{ "type": "bundle", "id": "bundle--5b0598ec-97ac-4456-9246-dcdb0acd0835", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T19:35:59.000Z", "modified": "2018-05-23T19:35:59.000Z", "name": "Synovus Financial", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5b0598ec-97ac-4456-9246-dcdb0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T19:35:59.000Z", "modified": "2018-05-23T19:35:59.000Z", "name": "Talos Blog: VPNFilter", "published": "2019-05-07T08:22:20Z", "object_refs": [ "indicator--5b059a7d-a3e0-4d18-a7fe-b8400acd0835", "indicator--5b059a7d-1974-4a65-b03c-e0b50acd0835", "indicator--5b059a7d-0b64-42db-a129-dbf60acd0835", "indicator--5b059a7d-f178-4202-86cf-fb970acd0835", "indicator--5b059a7d-5ad0-4008-8ae8-ce320acd0835", "indicator--5b059a7d-4a20-47ac-b50a-ecde0acd0835", "indicator--5b059a7d-81bc-4322-b2c7-04370acd0835", "indicator--5b059a7f-c824-4320-a8a6-085b0acd0835", "indicator--5b059a7f-d374-412e-9380-085a0acd0835", "indicator--5b059a80-3624-47c5-9527-08d20acd0835", "indicator--5b059a80-5060-4284-bc21-08d10acd0835", "indicator--5b059a81-fa30-4539-8c5f-095f0acd0835", "indicator--5b059a81-6d98-4ec6-9560-09610acd0835", "indicator--5b059a81-6dfc-49b8-90be-095d0acd0835", "indicator--5b059a81-6d98-49ac-9b95-09630acd0835", "indicator--5b059a81-6e60-44a1-814b-095e0acd0835", "indicator--5b059a82-4d68-4ef7-b896-0a990acd0835", "indicator--5b059a82-7dd0-419a-b375-0aa00acd0835", "indicator--5b059a82-ebf4-4907-970c-0aa70acd0835", "indicator--5b059a82-a558-4725-8498-0a9a0acd0835", "indicator--5b059a82-92b8-469e-8156-0a980acd0835", "indicator--5b059a82-20e4-4bb7-9818-0aa50acd0835", "indicator--5b059a82-6be0-4ba5-896b-0a9e0acd0835", "indicator--5b059a82-85c0-4e16-9e4d-0a9f0acd0835", "indicator--5b059a82-458c-4317-9ac7-0aa80acd0835", "observed-data--5b059abb-af74-4f75-bf51-0aa00acd0835", "x509-certificate--5b059abb-af74-4f75-bf51-0aa00acd0835", "observed-data--5b059abb-3038-4637-a319-0aa00acd0835", "x509-certificate--5b059abb-3038-4637-a319-0aa00acd0835", "observed-data--5b059abb-8f64-4625-a3ed-0aa00acd0835", "x509-certificate--5b059abb-8f64-4625-a3ed-0aa00acd0835", "observed-data--5b059abb-d4c8-41ed-ab2d-0aa00acd0835", "x509-certificate--5b059abb-d4c8-41ed-ab2d-0aa00acd0835", "observed-data--5b059abb-01f4-4734-a5a2-0aa00acd0835", "x509-certificate--5b059abb-01f4-4734-a5a2-0aa00acd0835", "observed-data--5b059abb-3ec0-4ac8-a8b6-0aa00acd0835", "x509-certificate--5b059abb-3ec0-4ac8-a8b6-0aa00acd0835", "observed-data--5b059abb-6994-433a-bc16-0aa00acd0835", "x509-certificate--5b059abb-6994-433a-bc16-0aa00acd0835", "observed-data--5b059abb-df04-424a-831b-0aa00acd0835", "x509-certificate--5b059abb-df04-424a-831b-0aa00acd0835", "observed-data--5b059abb-06b8-4eea-9ef5-0aa00acd0835", "x509-certificate--5b059abb-06b8-4eea-9ef5-0aa00acd0835", "observed-data--5b059abb-2bb0-4fe2-abdb-0aa00acd0835", "x509-certificate--5b059abb-2bb0-4fe2-abdb-0aa00acd0835", "observed-data--5b059abb-63cc-4cf3-8f1e-0aa00acd0835", "x509-certificate--5b059abb-63cc-4cf3-8f1e-0aa00acd0835", "observed-data--5b059abb-9990-4e08-bf61-0aa00acd0835", "x509-certificate--5b059abb-9990-4e08-bf61-0aa00acd0835", "observed-data--5b059abb-baa0-4df2-9da5-0aa00acd0835", "x509-certificate--5b059abb-baa0-4df2-9da5-0aa00acd0835", "observed-data--5b059abb-ec7c-4959-9548-0aa00acd0835", "x509-certificate--5b059abb-ec7c-4959-9548-0aa00acd0835", "observed-data--5b059b06-76c8-42ef-a695-0ce50acd0835", "url--5b059b06-76c8-42ef-a695-0ce50acd0835", "observed-data--5b059b42-1798-4ab9-92df-0d3005dc1b25", "file--5b059b42-1798-4ab9-92df-0d3005dc1b25", "observed-data--5b059b43-3ca8-4c94-a835-0d3005dc1b25", "file--5b059b43-3ca8-4c94-a835-0d3005dc1b25", "observed-data--5b059b46-3d9c-458f-80bb-0d3005dc1b25", "file--5b059b46-3d9c-458f-80bb-0d3005dc1b25", "observed-data--5b059b4a-bde0-4a4f-acae-0d3005dc1b25", "file--5b059b4a-bde0-4a4f-acae-0d3005dc1b25", "observed-data--5b059b4d-cb7c-4a49-b039-0d3005dc1b25", "file--5b059b4d-cb7c-4a49-b039-0d3005dc1b25", "observed-data--5b059b51-6b8c-4566-ad05-0d3005dc1b25", "file--5b059b51-6b8c-4566-ad05-0d3005dc1b25", "observed-data--5b059b54-8974-4c23-a736-0d3005dc1b25", "file--5b059b54-8974-4c23-a736-0d3005dc1b25", "observed-data--5b059b58-5a9c-4784-b358-0d3005dc1b25", "file--5b059b58-5a9c-4784-b358-0d3005dc1b25", "observed-data--5b059b5b-7ba4-4371-8e6a-0d3005dc1b25", "file--5b059b5b-7ba4-4371-8e6a-0d3005dc1b25", "observed-data--5b059b5b-46ec-4e86-8e00-0d3005dc1b25", "file--5b059b5b-46ec-4e86-8e00-0d3005dc1b25", "indicator--5b059b5e-3da8-4fc2-8da7-08d20acd0835", "observed-data--5b059b5f-d4d0-4640-8fd0-0d3005dc1b25", "file--5b059b5f-d4d0-4640-8fd0-0d3005dc1b25", "observed-data--5b059b63-af28-4bbc-bb18-0d3005dc1b25", "file--5b059b63-af28-4bbc-bb18-0d3005dc1b25", "observed-data--5b059b67-4818-4075-a163-0d3005dc1b25", "file--5b059b67-4818-4075-a163-0d3005dc1b25", "observed-data--5b059b6a-b2c4-43a8-80d0-0d3005dc1b25", "file--5b059b6a-b2c4-43a8-80d0-0d3005dc1b25", "indicator--5b059b81-1950-4d6a-a03e-0aa30acd0835", "indicator--5b059b81-5cbc-44f0-8aa5-0aa30acd0835", "indicator--5b059b81-fc3c-4407-b68c-0aa30acd0835", "indicator--5b059b82-4d84-4afe-9c9b-0aa30acd0835", "indicator--5b059b82-4b90-4e10-8744-0aa30acd0835", "indicator--5b059b82-843c-47bc-bc1e-0aa30acd0835", "indicator--5b059b82-cf94-4cab-8abc-0aa30acd0835", "indicator--5b059b82-ce54-4359-8228-0aa30acd0835", "indicator--5b059b82-5f9c-4949-b910-0aa30acd0835", "indicator--5b059b82-baa0-4804-a02c-0aa30acd0835", "indicator--5b059b82-e848-4bb6-a465-0aa30acd0835", "indicator--5b059b82-85e4-48be-b33d-0aa30acd0835", "indicator--5b059b82-c03c-4400-983a-0aa30acd0835", "indicator--5b059e0e-9e7c-4f4a-a1a3-0aa30acd0835", "indicator--5b059e0e-8b0c-486a-b473-0aa30acd0835", "indicator--5b059e84-0dec-4d5e-b31c-0f810acd0835", "indicator--5b059e84-b6f0-4a60-8d6e-0f810acd0835", "indicator--5b059e84-3408-4d9c-94d6-0f810acd0835", "indicator--5b059e84-5850-4b83-a6e6-0f810acd0835", "indicator--5b059e84-1d48-43aa-ae5b-0f810acd0835", "indicator--5b059e84-4ed8-4713-809f-0f810acd0835", "indicator--5b059e84-17b8-4674-bbb7-0f810acd0835", "indicator--5b059e84-d8c8-43a8-8069-0f810acd0835", "indicator--5b059eb4-c45c-4cd3-8de0-0f810acd0835", "indicator--5b059eb4-f058-450a-b54f-0f810acd0835" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "osint:source-type=\"blog-post\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a7d-a3e0-4d18-a7fe-b8400acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:46.000Z", "modified": "2018-05-23T16:44:46.000Z", "description": "Stage 1", "pattern": "[file:hashes.SHA256 = '0e0094d9bd396a6594da8e21911a3982cd737b445f591581560d766755097d92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a7d-1974-4a65-b03c-e0b50acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:46.000Z", "modified": "2018-05-23T16:44:46.000Z", "description": "Stage 2", "pattern": "[file:hashes.SHA256 = '8a20dc9538d639623878a3d3d18d88da8b635ea52e5e2d0c2cce4a8c5a703db1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a7d-0b64-42db-a129-dbf60acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:46.000Z", "modified": "2018-05-23T16:44:46.000Z", "description": "Stage 2", "pattern": "[file:hashes.SHA256 = '9683b04123d7e9fe4c8c26c69b09c2233f7e1440f828837422ce330040782d17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a7d-f178-4202-86cf-fb970acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:46.000Z", "modified": "2018-05-23T16:44:46.000Z", "description": "Stage 2", "pattern": "[file:hashes.SHA256 = '37e29b0ea7a9b97597385a12f525e13c3a7d02ba4161a6946f2a7d978cc045b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a7d-5ad0-4008-8ae8-ce320acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:46.000Z", "modified": "2018-05-23T16:44:46.000Z", "description": "Stage 2", "pattern": "[file:hashes.SHA256 = 'd6097e942dd0fdc1fb28ec1814780e6ecc169ec6d24f9954e71954eedbc4c70e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a7d-4a20-47ac-b50a-ecde0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:54:38.000Z", "modified": "2018-05-23T16:54:38.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/saragray1/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:54:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a7d-81bc-4322-b2c7-04370acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:54:41.000Z", "modified": "2018-05-23T16:54:41.000Z", "description": "Stage 2", "pattern": "[url:value = 'http://zuh3vcyskd4gipkm.onion/bin32/update.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:54:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a7f-c824-4320-a8a6-085b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:54:43.000Z", "modified": "2018-05-23T16:54:43.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/bob7301/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:54:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a7f-d374-412e-9380-085a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:47.000Z", "modified": "2018-05-23T16:44:47.000Z", "description": "Stage 1", "pattern": "[file:hashes.SHA256 = '50ac4fcd3fbc8abcaa766449841b3a0a684b3e217fc40935f1ac22c34c58a9ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a80-3624-47c5-9527-08d20acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:54:46.000Z", "modified": "2018-05-23T16:54:46.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/nikkireed11/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:54:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a80-5060-4284-bc21-08d10acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:48.000Z", "modified": "2018-05-23T16:44:48.000Z", "description": "Stage 2", "pattern": "[file:hashes.SHA256 = '4b03288e9e44d214426a02327223b5e516b1ea29ce72fa25a2fcef9aa65c4b0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a81-fa30-4539-8c5f-095f0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:54:50.000Z", "modified": "2018-05-23T16:54:50.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/monicabelci4/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:54:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a81-6d98-4ec6-9560-09610acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:49.000Z", "modified": "2018-05-23T16:44:49.000Z", "description": "Stage 3, plugins", "pattern": "[file:hashes.SHA256 = 'f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a81-6dfc-49b8-90be-095d0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:54:53.000Z", "modified": "2018-05-23T16:54:53.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/amandaseyfried1/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:54:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a81-6d98-49ac-9b95-09630acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:49.000Z", "modified": "2018-05-23T16:44:49.000Z", "description": "Stage 2", "pattern": "[file:hashes.SHA256 = '776cb9a7a9f5afbaffdd4dbd052c6420030b2c7c3058c1455e0a79df0e6f7a1d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a81-6e60-44a1-814b-095e0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:49.000Z", "modified": "2018-05-23T16:44:49.000Z", "description": "Stage 2", "pattern": "[file:hashes.SHA256 = '9eb6c779dbad1b717caa462d8e040852759436ed79cc2172692339bc62432387']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a82-4d68-4ef7-b896-0a990acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:54:55.000Z", "modified": "2018-05-23T16:54:55.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/eva_green1/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:54:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a82-7dd0-419a-b375-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:54:57.000Z", "modified": "2018-05-23T16:54:57.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/jeniferaniston1/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:54:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a82-ebf4-4907-970c-0aa70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:50.000Z", "modified": "2018-05-23T16:44:50.000Z", "description": "Stage 3, plugins", "pattern": "[file:hashes.SHA256 = 'afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a82-a558-4725-8498-0a9a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:55:01.000Z", "modified": "2018-05-23T16:55:01.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/suwe8/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:55:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a82-92b8-469e-8156-0a980acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:55:04.000Z", "modified": "2018-05-23T16:55:04.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/millerfred/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:55:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a82-20e4-4bb7-9818-0aa50acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:55:06.000Z", "modified": "2018-05-23T16:55:06.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/kmila302/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:55:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a82-6be0-4ba5-896b-0a9e0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:55:08.000Z", "modified": "2018-05-23T16:55:08.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/katyperry45/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:55:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a82-85c0-4e16-9e4d-0a9f0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:44:50.000Z", "modified": "2018-05-23T16:44:50.000Z", "description": "Stage 2", "pattern": "[file:hashes.SHA256 = '0649fda8888d701eb2f91e6e0a05a2e2be714f564497c44a3813082ef8ff250b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:44:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059a82-458c-4317-9ac7-0aa80acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:55:11.000Z", "modified": "2018-05-23T16:55:11.000Z", "description": "Stage 1, downloads picture", "pattern": "[url:value = 'http://photobucket.com/user/lisabraun87/library']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:55:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-af74-4f75-bf51-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-af74-4f75-bf51-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-af74-4f75-bf51-0aa00acd0835", "hashes": { "SHA-256": "d113ce61ab1e4bfcb32fb3c53bd3cdeee81108d02d3886f6e2286e0b6a006747" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-3038-4637-a319-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-3038-4637-a319-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-3038-4637-a319-0aa00acd0835", "hashes": { "SHA-256": "c52b3901a26df1680acbfb9e6184b321f0b22dd6c4bb107e5e071553d375c851" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-8f64-4625-a3ed-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-8f64-4625-a3ed-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-8f64-4625-a3ed-0aa00acd0835", "hashes": { "SHA-256": "f372ebe8277b78d50c5600d0e2af3fe29b1e04b5435a7149f04edd165743c16d" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-d4c8-41ed-ab2d-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-d4c8-41ed-ab2d-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-d4c8-41ed-ab2d-0aa00acd0835", "hashes": { "SHA-256": "be4715b029cbd3f8e2f37bc525005b2cb9cad977117a26fac94339a721e3f2a5" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-01f4-4734-a5a2-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-01f4-4734-a5a2-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-01f4-4734-a5a2-0aa00acd0835", "hashes": { "SHA-256": "27af4b890db1a611d0054d5d4a7d9a36c9f52dffeb67a053be9ea03a495a9302" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-3ec0-4ac8-a8b6-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-3ec0-4ac8-a8b6-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-3ec0-4ac8-a8b6-0aa00acd0835", "hashes": { "SHA-256": "fb47ba27dceea486aab7a0f8ec5674332ca1f6af962a1724df89d658d470348f" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-6994-433a-bc16-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-6994-433a-bc16-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-6994-433a-bc16-0aa00acd0835", "hashes": { "SHA-256": "b25336c2dd388459dec37fa8d0467cf2ac3c81a272176128338a2c1d7c083c78" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-df04-424a-831b-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-df04-424a-831b-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-df04-424a-831b-0aa00acd0835", "hashes": { "SHA-256": "cd75d3a70e3218688bdd23a0f618add964603736f7c899265b1d8386b9902526" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-06b8-4eea-9ef5-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-06b8-4eea-9ef5-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-06b8-4eea-9ef5-0aa00acd0835", "hashes": { "SHA-256": "110da84f31e7868ad741bcb0d9f7771a0bb39c44785055e6da0ecc393598adc8" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-2bb0-4fe2-abdb-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-2bb0-4fe2-abdb-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-2bb0-4fe2-abdb-0aa00acd0835", "hashes": { "SHA-256": "909cf80d3ef4c52abc95d286df8d218462739889b6be4762a1d2fac1adb2ec2b" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-63cc-4cf3-8f1e-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-63cc-4cf3-8f1e-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-63cc-4cf3-8f1e-0aa00acd0835", "hashes": { "SHA-256": "044bfa11ea91b5559f7502c3a504b19ee3c555e95907a98508825b4aa56294e4" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-9990-4e08-bf61-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:45:47.000Z", "modified": "2018-05-23T16:45:47.000Z", "first_observed": "2018-05-23T16:45:47Z", "last_observed": "2018-05-23T16:45:47Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-9990-4e08-bf61-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-9990-4e08-bf61-0aa00acd0835", "hashes": { "SHA-256": "c0f8bde03df3dec6e43b327378777ebc35d9ea8cfe39628f79f20b1c40c1b412" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-baa0-4df2-9da5-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-baa0-4df2-9da5-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-baa0-4df2-9da5-0aa00acd0835", "hashes": { "SHA-256": "8f1d0cd5dd6585c3d5d478e18a85e7109c8a88489c46987621e01d21fab5095d" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059abb-ec7c-4959-9548-0aa00acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "x509-certificate--5b059abb-ec7c-4959-9548-0aa00acd0835" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--5b059abb-ec7c-4959-9548-0aa00acd0835", "hashes": { "SHA-256": "d5dec646c957305d91303a1d7931b30e7fb2f38d54a1102e14fd7a4b9f6e0806" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b06-76c8-42ef-a695-0ce50acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:47:26.000Z", "modified": "2018-05-23T16:47:26.000Z", "first_observed": "2018-05-23T16:47:26Z", "last_observed": "2018-05-23T16:47:26Z", "number_observed": 1, "object_refs": [ "url--5b059b06-76c8-42ef-a695-0ce50acd0835" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5b059b06-76c8-42ef-a695-0ce50acd0835", "value": "https://blog.talosintelligence.com/2018/05/VPNFilter.html" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b42-1798-4ab9-92df-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:02.000Z", "modified": "2018-05-23T16:48:02.000Z", "first_observed": "2018-05-23T16:48:02Z", "last_observed": "2018-05-23T16:48:02Z", "number_observed": 1, "object_refs": [ "file--5b059b42-1798-4ab9-92df-0d3005dc1b25" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b42-1798-4ab9-92df-0d3005dc1b25", "name": "%USERPROFILE%\\Documents\\qsync.php" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b43-3ca8-4c94-a835-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:03.000Z", "modified": "2018-05-23T16:48:03.000Z", "first_observed": "2018-05-23T16:48:03Z", "last_observed": "2018-05-23T16:48:03Z", "number_observed": 1, "object_refs": [ "file--5b059b43-3ca8-4c94-a835-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b43-3ca8-4c94-a835-0d3005dc1b25", "hashes": { "SSDEEP": "6144:gPgrKJ+zIIglQIU1BILPTQGEk9pmnhdTnfdkV8Ww+BthUeX2ut:gPkSAoQIUILwkwTy8Wye9" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b46-3d9c-458f-80bb-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:06.000Z", "modified": "2018-05-23T16:48:06.000Z", "first_observed": "2018-05-23T16:48:06Z", "last_observed": "2018-05-23T16:48:06Z", "number_observed": 1, "object_refs": [ "file--5b059b46-3d9c-458f-80bb-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b46-3d9c-458f-80bb-0d3005dc1b25", "hashes": { "SSDEEP": "6144:BLXXE5rpmlrk7dHlG+wQ+GEfNB/ORZy+Om7BC:dU5rpkw7i+Z6fNBiC" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b4a-bde0-4a4f-acae-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:10.000Z", "modified": "2018-05-23T16:48:10.000Z", "first_observed": "2018-05-23T16:48:10Z", "last_observed": "2018-05-23T16:48:10Z", "number_observed": 1, "object_refs": [ "file--5b059b4a-bde0-4a4f-acae-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b4a-bde0-4a4f-acae-0d3005dc1b25", "hashes": { "SSDEEP": "6144:cmbS6GCJukDhQnhcOsKMglGEZVHTMKc+Mkf7su:csS6zJuoOnMKMQZVYBu" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b4d-cb7c-4a49-b039-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:13.000Z", "modified": "2018-05-23T16:48:13.000Z", "first_observed": "2018-05-23T16:48:13Z", "last_observed": "2018-05-23T16:48:13Z", "number_observed": 1, "object_refs": [ "file--5b059b4d-cb7c-4a49-b039-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b4d-cb7c-4a49-b039-0d3005dc1b25", "hashes": { "SSDEEP": "6144:+9GiuTGkBPoiJhaalRXd6Rv0XXvpPJ7tkISJZM9PJetlXSImnb:62T/oiHRXU8bCZM9X9b" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b51-6b8c-4566-ad05-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:17.000Z", "modified": "2018-05-23T16:48:17.000Z", "first_observed": "2018-05-23T16:48:17Z", "last_observed": "2018-05-23T16:48:17Z", "number_observed": 1, "object_refs": [ "file--5b059b51-6b8c-4566-ad05-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b51-6b8c-4566-ad05-0d3005dc1b25", "hashes": { "SSDEEP": "6144:aCwworoTxC3REpYGACnkEBWkTGEmRqCTGqmpc47qa:ax7olCBEanCpWKmRbha" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b54-8974-4c23-a736-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:20.000Z", "modified": "2018-05-23T16:48:20.000Z", "first_observed": "2018-05-23T16:48:20Z", "last_observed": "2018-05-23T16:48:20Z", "number_observed": 1, "object_refs": [ "file--5b059b54-8974-4c23-a736-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b54-8974-4c23-a736-0d3005dc1b25", "hashes": { "SSDEEP": "6144:9QkvS9EWCxns8zTwJWIck9NpU6zT3C+rkoyoa3y0c2TLCAVrSj2+9Ea:89EhLkdfLQXoaE2TOAV2Rt" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b58-5a9c-4784-b358-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:24.000Z", "modified": "2018-05-23T16:48:24.000Z", "first_observed": "2018-05-23T16:48:24Z", "last_observed": "2018-05-23T16:48:24Z", "number_observed": 1, "object_refs": [ "file--5b059b58-5a9c-4784-b358-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b58-5a9c-4784-b358-0d3005dc1b25", "hashes": { "SSDEEP": "6144:baJi/5AF4DV6+aCOGi8eaFa63MNQmII5ktPLh:ba0RFaB6jyktd" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b5b-7ba4-4371-8e6a-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:27.000Z", "modified": "2018-05-23T16:48:27.000Z", "first_observed": "2018-05-23T16:48:27Z", "last_observed": "2018-05-23T16:48:27Z", "number_observed": 1, "object_refs": [ "file--5b059b5b-7ba4-4371-8e6a-0d3005dc1b25" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b5b-7ba4-4371-8e6a-0d3005dc1b25", "name": "vpnfilterm_ps" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b5b-46ec-4e86-8e00-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:27.000Z", "modified": "2018-05-23T16:48:27.000Z", "first_observed": "2018-05-23T16:48:27Z", "last_observed": "2018-05-23T16:48:27Z", "number_observed": 1, "object_refs": [ "file--5b059b5b-46ec-4e86-8e00-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b5b-46ec-4e86-8e00-0d3005dc1b25", "hashes": { "SSDEEP": "384:MEoMAy/GRMYA0V/e3mAbCy5wjwl3eX02wcLieJIh/PyVMItRwMeZz+zr1gBePaI9:MEQeFYX0/cLhIJPyVMKfe0fYIT9" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b5e-3da8-4fc2-8da7-08d20acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:55:27.000Z", "modified": "2018-05-23T16:55:27.000Z", "description": "Stage 1 if Photobucket Fails", "pattern": "[domain-name:value = 'toknowall.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:55:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b5f-d4d0-4640-8fd0-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:31.000Z", "modified": "2018-05-23T16:48:31.000Z", "first_observed": "2018-05-23T16:48:31Z", "last_observed": "2018-05-23T16:48:31Z", "number_observed": 1, "object_refs": [ "file--5b059b5f-d4d0-4640-8fd0-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b5f-d4d0-4640-8fd0-0d3005dc1b25", "hashes": { "SSDEEP": "6144:muz6HAcALFnJ6A1HtguhY2xwaSV58bDSXBteLq:mo+vG17UE0BtB" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b63-af28-4bbc-bb18-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:35.000Z", "modified": "2018-05-23T16:48:35.000Z", "first_observed": "2018-05-23T16:48:35Z", "last_observed": "2018-05-23T16:48:35Z", "number_observed": 1, "object_refs": [ "file--5b059b63-af28-4bbc-bb18-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b63-af28-4bbc-bb18-0d3005dc1b25", "hashes": { "SSDEEP": "6144:uZXfvVijz85XiCcYuty8f0trKy1AUiJh8SWMJvEKKvk1Dc3F/FkZX97U:uXiwXi9tnfHv7tK81ugY" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b67-4818-4075-a163-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:39.000Z", "modified": "2018-05-23T16:48:39.000Z", "first_observed": "2018-05-23T16:48:39Z", "last_observed": "2018-05-23T16:48:39Z", "number_observed": 1, "object_refs": [ "file--5b059b67-4818-4075-a163-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b67-4818-4075-a163-0d3005dc1b25", "hashes": { "SSDEEP": "98304:ZUKUXKMOzkGNCPCEQi0EADYT9Bci7A5HqPwy/pfmITeaysckQj:tUXK6CBVlDYMf5HqPwyhuITTy" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b059b6a-b2c4-43a8-80d0-0d3005dc1b25", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:48:42.000Z", "modified": "2018-05-23T16:48:42.000Z", "first_observed": "2018-05-23T16:48:42Z", "last_observed": "2018-05-23T16:48:42Z", "number_observed": 1, "object_refs": [ "file--5b059b6a-b2c4-43a8-80d0-0d3005dc1b25" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5b059b6a-b2c4-43a8-80d0-0d3005dc1b25", "hashes": { "SSDEEP": "6144:hlyC+z6zIitnujMMYNyCSyza7csDZmA/x2LwB7jvXHiY1:DCzgIiwMJ2DQux2L6Pr1" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b81-1950-4d6a-a03e-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:05.000Z", "modified": "2018-05-23T16:49:05.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.121.109.209']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b81-5cbc-44f0-8aa5-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:05.000Z", "modified": "2018-05-23T16:49:05.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.202.40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b81-fc3c-4407-b68c-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:05.000Z", "modified": "2018-05-23T16:49:05.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.242.222.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b82-4d84-4afe-9c9b-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:06.000Z", "modified": "2018-05-23T16:49:06.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.118.242.124']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b82-4b90-4e10-8744-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:06.000Z", "modified": "2018-05-23T16:49:06.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.151.209.33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b82-843c-47bc-bc1e-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:06.000Z", "modified": "2018-05-23T16:49:06.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.79.179.14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b82-cf94-4cab-8abc-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:06.000Z", "modified": "2018-05-23T16:49:06.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.203.144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b82-ce54-4359-8228-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:06.000Z", "modified": "2018-05-23T16:49:06.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.198.231']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b82-5f9c-4949-b910-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:06.000Z", "modified": "2018-05-23T16:49:06.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.180.60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b82-baa0-4804-a02c-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:06.000Z", "modified": "2018-05-23T16:49:06.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.149.250.54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b82-e848-4bb6-a465-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:06.000Z", "modified": "2018-05-23T16:49:06.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.200.13.76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b82-85e4-48be-b33d-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:06.000Z", "modified": "2018-05-23T16:49:06.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.185.80.82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059b82-c03c-4400-983a-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:49:06.000Z", "modified": "2018-05-23T16:49:06.000Z", "description": "Stage 2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.210.180.229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:49:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059e0e-9e7c-4f4a-a1a3-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:59:58.000Z", "modified": "2018-05-23T16:59:58.000Z", "description": "Stage 1", "pattern": "[file:hashes.MD5 = '45871bad3a9b4594fc3de39e4b5930ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:59:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059e0e-8b0c-486a-b473-0aa30acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T16:59:58.000Z", "modified": "2018-05-23T16:59:58.000Z", "description": "Stage 1", "pattern": "[file:hashes.MD5 = '5f358afee76f2a74b1a3443c6012b27b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T16:59:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059e84-0dec-4d5e-b31c-0f810acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T17:01:56.000Z", "modified": "2018-05-23T17:01:56.000Z", "description": "Stage 2", "pattern": "[file:hashes.MD5 = '4912aad5e79c78bc143e71633df9c17b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T17:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059e84-b6f0-4a60-8d6e-0f810acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T17:01:56.000Z", "modified": "2018-05-23T17:01:56.000Z", "description": "Stage 2", "pattern": "[file:hashes.MD5 = '87049e223dd922dc1d8180c83e2fde77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T17:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059e84-3408-4d9c-94d6-0f810acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T17:01:56.000Z", "modified": "2018-05-23T17:01:56.000Z", "description": "Stage 2", "pattern": "[file:hashes.MD5 = '17e5e5c25eef807a08f02b8e435dda30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T17:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059e84-5850-4b83-a6e6-0f810acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T17:01:56.000Z", "modified": "2018-05-23T17:01:56.000Z", "description": "Stage 2", "pattern": "[file:hashes.MD5 = '42d891bcdee9588f8ed5d27456896a5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T17:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059e84-1d48-43aa-ae5b-0f810acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T17:01:56.000Z", "modified": "2018-05-23T17:01:56.000Z", "description": "Stage 2", "pattern": "[file:hashes.MD5 = '19dd8b95fcca498582642f5a0b2fc58b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T17:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059e84-4ed8-4713-809f-0f810acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T17:01:56.000Z", "modified": "2018-05-23T17:01:56.000Z", "description": "Stage 2", "pattern": "[file:hashes.MD5 = '8e74e36ba104389aa6dc4d4429bcf0cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T17:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059e84-17b8-4674-bbb7-0f810acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T17:01:56.000Z", "modified": "2018-05-23T17:01:56.000Z", "description": "Stage 2", "pattern": "[file:hashes.MD5 = '92d47495c92d8c5dba107163df2bb212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T17:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059e84-d8c8-43a8-8069-0f810acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T17:01:56.000Z", "modified": "2018-05-23T17:01:56.000Z", "description": "Stage 2", "pattern": "[file:hashes.MD5 = '93ff367439becebd9d71c3e12041c95e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T17:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059eb4-c45c-4cd3-8de0-0f810acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T17:02:44.000Z", "modified": "2018-05-23T17:02:44.000Z", "description": "Stage 3 Plugins", "pattern": "[file:hashes.MD5 = '97444b5209278ed611e6a94076e814c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T17:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b059eb4-f058-450a-b54f-0f810acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-05-23T17:02:44.000Z", "modified": "2018-05-23T17:02:44.000Z", "description": "Stage 3 Plugins", "pattern": "[file:hashes.MD5 = 'b5dc976043db9b42c9f6fa889205c68a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-23T17:02:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }