2063 lines
No EOL
88 KiB
JSON
2063 lines
No EOL
88 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--56e33b31-a500-454f-8256-435a950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:36.000Z",
|
|
"modified": "2016-03-11T21:42:36.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--56e33b31-a500-454f-8256-435a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:36.000Z",
|
|
"modified": "2016-03-11T21:42:36.000Z",
|
|
"name": "OSINT - PowerSniff Malware Used in Macro-based Attacks",
|
|
"published": "2016-03-11T21:43:10Z",
|
|
"object_refs": [
|
|
"observed-data--56e33b4f-7b8c-4453-b571-659a950d210f",
|
|
"url--56e33b4f-7b8c-4453-b571-659a950d210f",
|
|
"x-misp-attribute--56e33b5f-eb08-4f7e-9b64-4be1950d210f",
|
|
"indicator--56e33b7f-be28-4eff-8293-438f950d210f",
|
|
"indicator--56e33b7f-559c-4411-8457-4064950d210f",
|
|
"indicator--56e33b7f-9b74-4a2e-a169-4f9b950d210f",
|
|
"indicator--56e33b7f-66b0-4835-b94d-41a8950d210f",
|
|
"indicator--56e33b80-3edc-451d-918f-4aa1950d210f",
|
|
"indicator--56e33b80-dff4-479c-a8a1-4dfd950d210f",
|
|
"indicator--56e33b80-3858-43ad-9bd1-493f950d210f",
|
|
"indicator--56e33b93-8f9c-4dad-886d-4d2f950d210f",
|
|
"indicator--56e33b93-6738-49c4-b5b8-477e950d210f",
|
|
"indicator--56e33b93-8524-41d1-9a61-4006950d210f",
|
|
"indicator--56e33b93-5830-4fc4-acf7-4087950d210f",
|
|
"indicator--56e33b94-58e8-4bcf-b8f2-456f950d210f",
|
|
"indicator--56e33b94-97b0-42a4-85a3-4b37950d210f",
|
|
"indicator--56e33b94-2ae4-4d89-aa93-4a39950d210f",
|
|
"indicator--56e33b95-0dd4-4252-994a-42d0950d210f",
|
|
"indicator--56e33b95-8470-4ce5-a963-4a24950d210f",
|
|
"indicator--56e33b95-6eb0-4ba8-a200-4484950d210f",
|
|
"indicator--56e33b95-74d8-4fa5-ae74-45e4950d210f",
|
|
"indicator--56e33b96-bd28-44df-bace-4631950d210f",
|
|
"indicator--56e33b96-3764-4e74-9972-4810950d210f",
|
|
"indicator--56e33b96-b1e0-47d3-9b24-4861950d210f",
|
|
"indicator--56e33b96-96c0-4cf1-97bb-456a950d210f",
|
|
"indicator--56e33b97-d6ac-48b7-b596-4cf9950d210f",
|
|
"indicator--56e33b97-8244-45dd-ae15-4916950d210f",
|
|
"indicator--56e33b97-8ed4-48de-b8dd-419c950d210f",
|
|
"indicator--56e33bcc-13d8-49c2-b134-48bd02de0b81",
|
|
"indicator--56e33bcc-0504-472b-961e-458202de0b81",
|
|
"observed-data--56e33bcc-6054-4187-8628-42d502de0b81",
|
|
"url--56e33bcc-6054-4187-8628-42d502de0b81",
|
|
"indicator--56e33bcd-6eb0-4c20-887d-480702de0b81",
|
|
"indicator--56e33bcd-d0e4-4f3a-ab1f-40b602de0b81",
|
|
"observed-data--56e33bcd-9360-4ee5-bf66-4abf02de0b81",
|
|
"url--56e33bcd-9360-4ee5-bf66-4abf02de0b81",
|
|
"indicator--56e33bce-9918-4ecd-a3b7-4d4302de0b81",
|
|
"indicator--56e33bce-f7e8-4825-a5f0-422602de0b81",
|
|
"observed-data--56e33bce-f8b0-4302-9c0e-4aa202de0b81",
|
|
"url--56e33bce-f8b0-4302-9c0e-4aa202de0b81",
|
|
"indicator--56e33bcf-f7e0-4b7d-949d-453502de0b81",
|
|
"indicator--56e33bcf-6af0-4f19-b2bd-47e602de0b81",
|
|
"observed-data--56e33bcf-0e40-44b8-8253-42d002de0b81",
|
|
"url--56e33bcf-0e40-44b8-8253-42d002de0b81",
|
|
"indicator--56e33bcf-0b2c-4aa9-bb0f-473902de0b81",
|
|
"indicator--56e33bd0-54b4-4541-ba2e-4c7402de0b81",
|
|
"observed-data--56e33bd0-50cc-4a43-b974-488a02de0b81",
|
|
"url--56e33bd0-50cc-4a43-b974-488a02de0b81",
|
|
"indicator--56e33bd0-f5e8-4462-8fc8-417f02de0b81",
|
|
"indicator--56e33bd1-76b8-493e-bbef-4f0302de0b81",
|
|
"observed-data--56e33bd1-4c5c-4e40-b038-4b5402de0b81",
|
|
"url--56e33bd1-4c5c-4e40-b038-4b5402de0b81",
|
|
"indicator--56e33bd1-cfc0-495a-896c-4d7202de0b81",
|
|
"indicator--56e33bd2-9068-436a-b0d0-4a0a02de0b81",
|
|
"observed-data--56e33bd2-c3fc-4ec0-9a99-42a302de0b81",
|
|
"url--56e33bd2-c3fc-4ec0-9a99-42a302de0b81",
|
|
"indicator--56e33bd2-1f3c-4537-954d-4b1702de0b81",
|
|
"indicator--56e33bd2-1af4-46f4-945d-45bb02de0b81",
|
|
"observed-data--56e33bd3-326c-45c3-accd-443202de0b81",
|
|
"url--56e33bd3-326c-45c3-accd-443202de0b81",
|
|
"indicator--56e33bd3-93ac-43ce-a9db-4ac502de0b81",
|
|
"indicator--56e33bd3-ab28-4c39-9848-47d502de0b81",
|
|
"observed-data--56e33bd4-bc94-4522-b620-43ee02de0b81",
|
|
"url--56e33bd4-bc94-4522-b620-43ee02de0b81",
|
|
"indicator--56e33bd4-88b8-49f5-96c0-4f7302de0b81",
|
|
"indicator--56e33bd4-93d0-458c-a120-4de302de0b81",
|
|
"observed-data--56e33bd4-4cbc-44dc-9f8c-466402de0b81",
|
|
"url--56e33bd4-4cbc-44dc-9f8c-466402de0b81",
|
|
"indicator--56e33bd5-7044-4f5d-a1e3-42dd02de0b81",
|
|
"indicator--56e33bd5-98e8-4569-ae38-48e502de0b81",
|
|
"observed-data--56e33bd5-00b0-40a3-b315-42fd02de0b81",
|
|
"url--56e33bd5-00b0-40a3-b315-42fd02de0b81",
|
|
"indicator--56e33bd5-41e0-4b5b-a8e3-467802de0b81",
|
|
"indicator--56e33bd6-0400-460c-a56c-4a4102de0b81",
|
|
"observed-data--56e33bd6-f7d8-47f9-aeed-48c902de0b81",
|
|
"url--56e33bd6-f7d8-47f9-aeed-48c902de0b81",
|
|
"indicator--56e33bd6-a914-4956-9458-408f02de0b81",
|
|
"indicator--56e33bd7-d3e4-401d-ab9d-4cee02de0b81",
|
|
"observed-data--56e33bd7-7334-4aef-9571-42e902de0b81",
|
|
"url--56e33bd7-7334-4aef-9571-42e902de0b81",
|
|
"indicator--56e33bd7-f8ec-456a-8a0d-489502de0b81",
|
|
"indicator--56e33bd8-89c4-44a5-a501-475302de0b81",
|
|
"observed-data--56e33bd8-686c-476a-a03e-4cc902de0b81",
|
|
"url--56e33bd8-686c-476a-a03e-4cc902de0b81",
|
|
"indicator--56e33bd8-7b4c-482e-8900-40dc02de0b81",
|
|
"indicator--56e33bd8-e440-4449-a1ca-499d02de0b81",
|
|
"observed-data--56e33bd9-0fbc-42ef-810b-4cea02de0b81",
|
|
"url--56e33bd9-0fbc-42ef-810b-4cea02de0b81",
|
|
"indicator--56e33bd9-0530-44bb-a77e-4edf02de0b81",
|
|
"indicator--56e33bd9-b848-485b-adb8-4e4b02de0b81",
|
|
"observed-data--56e33bda-3964-42c9-b6ee-4c0702de0b81",
|
|
"url--56e33bda-3964-42c9-b6ee-4c0702de0b81",
|
|
"indicator--56e33bda-8a04-4d7b-bfcf-470302de0b81",
|
|
"indicator--56e33bda-233c-43f3-b94f-4ed702de0b81",
|
|
"observed-data--56e33bda-9fdc-46df-b022-496d02de0b81",
|
|
"url--56e33bda-9fdc-46df-b022-496d02de0b81",
|
|
"indicator--56e33bdb-36ac-4b35-a031-425502de0b81",
|
|
"indicator--56e33bdb-3398-4d4e-819c-456602de0b81",
|
|
"observed-data--56e33bdb-c97c-44ee-bf29-4f1b02de0b81",
|
|
"url--56e33bdb-c97c-44ee-bf29-4f1b02de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33b4f-7b8c-4453-b571-659a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:40:31.000Z",
|
|
"modified": "2016-03-11T21:40:31.000Z",
|
|
"first_observed": "2016-03-11T21:40:31Z",
|
|
"last_observed": "2016-03-11T21:40:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33b4f-7b8c-4453-b571-659a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33b4f-7b8c-4453-b571-659a950d210f",
|
|
"value": "http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--56e33b5f-eb08-4f7e-9b64-4be1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:40:47.000Z",
|
|
"modified": "2016-03-11T21:40:47.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "The concept of file-less malware is not a new one. Families like Poweliks, which abuse Microsoft\u00e2\u20ac\u2122s PowerShell, have emerged in recent years and have garnered extensive attention due to their ability to compromise a system while leaving little or no trace of their presence to traditional forensic techniques.\r\nSystem administrators have lauded the power and versatility of PowerShell since version 2.0\u00e2\u20ac\u2122s integration into Windows 7. Unfortunately, with such versatility comes the opportunity for abuse, specifically surrounding the capability to write directly into memory of the host OS.\r\nTypically, file-less malware has been observed in the context of Exploit Kits such as Angler. Palo Alto Networks has observed a recent high-threat spam campaign that is serving malicious macro documents used to execute PowerShell scripts which injects malware similar to the Ursnif family directly into memory. We call the malware PowerSniff."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b7f-be28-4eff-8293-438f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:19.000Z",
|
|
"modified": "2016-03-11T21:41:19.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[domain-name:value = 'supratimewest.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b7f-559c-4411-8457-4064950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:19.000Z",
|
|
"modified": "2016-03-11T21:41:19.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[domain-name:value = 'letterinklandoix.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b7f-9b74-4a2e-a169-4f9b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:19.000Z",
|
|
"modified": "2016-03-11T21:41:19.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[domain-name:value = 'supratimewest.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b7f-66b0-4835-b94d-41a8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:19.000Z",
|
|
"modified": "2016-03-11T21:41:19.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[domain-name:value = 'starwoodhotels.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b80-3edc-451d-918f-4aa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:20.000Z",
|
|
"modified": "2016-03-11T21:41:20.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[domain-name:value = 'oklinjgreirestacks.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b80-dff4-479c-a8a1-4dfd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:20.000Z",
|
|
"modified": "2016-03-11T21:41:20.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[domain-name:value = 'www.starwoodhotels.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b80-3858-43ad-9bd1-493f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:20.000Z",
|
|
"modified": "2016-03-11T21:41:20.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[domain-name:value = 'brookmensoklinherz.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b93-8f9c-4dad-886d-4d2f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:39.000Z",
|
|
"modified": "2016-03-11T21:41:39.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a8663becc17e34f85d828f53029ab110f92f635c3dfd94132e5ac87e2f0cdfc3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b93-6738-49c4-b5b8-477e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:39.000Z",
|
|
"modified": "2016-03-11T21:41:39.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '30cd5d32bc3c046cfc584cb8521f5589c4d86a4241d1a9ae6c8e9172aa58ac73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b93-8524-41d1-9a61-4006950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:39.000Z",
|
|
"modified": "2016-03-11T21:41:39.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '0661c68e6c247cd6f638dbcac7914c826a5feee1013e456af2f1f6fd642f4147']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b93-5830-4fc4-acf7-4087950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:39.000Z",
|
|
"modified": "2016-03-11T21:41:39.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f204c10af7cdcc0b57e77b2e521b4b0ac04667ccffce478cb4c3b8b8f18e32a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b94-58e8-4bcf-b8f2-456f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:40.000Z",
|
|
"modified": "2016-03-11T21:41:40.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7e22ea4e06b8fd6698d224ce04b3ef5f00838543cb96fb234e4a8c84bb5fa7b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b94-97b0-42a4-85a3-4b37950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:40.000Z",
|
|
"modified": "2016-03-11T21:41:40.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f45bf212c43d1d30cc00f64b3dcae5c35d4a85cacd9350646f7918a30af1b709']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b94-2ae4-4d89-aa93-4a39950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:40.000Z",
|
|
"modified": "2016-03-11T21:41:40.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1e746ba37c56f7f2422e6e01aa6fde6f019214a1e12475fe54ee5c2cf1b9f083']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b95-0dd4-4252-994a-42d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:41.000Z",
|
|
"modified": "2016-03-11T21:41:41.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '340f82a198aa510159989058f3f62861de74135666c50060491144b7b3ec5a6f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b95-8470-4ce5-a963-4a24950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:41.000Z",
|
|
"modified": "2016-03-11T21:41:41.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '815bd46e66f1d330ed49c6f4a4e570da2ec89bcd665cedf025028a94d7b0cc1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b95-6eb0-4ba8-a200-4484950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:41.000Z",
|
|
"modified": "2016-03-11T21:41:41.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a1770a7671679f13601e75a7cb841fea90c7add78436a0bea875ce50b92afc33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b95-74d8-4fa5-ae74-45e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:41.000Z",
|
|
"modified": "2016-03-11T21:41:41.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '83e305724e9cd020b8f80535c5dd897b2057cee7d2bb48461614a37941e78e3a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b96-bd28-44df-bace-4631950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:42.000Z",
|
|
"modified": "2016-03-11T21:41:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '74ec24b5d08266d86c59718a4a476cfa5d220b7b3c8cc594d4b9efc03e8bee0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b96-3764-4e74-9972-4810950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:42.000Z",
|
|
"modified": "2016-03-11T21:41:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '90a7951683a5a77a21d4a544b76e2e6ee04e357d2f5bfcff01cd6924906adf77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b96-b1e0-47d3-9b24-4861950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:42.000Z",
|
|
"modified": "2016-03-11T21:41:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2c21dafcb4f50cae47d0d4314810226cba3ee4e61811f5c778353c8eac9ba7dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b96-96c0-4cf1-97bb-456a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:42.000Z",
|
|
"modified": "2016-03-11T21:41:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '247511ab6d7d3820b9d345bb899a7827ce62c9dd27c538c75a73f5beba6c6018']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b97-d6ac-48b7-b596-4cf9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:43.000Z",
|
|
"modified": "2016-03-11T21:41:43.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '708374a4dfaaa8e44ee217ca5946511cacec55da5eabb0feb1df321753258782']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b97-8244-45dd-ae15-4916950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:43.000Z",
|
|
"modified": "2016-03-11T21:41:43.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '136379754edd05c20d5162aed7e10774a95657f69d4f9a5de17a8059c9018aa6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33b97-8ed4-48de-b8dd-419c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:41:43.000Z",
|
|
"modified": "2016-03-11T21:41:43.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '5d215ef3affe320efe4f5034513697675de40ba8878ca82e80b07ad1b8d61ed8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:41:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bcc-13d8-49c2-b134-48bd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:36.000Z",
|
|
"modified": "2016-03-11T21:42:36.000Z",
|
|
"description": "- Xchecked via VT: 5d215ef3affe320efe4f5034513697675de40ba8878ca82e80b07ad1b8d61ed8",
|
|
"pattern": "[file:hashes.SHA1 = '7f7f97a72fdb58289d8a432195f0c9697fd7ab3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bcc-0504-472b-961e-458202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:36.000Z",
|
|
"modified": "2016-03-11T21:42:36.000Z",
|
|
"description": "- Xchecked via VT: 5d215ef3affe320efe4f5034513697675de40ba8878ca82e80b07ad1b8d61ed8",
|
|
"pattern": "[file:hashes.MD5 = '727ea9ce8cb583c450a3771cd0fabd23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bcc-6054-4187-8628-42d502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:36.000Z",
|
|
"modified": "2016-03-11T21:42:36.000Z",
|
|
"first_observed": "2016-03-11T21:42:36Z",
|
|
"last_observed": "2016-03-11T21:42:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bcc-6054-4187-8628-42d502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bcc-6054-4187-8628-42d502de0b81",
|
|
"value": "https://www.virustotal.com/file/5d215ef3affe320efe4f5034513697675de40ba8878ca82e80b07ad1b8d61ed8/analysis/1457561699/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bcd-6eb0-4c20-887d-480702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:37.000Z",
|
|
"modified": "2016-03-11T21:42:37.000Z",
|
|
"description": "- Xchecked via VT: 136379754edd05c20d5162aed7e10774a95657f69d4f9a5de17a8059c9018aa6",
|
|
"pattern": "[file:hashes.SHA1 = '2d29404de2f8ec13407bf5688a22466ff38f8a85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bcd-d0e4-4f3a-ab1f-40b602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:37.000Z",
|
|
"modified": "2016-03-11T21:42:37.000Z",
|
|
"description": "- Xchecked via VT: 136379754edd05c20d5162aed7e10774a95657f69d4f9a5de17a8059c9018aa6",
|
|
"pattern": "[file:hashes.MD5 = '256f96d2b31a781888b43f5f68b10b83']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bcd-9360-4ee5-bf66-4abf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:37.000Z",
|
|
"modified": "2016-03-11T21:42:37.000Z",
|
|
"first_observed": "2016-03-11T21:42:37Z",
|
|
"last_observed": "2016-03-11T21:42:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bcd-9360-4ee5-bf66-4abf02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bcd-9360-4ee5-bf66-4abf02de0b81",
|
|
"value": "https://www.virustotal.com/file/136379754edd05c20d5162aed7e10774a95657f69d4f9a5de17a8059c9018aa6/analysis/1457567038/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bce-9918-4ecd-a3b7-4d4302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:38.000Z",
|
|
"modified": "2016-03-11T21:42:38.000Z",
|
|
"description": "- Xchecked via VT: 708374a4dfaaa8e44ee217ca5946511cacec55da5eabb0feb1df321753258782",
|
|
"pattern": "[file:hashes.SHA1 = 'c5695bf806b99626aa1447fca10bc69d7feabe1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bce-f7e8-4825-a5f0-422602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:38.000Z",
|
|
"modified": "2016-03-11T21:42:38.000Z",
|
|
"description": "- Xchecked via VT: 708374a4dfaaa8e44ee217ca5946511cacec55da5eabb0feb1df321753258782",
|
|
"pattern": "[file:hashes.MD5 = 'd31055bf1b227b4e715272138dfeec12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bce-f8b0-4302-9c0e-4aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:38.000Z",
|
|
"modified": "2016-03-11T21:42:38.000Z",
|
|
"first_observed": "2016-03-11T21:42:38Z",
|
|
"last_observed": "2016-03-11T21:42:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bce-f8b0-4302-9c0e-4aa202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bce-f8b0-4302-9c0e-4aa202de0b81",
|
|
"value": "https://www.virustotal.com/file/708374a4dfaaa8e44ee217ca5946511cacec55da5eabb0feb1df321753258782/analysis/1457605003/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bcf-f7e0-4b7d-949d-453502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:39.000Z",
|
|
"modified": "2016-03-11T21:42:39.000Z",
|
|
"description": "- Xchecked via VT: 247511ab6d7d3820b9d345bb899a7827ce62c9dd27c538c75a73f5beba6c6018",
|
|
"pattern": "[file:hashes.SHA1 = '1ded5a01f4585d7b7c1a3f4739587b0bd57ec579']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bcf-6af0-4f19-b2bd-47e602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:39.000Z",
|
|
"modified": "2016-03-11T21:42:39.000Z",
|
|
"description": "- Xchecked via VT: 247511ab6d7d3820b9d345bb899a7827ce62c9dd27c538c75a73f5beba6c6018",
|
|
"pattern": "[file:hashes.MD5 = '62967bf585eef49f065bac233b506b36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bcf-0e40-44b8-8253-42d002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:39.000Z",
|
|
"modified": "2016-03-11T21:42:39.000Z",
|
|
"first_observed": "2016-03-11T21:42:39Z",
|
|
"last_observed": "2016-03-11T21:42:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bcf-0e40-44b8-8253-42d002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bcf-0e40-44b8-8253-42d002de0b81",
|
|
"value": "https://www.virustotal.com/file/247511ab6d7d3820b9d345bb899a7827ce62c9dd27c538c75a73f5beba6c6018/analysis/1457720794/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bcf-0b2c-4aa9-bb0f-473902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:39.000Z",
|
|
"modified": "2016-03-11T21:42:39.000Z",
|
|
"description": "- Xchecked via VT: 2c21dafcb4f50cae47d0d4314810226cba3ee4e61811f5c778353c8eac9ba7dc",
|
|
"pattern": "[file:hashes.SHA1 = '176554e8c0beca2a44ce8c1dbda904eaf93edb25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd0-54b4-4541-ba2e-4c7402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:40.000Z",
|
|
"modified": "2016-03-11T21:42:40.000Z",
|
|
"description": "- Xchecked via VT: 2c21dafcb4f50cae47d0d4314810226cba3ee4e61811f5c778353c8eac9ba7dc",
|
|
"pattern": "[file:hashes.MD5 = 'f0483b9cfb8deb7ff97962b30fc779ad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd0-50cc-4a43-b974-488a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:40.000Z",
|
|
"modified": "2016-03-11T21:42:40.000Z",
|
|
"first_observed": "2016-03-11T21:42:40Z",
|
|
"last_observed": "2016-03-11T21:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd0-50cc-4a43-b974-488a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd0-50cc-4a43-b974-488a02de0b81",
|
|
"value": "https://www.virustotal.com/file/2c21dafcb4f50cae47d0d4314810226cba3ee4e61811f5c778353c8eac9ba7dc/analysis/1457724250/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd0-f5e8-4462-8fc8-417f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:40.000Z",
|
|
"modified": "2016-03-11T21:42:40.000Z",
|
|
"description": "- Xchecked via VT: 90a7951683a5a77a21d4a544b76e2e6ee04e357d2f5bfcff01cd6924906adf77",
|
|
"pattern": "[file:hashes.SHA1 = '2d01b2bdbbdc5f721d88e1ed1169858c5c5805ce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd1-76b8-493e-bbef-4f0302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:41.000Z",
|
|
"modified": "2016-03-11T21:42:41.000Z",
|
|
"description": "- Xchecked via VT: 90a7951683a5a77a21d4a544b76e2e6ee04e357d2f5bfcff01cd6924906adf77",
|
|
"pattern": "[file:hashes.MD5 = '667f2bffa3723d003ff7fffa0d6fc5d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd1-4c5c-4e40-b038-4b5402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:41.000Z",
|
|
"modified": "2016-03-11T21:42:41.000Z",
|
|
"first_observed": "2016-03-11T21:42:41Z",
|
|
"last_observed": "2016-03-11T21:42:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd1-4c5c-4e40-b038-4b5402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd1-4c5c-4e40-b038-4b5402de0b81",
|
|
"value": "https://www.virustotal.com/file/90a7951683a5a77a21d4a544b76e2e6ee04e357d2f5bfcff01cd6924906adf77/analysis/1457729711/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd1-cfc0-495a-896c-4d7202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:41.000Z",
|
|
"modified": "2016-03-11T21:42:41.000Z",
|
|
"description": "- Xchecked via VT: 74ec24b5d08266d86c59718a4a476cfa5d220b7b3c8cc594d4b9efc03e8bee0d",
|
|
"pattern": "[file:hashes.SHA1 = '5d1f7ecbd36b10e03362c820826e271a01660242']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd2-9068-436a-b0d0-4a0a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:42.000Z",
|
|
"modified": "2016-03-11T21:42:42.000Z",
|
|
"description": "- Xchecked via VT: 74ec24b5d08266d86c59718a4a476cfa5d220b7b3c8cc594d4b9efc03e8bee0d",
|
|
"pattern": "[file:hashes.MD5 = 'fba6b329876533f28d317e60fe53c8d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd2-c3fc-4ec0-9a99-42a302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:42.000Z",
|
|
"modified": "2016-03-11T21:42:42.000Z",
|
|
"first_observed": "2016-03-11T21:42:42Z",
|
|
"last_observed": "2016-03-11T21:42:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd2-c3fc-4ec0-9a99-42a302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd2-c3fc-4ec0-9a99-42a302de0b81",
|
|
"value": "https://www.virustotal.com/file/74ec24b5d08266d86c59718a4a476cfa5d220b7b3c8cc594d4b9efc03e8bee0d/analysis/1457619249/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd2-1f3c-4537-954d-4b1702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:42.000Z",
|
|
"modified": "2016-03-11T21:42:42.000Z",
|
|
"description": "- Xchecked via VT: 83e305724e9cd020b8f80535c5dd897b2057cee7d2bb48461614a37941e78e3a",
|
|
"pattern": "[file:hashes.SHA1 = 'ee5e313b6c6f40ff13101d7c69843b0a693cd101']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd2-1af4-46f4-945d-45bb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:42.000Z",
|
|
"modified": "2016-03-11T21:42:42.000Z",
|
|
"description": "- Xchecked via VT: 83e305724e9cd020b8f80535c5dd897b2057cee7d2bb48461614a37941e78e3a",
|
|
"pattern": "[file:hashes.MD5 = '88506544fc62464cf92a0ae2b12557e5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd3-326c-45c3-accd-443202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:43.000Z",
|
|
"modified": "2016-03-11T21:42:43.000Z",
|
|
"first_observed": "2016-03-11T21:42:43Z",
|
|
"last_observed": "2016-03-11T21:42:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd3-326c-45c3-accd-443202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd3-326c-45c3-accd-443202de0b81",
|
|
"value": "https://www.virustotal.com/file/83e305724e9cd020b8f80535c5dd897b2057cee7d2bb48461614a37941e78e3a/analysis/1457715410/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd3-93ac-43ce-a9db-4ac502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:43.000Z",
|
|
"modified": "2016-03-11T21:42:43.000Z",
|
|
"description": "- Xchecked via VT: a1770a7671679f13601e75a7cb841fea90c7add78436a0bea875ce50b92afc33",
|
|
"pattern": "[file:hashes.SHA1 = '5b833bcafed4fb90518aa3e77e4cfb5f6ebfd567']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd3-ab28-4c39-9848-47d502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:43.000Z",
|
|
"modified": "2016-03-11T21:42:43.000Z",
|
|
"description": "- Xchecked via VT: a1770a7671679f13601e75a7cb841fea90c7add78436a0bea875ce50b92afc33",
|
|
"pattern": "[file:hashes.MD5 = '654948fda9ce97a5b9fd42af1c1f2434']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd4-bc94-4522-b620-43ee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:44.000Z",
|
|
"modified": "2016-03-11T21:42:44.000Z",
|
|
"first_observed": "2016-03-11T21:42:44Z",
|
|
"last_observed": "2016-03-11T21:42:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd4-bc94-4522-b620-43ee02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd4-bc94-4522-b620-43ee02de0b81",
|
|
"value": "https://www.virustotal.com/file/a1770a7671679f13601e75a7cb841fea90c7add78436a0bea875ce50b92afc33/analysis/1457719230/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd4-88b8-49f5-96c0-4f7302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:44.000Z",
|
|
"modified": "2016-03-11T21:42:44.000Z",
|
|
"description": "- Xchecked via VT: 815bd46e66f1d330ed49c6f4a4e570da2ec89bcd665cedf025028a94d7b0cc1e",
|
|
"pattern": "[file:hashes.SHA1 = 'bb9e57c9f1a75c95d46f7879b65ba0484854cc12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd4-93d0-458c-a120-4de302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:44.000Z",
|
|
"modified": "2016-03-11T21:42:44.000Z",
|
|
"description": "- Xchecked via VT: 815bd46e66f1d330ed49c6f4a4e570da2ec89bcd665cedf025028a94d7b0cc1e",
|
|
"pattern": "[file:hashes.MD5 = 'dabbe915b785db82d3276d47feac0180']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd4-4cbc-44dc-9f8c-466402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:44.000Z",
|
|
"modified": "2016-03-11T21:42:44.000Z",
|
|
"first_observed": "2016-03-11T21:42:44Z",
|
|
"last_observed": "2016-03-11T21:42:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd4-4cbc-44dc-9f8c-466402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd4-4cbc-44dc-9f8c-466402de0b81",
|
|
"value": "https://www.virustotal.com/file/815bd46e66f1d330ed49c6f4a4e570da2ec89bcd665cedf025028a94d7b0cc1e/analysis/1457721069/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd5-7044-4f5d-a1e3-42dd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:45.000Z",
|
|
"modified": "2016-03-11T21:42:45.000Z",
|
|
"description": "- Xchecked via VT: 340f82a198aa510159989058f3f62861de74135666c50060491144b7b3ec5a6f",
|
|
"pattern": "[file:hashes.SHA1 = '1ff3f591e07b2bfc51b3a51b07bc9ed41b11459e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd5-98e8-4569-ae38-48e502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:45.000Z",
|
|
"modified": "2016-03-11T21:42:45.000Z",
|
|
"description": "- Xchecked via VT: 340f82a198aa510159989058f3f62861de74135666c50060491144b7b3ec5a6f",
|
|
"pattern": "[file:hashes.MD5 = '54e5be141a385f40505c99212bcb361e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd5-00b0-40a3-b315-42fd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:45.000Z",
|
|
"modified": "2016-03-11T21:42:45.000Z",
|
|
"first_observed": "2016-03-11T21:42:45Z",
|
|
"last_observed": "2016-03-11T21:42:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd5-00b0-40a3-b315-42fd02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd5-00b0-40a3-b315-42fd02de0b81",
|
|
"value": "https://www.virustotal.com/file/340f82a198aa510159989058f3f62861de74135666c50060491144b7b3ec5a6f/analysis/1457728626/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd5-41e0-4b5b-a8e3-467802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:45.000Z",
|
|
"modified": "2016-03-11T21:42:45.000Z",
|
|
"description": "- Xchecked via VT: 1e746ba37c56f7f2422e6e01aa6fde6f019214a1e12475fe54ee5c2cf1b9f083",
|
|
"pattern": "[file:hashes.SHA1 = 'd9382f4562ab67f65279407f482369366bb10079']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd6-0400-460c-a56c-4a4102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:46.000Z",
|
|
"modified": "2016-03-11T21:42:46.000Z",
|
|
"description": "- Xchecked via VT: 1e746ba37c56f7f2422e6e01aa6fde6f019214a1e12475fe54ee5c2cf1b9f083",
|
|
"pattern": "[file:hashes.MD5 = '12dadc25957270ac3717a9b8afc268b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd6-f7d8-47f9-aeed-48c902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:46.000Z",
|
|
"modified": "2016-03-11T21:42:46.000Z",
|
|
"first_observed": "2016-03-11T21:42:46Z",
|
|
"last_observed": "2016-03-11T21:42:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd6-f7d8-47f9-aeed-48c902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd6-f7d8-47f9-aeed-48c902de0b81",
|
|
"value": "https://www.virustotal.com/file/1e746ba37c56f7f2422e6e01aa6fde6f019214a1e12475fe54ee5c2cf1b9f083/analysis/1457729262/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd6-a914-4956-9458-408f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:46.000Z",
|
|
"modified": "2016-03-11T21:42:46.000Z",
|
|
"description": "- Xchecked via VT: f45bf212c43d1d30cc00f64b3dcae5c35d4a85cacd9350646f7918a30af1b709",
|
|
"pattern": "[file:hashes.SHA1 = 'b00be07b9e4c1577ddb999616268b2a43ac438db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd7-d3e4-401d-ab9d-4cee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:47.000Z",
|
|
"modified": "2016-03-11T21:42:47.000Z",
|
|
"description": "- Xchecked via VT: f45bf212c43d1d30cc00f64b3dcae5c35d4a85cacd9350646f7918a30af1b709",
|
|
"pattern": "[file:hashes.MD5 = '2f021e0ee94d7d21df12968fffd7ea51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd7-7334-4aef-9571-42e902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:47.000Z",
|
|
"modified": "2016-03-11T21:42:47.000Z",
|
|
"first_observed": "2016-03-11T21:42:47Z",
|
|
"last_observed": "2016-03-11T21:42:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd7-7334-4aef-9571-42e902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd7-7334-4aef-9571-42e902de0b81",
|
|
"value": "https://www.virustotal.com/file/f45bf212c43d1d30cc00f64b3dcae5c35d4a85cacd9350646f7918a30af1b709/analysis/1457708110/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd7-f8ec-456a-8a0d-489502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:47.000Z",
|
|
"modified": "2016-03-11T21:42:47.000Z",
|
|
"description": "- Xchecked via VT: 7e22ea4e06b8fd6698d224ce04b3ef5f00838543cb96fb234e4a8c84bb5fa7b3",
|
|
"pattern": "[file:hashes.SHA1 = '853beb83895202312e5befe4c0c783fe923f1059']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd8-89c4-44a5-a501-475302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:48.000Z",
|
|
"modified": "2016-03-11T21:42:48.000Z",
|
|
"description": "- Xchecked via VT: 7e22ea4e06b8fd6698d224ce04b3ef5f00838543cb96fb234e4a8c84bb5fa7b3",
|
|
"pattern": "[file:hashes.MD5 = '9e85fee4dd9fbc26878f5c43aee23b0e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd8-686c-476a-a03e-4cc902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:48.000Z",
|
|
"modified": "2016-03-11T21:42:48.000Z",
|
|
"first_observed": "2016-03-11T21:42:48Z",
|
|
"last_observed": "2016-03-11T21:42:48Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd8-686c-476a-a03e-4cc902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd8-686c-476a-a03e-4cc902de0b81",
|
|
"value": "https://www.virustotal.com/file/7e22ea4e06b8fd6698d224ce04b3ef5f00838543cb96fb234e4a8c84bb5fa7b3/analysis/1457711295/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd8-7b4c-482e-8900-40dc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:48.000Z",
|
|
"modified": "2016-03-11T21:42:48.000Z",
|
|
"description": "- Xchecked via VT: f204c10af7cdcc0b57e77b2e521b4b0ac04667ccffce478cb4c3b8b8f18e32a2",
|
|
"pattern": "[file:hashes.SHA1 = '5690f3a0dbf44c24e8a37bf108af931501882440']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd8-e440-4449-a1ca-499d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:48.000Z",
|
|
"modified": "2016-03-11T21:42:48.000Z",
|
|
"description": "- Xchecked via VT: f204c10af7cdcc0b57e77b2e521b4b0ac04667ccffce478cb4c3b8b8f18e32a2",
|
|
"pattern": "[file:hashes.MD5 = '7b90942b853c1e39814c40accc6d4ccc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bd9-0fbc-42ef-810b-4cea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:49.000Z",
|
|
"modified": "2016-03-11T21:42:49.000Z",
|
|
"first_observed": "2016-03-11T21:42:49Z",
|
|
"last_observed": "2016-03-11T21:42:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bd9-0fbc-42ef-810b-4cea02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bd9-0fbc-42ef-810b-4cea02de0b81",
|
|
"value": "https://www.virustotal.com/file/f204c10af7cdcc0b57e77b2e521b4b0ac04667ccffce478cb4c3b8b8f18e32a2/analysis/1457725859/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd9-0530-44bb-a77e-4edf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:49.000Z",
|
|
"modified": "2016-03-11T21:42:49.000Z",
|
|
"description": "- Xchecked via VT: 0661c68e6c247cd6f638dbcac7914c826a5feee1013e456af2f1f6fd642f4147",
|
|
"pattern": "[file:hashes.SHA1 = '1b277e4104d3a7b865b5ce2a756ea89b61e8f0f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bd9-b848-485b-adb8-4e4b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:49.000Z",
|
|
"modified": "2016-03-11T21:42:49.000Z",
|
|
"description": "- Xchecked via VT: 0661c68e6c247cd6f638dbcac7914c826a5feee1013e456af2f1f6fd642f4147",
|
|
"pattern": "[file:hashes.MD5 = '212522417b4c4009708c08dd0f62f15c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bda-3964-42c9-b6ee-4c0702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:49.000Z",
|
|
"modified": "2016-03-11T21:42:49.000Z",
|
|
"first_observed": "2016-03-11T21:42:49Z",
|
|
"last_observed": "2016-03-11T21:42:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bda-3964-42c9-b6ee-4c0702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bda-3964-42c9-b6ee-4c0702de0b81",
|
|
"value": "https://www.virustotal.com/file/0661c68e6c247cd6f638dbcac7914c826a5feee1013e456af2f1f6fd642f4147/analysis/1457721291/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bda-8a04-4d7b-bfcf-470302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:50.000Z",
|
|
"modified": "2016-03-11T21:42:50.000Z",
|
|
"description": "- Xchecked via VT: 30cd5d32bc3c046cfc584cb8521f5589c4d86a4241d1a9ae6c8e9172aa58ac73",
|
|
"pattern": "[file:hashes.SHA1 = 'ab41e6c634c601d22183d2bd8a88fa0456a42a30']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bda-233c-43f3-b94f-4ed702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:50.000Z",
|
|
"modified": "2016-03-11T21:42:50.000Z",
|
|
"description": "- Xchecked via VT: 30cd5d32bc3c046cfc584cb8521f5589c4d86a4241d1a9ae6c8e9172aa58ac73",
|
|
"pattern": "[file:hashes.MD5 = 'c52ec3aba54aaf48e144035e83d99938']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bda-9fdc-46df-b022-496d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:50.000Z",
|
|
"modified": "2016-03-11T21:42:50.000Z",
|
|
"first_observed": "2016-03-11T21:42:50Z",
|
|
"last_observed": "2016-03-11T21:42:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bda-9fdc-46df-b022-496d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bda-9fdc-46df-b022-496d02de0b81",
|
|
"value": "https://www.virustotal.com/file/30cd5d32bc3c046cfc584cb8521f5589c4d86a4241d1a9ae6c8e9172aa58ac73/analysis/1457730528/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bdb-36ac-4b35-a031-425502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:51.000Z",
|
|
"modified": "2016-03-11T21:42:51.000Z",
|
|
"description": "- Xchecked via VT: a8663becc17e34f85d828f53029ab110f92f635c3dfd94132e5ac87e2f0cdfc3",
|
|
"pattern": "[file:hashes.SHA1 = 'ba65f229bf9f7ec3cb8cd9dbb8416ae22df518b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56e33bdb-3398-4d4e-819c-456602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:51.000Z",
|
|
"modified": "2016-03-11T21:42:51.000Z",
|
|
"description": "- Xchecked via VT: a8663becc17e34f85d828f53029ab110f92f635c3dfd94132e5ac87e2f0cdfc3",
|
|
"pattern": "[file:hashes.MD5 = '881fcbf71e02d46f90b5e359ac93ca8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-11T21:42:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56e33bdb-c97c-44ee-bf29-4f1b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-11T21:42:51.000Z",
|
|
"modified": "2016-03-11T21:42:51.000Z",
|
|
"first_observed": "2016-03-11T21:42:51Z",
|
|
"last_observed": "2016-03-11T21:42:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56e33bdb-c97c-44ee-bf29-4f1b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56e33bdb-c97c-44ee-bf29-4f1b02de0b81",
|
|
"value": "https://www.virustotal.com/file/a8663becc17e34f85d828f53029ab110f92f635c3dfd94132e5ac87e2f0cdfc3/analysis/1457725715/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |