{ "type": "bundle", "id": "bundle--5af14dc2-e6fc-41be-a917-865d950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-24T08:43:32.000Z", "modified": "2018-09-24T08:43:32.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5af14dc2-e6fc-41be-a917-865d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-24T08:43:32.000Z", "modified": "2018-09-24T08:43:32.000Z", "name": "OSINT - Malicious Documents Targeting Security Professionals", "context": "suspicious-activity", "object_refs": [ "observed-data--5af14e94-9914-4907-b0fe-86a0950d210f", "url--5af14e94-9914-4907-b0fe-86a0950d210f", "x-misp-attribute--5af19b99-e94c-4553-8161-4273950d210f", "indicator--5af19a71-83f8-4b1d-a40a-474a950d210f", "indicator--5af19a70-3148-49a0-a827-4f48950d210f", "indicator--5af19a70-2078-4023-9df3-4ac7950d210f", "indicator--5af19a70-2a3c-456c-9960-4241950d210f", "indicator--5af19a6f-fd10-4266-b7d6-4c3c950d210f", "indicator--5af19a6f-e62c-425c-a2f8-4873950d210f", "indicator--5af19a6e-5498-42df-b551-40cd950d210f", "indicator--5af19a6e-6540-41da-8bad-43b8950d210f", "indicator--5af19a6d-8f4c-4bbb-8e2a-411a950d210f", "indicator--5af19a6d-5c48-4ee1-83ad-43bb950d210f", "indicator--5af19a6c-49cc-4ec7-a001-4b81950d210f", "indicator--5af19a6c-0180-4082-a38a-43eb950d210f", "indicator--5af19a6c-9c20-42c3-8068-4531950d210f", "indicator--5af19a6b-043c-446b-b689-4f22950d210f", "indicator--5af19a6b-1e40-41b1-9eab-409f950d210f", "indicator--5af19a6a-4adc-4e8d-b17f-4443950d210f", "indicator--5af19a6a-7868-4680-b1f4-42f7950d210f", "indicator--5af19a6a-931c-49f2-a751-4fd5950d210f", "indicator--5af19a69-0ae0-4e62-8641-4ab3950d210f", "indicator--5af19a69-7294-47e3-b9f7-49f7950d210f", "indicator--5af19a68-1acc-473c-913c-4ad9950d210f", "indicator--5af19a68-4948-4be3-b110-4037950d210f", "indicator--5af19a68-ab70-472f-9767-466c950d210f", "indicator--5af19a67-84fc-406c-8f62-4f8b950d210f", "indicator--5af19a67-a17c-4c26-8311-435a950d210f", "indicator--5af19a66-9c64-4813-8edb-46fb950d210f", "indicator--5af19a66-58a0-4c24-8b76-43cc950d210f", "indicator--5af19a66-62bc-42e3-9963-40a1950d210f", "indicator--5af19a65-51e8-4408-9455-4f56950d210f", "indicator--5af19a65-68f0-4291-b9d8-4157950d210f", "indicator--5af19a64-682c-4b97-a62b-458b950d210f", "indicator--5af19a64-d5e0-4675-9dda-426d950d210f", "indicator--5af19a64-054c-49d7-a3fe-4559950d210f", "indicator--5af19a63-f814-405d-8d73-4470950d210f", "indicator--5af19a63-f0d8-4576-90d9-4d5d950d210f", "indicator--5af19a62-58e0-4b68-a495-4718950d210f", "indicator--5af19a62-3544-4c09-810c-40e2950d210f", "indicator--5af19a62-3f68-4337-915d-45c8950d210f", "indicator--5af19a61-dbac-4eef-87e3-461b950d210f", "indicator--5af19a60-446c-4ca8-9ff8-4232950d210f", "indicator--5af19a5f-246c-4f93-8b55-4121950d210f", "indicator--5af19a5f-fcf4-4915-b11d-4a1f950d210f", "indicator--5af19a5f-9e70-48d0-abfb-4df5950d210f", "indicator--5af19a5e-0e20-4e33-9a94-405c950d210f", "indicator--5af19a5e-6b84-4031-8012-43c7950d210f", "indicator--5af19a5d-01c0-4ed9-9b6d-4493950d210f", "indicator--5af19a5d-999c-4530-9b17-4c88950d210f", "indicator--5af19a5c-a474-4a26-8cc0-4666950d210f", "indicator--5af19a5c-9cb4-4fbd-9981-4b68950d210f", "indicator--5af19a5b-4044-4cf8-a777-46b3950d210f", "indicator--5af19b1d-a4b4-4ceb-8f5d-4d23950d210f", "indicator--5af19b2f-11f0-400f-a7c0-4d86950d210f", "indicator--5af19b44-a0ac-4250-b880-4b8b950d210f", "indicator--5af19b54-e774-4814-9e53-4631950d210f", "indicator--5af19b65-88d4-4364-b0e2-473f950d210f", "indicator--b2f4c01b-8691-431e-95ef-0f5c5e6d9cef", "x-misp-object--6dcce3e6-fc8f-4baa-971e-d34c306859d6", "indicator--35bebeb6-e3a6-49e9-a792-e27c8bd58680", "x-misp-object--471ea070-b931-49b8-84f1-3aa17142616e", "indicator--8caa1fad-a8c8-4a0b-9018-713c9b43f2ab", "x-misp-object--19df72d9-0e07-4e64-b85a-a67e7cbd5461", "indicator--3afb1d2d-918f-4ee3-8883-a746fcefb16c", "x-misp-object--56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330", "indicator--17ef59e9-90d1-419f-8e13-876d80929841", "x-misp-object--d4a9873f-1361-4dca-86f4-46145a25efde", "relationship--853d6e31-e237-4066-b3f9-8ac273f3104d", "relationship--cb6825b7-0352-455d-8dd0-8481fdc1d8fa", "relationship--5c19cd44-b9d2-4bd9-8ceb-cfdc70eb8c35", "relationship--96dba7f1-8d71-4dfe-a85e-179ff383d7af", "relationship--7b119a29-fa55-499b-86c6-755c4a4e0ca8" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "admiralty-scale:information-credibility=\"4\"", "estimative-language:confidence-in-analytic-judgment=\"low\"", "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"", "misp-galaxy:microsoft-activity-group=\"STRONTIUM\"", "misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"", "misp-galaxy:threat-actor=\"Sofacy\"", "osint:source-type=\"blog-post\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5af14e94-9914-4907-b0fe-86a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:39.000Z", "modified": "2018-05-08T12:50:39.000Z", "first_observed": "2018-05-08T12:50:39Z", "last_observed": "2018-05-08T12:50:39Z", "number_observed": 1, "object_refs": [ "url--5af14e94-9914-4907-b0fe-86a0950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5af14e94-9914-4907-b0fe-86a0950d210f", "value": "https://www.jigsawsecurityenterprise.com/single-post/2017/11/01/Malicious-Documents-Targeting-Security-Professionals" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5af19b99-e94c-4553-8161-4273950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:39.000Z", "modified": "2018-05-08T12:50:39.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear\u2026). Ironically the decoy document is a flyer concerning the Cyber Conflict U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence on 7-8 November 2017 at Washington, D.C. Due to the nature of this document, we assume that this campaign targets people with an interest in cyber security. Unlike previous campaigns from this actor, the flyer does not contain an Office exploit or a 0-day, it simply contains a malicious Visual Basic for Applications (VBA) macro." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a71-83f8-4b1d-a40a-474a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:40.000Z", "modified": "2018-05-08T12:50:40.000Z", "pattern": "[domain-name:value = 'www.sdhjjekfp4k.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a70-3148-49a0-a827-4f48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:40.000Z", "modified": "2018-05-08T12:50:40.000Z", "pattern": "[domain-name:value = 'www.cdnmsnupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a70-2078-4023-9df3-4ac7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:41.000Z", "modified": "2018-05-08T12:50:41.000Z", "pattern": "[domain-name:value = 'www.adobeproduct.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a70-2a3c-456c-9960-4241950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:41.000Z", "modified": "2018-05-08T12:50:41.000Z", "pattern": "[domain-name:value = 'windows81.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6f-fd10-4266-b7d6-4c3c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:41.000Z", "modified": "2018-05-08T12:50:41.000Z", "pattern": "[domain-name:value = 'windows.mswordupdate17.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6f-e62c-425c-a2f8-4873950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:42.000Z", "modified": "2018-05-08T12:50:42.000Z", "pattern": "[domain-name:value = 'w9umi9wrvzsvlvstvfvslbumdfdvda5tl.1.d.255.adobeproduct.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6e-5498-42df-b551-40cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:42.000Z", "modified": "2018-05-08T12:50:42.000Z", "pattern": "[domain-name:value = 'vascothreatscan.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6e-6540-41da-8bad-43b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:43.000Z", "modified": "2018-05-08T12:50:43.000Z", "pattern": "[domain-name:value = 'sinkhole.tigersecurity.pro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6d-8f4c-4bbb-8e2a-411a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:43.000Z", "modified": "2018-05-08T12:50:43.000Z", "pattern": "[domain-name:value = 'runssnetworks.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6d-5c48-4ee1-83ad-43bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:43.000Z", "modified": "2018-05-08T12:50:43.000Z", "pattern": "[domain-name:value = 'protectingsearch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6c-49cc-4ec7-a001-4b81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:44.000Z", "modified": "2018-05-08T12:50:44.000Z", "pattern": "[domain-name:value = 'peacefund.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6c-0180-4082-a38a-43eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:44.000Z", "modified": "2018-05-08T12:50:44.000Z", "pattern": "[domain-name:value = 'ns3.cdnmsnupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6c-9c20-42c3-8068-4531950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:45.000Z", "modified": "2018-05-08T12:50:45.000Z", "pattern": "[domain-name:value = 'ns2.ntpupdateserver.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6b-043c-446b-b689-4f22950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:45.000Z", "modified": "2018-05-08T12:50:45.000Z", "pattern": "[domain-name:value = 'ns2.cdnmsnupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6b-1e40-41b1-9eab-409f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:46.000Z", "modified": "2018-05-08T12:50:46.000Z", "pattern": "[domain-name:value = 'ns1.cdnmsnupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6a-4adc-4e8d-b17f-4443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:46.000Z", "modified": "2018-05-08T12:50:46.000Z", "pattern": "[domain-name:value = 'networkschecker.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6a-7868-4680-b1f4-42f7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:47.000Z", "modified": "2018-05-08T12:50:47.000Z", "pattern": "[domain-name:value = 'n.n.c.303ff7b225c14f1498a2.cdnmsnupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a6a-931c-49f2-a751-4fd5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:47.000Z", "modified": "2018-05-08T12:50:47.000Z", "pattern": "[domain-name:value = 'n.n.c.26055.adobeproduct.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a69-0ae0-4e62-8641-4ab3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:47.000Z", "modified": "2018-05-08T12:50:47.000Z", "pattern": "[domain-name:value = 'n.n.c.255.adobeproduct.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a69-7294-47e3-b9f7-49f7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:48.000Z", "modified": "2018-05-08T12:50:48.000Z", "pattern": "[domain-name:value = 'n.3.f.255.adobeproduct.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a68-1acc-473c-913c-4ad9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:48.000Z", "modified": "2018-05-08T12:50:48.000Z", "pattern": "[domain-name:value = 'myinvestgroup.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a68-4948-4be3-b110-4037950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:49.000Z", "modified": "2018-05-08T12:50:49.000Z", "pattern": "[domain-name:value = 'msoffice-cdn.comns3.cdnmsnupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a68-ab70-472f-9767-466c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:49.000Z", "modified": "2018-05-08T12:50:49.000Z", "pattern": "[domain-name:value = 'microsoftupdated.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a67-84fc-406c-8f62-4f8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:50.000Z", "modified": "2018-05-08T12:50:50.000Z", "pattern": "[domain-name:value = 'maskulan.dynu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a67-a17c-4c26-8311-435a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:50.000Z", "modified": "2018-05-08T12:50:50.000Z", "pattern": "[domain-name:value = 'maskulan.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a66-9c64-4813-8edb-46fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:51.000Z", "modified": "2018-05-08T12:50:51.000Z", "pattern": "[domain-name:value = 'jflynci.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a66-58a0-4c24-8b76-43cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:51.000Z", "modified": "2018-05-08T12:50:51.000Z", "pattern": "[domain-name:value = 'jeremizo888.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a66-62bc-42e3-9963-40a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:51.000Z", "modified": "2018-05-08T12:50:51.000Z", "pattern": "[domain-name:value = 'ip113.ip-91-134-203.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a65-51e8-4408-9455-4f56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:52.000Z", "modified": "2018-05-08T12:50:52.000Z", "pattern": "[domain-name:value = 'ikmtrust.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a65-68f0-4291-b9d8-4157950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:52.000Z", "modified": "2018-05-08T12:50:52.000Z", "pattern": "[domain-name:value = 'hhcghibvywzedwa2iyvsuzzhx8.2.d.255.adobeproduct.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a64-682c-4b97-a62b-458b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:53.000Z", "modified": "2018-05-08T12:50:53.000Z", "pattern": "[domain-name:value = 'googlea.net63.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a64-d5e0-4675-9dda-426d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:53.000Z", "modified": "2018-05-08T12:50:53.000Z", "pattern": "[domain-name:value = 'fsportal.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a64-054c-49d7-a3fe-4559950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:53.000Z", "modified": "2018-05-08T12:50:53.000Z", "pattern": "[domain-name:value = 'flashcontentdelivery.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a63-f814-405d-8d73-4470950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:54.000Z", "modified": "2018-05-08T12:50:54.000Z", "pattern": "[domain-name:value = 'faststoragefiles.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a63-f0d8-4576-90d9-4d5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:54.000Z", "modified": "2018-05-08T12:50:54.000Z", "pattern": "[domain-name:value = 'fastfileconverter.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a62-58e0-4b68-a495-4718950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:55.000Z", "modified": "2018-05-08T12:50:55.000Z", "pattern": "[domain-name:value = 'elaxo.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a62-3544-4c09-810c-40e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:55.000Z", "modified": "2018-05-08T12:50:55.000Z", "pattern": "[domain-name:value = 'd6261034c34.placehol-6f699a.c.mswordupdate17.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a62-3f68-4337-915d-45c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:56.000Z", "modified": "2018-05-08T12:50:56.000Z", "pattern": "[domain-name:value = 'd6261024c34.placehol-6f699a.c.mswordupdate17.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a61-dbac-4eef-87e3-461b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:56.000Z", "modified": "2018-05-08T12:50:56.000Z", "pattern": "[domain-name:value = 'd6261013c34.placehol-6f699a.c.mswordupdate17.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a60-446c-4ca8-9ff8-4232950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:57.000Z", "modified": "2018-05-08T12:50:57.000Z", "pattern": "[domain-name:value = 'd6238210c34.placehol-6f699a.c.mswordupdate17.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a5f-246c-4f93-8b55-4121950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:57.000Z", "modified": "2018-05-08T12:50:57.000Z", "pattern": "[domain-name:value = 'd6238158c34.placehol-6f699a.c.mswordupdate17.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a5f-fcf4-4915-b11d-4a1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:57.000Z", "modified": "2018-05-08T12:50:57.000Z", "pattern": "[domain-name:value = 'd6238111c34.placehol-6f699a.c.mswordupdate17.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a5f-9e70-48d0-abfb-4df5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:58.000Z", "modified": "2018-05-08T12:50:58.000Z", "pattern": "[domain-name:value = 'd6238051c34.placehol-6f699a.c.mswordupdate17.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a5e-0e20-4e33-9a94-405c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:58.000Z", "modified": "2018-05-08T12:50:58.000Z", "pattern": "[domain-name:value = 'd6231738c34.john-pc.c.mswordupdate17.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a5e-6b84-4031-8012-43c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:59.000Z", "modified": "2018-05-08T12:50:59.000Z", "pattern": "[domain-name:value = 'carlos88.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a5d-01c0-4ed9-9b6d-4493950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:59.000Z", "modified": "2018-05-08T12:50:59.000Z", "pattern": "[domain-name:value = 'bonjourcheck.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a5d-999c-4530-9b17-4c88950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:50:59.000Z", "modified": "2018-05-08T12:50:59.000Z", "pattern": "[domain-name:value = 'ahr0cdovlzkyljiymi4ymdkundkvywn0a.0.d.255.adobeproduct.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:50:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a5c-a474-4a26-8cc0-4666950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:00.000Z", "modified": "2018-05-08T12:51:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.134.203.113']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:51:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a5c-9cb4-4fbd-9981-4b68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:00.000Z", "modified": "2018-05-08T12:51:00.000Z", "pattern": "[domain-name:value = '357.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:51:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19a5b-4044-4cf8-a777-46b3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:01.000Z", "modified": "2018-05-08T12:51:01.000Z", "pattern": "[domain-name:value = '200200.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:51:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19b1d-a4b4-4ceb-8f5d-4d23950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:42:05.000Z", "modified": "2018-05-08T12:42:05.000Z", "pattern": "[file:hashes.SHA256 = '522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:42:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19b2f-11f0-400f-a7c0-4d86950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:42:23.000Z", "modified": "2018-05-08T12:42:23.000Z", "pattern": "[file:hashes.SHA256 = 'c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19b44-a0ac-4250-b880-4b8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:42:44.000Z", "modified": "2018-05-08T12:42:44.000Z", "pattern": "[file:hashes.SHA256 = 'e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:42:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19b54-e774-4814-9e53-4631950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:43:00.000Z", "modified": "2018-05-08T12:43:00.000Z", "pattern": "[file:hashes.SHA256 = 'ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:43:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af19b65-88d4-4364-b0e2-473f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:43:17.000Z", "modified": "2018-05-08T12:43:17.000Z", "pattern": "[file:hashes.SHA256 = 'efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:43:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2f4c01b-8691-431e-95ef-0f5c5e6d9cef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:04.000Z", "modified": "2018-05-08T12:51:04.000Z", "pattern": "[file:hashes.MD5 = '60bc999ff14ee2f359130d6c1375b033' AND file:hashes.SHA1 = '142f524121fe16e1c67031f12015be4adec42bb7' AND file:hashes.SHA256 = '522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:51:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6dcce3e6-fc8f-4baa-971e-d34c306859d6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:03.000Z", "modified": "2018-05-08T12:51:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805/analysis/1525212925/", "category": "External analysis", "uuid": "5af19d37-9f6c-4806-9332-476502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/67", "category": "Other", "uuid": "5af19d37-72a0-4dc4-a527-474002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-05-01 22:15:25", "category": "Other", "uuid": "5af19d37-43b0-48fb-b246-48b602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--35bebeb6-e3a6-49e9-a792-e27c8bd58680", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:07.000Z", "modified": "2018-05-08T12:51:07.000Z", "pattern": "[file:hashes.MD5 = 'f52ea8f238e57e49bfae304bd656ad98' AND file:hashes.SHA1 = '169c8f3e3d22e192c108bc95164d362ce5437465' AND file:hashes.SHA256 = 'efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:51:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--471ea070-b931-49b8-84f1-3aa17142616e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:05.000Z", "modified": "2018-05-08T12:51:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52/analysis/1525739034/", "category": "External analysis", "uuid": "5af19d39-9aa8-49a4-b505-44de02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/59", "category": "Other", "uuid": "5af19d39-b33c-4eaf-b9dd-4cd502de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-05-08 00:23:54", "category": "Other", "uuid": "5af19d39-4144-45f2-92ae-4c0202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8caa1fad-a8c8-4a0b-9018-713c9b43f2ab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:09.000Z", "modified": "2018-05-08T12:51:09.000Z", "pattern": "[file:hashes.MD5 = '94b288154e3d0225f86bb3c012fa8d63' AND file:hashes.SHA1 = '4873bafe44cff06845faa0ce7c270c4ce3c9f7b9' AND file:hashes.SHA256 = 'e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:51:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--19df72d9-0e07-4e64-b85a-a67e7cbd5461", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:07.000Z", "modified": "2018-05-08T12:51:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae/analysis/1525738483/", "category": "External analysis", "uuid": "5af19d3c-b5b4-4987-9f35-4dce02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/59", "category": "Other", "uuid": "5af19d3c-fcc8-4055-9b18-47e702de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-05-08 00:14:43", "category": "Other", "uuid": "5af19d3b-59d8-4a09-8ac8-488b02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3afb1d2d-918f-4ee3-8883-a746fcefb16c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:11.000Z", "modified": "2018-05-08T12:51:11.000Z", "pattern": "[file:hashes.MD5 = 'fc7d4cde5d2266082966d80f5f1566b9' AND file:hashes.SHA1 = '8a68f26d01372114f660e32ac4c9117e5d0577f1' AND file:hashes.SHA256 = 'ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:51:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:10.000Z", "modified": "2018-05-08T12:51:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18/analysis/1525739124/", "category": "External analysis", "uuid": "5af19d3e-0e54-4b99-8f39-437f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/67", "category": "Other", "uuid": "5af19d3e-1f50-4efc-afa7-437902de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-05-08 00:25:24", "category": "Other", "uuid": "5af19d3e-4af0-416d-ba8e-45ab02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17ef59e9-90d1-419f-8e13-876d80929841", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:14.000Z", "modified": "2018-05-08T12:51:14.000Z", "pattern": "[file:hashes.MD5 = '085be1b8b8f3e90be00f6a3bcea2879f' AND file:hashes.SHA1 = 'cc7607015cd7a1a4452acd3d87adabdd7e005bd7' AND file:hashes.SHA256 = 'c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-08T12:51:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d4a9873f-1361-4dca-86f4-46145a25efde", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-08T12:51:12.000Z", "modified": "2018-05-08T12:51:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f/analysis/1525737660/", "category": "External analysis", "uuid": "5af19d40-d9e0-49c1-83a5-455602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/60", "category": "Other", "uuid": "5af19d40-0110-49fa-8fbd-4c5502de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-05-08 00:01:00", "category": "Other", "uuid": "5af19d40-d024-4c29-8c9b-40c002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--853d6e31-e237-4066-b3f9-8ac273f3104d", "created": "2018-05-08T12:51:13.000Z", "modified": "2018-05-08T12:51:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b2f4c01b-8691-431e-95ef-0f5c5e6d9cef", "target_ref": "x-misp-object--6dcce3e6-fc8f-4baa-971e-d34c306859d6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cb6825b7-0352-455d-8dd0-8481fdc1d8fa", "created": "2018-05-08T12:51:13.000Z", "modified": "2018-05-08T12:51:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--35bebeb6-e3a6-49e9-a792-e27c8bd58680", "target_ref": "x-misp-object--471ea070-b931-49b8-84f1-3aa17142616e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5c19cd44-b9d2-4bd9-8ceb-cfdc70eb8c35", "created": "2018-05-08T12:51:13.000Z", "modified": "2018-05-08T12:51:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8caa1fad-a8c8-4a0b-9018-713c9b43f2ab", "target_ref": "x-misp-object--19df72d9-0e07-4e64-b85a-a67e7cbd5461" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--96dba7f1-8d71-4dfe-a85e-179ff383d7af", "created": "2018-05-08T12:51:13.000Z", "modified": "2018-05-08T12:51:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3afb1d2d-918f-4ee3-8883-a746fcefb16c", "target_ref": "x-misp-object--56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7b119a29-fa55-499b-86c6-755c4a4e0ca8", "created": "2018-05-08T12:51:13.000Z", "modified": "2018-05-08T12:51:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--17ef59e9-90d1-419f-8e13-876d80929841", "target_ref": "x-misp-object--d4a9873f-1361-4dca-86f4-46145a25efde" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }