{ "type": "bundle", "id": "bundle--55ed7c41-5a68-4307-8184-43bc950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:59.000Z", "modified": "2015-09-07T12:02:59.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55ed7c41-5a68-4307-8184-43bc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:59.000Z", "modified": "2015-09-07T12:02:59.000Z", "name": "OSINT Threat Research Team Goes \u00e2\u20ac\u0153Beyond the Exploit\u00e2\u20ac\u009d in Search of Payloads from MS15-093 by bit9", "published": "2016-03-01T22:17:56Z", "object_refs": [ "observed-data--55ed7c6c-7e0c-4f13-8d69-4188950d210b", "url--55ed7c6c-7e0c-4f13-8d69-4188950d210b", "observed-data--55ed7c6c-af98-4484-98df-4698950d210b", "url--55ed7c6c-af98-4484-98df-4698950d210b", "indicator--55ed7ce7-92f0-4be2-a287-42b7950d210b", "indicator--55ed7ce8-8f68-4f22-b46a-41a6950d210b", "indicator--55ed7ce8-a9e0-4343-8874-4361950d210b", "indicator--55ed7ce8-e5b0-4c0d-ac93-4522950d210b", "indicator--55ed7ce9-e734-45c4-9ae6-4b82950d210b", "indicator--55ed7ce9-21b8-4bbe-979f-4af4950d210b", "indicator--55ed7ce9-166c-45a2-a5a5-418b950d210b", "indicator--55ed7cea-b354-40c5-890d-41a6950d210b", "indicator--55ed7cea-cbb8-4527-86fe-492b950d210b", "indicator--55ed7cea-1bec-4d76-9c28-4544950d210b", "indicator--55ed7cea-e670-4f7a-85fc-4ddc950d210b", "indicator--55ed7ceb-6d60-4ec7-8c94-4423950d210b", "indicator--55ed7ceb-730c-4811-a3d6-4b53950d210b", "indicator--55ed7ceb-5dec-4699-acaa-41b9950d210b", "indicator--55ed7cec-4988-4aff-ae7e-4f8f950d210b", "indicator--55ed7cec-faa4-4306-951d-48a4950d210b", "indicator--55ed7cec-621c-48d9-b6fa-4370950d210b", "indicator--55ed7ced-b4ac-4f91-a757-450f950d210b", "indicator--55ed7ced-ea38-4ffb-bd3a-497c950d210b", "indicator--55ed7ced-9aac-4b4c-90bb-4acb950d210b", "indicator--55ed7ced-39e4-4be3-a008-4a34950d210b", "indicator--55ed7cee-2484-49c9-a033-44af950d210b", "indicator--55ed7cee-2394-43a2-a7e1-4fb6950d210b", "indicator--55ed7cee-901c-43e0-9ec6-4999950d210b", "indicator--55ed7cef-36b0-4d88-b4fb-4115950d210b", "indicator--55ed7cef-4e60-4b5b-9b31-4432950d210b", "indicator--55ed7cef-6a5c-44ba-b9d6-4151950d210b", "indicator--55ed7cf0-0260-4a66-801e-44d0950d210b", "indicator--55ed7cf0-7e94-4065-95c1-487f950d210b", "indicator--55ed7cf0-3ba8-4b04-b6e0-4a3e950d210b", "vulnerability--55ed7cf0-fa88-4bdd-8349-4745950d210b", "indicator--55ed7cf1-041c-4017-a40f-4184950d210b", "indicator--55ed7cf1-8428-448d-924e-4f4f950d210b", "indicator--55ed7cf1-039c-4753-a97a-4040950d210b", "indicator--55ed7cf1-3b7c-4e35-a7bf-48e6950d210b", "indicator--55ed7cf2-6714-4087-be3d-492d950d210b", "indicator--55ed7cf2-08e4-460d-b0df-4c9a950d210b", "indicator--55ed7cf2-4630-4695-8cc1-47e1950d210b", "indicator--55ed7cf3-5154-42af-a802-413c950d210b", "indicator--56c6a9fd-22b0-44ed-af02-c654950d210f", "indicator--56c6a9ff-b050-4cb5-8a2b-59a0950d210f", "indicator--56c6aa01-fee0-436d-992b-5f51950d210f", "indicator--56c6aa03-8e24-4f43-aa2a-5f51950d210f", "indicator--56c6a9fe-fc5c-4ec6-a32b-5f51950d210f", "indicator--56c6aa00-9f50-4683-969c-4715950d210f", "indicator--56c6aa02-dd88-450b-83cf-c653950d210f", "indicator--56c6aa04-f4c8-4910-afdd-599e950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55ed7c6c-7e0c-4f13-8d69-4188950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:00:44.000Z", "modified": "2015-09-07T12:00:44.000Z", "first_observed": "2015-09-07T12:00:44Z", "last_observed": "2015-09-07T12:00:44Z", "number_observed": 1, "object_refs": [ "url--55ed7c6c-7e0c-4f13-8d69-4188950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55ed7c6c-7e0c-4f13-8d69-4188950d210b", "value": "https://blog.bit9.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-in-search-of-payloads-from-ms15-093/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55ed7c6c-af98-4484-98df-4698950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:00:44.000Z", "modified": "2015-09-07T12:00:44.000Z", "first_observed": "2015-09-07T12:00:44Z", "last_observed": "2015-09-07T12:00:44Z", "number_observed": 1, "object_refs": [ "url--55ed7c6c-af98-4484-98df-4698950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55ed7c6c-af98-4484-98df-4698950d210b", "value": "https://otx.alienvault.com/pulse/55ed61d667db8c6fb3515d9a/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ce7-92f0-4be2-a287-42b7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:47.000Z", "modified": "2015-09-07T12:02:47.000Z", "pattern": "[file:hashes.MD5 = '076ae76dcd0946ff913a9ce033e0ca55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ce8-8f68-4f22-b46a-41a6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:48.000Z", "modified": "2015-09-07T12:02:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.224.81.131']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ce8-a9e0-4343-8874-4361950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:48.000Z", "modified": "2015-09-07T12:02:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.249.28.5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ce8-e5b0-4c0d-ac93-4522950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:48.000Z", "modified": "2015-09-07T12:02:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.249.28.6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ce9-e734-45c4-9ae6-4b82950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:49.000Z", "modified": "2015-09-07T12:02:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.151.10.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ce9-21b8-4bbe-979f-4af4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:49.000Z", "modified": "2015-09-07T12:02:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.185.34.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ce9-166c-45a2-a5a5-418b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:49.000Z", "modified": "2015-09-07T12:02:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.183.149.75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cea-b354-40c5-890d-41a6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:50.000Z", "modified": "2015-09-07T12:02:50.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.71.100.211']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cea-cbb8-4527-86fe-492b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:50.000Z", "modified": "2015-09-07T12:02:50.000Z", "pattern": "[file:hashes.MD5 = '17a5621c765d9f2e3c117517b5ea0fd2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cea-1bec-4d76-9c28-4544950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:50.000Z", "modified": "2015-09-07T12:02:50.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.210.207.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cea-e670-4f7a-85fc-4ddc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:50.000Z", "modified": "2015-09-07T12:02:50.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.164.70.96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ceb-6d60-4ec7-8c94-4423950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:51.000Z", "modified": "2015-09-07T12:02:51.000Z", "pattern": "[file:hashes.MD5 = '200cc5c2482fc7968964dfc7a71f8fbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ceb-730c-4811-a3d6-4b53950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:51.000Z", "modified": "2015-09-07T12:02:51.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.139.227.86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ceb-5dec-4699-acaa-41b9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:51.000Z", "modified": "2015-09-07T12:02:51.000Z", "pattern": "[file:hashes.MD5 = '22eea74f771ff142163aa5ac02025f3a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cec-4988-4aff-ae7e-4f8f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:52.000Z", "modified": "2015-09-07T12:02:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.228.204.6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cec-faa4-4306-951d-48a4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:52.000Z", "modified": "2015-09-07T12:02:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.27.192.115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cec-621c-48d9-b6fa-4370950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:52.000Z", "modified": "2015-09-07T12:02:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.255.94.74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ced-b4ac-4f91-a757-450f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:53.000Z", "modified": "2015-09-07T12:02:53.000Z", "pattern": "[file:hashes.MD5 = '3475d208c6a67e7ddb3c266b79789773']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ced-ea38-4ffb-bd3a-497c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:53.000Z", "modified": "2015-09-07T12:02:53.000Z", "pattern": "[file:hashes.MD5 = '43cda62a1b68d8978ca1357f4800cdf9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ced-9aac-4b4c-90bb-4acb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:53.000Z", "modified": "2015-09-07T12:02:53.000Z", "pattern": "[file:hashes.MD5 = '66a2f4470913020780853bb06ef44b2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7ced-39e4-4be3-a008-4a34950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:53.000Z", "modified": "2015-09-07T12:02:53.000Z", "pattern": "[file:hashes.MD5 = '6c260baa4367578778b1ecdaaab37ef9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cee-2484-49c9-a033-44af950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:54.000Z", "modified": "2015-09-07T12:02:54.000Z", "pattern": "[file:hashes.MD5 = '7cba74017b8baf7df9f6f7a42914d217']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cee-2394-43a2-a7e1-4fb6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:54.000Z", "modified": "2015-09-07T12:02:54.000Z", "pattern": "[file:hashes.MD5 = '7d3e927bf918ac40b9d4bee748a34fc7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cee-901c-43e0-9ec6-4999950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:54.000Z", "modified": "2015-09-07T12:02:54.000Z", "pattern": "[file:hashes.MD5 = '828d0cafe4a88c2238cd3d29d8c29c1a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cef-36b0-4d88-b4fb-4115950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:55.000Z", "modified": "2015-09-07T12:02:55.000Z", "pattern": "[file:hashes.MD5 = '84bb1c8c5957125029e4fbfa9ec63045']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cef-4e60-4b5b-9b31-4432950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:55.000Z", "modified": "2015-09-07T12:02:55.000Z", "pattern": "[file:hashes.MD5 = '9e5f8d0d54c22bf09913d2f5399db352']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cef-6a5c-44ba-b9d6-4151950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:55.000Z", "modified": "2015-09-07T12:02:55.000Z", "pattern": "[domain-name:value = 'app.theworldfun.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf0-0260-4a66-801e-44d0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:56.000Z", "modified": "2015-09-07T12:02:56.000Z", "pattern": "[domain-name:value = 'baba.koumm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf0-7e94-4065-95c1-487f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:56.000Z", "modified": "2015-09-07T12:02:56.000Z", "pattern": "[file:hashes.MD5 = 'bb5a0af2a95557cbb488e8ad33760b7f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf0-3ba8-4b04-b6e0-4a3e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:56.000Z", "modified": "2015-09-07T12:02:56.000Z", "pattern": "[domain-name:value = 'cmc.apecscmc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--55ed7cf0-fa88-4bdd-8349-4745950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:56.000Z", "modified": "2015-09-07T12:02:56.000Z", "name": "CVE-2015-2502", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2015-2502" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf1-041c-4017-a40f-4184950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:57.000Z", "modified": "2015-09-07T12:02:57.000Z", "pattern": "[file:hashes.MD5 = 'ff39a8946b7e9342f57167e5eee95912']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf1-8428-448d-924e-4f4f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:57.000Z", "modified": "2015-09-07T12:02:57.000Z", "pattern": "[domain-name:value = 'gotoiknowledge.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf1-039c-4753-a97a-4040950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:57.000Z", "modified": "2015-09-07T12:02:57.000Z", "pattern": "[domain-name:value = 'mail.theworldfun.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf1-3b7c-4e35-a7bf-48e6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:57.000Z", "modified": "2015-09-07T12:02:57.000Z", "pattern": "[domain-name:value = 'ov.theworldfun.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf2-6714-4087-be3d-492d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:58.000Z", "modified": "2015-09-07T12:02:58.000Z", "pattern": "[domain-name:value = 'update.avupdate.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf2-08e4-460d-b0df-4c9a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:58.000Z", "modified": "2015-09-07T12:02:58.000Z", "pattern": "[domain-name:value = 'www.konsocn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf2-4630-4695-8cc1-47e1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:58.000Z", "modified": "2015-09-07T12:02:58.000Z", "pattern": "[domain-name:value = 'www.koumm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ed7cf3-5154-42af-a802-413c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-07T12:02:59.000Z", "modified": "2015-09-07T12:02:59.000Z", "pattern": "[domain-name:value = 'www.theworldfun.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-07T12:02:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6a9fd-22b0-44ed-af02-c654950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T05:37:01.000Z", "modified": "2016-02-19T05:37:01.000Z", "description": "Automatically added (via 076ae76dcd0946ff913a9ce033e0ca55)", "pattern": "[file:hashes.SHA1 = 'dd4a55571b94d24703ad06476cbce9413e2f9ecf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T05:37:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6a9ff-b050-4cb5-8a2b-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T05:37:03.000Z", "modified": "2016-02-19T05:37:03.000Z", "description": "Automatically added (via 3475d208c6a67e7ddb3c266b79789773)", "pattern": "[file:hashes.SHA1 = 'c7b1a2bc996f4e3cc0b7211db82f12997cdacf6f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T05:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6aa01-fee0-436d-992b-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T05:37:05.000Z", "modified": "2016-02-19T05:37:05.000Z", "description": "Automatically added (via 6c260baa4367578778b1ecdaaab37ef9)", "pattern": "[file:hashes.SHA1 = '67ede66874fe152d107f858acf906d7a70f1f709']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T05:37:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6aa03-8e24-4f43-aa2a-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T05:37:07.000Z", "modified": "2016-02-19T05:37:07.000Z", "description": "Automatically added (via 84bb1c8c5957125029e4fbfa9ec63045)", "pattern": "[file:hashes.SHA1 = '2d99e88c30cd805f5e346388d312f7a3e3386798']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T05:37:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6a9fe-fc5c-4ec6-a32b-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T05:37:02.000Z", "modified": "2016-02-19T05:37:02.000Z", "description": "Automatically added (via 076ae76dcd0946ff913a9ce033e0ca55)", "pattern": "[file:hashes.SHA256 = 'c437465db42268332543fbf6fd6a560ca010f19e0fd56562fb83fb704824b371']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T05:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6aa00-9f50-4683-969c-4715950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T05:37:04.000Z", "modified": "2016-02-19T05:37:04.000Z", "description": "Automatically added (via 3475d208c6a67e7ddb3c266b79789773)", "pattern": "[file:hashes.SHA256 = '61900fb9841a4d6d14e990163ea575694e684beaf912f50989b0013a9634196f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T05:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6aa02-dd88-450b-83cf-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T05:37:06.000Z", "modified": "2016-02-19T05:37:06.000Z", "description": "Automatically added (via 6c260baa4367578778b1ecdaaab37ef9)", "pattern": "[file:hashes.SHA256 = '71b201a5a7dfdbe91c0a7783f845b71d066c62014b944f488de5aec6272f907c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T05:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c6aa04-f4c8-4910-afdd-599e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T05:37:08.000Z", "modified": "2016-02-19T05:37:08.000Z", "description": "Automatically added (via 84bb1c8c5957125029e4fbfa9ec63045)", "pattern": "[file:hashes.SHA256 = '56ec1ccab98c1ed67a0095b7ec8e6b17b12da3e00d357274fa37ec63ec724c07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T05:37:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }