{ "type": "bundle", "id": "bundle--570b9eee-6f60-41d4-bd1b-40d2950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:39.000Z", "modified": "2016-04-11T12:58:39.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--570b9eee-6f60-41d4-bd1b-40d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:39.000Z", "modified": "2016-04-11T12:58:39.000Z", "name": "OSINT - Mobile Devices Used to Execute DNS Malware Against Home Routers", "published": "2016-04-11T12:59:14Z", "object_refs": [ "observed-data--570b9f09-912c-4f67-992c-42b2950d210f", "url--570b9f09-912c-4f67-992c-42b2950d210f", "x-misp-attribute--570b9f1e-1a40-4b3e-813c-4315950d210f", "indicator--570b9f36-ef00-4f0b-aec6-d938950d210f", "indicator--570b9f37-8c00-4a1c-8415-d938950d210f", "indicator--570b9f37-6840-4611-a633-d938950d210f", "indicator--570b9f37-e1f8-4474-8c30-d938950d210f", "indicator--570b9f38-5558-4947-b2d5-d938950d210f", "indicator--570b9f38-aee0-42e9-9a88-d938950d210f", "indicator--570b9f38-8f60-4a1d-8b16-d938950d210f", "indicator--570b9f39-8b04-4aa3-b9a0-d938950d210f", "indicator--570b9f39-953c-409c-9bc3-d938950d210f", "indicator--570b9f39-8084-4bc7-adfc-d938950d210f", "indicator--570b9f5a-f32c-4ae7-bda8-d939950d210f", "indicator--570b9f5a-d290-435e-a054-d939950d210f", "indicator--570b9f5a-ed88-4967-a6c2-d939950d210f", "indicator--570b9f5b-662c-49af-85ee-d939950d210f", "indicator--570b9f5b-b6d4-4c0b-955c-d939950d210f", "indicator--570b9f5c-8fec-4f80-b521-d939950d210f", "indicator--570b9f5c-2500-4dec-a17a-d939950d210f", "indicator--570b9f5c-6c64-4872-b332-d939950d210f", "indicator--570b9f5d-9294-4f3e-b1d9-d939950d210f", "indicator--570b9f5d-b8f8-40de-93f5-d939950d210f", "indicator--570b9f5d-3ed0-457d-931c-d939950d210f", "indicator--570b9f5e-8240-4939-b922-d939950d210f", "indicator--570b9f5e-e41c-4513-a445-d939950d210f", "indicator--570b9f5e-7690-4f7e-a442-d939950d210f", "indicator--570b9f7f-7164-4d5c-8bc9-463302de0b81", "indicator--570b9f7f-df40-43bf-b3f2-498802de0b81", "observed-data--570b9f7f-e33c-4a04-a835-4cc102de0b81", "url--570b9f7f-e33c-4a04-a835-4cc102de0b81", "indicator--570b9f80-ae0c-4c52-9d4c-4fab02de0b81", "indicator--570b9f80-a664-41c5-ac22-433702de0b81", "observed-data--570b9f81-d550-4ab5-b6ea-48b002de0b81", "url--570b9f81-d550-4ab5-b6ea-48b002de0b81", "indicator--570b9f81-74fc-4995-9012-454b02de0b81", "indicator--570b9f81-9fa4-49d3-bbc4-40b402de0b81", "observed-data--570b9f82-003c-41cd-8317-402202de0b81", "url--570b9f82-003c-41cd-8317-402202de0b81", "indicator--570b9f82-06d8-4854-99e0-429b02de0b81", "indicator--570b9f82-5bac-4b60-be5d-4aa802de0b81", "observed-data--570b9f83-9c50-46c4-a6d8-4e1a02de0b81", "url--570b9f83-9c50-46c4-a6d8-4e1a02de0b81", "indicator--570b9f83-d724-4ad7-b398-418002de0b81", "indicator--570b9f83-faa0-45f9-89b8-430102de0b81", "observed-data--570b9f84-7ce4-4691-8548-45aa02de0b81", "url--570b9f84-7ce4-4691-8548-45aa02de0b81", "indicator--570b9f84-6d80-49dc-a0d8-4b5002de0b81", "indicator--570b9f84-d638-4a5f-8acf-438c02de0b81", "observed-data--570b9f85-468c-486c-8789-482c02de0b81", "url--570b9f85-468c-486c-8789-482c02de0b81", "indicator--570b9f85-c8c4-4377-b8ff-4d6a02de0b81", "indicator--570b9f85-01bc-4752-91c3-440802de0b81", "observed-data--570b9f86-6328-472b-889f-478002de0b81", "url--570b9f86-6328-472b-889f-478002de0b81", "indicator--570b9f86-5744-4fc4-822f-4abb02de0b81", "indicator--570b9f86-2978-4f5e-8946-473002de0b81", "observed-data--570b9f87-d4ec-4faf-954f-442302de0b81", "url--570b9f87-d4ec-4faf-954f-442302de0b81", "indicator--570b9f87-93b0-40c1-bc6f-41b102de0b81", "indicator--570b9f88-4d60-490a-b807-449402de0b81", "observed-data--570b9f88-a514-4043-8ffa-476c02de0b81", "url--570b9f88-a514-4043-8ffa-476c02de0b81", "indicator--570b9f88-0fb0-4695-8961-4ac802de0b81", "indicator--570b9f89-568c-4380-ab31-475602de0b81", "observed-data--570b9f89-5e98-4637-af9b-424002de0b81", "url--570b9f89-5e98-4637-af9b-424002de0b81", "indicator--570b9f89-a130-4255-b1c1-490d02de0b81", "indicator--570b9f8a-2704-4f00-8969-4fca02de0b81", "observed-data--570b9f8a-dec4-49f9-9cc1-4f0502de0b81", "url--570b9f8a-dec4-49f9-9cc1-4f0502de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f09-912c-4f67-992c-42b2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:56:41.000Z", "modified": "2016-04-11T12:56:41.000Z", "first_observed": "2016-04-11T12:56:41Z", "last_observed": "2016-04-11T12:56:41Z", "number_observed": 1, "object_refs": [ "url--570b9f09-912c-4f67-992c-42b2950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f09-912c-4f67-992c-42b2950d210f", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-devices-used-to-execute-dns-malware-against-home-routers/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--570b9f1e-1a40-4b3e-813c-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:02.000Z", "modified": "2016-04-11T12:57:02.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Attacks against home routers have been going around for years\u00e2\u20ac\u201dfrom malware that rigs routers to DNS rebinding attacks and backdoors, among others. Just last year one of our researchers reported a Domain Name System (DNS) changer malware that redirected users to malicious pages when they visited specific websites. This enabled cyber crooks to get hold of the victims\u00e2\u20ac\u2122 online credentials, such as passwords and PINs.\r\n\r\nWe recently came across an attack that proves how the Internet of Things (IoT) can be an entry point for cybercriminal activities. In this attack, which has been going on since December 2015, it requires users to access malicious websites hosting the JavaScript via their mobile devices. Accessing these sites via mobile devices enable the JavaScript to download another JavaScript with DNS changing routines.\r\n\r\nDetected as JS_JITON, this JavaScript can be downloaded whether users are accessing compromised websites via their computers or mobile devices. However, the infection chain differs depending on the medium employed by users. For instance, JS_JITON downloads JS_JITONDNS that only infects mobile devices and triggers the DNS changing routine. JITON only exploits the vulnerability if the affected users have ZTE modems." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f36-ef00-4f0b-aec6-d938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:26.000Z", "modified": "2016-04-11T12:57:26.000Z", "description": "Malicious website", "pattern": "[url:value = 'http://lib.tongjii.us/tj.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:57:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f37-8c00-4a1c-8415-d938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:27.000Z", "modified": "2016-04-11T12:57:27.000Z", "description": "Malicious website", "pattern": "[url:value = 'http://lib.tongjii.us/tongji.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:57:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f37-6840-4611-a633-d938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:27.000Z", "modified": "2016-04-11T12:57:27.000Z", "description": "Malicious website", "pattern": "[url:value = 'http://cn.tongjii.us/show.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:57:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f37-e1f8-4474-8c30-d938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:27.000Z", "modified": "2016-04-11T12:57:27.000Z", "description": "Malicious website", "pattern": "[url:value = 'http://cn.tongjii.us/show1.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:57:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f38-5558-4947-b2d5-d938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:28.000Z", "modified": "2016-04-11T12:57:28.000Z", "description": "Malicious website", "pattern": "[url:value = 'http://dns.tongjj.info/dns/dlink.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:57:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f38-aee0-42e9-9a88-d938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:28.000Z", "modified": "2016-04-11T12:57:28.000Z", "description": "Malicious website", "pattern": "[url:value = 'http://dns.tongjj.info/dns/tplink.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:57:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f38-8f60-4a1d-8b16-d938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:28.000Z", "modified": "2016-04-11T12:57:28.000Z", "description": "Malicious website", "pattern": "[url:value = 'http://dns.tongjj.info/dns/zte.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:57:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f39-8b04-4aa3-b9a0-d938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:29.000Z", "modified": "2016-04-11T12:57:29.000Z", "description": "Malicious website", "pattern": "[url:value = 'http://dns.tongjj.info/dns/china/dlink.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:57:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f39-953c-409c-9bc3-d938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:29.000Z", "modified": "2016-04-11T12:57:29.000Z", "description": "Malicious website", "pattern": "[url:value = 'http://dns.tongjj.info/dns/china/tplink.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:57:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f39-8084-4bc7-adfc-d938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:57:29.000Z", "modified": "2016-04-11T12:57:29.000Z", "description": "Malicious website", "pattern": "[url:value = 'http://dns.tongjj.info/dns/china/zte.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:57:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5a-f32c-4ae7-bda8-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:02.000Z", "modified": "2016-04-11T12:58:02.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = '4b75a94613b7bf238948104092fe9fd4107fbf97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5a-d290-435e-a054-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:02.000Z", "modified": "2016-04-11T12:58:02.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = 'da19d2b503932bfb7b0ccf6c40b9f0b0d19282fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5a-ed88-4967-a6c2-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:02.000Z", "modified": "2016-04-11T12:58:02.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = 'f7d9dbc1c198de25512cb15f3c19827a2b2188df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5b-662c-49af-85ee-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:03.000Z", "modified": "2016-04-11T12:58:03.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = '545c71b9988d6df27eae31e8738f28da7caae534']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5b-b6d4-4c0b-955c-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:03.000Z", "modified": "2016-04-11T12:58:03.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = '67c28c29ebef9a57657e84dce83d458225447ae9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5c-8fec-4f80-b521-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:04.000Z", "modified": "2016-04-11T12:58:04.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = '1f6e45204a28d9da16777d772eddf7e8d10e588a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5c-2500-4dec-a17a-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:04.000Z", "modified": "2016-04-11T12:58:04.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = '331441f69ceae4d9f3a78f4b4b46bdc64c11bd4a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5c-6c64-4872-b332-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:04.000Z", "modified": "2016-04-11T12:58:04.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = '2f48f1c75f0984d722395b47cd10af9c15ea142f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5d-9294-4f3e-b1d9-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:05.000Z", "modified": "2016-04-11T12:58:05.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = 'b6c423ff0c91fa65b63a37a136ca6bbe29fce34d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5d-b8f8-40de-93f5-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:05.000Z", "modified": "2016-04-11T12:58:05.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = '9d37dcf8f87479545adf78d44ca97464491fe39a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5d-3ed0-457d-931c-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:05.000Z", "modified": "2016-04-11T12:58:05.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = 'af3ececf550f9486d90fca6f7bb7c735318d50cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5e-8240-4939-b922-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:06.000Z", "modified": "2016-04-11T12:58:06.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = 'ce034e437b20dce84e75a90ed2b3a58532ebcbb9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5e-e41c-4513-a445-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:06.000Z", "modified": "2016-04-11T12:58:06.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = 'acb1f8caa3d2babe37ea21014e0c79ce6c18f8a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f5e-7690-4f7e-a442-d939950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:06.000Z", "modified": "2016-04-11T12:58:06.000Z", "description": "JS_JITON sample", "pattern": "[file:hashes.SHA1 = 'b62ea64db9643fe0a4331f724d234e19c149cabf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f7f-7164-4d5c-8bc9-463302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:39.000Z", "modified": "2016-04-11T12:58:39.000Z", "description": "JS_JITON sample - Xchecked via VT: acb1f8caa3d2babe37ea21014e0c79ce6c18f8a2", "pattern": "[file:hashes.SHA256 = '295ccf30b6fd09ca858cfe749cdedfd8bb29c613452b66c9cdc24173ad213c9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f7f-df40-43bf-b3f2-498802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:39.000Z", "modified": "2016-04-11T12:58:39.000Z", "description": "JS_JITON sample - Xchecked via VT: acb1f8caa3d2babe37ea21014e0c79ce6c18f8a2", "pattern": "[file:hashes.MD5 = '22ebde4114a9b7028beab9d8673fa1e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f7f-e33c-4a04-a835-4cc102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:39.000Z", "modified": "2016-04-11T12:58:39.000Z", "first_observed": "2016-04-11T12:58:39Z", "last_observed": "2016-04-11T12:58:39Z", "number_observed": 1, "object_refs": [ "url--570b9f7f-e33c-4a04-a835-4cc102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f7f-e33c-4a04-a835-4cc102de0b81", "value": "https://www.virustotal.com/file/295ccf30b6fd09ca858cfe749cdedfd8bb29c613452b66c9cdc24173ad213c9c/analysis/1449711767/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f80-ae0c-4c52-9d4c-4fab02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:40.000Z", "modified": "2016-04-11T12:58:40.000Z", "description": "JS_JITON sample - Xchecked via VT: ce034e437b20dce84e75a90ed2b3a58532ebcbb9", "pattern": "[file:hashes.SHA256 = 'a019a303c9e54bff72fd7bfcdd9b6264b42e9c7eb6f0ae3cf332f563b20c402a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f80-a664-41c5-ac22-433702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:40.000Z", "modified": "2016-04-11T12:58:40.000Z", "description": "JS_JITON sample - Xchecked via VT: ce034e437b20dce84e75a90ed2b3a58532ebcbb9", "pattern": "[file:hashes.MD5 = '8a9975c9d8895ca9b1c380624cde780a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f81-d550-4ab5-b6ea-48b002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:41.000Z", "modified": "2016-04-11T12:58:41.000Z", "first_observed": "2016-04-11T12:58:41Z", "last_observed": "2016-04-11T12:58:41Z", "number_observed": 1, "object_refs": [ "url--570b9f81-d550-4ab5-b6ea-48b002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f81-d550-4ab5-b6ea-48b002de0b81", "value": "https://www.virustotal.com/file/a019a303c9e54bff72fd7bfcdd9b6264b42e9c7eb6f0ae3cf332f563b20c402a/analysis/1453586843/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f81-74fc-4995-9012-454b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:41.000Z", "modified": "2016-04-11T12:58:41.000Z", "description": "JS_JITON sample - Xchecked via VT: af3ececf550f9486d90fca6f7bb7c735318d50cd", "pattern": "[file:hashes.SHA256 = 'b4eb873dd1c037dabe6da9e76af356575a9bd43c6b5bbdedc85e1ca4ad502c08']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f81-9fa4-49d3-bbc4-40b402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:41.000Z", "modified": "2016-04-11T12:58:41.000Z", "description": "JS_JITON sample - Xchecked via VT: af3ececf550f9486d90fca6f7bb7c735318d50cd", "pattern": "[file:hashes.MD5 = '01f21760ba4411cb5488f287d74e4a71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f82-003c-41cd-8317-402202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:42.000Z", "modified": "2016-04-11T12:58:42.000Z", "first_observed": "2016-04-11T12:58:42Z", "last_observed": "2016-04-11T12:58:42Z", "number_observed": 1, "object_refs": [ "url--570b9f82-003c-41cd-8317-402202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f82-003c-41cd-8317-402202de0b81", "value": "https://www.virustotal.com/file/b4eb873dd1c037dabe6da9e76af356575a9bd43c6b5bbdedc85e1ca4ad502c08/analysis/1453655360/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f82-06d8-4854-99e0-429b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:42.000Z", "modified": "2016-04-11T12:58:42.000Z", "description": "JS_JITON sample - Xchecked via VT: b6c423ff0c91fa65b63a37a136ca6bbe29fce34d", "pattern": "[file:hashes.SHA256 = '0c6acde9da4e9109f81ddd9315a66bf9e7f13d92bdd948ef1b2c8bc391e117a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f82-5bac-4b60-be5d-4aa802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:42.000Z", "modified": "2016-04-11T12:58:42.000Z", "description": "JS_JITON sample - Xchecked via VT: b6c423ff0c91fa65b63a37a136ca6bbe29fce34d", "pattern": "[file:hashes.MD5 = 'b1e77eef8a1c0509593c424ac12a52d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f83-9c50-46c4-a6d8-4e1a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:43.000Z", "modified": "2016-04-11T12:58:43.000Z", "first_observed": "2016-04-11T12:58:43Z", "last_observed": "2016-04-11T12:58:43Z", "number_observed": 1, "object_refs": [ "url--570b9f83-9c50-46c4-a6d8-4e1a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f83-9c50-46c4-a6d8-4e1a02de0b81", "value": "https://www.virustotal.com/file/0c6acde9da4e9109f81ddd9315a66bf9e7f13d92bdd948ef1b2c8bc391e117a6/analysis/1459939978/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f83-d724-4ad7-b398-418002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:43.000Z", "modified": "2016-04-11T12:58:43.000Z", "description": "JS_JITON sample - Xchecked via VT: 331441f69ceae4d9f3a78f4b4b46bdc64c11bd4a", "pattern": "[file:hashes.SHA256 = 'dd80bc159d3f4a8130a499952a124bd0c8192c371ef62b789496c809894a822a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f83-faa0-45f9-89b8-430102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:43.000Z", "modified": "2016-04-11T12:58:43.000Z", "description": "JS_JITON sample - Xchecked via VT: 331441f69ceae4d9f3a78f4b4b46bdc64c11bd4a", "pattern": "[file:hashes.MD5 = '5afcb17b3e53745b6fa987ca46bfde30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f84-7ce4-4691-8548-45aa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:44.000Z", "modified": "2016-04-11T12:58:44.000Z", "first_observed": "2016-04-11T12:58:44Z", "last_observed": "2016-04-11T12:58:44Z", "number_observed": 1, "object_refs": [ "url--570b9f84-7ce4-4691-8548-45aa02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f84-7ce4-4691-8548-45aa02de0b81", "value": "https://www.virustotal.com/file/dd80bc159d3f4a8130a499952a124bd0c8192c371ef62b789496c809894a822a/analysis/1456446825/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f84-6d80-49dc-a0d8-4b5002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:44.000Z", "modified": "2016-04-11T12:58:44.000Z", "description": "JS_JITON sample - Xchecked via VT: 1f6e45204a28d9da16777d772eddf7e8d10e588a", "pattern": "[file:hashes.SHA256 = 'e05255556781f8c5700604c4c0c631d6c5c6a195ee734e01fb220297030e3b8b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f84-d638-4a5f-8acf-438c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:44.000Z", "modified": "2016-04-11T12:58:44.000Z", "description": "JS_JITON sample - Xchecked via VT: 1f6e45204a28d9da16777d772eddf7e8d10e588a", "pattern": "[file:hashes.MD5 = 'cc94092aa34f8a15abacd5912ad65def']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f85-468c-486c-8789-482c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:45.000Z", "modified": "2016-04-11T12:58:45.000Z", "first_observed": "2016-04-11T12:58:45Z", "last_observed": "2016-04-11T12:58:45Z", "number_observed": 1, "object_refs": [ "url--570b9f85-468c-486c-8789-482c02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f85-468c-486c-8789-482c02de0b81", "value": "https://www.virustotal.com/file/e05255556781f8c5700604c4c0c631d6c5c6a195ee734e01fb220297030e3b8b/analysis/1452839571/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f85-c8c4-4377-b8ff-4d6a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:45.000Z", "modified": "2016-04-11T12:58:45.000Z", "description": "JS_JITON sample - Xchecked via VT: 67c28c29ebef9a57657e84dce83d458225447ae9", "pattern": "[file:hashes.SHA256 = 'd17376cf4cb292b91b3b207caef7166aa92219d13b421771f8a56bb588aea74f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f85-01bc-4752-91c3-440802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:45.000Z", "modified": "2016-04-11T12:58:45.000Z", "description": "JS_JITON sample - Xchecked via VT: 67c28c29ebef9a57657e84dce83d458225447ae9", "pattern": "[file:hashes.MD5 = '99fa606bb886163b675c9e76e6389c69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f86-6328-472b-889f-478002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:46.000Z", "modified": "2016-04-11T12:58:46.000Z", "first_observed": "2016-04-11T12:58:46Z", "last_observed": "2016-04-11T12:58:46Z", "number_observed": 1, "object_refs": [ "url--570b9f86-6328-472b-889f-478002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f86-6328-472b-889f-478002de0b81", "value": "https://www.virustotal.com/file/d17376cf4cb292b91b3b207caef7166aa92219d13b421771f8a56bb588aea74f/analysis/1451909306/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f86-5744-4fc4-822f-4abb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:46.000Z", "modified": "2016-04-11T12:58:46.000Z", "description": "JS_JITON sample - Xchecked via VT: 545c71b9988d6df27eae31e8738f28da7caae534", "pattern": "[file:hashes.SHA256 = '0fbdba6c3e06dbf3255ec85b086a252a65b2411c26e0f09d7fb29b6775d48fc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f86-2978-4f5e-8946-473002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:46.000Z", "modified": "2016-04-11T12:58:46.000Z", "description": "JS_JITON sample - Xchecked via VT: 545c71b9988d6df27eae31e8738f28da7caae534", "pattern": "[file:hashes.MD5 = '12ffd1585304d593bd63cfaf16d2de7d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f87-d4ec-4faf-954f-442302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:47.000Z", "modified": "2016-04-11T12:58:47.000Z", "first_observed": "2016-04-11T12:58:47Z", "last_observed": "2016-04-11T12:58:47Z", "number_observed": 1, "object_refs": [ "url--570b9f87-d4ec-4faf-954f-442302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f87-d4ec-4faf-954f-442302de0b81", "value": "https://www.virustotal.com/file/0fbdba6c3e06dbf3255ec85b086a252a65b2411c26e0f09d7fb29b6775d48fc5/analysis/1458349418/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f87-93b0-40c1-bc6f-41b102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:47.000Z", "modified": "2016-04-11T12:58:47.000Z", "description": "JS_JITON sample - Xchecked via VT: f7d9dbc1c198de25512cb15f3c19827a2b2188df", "pattern": "[file:hashes.SHA256 = 'cf8f91b07ce83247aadc58eded46a59b51a939c4083e47b100a511a377057763']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f88-4d60-490a-b807-449402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:48.000Z", "modified": "2016-04-11T12:58:48.000Z", "description": "JS_JITON sample - Xchecked via VT: f7d9dbc1c198de25512cb15f3c19827a2b2188df", "pattern": "[file:hashes.MD5 = '09a34b286a748573fa16d66957432df0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f88-a514-4043-8ffa-476c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:48.000Z", "modified": "2016-04-11T12:58:48.000Z", "first_observed": "2016-04-11T12:58:48Z", "last_observed": "2016-04-11T12:58:48Z", "number_observed": 1, "object_refs": [ "url--570b9f88-a514-4043-8ffa-476c02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f88-a514-4043-8ffa-476c02de0b81", "value": "https://www.virustotal.com/file/cf8f91b07ce83247aadc58eded46a59b51a939c4083e47b100a511a377057763/analysis/1457939144/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f88-0fb0-4695-8961-4ac802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:48.000Z", "modified": "2016-04-11T12:58:48.000Z", "description": "JS_JITON sample - Xchecked via VT: da19d2b503932bfb7b0ccf6c40b9f0b0d19282fb", "pattern": "[file:hashes.SHA256 = '59ec2b49759dd09f18e6a99dd9424f56223bef43b624f37979e02bd21c976722']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f89-568c-4380-ab31-475602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:49.000Z", "modified": "2016-04-11T12:58:49.000Z", "description": "JS_JITON sample - Xchecked via VT: da19d2b503932bfb7b0ccf6c40b9f0b0d19282fb", "pattern": "[file:hashes.MD5 = 'e3234a0a314ab9037281a61532d9f385']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f89-5e98-4637-af9b-424002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:49.000Z", "modified": "2016-04-11T12:58:49.000Z", "first_observed": "2016-04-11T12:58:49Z", "last_observed": "2016-04-11T12:58:49Z", "number_observed": 1, "object_refs": [ "url--570b9f89-5e98-4637-af9b-424002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f89-5e98-4637-af9b-424002de0b81", "value": "https://www.virustotal.com/file/59ec2b49759dd09f18e6a99dd9424f56223bef43b624f37979e02bd21c976722/analysis/1458825711/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f89-a130-4255-b1c1-490d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:49.000Z", "modified": "2016-04-11T12:58:49.000Z", "description": "JS_JITON sample - Xchecked via VT: 4b75a94613b7bf238948104092fe9fd4107fbf97", "pattern": "[file:hashes.SHA256 = 'a1aabff6b63746df8c0c022ab54645a2945d1fcabfbbb047a0ab3d322fd15c66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570b9f8a-2704-4f00-8969-4fca02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:50.000Z", "modified": "2016-04-11T12:58:50.000Z", "description": "JS_JITON sample - Xchecked via VT: 4b75a94613b7bf238948104092fe9fd4107fbf97", "pattern": "[file:hashes.MD5 = 'cc1a14c0183b22881f7fe3d7ce247ba3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-11T12:58:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570b9f8a-dec4-49f9-9cc1-4f0502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-11T12:58:50.000Z", "modified": "2016-04-11T12:58:50.000Z", "first_observed": "2016-04-11T12:58:50Z", "last_observed": "2016-04-11T12:58:50Z", "number_observed": 1, "object_refs": [ "url--570b9f8a-dec4-49f9-9cc1-4f0502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570b9f8a-dec4-49f9-9cc1-4f0502de0b81", "value": "https://www.virustotal.com/file/a1aabff6b63746df8c0c022ab54645a2945d1fcabfbbb047a0ab3d322fd15c66/analysis/1459487002/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }