fda061a2dc6415b99668c0b802bb26a0",
"pattern": "[file:hashes.SHA256 = 'e2c115679bcad87692506d6d9e7a985c59f59e36fd658b8927386474cbcc38ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:02:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34ae5-4d90-4304-8b72-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:13.000Z",
"modified": "2016-08-04T14:02:13.000Z",
"description": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07 - Xchecked via VT: c66165a2fda061a2dc6415b99668c0b802bb26a0",
"pattern": "[file:hashes.MD5 = 'd1de5bf033ee31da7babc6fa270f55bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:02:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a34ae5-7574-446f-bed9-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:13.000Z",
"modified": "2016-08-04T14:02:13.000Z",
"first_observed": "2016-08-04T14:02:13Z",
"last_observed": "2016-08-04T14:02:13Z",
"number_observed": 1,
"object_refs": [
"url--57a34ae5-7574-446f-bed9-22b402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a34ae5-7574-446f-bed9-22b402de0b81",
"value": "https://www.virustotal.com/file/e2c115679bcad87692506d6d9e7a985c59f59e36fd658b8927386474cbcc38ca/analysis/1456251302/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34ae6-85e8-4129-851b-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:14.000Z",
"modified": "2016-08-04T14:02:14.000Z",
"description": "First seen 2015-01-13 - Xchecked via VT: a17769e8a2ac48f83076e3e1b6b24d71e6431d43",
"pattern": "[file:hashes.SHA256 = '9696478b1484a0182644050d9adece9404f51eac193c4629a2bea9669a2fe5ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:02:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a34ae6-d5d4-4764-886b-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:14.000Z",
"modified": "2016-08-04T14:02:14.000Z",
"description": "First seen 2015-01-13 - Xchecked via VT: a17769e8a2ac48f83076e3e1b6b24d71e6431d43",
"pattern": "[file:hashes.MD5 = 'c0326d13c9619ebf6ee302cebda6cbfe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-04T14:02:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a34ae6-b7a0-49dd-a6fe-22b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-04T14:02:14.000Z",
"modified": "2016-08-04T14:02:14.000Z",
"first_observed": "2016-08-04T14:02:14Z",
"last_observed": "2016-08-04T14:02:14Z",
"number_observed": 1,
"object_refs": [
"url--57a34ae6-b7a0-49dd-a6fe-22b402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a34ae6-b7a0-49dd-a6fe-22b402de0b81",
"value": "https://www.virustotal.com/file/9696478b1484a0182644050d9adece9404f51eac193c4629a2bea9669a2fe5ef/analysis/1470315364/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}