{ "type": "bundle", "id": "bundle--5566caa6-0590-4956-81bf-4179950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:11:50.000Z", "modified": "2015-06-02T07:11:50.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5566caa6-0590-4956-81bf-4179950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:11:50.000Z", "modified": "2015-06-02T07:11:50.000Z", "name": "OSINT Beware of what you download. Recent purported CEIEC document dump booby-trapped by Shadow Server", "published": "2015-06-02T07:15:43Z", "object_refs": [ "observed-data--5566cab7-e764-4563-b32e-4638950d210b", "url--5566cab7-e764-4563-b32e-4638950d210b", "vulnerability--556d54f6-0d08-4b48-bd1e-22fa950d210b", "vulnerability--556d54f6-c58c-41ba-a6f1-22fa950d210b", "observed-data--556d554a-05d4-4d46-bf97-4429950d210b", "file--556d554a-05d4-4d46-bf97-4429950d210b", "indicator--556d554a-a6cc-4cb7-8c7f-4429950d210b", "indicator--556d554a-7228-4fb9-a170-4429950d210b", "indicator--556d554a-d2e0-4963-aae1-4429950d210b", "observed-data--556d554a-f9b4-4555-9f14-4429950d210b", "file--556d554a-f9b4-4555-9f14-4429950d210b", "observed-data--556d554b-aaec-4d34-8d5c-4429950d210b", "file--556d554b-aaec-4d34-8d5c-4429950d210b", "indicator--556d554b-dd7c-4138-8d53-4429950d210b", "indicator--556d554b-2e2c-4019-a28b-4429950d210b", "indicator--556d554b-c4e8-4e45-a262-4429950d210b", "observed-data--556d554b-ed6c-48c7-a154-4429950d210b", "file--556d554b-ed6c-48c7-a154-4429950d210b", "indicator--556d554b-a0fc-4f30-8fa7-4429950d210b", "indicator--556d554b-3ab4-499e-90f7-4429950d210b", "indicator--556d554b-7330-41bd-a767-4429950d210b", "observed-data--556d554c-6628-430b-afe2-4429950d210b", "file--556d554c-6628-430b-afe2-4429950d210b", "indicator--556d554c-0714-43a6-b9e3-4429950d210b", "indicator--556d554c-e490-4a92-adc0-4429950d210b", "indicator--556d554c-d548-4016-96d4-4429950d210b", "observed-data--556d554c-b0b4-416d-abea-4429950d210b", "file--556d554c-b0b4-416d-abea-4429950d210b", "indicator--556d554c-1188-4f51-9acc-4429950d210b", "indicator--556d554c-0ee4-409c-9ff4-4429950d210b", "indicator--556d554c-bc2c-4e87-b583-4429950d210b", "indicator--556d554d-ee94-4fa3-96bc-4429950d210b", "indicator--556d554d-da00-4d65-a084-4429950d210b", "indicator--556d554d-74a4-4d2f-94da-4429950d210b", "indicator--556d554d-ce78-40e1-928e-4429950d210b", "indicator--556d554d-ec40-497d-aab2-4429950d210b", "indicator--556d554d-1050-4c80-80b9-4429950d210b", "indicator--556d554d-8d88-4f93-9875-4429950d210b", "indicator--556d554e-0674-45f1-bcc9-4429950d210b", "indicator--556d554e-bff4-4586-a4f9-4429950d210b", "observed-data--556d554e-d818-4fc8-ae95-4429950d210b", "file--556d554e-d818-4fc8-ae95-4429950d210b", "indicator--556d554e-10f8-4e61-8d3f-4429950d210b", "indicator--556d554e-9840-4d3d-9da8-4429950d210b", "indicator--556d554e-bf94-4f7d-a527-4429950d210b", "indicator--556d554e-7464-406e-9268-4429950d210b", "indicator--556d55d2-4208-4035-ac6b-5e69950d210b", "indicator--556d55d2-263c-4cbe-9d0a-5e69950d210b", "indicator--556d55d3-d364-4a86-b170-5e69950d210b", "indicator--556d55d3-5ec4-4564-adf0-5e69950d210b", "indicator--556d55d3-b028-4f6d-a269-5e69950d210b", "indicator--556d55d3-fa98-4d81-9d47-5e69950d210b", "indicator--556d55d3-0f68-416c-8fc2-5e69950d210b", "indicator--556d55d3-fdb0-4d03-9215-5e69950d210b", "indicator--556d55d3-aa74-4635-8169-5e69950d210b", "indicator--556d55d3-5620-49fd-998e-5e69950d210b", "indicator--556d5630-e698-4ff3-987f-442b950d210b", "indicator--556d5630-cc2c-41ce-81bb-442b950d210b", "indicator--556d5630-0e94-408d-8693-442b950d210b", "indicator--556d5630-c73c-41cf-ad6e-442b950d210b", "x-misp-attribute--556d5736-5ff8-4c71-b4a3-442b950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5566cab7-e764-4563-b32e-4638950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:58:47.000Z", "modified": "2015-05-28T07:58:47.000Z", "first_observed": "2015-05-28T07:58:47Z", "last_observed": "2015-05-28T07:58:47Z", "number_observed": 1, "object_refs": [ "url--5566cab7-e764-4563-b32e-4638950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5566cab7-e764-4563-b32e-4638950d210b", "value": "http://blog.shadowserver.org/2012/04/16/beware-of-what-you-download-recent-purported-ceiec-document-dump-booby-trapped/" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--556d54f6-0d08-4b48-bd1e-22fa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "name": "CVE-2010-3333", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2010-3333" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--556d54f6-c58c-41ba-a6f1-22fa950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "name": "CVE-2009-3129", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2009-3129" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d554a-05d4-4d46-bf97-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "first_observed": "2015-06-02T07:10:00Z", "last_observed": "2015-06-02T07:10:00Z", "number_observed": 1, "object_refs": [ "file--556d554a-05d4-4d46-bf97-4429950d210b" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--556d554a-05d4-4d46-bf97-4429950d210b", "name": "LD.doc" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554a-a6cc-4cb7-8c7f-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.MD5 = '2e454ea0c0d3fadfc478e8695400df40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554a-7228-4fb9-a170-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA1 = '0dc324cf2efae2bc7dc29fe26f616decd765d66a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554a-d2e0-4963-aae1-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA256 = '8c26bf867e70f2e3511bd295c2c56abca51ab008b88d7a9e80b99ca240f79773']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d554a-f9b4-4555-9f14-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:52.000Z", "modified": "2015-06-02T07:10:52.000Z", "first_observed": "2015-06-02T07:10:52Z", "last_observed": "2015-06-02T07:10:52Z", "number_observed": 1, "object_refs": [ "file--556d554a-f9b4-4555-9f14-4429950d210b" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--556d554a-f9b4-4555-9f14-4429950d210b", "name": "LD(1).doc" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d554b-aaec-4d34-8d5c-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "first_observed": "2015-06-02T07:10:00Z", "last_observed": "2015-06-02T07:10:00Z", "number_observed": 1, "object_refs": [ "file--556d554b-aaec-4d34-8d5c-4429950d210b" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--556d554b-aaec-4d34-8d5c-4429950d210b", "name": "sach.doc" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554b-dd7c-4138-8d53-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.MD5 = '32f5ad4f09135fcdde86ecd4c466a993']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554b-2e2c-4019-a28b-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA1 = 'd3311b97aa10d759bbf704c0a3c4c2cef3f997a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554b-c4e8-4e45-a262-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA256 = '15f9f9f3e617d84083e6ac3652dfa9090f236ca8879a66654464a5b781318df5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d554b-ed6c-48c7-a154-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "first_observed": "2015-06-02T07:10:00Z", "last_observed": "2015-06-02T07:10:00Z", "number_observed": 1, "object_refs": [ "file--556d554b-ed6c-48c7-a154-4429950d210b" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--556d554b-ed6c-48c7-a154-4429950d210b", "name": "rise.doc" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554b-a0fc-4f30-8fa7-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.MD5 = 'd824988793146a25d026eb12759dbab0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554b-3ab4-499e-90f7-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA1 = '3ce24923dc478afb30d8105303f51c958856da52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554b-7330-41bd-a767-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA256 = 'e4e123a6757e041a5c1c053e2770f89b08ad2b58661e0044b29965d480f5100e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d554c-6628-430b-afe2-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:11:05.000Z", "modified": "2015-06-02T07:11:05.000Z", "first_observed": "2015-06-02T07:11:05Z", "last_observed": "2015-06-02T07:11:05Z", "number_observed": 1, "object_refs": [ "file--556d554c-6628-430b-afe2-4429950d210b" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--556d554c-6628-430b-afe2-4429950d210b", "name": "2011.xls" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554c-0714-43a6-b9e3-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.MD5 = '1423113c5b7176cef19f989f76a020c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554c-e490-4a92-adc0-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA1 = '608ed5cb5b8497f3bc483d1c2a91a34a09abd828']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554c-d548-4016-96d4-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA256 = '761d8cbb4cd95bf520584ca5ec3036ae9fd9a9cefdf4ae9e79b060db3a673b28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d554c-b0b4-416d-abea-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:11:09.000Z", "modified": "2015-06-02T07:11:09.000Z", "first_observed": "2015-06-02T07:11:09Z", "last_observed": "2015-06-02T07:11:09Z", "number_observed": 1, "object_refs": [ "file--556d554c-b0b4-416d-abea-4429950d210b" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--556d554c-b0b4-416d-abea-4429950d210b", "name": "928.doc" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554c-1188-4f51-9acc-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.MD5 = 'cd80a451990f17f6684d5b100de6ece0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554c-0ee4-409c-9ff4-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA1 = '436047e74948181d8a2ba91f0c044c4b4e9e1865']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554c-bc2c-4e87-b583-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA256 = '51f495acd08195a04671fb7eb808a5697f3be8877e9d5254d38241147d2b51f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554d-ee94-4fa3-96bc-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:name = 'bi(done).doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554d-da00-4d65-a084-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.MD5 = '2332ebd103a963d5494ddb431e8b05b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554d-74a4-4d2f-94da-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA1 = 'bc289ea12d9afdae9f7503309a9d142b0c247ca7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554d-ce78-40e1-928e-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA256 = 'cff1035db0c190081fc78dde2323a04a39ded675b2029f2572b3c084240aaedb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554d-ec40-497d-aab2-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:name = 'thang_3.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554d-1050-4c80-80b9-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.MD5 = '336420283e047155bec94a549cd60ac8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554d-8d88-4f93-9875-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA1 = '4b8d6693dc6c127ac9f649f3428de6cd6f8aa8e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554e-0674-45f1-bcc9-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA256 = '2c28cf467d9e42f0182174943ec9e8dc467901020465b2354fdb27ccdaafa0c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554e-bff4-4586-a4f9-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:name = 'thang_3(1).doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d554e-d818-4fc8-ae95-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "first_observed": "2015-06-02T07:10:00Z", "last_observed": "2015-06-02T07:10:00Z", "number_observed": 1, "object_refs": [ "file--556d554e-d818-4fc8-ae95-4429950d210b" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--556d554e-d818-4fc8-ae95-4429950d210b", "name": "vu.doc" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554e-10f8-4e61-8d3f-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:name = 'moi.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554e-9840-4d3d-9da8-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.MD5 = 'd916409f960d3fc3263b32fe32b4bf20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554e-bf94-4f7d-a527-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA1 = '42a767745bff3e8a1f5f42d1340eb4db4ed3e57c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d554e-7464-406e-9268-4429950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[file:hashes.SHA256 = '8e8f15980af335727dec14d9c2fed218cbc699aa7f41dae42d9cf96e7b663da4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d55d2-4208-4035-ac6b-5e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[domain-name:value = 'kullywolf.gicp.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d55d2-263c-4cbe-9d0a-5e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[domain-name:value = 'congtytancang.uicp.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d55d3-d364-4a86-b170-5e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[domain-name:value = 'www.ollay011.zyns.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d55d3-5ec4-4564-adf0-5e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[domain-name:value = 'l1x.lflinkup.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d55d3-b028-4f6d-a269-5e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '73.252.204.85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d55d3-fa98-4d81-9d47-5e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.70.255.201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d55d3-0f68-416c-8fc2-5e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.70.128.124']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d55d3-fdb0-4d03-9215-5e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.153.115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d55d3-aa74-4635-8169-5e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.56.70.253']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d55d3-5620-49fd-998e-5e69950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[domain-name:value = 'front11.gicp.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d5630-e698-4ff3-987f-442b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.120.105.120']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d5630-cc2c-41ce-81bb-442b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.112.147.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d5630-0e94-408d-8693-442b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:00.000Z", "modified": "2015-06-02T07:10:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.172.238.174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d5630-c73c-41cf-ad6e-442b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:10:42.000Z", "modified": "2015-06-02T07:10:42.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.56.70.254']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:10:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--556d5736-5ff8-4c71-b4a3-442b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:11:50.000Z", "modified": "2015-06-02T07:11:50.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"Payload delivery\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "comment", "x_misp_value": "Disabled \"for IDS\" flag for some of the filenames in the original reports since they seem likely to trigger false positives" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }