{ "type": "bundle", "id": "bundle--560a3ca1-e110-476e-b730-4765950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:30:56.000Z", "modified": "2015-09-29T07:30:56.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--560a3ca1-e110-476e-b730-4765950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:30:56.000Z", "modified": "2015-09-29T07:30:56.000Z", "name": "OSINT Infected Korean Website Installs Banking Malware by Cyphort", "published": "2015-09-29T07:30:59Z", "object_refs": [ "observed-data--560a3cba-80f8-4552-b0f5-472e950d210b", "url--560a3cba-80f8-4552-b0f5-472e950d210b", "observed-data--560a3d16-8174-4ec6-abb5-4817950d210b", "domain-name--560a3d16-8174-4ec6-abb5-4817950d210b", "observed-data--560a3d16-f058-4646-a321-4dc8950d210b", "domain-name--560a3d16-f058-4646-a321-4dc8950d210b", "observed-data--560a3d17-2eb0-4f10-bc30-41d9950d210b", "domain-name--560a3d17-2eb0-4f10-bc30-41d9950d210b", "observed-data--560a3d17-1c24-4311-a351-408c950d210b", "domain-name--560a3d17-1c24-4311-a351-408c950d210b", "observed-data--560a3d17-6eec-43e5-bd7a-412f950d210b", "domain-name--560a3d17-6eec-43e5-bd7a-412f950d210b", "observed-data--560a3d18-1a88-4db3-81c8-450f950d210b", "domain-name--560a3d18-1a88-4db3-81c8-450f950d210b", "observed-data--560a3d18-980c-4c66-ac01-4881950d210b", "domain-name--560a3d18-980c-4c66-ac01-4881950d210b", "observed-data--560a3d18-6774-46fe-acf1-4c60950d210b", "domain-name--560a3d18-6774-46fe-acf1-4c60950d210b", "observed-data--560a3d19-787c-4cd7-89da-4390950d210b", "domain-name--560a3d19-787c-4cd7-89da-4390950d210b", "observed-data--560a3d19-ed44-4225-96ce-48b6950d210b", "domain-name--560a3d19-ed44-4225-96ce-48b6950d210b", "observed-data--560a3d19-4b38-45d6-95c6-438b950d210b", "domain-name--560a3d19-4b38-45d6-95c6-438b950d210b", "vulnerability--560a3d2f-80d4-4082-b16c-4c4c950d210b", "vulnerability--560a3d2f-7b1c-40e9-9a93-4d5f950d210b", "vulnerability--560a3d2f-f99c-4d63-a726-4e2d950d210b", "indicator--560a3d99-cd74-481b-9861-e475950d210b", "indicator--560a3d99-c840-4f69-ae51-e475950d210b", "indicator--560a3d9a-8d6c-4f79-b327-e475950d210b", "indicator--560a3d9a-b6a0-4cbc-924b-e475950d210b", "indicator--560a3da7-2510-4ae0-a6bb-417f950d210b", "indicator--560a3da7-f748-49bc-982b-47b9950d210b", "indicator--560a3dcb-a60c-46f7-a05d-470d950d210b", "indicator--560a3dcb-7e10-4595-a21f-4913950d210b", "indicator--560a3dcb-7e90-4d72-883c-4add950d210b", "indicator--560a3e21-0638-4bcd-8d62-4319950d210b", "indicator--560a3e21-4654-4a55-b8c2-428d950d210b", "observed-data--560a3e22-2db0-4a39-b37f-4ef5950d210b", "url--560a3e22-2db0-4a39-b37f-4ef5950d210b", "indicator--560a3e22-027c-4e2d-b613-40cb950d210b", "indicator--560a3e22-73bc-488e-81ec-42d5950d210b", "observed-data--560a3e23-008c-4560-9c3a-40a7950d210b", "url--560a3e23-008c-4560-9c3a-40a7950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3cba-80f8-4552-b0f5-472e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:24:42.000Z", "modified": "2015-09-29T07:24:42.000Z", "first_observed": "2015-09-29T07:24:42Z", "last_observed": "2015-09-29T07:24:42Z", "number_observed": 1, "object_refs": [ "url--560a3cba-80f8-4552-b0f5-472e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560a3cba-80f8-4552-b0f5-472e950d210b", "value": "http://www.cyphort.com/koreatimes-installs-venik/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d16-8174-4ec6-abb5-4817950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:14.000Z", "modified": "2015-09-29T07:26:14.000Z", "first_observed": "2015-09-29T07:26:14Z", "last_observed": "2015-09-29T07:26:14Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d16-8174-4ec6-abb5-4817950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d16-8174-4ec6-abb5-4817950d210b", "value": "koreatimes.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d16-f058-4646-a321-4dc8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:14.000Z", "modified": "2015-09-29T07:26:14.000Z", "first_observed": "2015-09-29T07:26:14Z", "last_observed": "2015-09-29T07:26:14Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d16-f058-4646-a321-4dc8950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d16-f058-4646-a321-4dc8950d210b", "value": "filehon.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d17-2eb0-4f10-bc30-41d9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:15.000Z", "modified": "2015-09-29T07:26:15.000Z", "first_observed": "2015-09-29T07:26:15Z", "last_observed": "2015-09-29T07:26:15Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d17-2eb0-4f10-bc30-41d9950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d17-2eb0-4f10-bc30-41d9950d210b", "value": "joara.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d17-1c24-4311-a351-408c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:15.000Z", "modified": "2015-09-29T07:26:15.000Z", "first_observed": "2015-09-29T07:26:15Z", "last_observed": "2015-09-29T07:26:15Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d17-1c24-4311-a351-408c950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d17-1c24-4311-a351-408c950d210b", "value": "hometax.go.kr" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d17-6eec-43e5-bd7a-412f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:15.000Z", "modified": "2015-09-29T07:26:15.000Z", "first_observed": "2015-09-29T07:26:15Z", "last_observed": "2015-09-29T07:26:15Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d17-6eec-43e5-bd7a-412f950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d17-6eec-43e5-bd7a-412f950d210b", "value": "soriaudio.co.kr" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d18-1a88-4db3-81c8-450f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:16.000Z", "modified": "2015-09-29T07:26:16.000Z", "first_observed": "2015-09-29T07:26:16Z", "last_observed": "2015-09-29T07:26:16Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d18-1a88-4db3-81c8-450f950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d18-1a88-4db3-81c8-450f950d210b", "value": "gomsee.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d18-980c-4c66-ac01-4881950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:16.000Z", "modified": "2015-09-29T07:26:16.000Z", "first_observed": "2015-09-29T07:26:16Z", "last_observed": "2015-09-29T07:26:16Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d18-980c-4c66-ac01-4881950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d18-980c-4c66-ac01-4881950d210b", "value": "lottoplay.co.kr" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d18-6774-46fe-acf1-4c60950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:16.000Z", "modified": "2015-09-29T07:26:16.000Z", "first_observed": "2015-09-29T07:26:16Z", "last_observed": "2015-09-29T07:26:16Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d18-6774-46fe-acf1-4c60950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d18-6774-46fe-acf1-4c60950d210b", "value": "insight.co.kr" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d19-787c-4cd7-89da-4390950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:17.000Z", "modified": "2015-09-29T07:26:17.000Z", "first_observed": "2015-09-29T07:26:17Z", "last_observed": "2015-09-29T07:26:17Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d19-787c-4cd7-89da-4390950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d19-787c-4cd7-89da-4390950d210b", "value": "filecity.co.kr" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d19-ed44-4225-96ce-48b6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:17.000Z", "modified": "2015-09-29T07:26:17.000Z", "first_observed": "2015-09-29T07:26:17Z", "last_observed": "2015-09-29T07:26:17Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d19-ed44-4225-96ce-48b6950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d19-ed44-4225-96ce-48b6950d210b", "value": "nggol.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3d19-4b38-45d6-95c6-438b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:17.000Z", "modified": "2015-09-29T07:26:17.000Z", "first_observed": "2015-09-29T07:26:17Z", "last_observed": "2015-09-29T07:26:17Z", "number_observed": 1, "object_refs": [ "domain-name--560a3d19-4b38-45d6-95c6-438b950d210b" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--560a3d19-4b38-45d6-95c6-438b950d210b", "value": "koreamanse.com" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--560a3d2f-80d4-4082-b16c-4c4c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:39.000Z", "modified": "2015-09-29T07:26:39.000Z", "name": "CVE-2014-6332", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2014-6332" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--560a3d2f-7b1c-40e9-9a93-4d5f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:39.000Z", "modified": "2015-09-29T07:26:39.000Z", "name": "CVE-2011-3544", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2011-3544" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--560a3d2f-f99c-4d63-a726-4e2d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:26:39.000Z", "modified": "2015-09-29T07:26:39.000Z", "name": "CVE-2015-0336", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2015-0336" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3d99-cd74-481b-9861-e475950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:28:25.000Z", "modified": "2015-09-29T07:28:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '99.188.106.161']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:28:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3d99-c840-4f69-ae51-e475950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:28:25.000Z", "modified": "2015-09-29T07:28:25.000Z", "pattern": "[url:value = 'http://142.0.137.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:28:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3d9a-8d6c-4f79-b327-e475950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:28:26.000Z", "modified": "2015-09-29T07:28:26.000Z", "pattern": "[url:value = 'http://142.0.137.67:805/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:28:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3d9a-b6a0-4cbc-924b-e475950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:28:26.000Z", "modified": "2015-09-29T07:28:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.0.137.199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:28:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3da7-2510-4ae0-a6bb-417f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:28:39.000Z", "modified": "2015-09-29T07:28:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.0.137.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:28:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3da7-f748-49bc-982b-47b9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:28:39.000Z", "modified": "2015-09-29T07:28:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.0.137.67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:28:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3dcb-a60c-46f7-a05d-470d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:29:15.000Z", "modified": "2015-09-29T07:29:15.000Z", "pattern": "[file:hashes.MD5 = 'c242d641d9432f611360db36f2075f67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:29:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3dcb-7e10-4595-a21f-4913950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:29:15.000Z", "modified": "2015-09-29T07:29:15.000Z", "pattern": "[file:hashes.MD5 = 'a6ec0fbe1ad821a3fb527f39e180e378']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:29:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3dcb-7e90-4d72-883c-4add950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:29:15.000Z", "modified": "2015-09-29T07:29:15.000Z", "pattern": "[file:hashes.MD5 = 'b9a5a00e134fe0df217c01145319b1cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:29:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3e21-0638-4bcd-8d62-4319950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:30:41.000Z", "modified": "2015-09-29T07:30:41.000Z", "description": "- Xchecked via VT: a6ec0fbe1ad821a3fb527f39e180e378", "pattern": "[file:hashes.SHA256 = '04272c55bf2a534cf9f4556f102f01770d1ac2d4979cd98e9a2e294cf57c2a49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:30:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3e21-4654-4a55-b8c2-428d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:30:41.000Z", "modified": "2015-09-29T07:30:41.000Z", "description": "- Xchecked via VT: a6ec0fbe1ad821a3fb527f39e180e378", "pattern": "[file:hashes.SHA1 = '0cb0f491de8ba2761de899d8cbc136e2747145ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:30:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3e22-2db0-4a39-b37f-4ef5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:30:42.000Z", "modified": "2015-09-29T07:30:42.000Z", "first_observed": "2015-09-29T07:30:42Z", "last_observed": "2015-09-29T07:30:42Z", "number_observed": 1, "object_refs": [ "url--560a3e22-2db0-4a39-b37f-4ef5950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560a3e22-2db0-4a39-b37f-4ef5950d210b", "value": "https://www.virustotal.com/file/04272c55bf2a534cf9f4556f102f01770d1ac2d4979cd98e9a2e294cf57c2a49/analysis/1443347085/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3e22-027c-4e2d-b613-40cb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:30:42.000Z", "modified": "2015-09-29T07:30:42.000Z", "description": "- Xchecked via VT: c242d641d9432f611360db36f2075f67", "pattern": "[file:hashes.SHA256 = '3361cece5f1e2920f2eb6029aa844d434f3f265cace7061cc52a0e11a6d1d383']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:30:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560a3e22-73bc-488e-81ec-42d5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:30:42.000Z", "modified": "2015-09-29T07:30:42.000Z", "description": "- Xchecked via VT: c242d641d9432f611360db36f2075f67", "pattern": "[file:hashes.SHA1 = 'be8e700fb54019f06e3c816473d9141cc7d75630']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-29T07:30:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560a3e23-008c-4560-9c3a-40a7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-29T07:30:43.000Z", "modified": "2015-09-29T07:30:43.000Z", "first_observed": "2015-09-29T07:30:43Z", "last_observed": "2015-09-29T07:30:43Z", "number_observed": 1, "object_refs": [ "url--560a3e23-008c-4560-9c3a-40a7950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560a3e23-008c-4560-9c3a-40a7950d210b", "value": "https://www.virustotal.com/file/3361cece5f1e2920f2eb6029aa844d434f3f265cace7061cc52a0e11a6d1d383/analysis/1443415018/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }