{ "type": "bundle", "id": "bundle--557fddba-87c0-4ac1-a79a-a56f950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-11T11:44:16.000Z", "modified": "2015-09-11T11:44:16.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--557fddba-87c0-4ac1-a79a-a56f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-11T11:44:16.000Z", "modified": "2015-09-11T11:44:16.000Z", "name": "OSINT Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114 by Citizen Lab", "published": "2016-03-01T22:17:35Z", "object_refs": [ "observed-data--557fddd3-8660-4fae-8afd-a54c950d210b", "url--557fddd3-8660-4fae-8afd-a54c950d210b", "vulnerability--557fdde7-a1b4-4353-8c55-9a18950d210b", "indicator--557fde19-2370-42ff-b177-a578950d210b", "indicator--557fde56-f758-440f-ba85-a557950d210b", "indicator--557fde56-2028-4b0e-b56a-a557950d210b", "indicator--557fde56-ee28-45c5-b529-a557950d210b", "observed-data--557fde71-8300-4656-b6c1-a56f950d210b", "url--557fde71-8300-4656-b6c1-a56f950d210b", "observed-data--557fde71-0ee8-4703-89eb-a56f950d210b", "url--557fde71-0ee8-4703-89eb-a56f950d210b", "observed-data--557fde71-ef04-4184-8bac-a56f950d210b", "url--557fde71-ef04-4184-8bac-a56f950d210b", "indicator--557fdea0-24fc-4196-8d74-9a18950d210b", "indicator--557fdf18-691c-46df-8ee6-a578950d210b", "indicator--557fdf18-a958-4c1c-a813-a578950d210b", "indicator--557fdf18-8f2c-4fce-87f3-a578950d210b", "indicator--557fdf18-8dfc-4438-a5c7-a578950d210b", "indicator--557fdf18-3280-4a48-94d3-a578950d210b", "observed-data--557fe011-bc38-40b7-97e6-a557950d210b", "file--557fe011-bc38-40b7-97e6-a557950d210b", "observed-data--557fe012-b77c-4d62-8b0b-a557950d210b", "file--557fe012-b77c-4d62-8b0b-a557950d210b", "indicator--557fe012-ac0c-4808-89b7-a557950d210b", "indicator--557fe012-3a7c-43b1-891d-a557950d210b", "indicator--557fe012-83c8-45d9-98d0-a557950d210b", "indicator--557fe012-3e5c-435e-843f-a557950d210b", "indicator--557fe012-8ac8-4dd8-bd7a-a557950d210b", "indicator--557fe012-c6e4-462a-913f-a557950d210b", "indicator--557fe012-5d90-484d-a016-a557950d210b", "indicator--557fe013-e694-4c28-b731-a557950d210b", "indicator--557fe013-c4b4-4c17-bea2-a557950d210b", "indicator--557fe013-4b10-4e5c-bace-a557950d210b", "indicator--557fe013-3ed0-4a80-b8a2-a557950d210b", "indicator--557fe013-fd28-4c49-b39c-a557950d210b", "indicator--557fe013-1d70-43aa-aab5-a557950d210b", "indicator--557fe013-9898-4d44-ab23-a557950d210b", "indicator--557fe014-4658-4ea7-af4d-a557950d210b", "indicator--557fe014-be88-4162-8de2-a557950d210b", "indicator--56c65f19-a4a8-4aba-97c5-5f51950d210f", "indicator--56c65f1b-65a4-469f-870a-4a61950d210f", "indicator--56c65f1e-461c-4530-864e-458f950d210f", "indicator--56c65f1a-dd00-494f-8ae5-c653950d210f", "indicator--56c65f1c-0a5c-4bfa-8f6a-59a1950d210f", "indicator--56c65f1e-afc8-469a-82e6-599c950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557fddd3-8660-4fae-8afd-a54c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:29:50.000Z", "modified": "2015-06-16T08:29:50.000Z", "first_observed": "2015-06-16T08:29:50Z", "last_observed": "2015-06-16T08:29:50Z", "number_observed": 1, "object_refs": [ "url--557fddd3-8660-4fae-8afd-a54c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--557fddd3-8660-4fae-8afd-a54c950d210b", "value": "https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-groups-exploiting-cve-2014-4114/" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--557fdde7-a1b4-4353-8c55-9a18950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:27:19.000Z", "modified": "2015-06-16T08:27:19.000Z", "name": "CVE-2014-4114", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2014-4114" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fde19-2370-42ff-b177-a578950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:28:09.000Z", "modified": "2015-06-16T08:28:09.000Z", "pattern": "[email-message:from_ref.value = 'tibet_net@yahoo.com.hk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:28:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fde56-f758-440f-ba85-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:29:10.000Z", "modified": "2015-06-16T08:29:10.000Z", "pattern": "[file:hashes.MD5 = '18bb1ce405e4abac4b0fc63054beac6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:29:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fde56-2028-4b0e-b56a-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:29:10.000Z", "modified": "2015-06-16T08:29:10.000Z", "pattern": "[file:hashes.MD5 = '8a18a13910838d08e38db80a08e15bd5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:29:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fde56-ee28-45c5-b529-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:29:10.000Z", "modified": "2015-06-16T08:29:10.000Z", "pattern": "[file:hashes.MD5 = '2a544922d3ece4351c1af4ca63c24550']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:29:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557fde71-8300-4656-b6c1-a56f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:29:37.000Z", "modified": "2015-06-16T08:29:37.000Z", "first_observed": "2015-06-16T08:29:37Z", "last_observed": "2015-06-16T08:29:37Z", "number_observed": 1, "object_refs": [ "url--557fde71-8300-4656-b6c1-a56f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--557fde71-8300-4656-b6c1-a56f950d210b", "value": "https://www.virustotal.com/en-gb/file/c895d68a40b9a61dce6758f537a08a289dd4a392202e2d4e7635efb063d58d16/analysis/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557fde71-0ee8-4703-89eb-a56f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:29:37.000Z", "modified": "2015-06-16T08:29:37.000Z", "first_observed": "2015-06-16T08:29:37Z", "last_observed": "2015-06-16T08:29:37Z", "number_observed": 1, "object_refs": [ "url--557fde71-0ee8-4703-89eb-a56f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--557fde71-0ee8-4703-89eb-a56f950d210b", "value": "https://www.virustotal.com/en-gb/file/45a4a937dd727dad29d46bceeb460bf24fd9f6df44f10692508fbd6ed2b7dfbd/analysis/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557fde71-ef04-4184-8bac-a56f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:29:37.000Z", "modified": "2015-06-16T08:29:37.000Z", "first_observed": "2015-06-16T08:29:37Z", "last_observed": "2015-06-16T08:29:37Z", "number_observed": 1, "object_refs": [ "url--557fde71-ef04-4184-8bac-a56f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--557fde71-ef04-4184-8bac-a56f950d210b", "value": "https://www.virustotal.com/en-gb/file/ab118ff89762b8bd32f8bcb754bec06004604380b20349255bc637a197fa5f2d/analysis/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fdea0-24fc-4196-8d74-9a18950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:30:24.000Z", "modified": "2015-06-16T08:30:24.000Z", "pattern": "[domain-name:value = 'free1999.jkub.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:30:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fdf18-691c-46df-8ee6-a578950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:32:24.000Z", "modified": "2015-06-16T08:32:24.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'eset-windows.findhere.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:32:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fdf18-a958-4c1c-a813-a578950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:32:24.000Z", "modified": "2015-06-16T08:32:24.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '705147c509206151c22515ef568bac51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:32:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fdf18-8f2c-4fce-87f3-a578950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:32:24.000Z", "modified": "2015-06-16T08:32:24.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'dnsupdate.dynamic-dns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:32:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fdf18-8dfc-4438-a5c7-a578950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:32:24.000Z", "modified": "2015-06-16T08:32:24.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'good.wha.la']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:32:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fdf18-3280-4a48-94d3-a578950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:32:24.000Z", "modified": "2015-06-16T08:32:24.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'd7832e76ee2c5c48ae428e57599b589e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:32:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557fe011-bc38-40b7-97e6-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:33.000Z", "modified": "2015-06-16T08:36:33.000Z", "first_observed": "2015-06-16T08:36:33Z", "last_observed": "2015-06-16T08:36:33Z", "number_observed": 1, "object_refs": [ "file--557fe011-bc38-40b7-97e6-a557950d210b" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--557fe011-bc38-40b7-97e6-a557950d210b", "name": "Challenge.pps" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--557fe012-b77c-4d62-8b0b-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-11T11:44:16.000Z", "modified": "2015-09-11T11:44:16.000Z", "first_observed": "2015-09-11T11:44:16Z", "last_observed": "2015-09-11T11:44:16Z", "number_observed": 1, "object_refs": [ "file--557fe012-b77c-4d62-8b0b-a557950d210b" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--557fe012-b77c-4d62-8b0b-a557950d210b", "name": "fsavstrt.exe" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe012-ac0c-4808-89b7-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:34.000Z", "modified": "2015-06-16T08:36:34.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '9459478ab9a9b996de683789f77b185c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe012-3a7c-43b1-891d-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:34.000Z", "modified": "2015-06-16T08:36:34.000Z", "description": "Imported via the freetext import.", "pattern": "[file:name = 'FSMA32.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe012-83c8-45d9-98d0-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:34.000Z", "modified": "2015-06-16T08:36:34.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '8432c77b12343d59d991b0d0e0c12f7d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe012-3e5c-435e-843f-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:34.000Z", "modified": "2015-06-16T08:36:34.000Z", "description": "Imported via the freetext import.", "pattern": "[file:name = 'FSMA32.dllfox']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe012-8ac8-4dd8-bd7a-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:34.000Z", "modified": "2015-06-16T08:36:34.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'db5a9c790e909629aaf7079b6996861f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe012-c6e4-462a-913f-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:34.000Z", "modified": "2015-06-16T08:36:34.000Z", "description": "Imported via the freetext import.", "pattern": "[file:name = 'putty.gif.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe012-5d90-484d-a016-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:34.000Z", "modified": "2015-06-16T08:36:34.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'a990071b60046863c98bcf462fede77a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe013-e694-4c28-b731-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:35.000Z", "modified": "2015-06-16T08:36:35.000Z", "description": "Imported via the freetext import.", "pattern": "[file:name = 'H.H.']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe013-c4b4-4c17-bea2-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:35.000Z", "modified": "2015-06-16T08:36:35.000Z", "description": "Imported via the freetext import.", "pattern": "[file:name = 'LAMA.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe013-4b10-4e5c-bace-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:35.000Z", "modified": "2015-06-16T08:36:35.000Z", "description": "Imported via the freetext import.", "pattern": "[file:name = 'SX.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe013-3ed0-4a80-b8a2-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:35.000Z", "modified": "2015-06-16T08:36:35.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '5730866b34ef589bd398c9a9b6d7e307']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe013-fd28-4c49-b39c-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:35.000Z", "modified": "2015-06-16T08:36:35.000Z", "description": "Imported via the freetext import.", "pattern": "[file:name = 'SXLOC.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe013-1d70-43aa-aab5-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:35.000Z", "modified": "2015-06-16T08:36:35.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'd839691657ca814be13d5c9c6511d6b2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe013-9898-4d44-ab23-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:35.000Z", "modified": "2015-06-16T08:36:35.000Z", "description": "Imported via the freetext import.", "pattern": "[file:name = 'SXLOC.zap']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe014-4658-4ea7-af4d-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:36.000Z", "modified": "2015-06-16T08:36:36.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '03c900a1b115e759b32e4172dec52aa2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557fe014-be88-4162-8de2-a557950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-16T08:36:36.000Z", "modified": "2015-06-16T08:36:36.000Z", "description": "Imported via the freetext import.", "pattern": "[file:name = '\u00e3\u20ac\u0152\u00e4\u00bd\u201d\u00e9\u00a0\u02dc\u00e4\u00b8\u00ad\u00e7\u2019\u00b0\u00e3\u20ac\u008d\u00e5\u00bc\u2022\u00e7\u2122\u00bc\u00e7\u02c6\u00ad\u00e8\u00ad\u00b0\u00e7\u0161\u201e\u00e8\u0192\u0152\u00e5\u00be\u0152.pps']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-16T08:36:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f19-a4a8-4aba-97c5-5f51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:17:29.000Z", "modified": "2016-02-19T00:17:29.000Z", "description": "Automatically added (via 9459478ab9a9b996de683789f77b185c)", "pattern": "[file:hashes.SHA1 = 'c6d8eabea5bac84b90851c1a6e17c0c30bcf5c27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:17:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f1b-65a4-469f-870a-4a61950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:17:31.000Z", "modified": "2016-02-19T00:17:31.000Z", "description": "Automatically added (via 8432c77b12343d59d991b0d0e0c12f7d)", "pattern": "[file:hashes.SHA1 = '62dbbcd115497a7bbbd4d1351d50a328914a8b26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f1e-461c-4530-864e-458f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:17:34.000Z", "modified": "2016-02-19T00:17:34.000Z", "description": "Automatically added (via d839691657ca814be13d5c9c6511d6b2)", "pattern": "[file:hashes.SHA1 = 'cd425ce7f3e4a823d9027780e1b439759c4dc665']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:17:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f1a-dd00-494f-8ae5-c653950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:17:30.000Z", "modified": "2016-02-19T00:17:30.000Z", "description": "Automatically added (via 9459478ab9a9b996de683789f77b185c)", "pattern": "[file:hashes.SHA256 = '583c8920445feaf0a963fbd3ad8ad24fd9143941e4046cf376cfe08cb9137613']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f1c-0a5c-4bfa-8f6a-59a1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:17:32.000Z", "modified": "2016-02-19T00:17:32.000Z", "description": "Automatically added (via 8432c77b12343d59d991b0d0e0c12f7d)", "pattern": "[file:hashes.SHA256 = 'cbb1d6b3c76c77ce1c3397cd607a7642fcb703201b82e07704e7074061d86ea3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c65f1e-afc8-469a-82e6-599c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-19T00:17:34.000Z", "modified": "2016-02-19T00:17:34.000Z", "description": "Automatically added (via d839691657ca814be13d5c9c6511d6b2)", "pattern": "[file:hashes.SHA256 = '5ff2bc7267759bde3c02e4c19b8c3144c43c4f7fc2c21f2d4f881ca0b821e00b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-19T00:17:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }