{ "type": "bundle", "id": "bundle--54e1a3f3-be8c-4840-88ce-f2d9950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:17:55.000Z", "modified": "2015-02-16T08:17:55.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--54e1a3f3-be8c-4840-88ce-f2d9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:17:55.000Z", "modified": "2015-02-16T08:17:55.000Z", "name": "OSINT MSRT February update from Microsoft", "published": "2015-02-16T09:26:16Z", "object_refs": [ "observed-data--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b", "url--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b", "indicator--54e1a42f-d028-4fda-ab40-4a72950d210b", "indicator--54e1a42f-8168-4254-ac41-4968950d210b", "indicator--54e1a42f-d668-4806-9d14-4f42950d210b", "indicator--54e1a42f-fbe0-41f8-a0c8-439b950d210b", "indicator--54e1a42f-88c8-490f-b24f-4cd5950d210b", "indicator--54e1a42f-d918-4c44-b106-4a5c950d210b", "indicator--54e1a430-5cf0-4c2f-959b-4d51950d210b", "indicator--54e1a430-7e34-4f23-bda3-425c950d210b", "x-misp-attribute--54e1a472-d4f8-43eb-89af-20b7950d210b", "x-misp-attribute--54e1a472-ec94-484f-9bea-20b7950d210b", "observed-data--54e1a49e-d43c-4564-9b46-f2d9950d210b", "url--54e1a49e-d43c-4564-9b46-f2d9950d210b", "observed-data--54e1a49e-04d8-4a50-b68a-f2d9950d210b", "url--54e1a49e-04d8-4a50-b68a-f2d9950d210b", "indicator--54e1a4d1-4284-43c9-a77a-fae5950d210b", "indicator--54e1a4d1-48d4-49d8-864a-fae5950d210b", "indicator--54e1a4d1-ad7c-4595-a65c-fae5950d210b", "indicator--54e1a4d1-9748-4092-978b-fae5950d210b", "indicator--54e1a4d1-21c0-404f-b2d2-fae5950d210b", "indicator--54e1a4d2-9554-44d8-9496-fae5950d210b", "indicator--54e1a4d2-d004-4aef-b376-fae5950d210b", "indicator--54e1a4d2-42d0-4147-b45a-fae5950d210b", "indicator--54e1a4d2-56bc-4405-9c3e-fae5950d210b", "indicator--54e1a4d2-1998-4bee-abae-fae5950d210b", "x-misp-attribute--54e1a5d3-e2b4-498d-ac48-40c3950d210b", "x-misp-attribute--54e1a5df-cfdc-4928-af6f-fae5950d210b", "indicator--54e1a66d-d5bc-4f3b-afad-dadf950d210b", "indicator--54e1a66d-5a08-45f2-8d7e-dadf950d210b", "indicator--54e1a66d-6da8-4100-956c-dadf950d210b", "indicator--54e1a66d-a538-40a0-9882-dadf950d210b", "x-misp-attribute--54e1a67b-cf10-473d-803a-4753950d210b", "indicator--54e1a6aa-88b0-4aef-ad0b-430e950d210b", "indicator--54e1a6aa-ea00-4864-9e3b-4b7a950d210b", "indicator--54e1a6aa-06c8-4e4f-8d50-4e61950d210b", "indicator--54e1a6ed-0db0-41ab-b75b-20b7950d210b", "indicator--54e1a70f-2744-46bd-b771-426c950d210b", "observed-data--54e1a73f-bafc-4cc7-8141-9107950d210b", "url--54e1a73f-bafc-4cc7-8141-9107950d210b", "observed-data--54e1a73f-1158-4659-901c-9107950d210b", "url--54e1a73f-1158-4659-901c-9107950d210b", "observed-data--54e1a73f-97fc-4ceb-8345-9107950d210b", "url--54e1a73f-97fc-4ceb-8345-9107950d210b", "indicator--54e1a7b3-bc64-4713-be9c-4c95950d210b", "indicator--54e1a7b3-7460-4a04-afb5-45eb950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:04:19.000Z", "modified": "2015-02-16T08:04:19.000Z", "first_observed": "2015-02-16T08:04:19Z", "last_observed": "2015-02-16T08:04:19Z", "number_observed": 1, "object_refs": [ "url--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b", "value": "http://blogs.technet.com/b/mmpc/archive/2015/02/10/msrt-february-escad-and-nukesped.aspx" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a42f-d028-4fda-ab40-4a72950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:03:49.000Z", "modified": "2015-02-16T08:03:49.000Z", "description": "Escad", "pattern": "[file:name = 'ansi.nls']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:03:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a42f-8168-4254-ac41-4968950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:03:49.000Z", "modified": "2015-02-16T08:03:49.000Z", "description": "Escad", "pattern": "[file:name = 'dayipmr.tbl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:03:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a42f-d668-4806-9d14-4f42950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:03:49.000Z", "modified": "2015-02-16T08:03:49.000Z", "description": "Escad", "pattern": "[file:name = 'netmonsvc.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:03:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a42f-fbe0-41f8-a0c8-439b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:03:49.000Z", "modified": "2015-02-16T08:03:49.000Z", "description": "Escad", "pattern": "[file:name = 'pmsconfig.msi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:03:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a42f-88c8-490f-b24f-4cd5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:03:49.000Z", "modified": "2015-02-16T08:03:49.000Z", "description": "Escad", "pattern": "[file:name = 'pmslog.msi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:03:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a42f-d918-4c44-b106-4a5c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:03:49.000Z", "modified": "2015-02-16T08:03:49.000Z", "description": "Escad", "pattern": "[file:name = 'rdmgr.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:03:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a430-5cf0-4c2f-959b-4d51950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:03:49.000Z", "modified": "2015-02-16T08:03:49.000Z", "description": "Escad", "pattern": "[file:name = 'remoteevtmanager.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:03:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a430-7e34-4f23-bda3-425c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:03:49.000Z", "modified": "2015-02-16T08:03:49.000Z", "description": "Escad", "pattern": "[file:name = 'tmscompg.msi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:03:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54e1a472-d4f8-43eb-89af-20b7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:04:02.000Z", "modified": "2015-02-16T08:04:02.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Escad" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54e1a472-ec94-484f-9bea-20b7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:04:02.000Z", "modified": "2015-02-16T08:04:02.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Nukesped" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54e1a49e-d43c-4564-9b46-f2d9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:04:46.000Z", "modified": "2015-02-16T08:04:46.000Z", "first_observed": "2015-02-16T08:04:46Z", "last_observed": "2015-02-16T08:04:46Z", "number_observed": 1, "object_refs": [ "url--54e1a49e-d43c-4564-9b46-f2d9950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54e1a49e-d43c-4564-9b46-f2d9950d210b", "value": "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Jinupd" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54e1a49e-04d8-4a50-b68a-f2d9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:04:46.000Z", "modified": "2015-02-16T08:04:46.000Z", "first_observed": "2015-02-16T08:04:46Z", "last_observed": "2015-02-16T08:04:46Z", "number_observed": 1, "object_refs": [ "url--54e1a49e-04d8-4a50-b68a-f2d9950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54e1a49e-04d8-4a50-b68a-f2d9950d210b", "value": "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/NukeSped" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a4d1-4284-43c9-a77a-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:05:37.000Z", "modified": "2015-02-16T08:05:37.000Z", "description": "NukeSped", "pattern": "[file:name = 'comon32.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:05:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a4d1-48d4-49d8-864a-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:05:37.000Z", "modified": "2015-02-16T08:05:37.000Z", "description": "NukeSped", "pattern": "[file:name = 'diskpartmg16.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:05:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a4d1-ad7c-4595-a65c-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:05:37.000Z", "modified": "2015-02-16T08:05:37.000Z", "description": "NukeSped", "pattern": "[file:name = 'dpnsvr16.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:05:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a4d1-9748-4092-978b-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:05:37.000Z", "modified": "2015-02-16T08:05:37.000Z", "description": "NukeSped", "pattern": "[file:name = 'expandmn32.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:05:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a4d1-21c0-404f-b2d2-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:05:37.000Z", "modified": "2015-02-16T08:05:37.000Z", "description": "NukeSped", "pattern": "[file:name = 'hwrcompsvc64.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:05:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a4d2-9554-44d8-9496-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:05:38.000Z", "modified": "2015-02-16T08:05:38.000Z", "description": "NukeSped", "pattern": "[file:name = 'mobsynclm64.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:05:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a4d2-d004-4aef-b376-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:05:38.000Z", "modified": "2015-02-16T08:05:38.000Z", "description": "NukeSped", "pattern": "[file:name = 'rdpshellex32.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:05:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a4d2-42d0-4147-b45a-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:05:38.000Z", "modified": "2015-02-16T08:05:38.000Z", "description": "NukeSped", "pattern": "[file:name = 'recdiscm32.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:05:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a4d2-56bc-4405-9c3e-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:05:38.000Z", "modified": "2015-02-16T08:05:38.000Z", "description": "NukeSped", "pattern": "[file:name = 'taskchg16.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:05:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a4d2-1998-4bee-abae-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:05:38.000Z", "modified": "2015-02-16T08:05:38.000Z", "description": "NukeSped", "pattern": "[file:name = 'taskhosts64.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:05:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54e1a5d3-e2b4-498d-ac48-40c3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:09:55.000Z", "modified": "2015-02-16T08:09:55.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Seems to be related to Sony hack based on the screenshots on the february update page" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54e1a5df-cfdc-4928-af6f-fae5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:10:07.000Z", "modified": "2015-02-16T08:10:07.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data entered by David Andr\u00c3\u00a9" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a66d-d5bc-4f3b-afad-dadf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:12:29.000Z", "modified": "2015-02-16T08:12:29.000Z", "description": "Jinupd", "pattern": "[domain-name:value = 'dailygiftclub.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a66d-5a08-45f2-8d7e-dadf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:12:29.000Z", "modified": "2015-02-16T08:12:29.000Z", "description": "Jinupd", "pattern": "[domain-name:value = 'dailygiftclub1.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a66d-6da8-4100-956c-dadf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:12:29.000Z", "modified": "2015-02-16T08:12:29.000Z", "description": "Jinupd", "pattern": "[domain-name:value = 'priv8darkshop.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a66d-a538-40a0-9882-dadf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:12:29.000Z", "modified": "2015-02-16T08:12:29.000Z", "description": "Jinupd", "pattern": "[domain-name:value = 'sopvps.hk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54e1a67b-cf10-473d-803a-4753950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:12:43.000Z", "modified": "2015-02-16T08:12:43.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Jinupd" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a6aa-88b0-4aef-ad0b-430e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:13:51.000Z", "modified": "2015-02-16T08:13:51.000Z", "description": "Jinupd", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\java se platform updater\\\\jusched.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:13:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a6aa-ea00-4864-9e3b-4b7a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:13:51.000Z", "modified": "2015-02-16T08:13:51.000Z", "description": "Jinupd", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\java platform updater\\\\jusched.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:13:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a6aa-06c8-4e4f-8d50-4e61950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:13:51.000Z", "modified": "2015-02-16T08:13:51.000Z", "description": "Jinupd", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\svchost.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:13:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a6ed-0db0-41ab-b75b-20b7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:14:37.000Z", "modified": "2015-02-16T08:14:37.000Z", "description": "NukeSped", "pattern": "[file:name = '\\\\%TEMP\\\\% \\\\usbdrv3.sys']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:14:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a70f-2744-46bd-b771-426c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:15:11.000Z", "modified": "2015-02-16T08:15:11.000Z", "description": "NukeSped", "pattern": "[file:name = '\\\\%windir\\\\% \\\\iissvr.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:15:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54e1a73f-bafc-4cc7-8141-9107950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:15:59.000Z", "modified": "2015-02-16T08:15:59.000Z", "first_observed": "2015-02-16T08:15:59Z", "last_observed": "2015-02-16T08:15:59Z", "number_observed": 1, "object_refs": [ "url--54e1a73f-bafc-4cc7-8141-9107950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54e1a73f-bafc-4cc7-8141-9107950d210b", "value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.C!dha" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54e1a73f-1158-4659-901c-9107950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:15:59.000Z", "modified": "2015-02-16T08:15:59.000Z", "first_observed": "2015-02-16T08:15:59Z", "last_observed": "2015-02-16T08:15:59Z", "number_observed": 1, "object_refs": [ "url--54e1a73f-1158-4659-901c-9107950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54e1a73f-1158-4659-901c-9107950d210b", "value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.B!dha" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54e1a73f-97fc-4ceb-8345-9107950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:15:59.000Z", "modified": "2015-02-16T08:15:59.000Z", "first_observed": "2015-02-16T08:15:59Z", "last_observed": "2015-02-16T08:15:59Z", "number_observed": 1, "object_refs": [ "url--54e1a73f-97fc-4ceb-8345-9107950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54e1a73f-97fc-4ceb-8345-9107950d210b", "value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.A!dha" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a7b3-bc64-4713-be9c-4c95950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:17:55.000Z", "modified": "2015-02-16T08:17:55.000Z", "description": "NukeSped", "pattern": "[file:name = 'usbdrv3_32bit.sys']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:17:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54e1a7b3-7460-4a04-afb5-45eb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-16T08:17:55.000Z", "modified": "2015-02-16T08:17:55.000Z", "description": "NukeSped", "pattern": "[file:name = 'usbdrv3_64bit.sys']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-16T08:17:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }