1082 lines
No EOL
45 KiB
JSON
1082 lines
No EOL
45 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5720bf21-9d4c-40b2-9088-45e6950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-28T07:37:12.000Z",
|
|
"modified": "2016-04-28T07:37:12.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5720bf21-9d4c-40b2-9088-45e6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-28T07:37:12.000Z",
|
|
"modified": "2016-04-28T07:37:12.000Z",
|
|
"name": "OSINT - New Downloader for Locky",
|
|
"published": "2016-05-07T05:15:16Z",
|
|
"object_refs": [
|
|
"observed-data--5720bf30-342c-46e3-bbdd-49d2950d210f",
|
|
"url--5720bf30-342c-46e3-bbdd-49d2950d210f",
|
|
"x-misp-attribute--5720bf3e-32fc-4d28-9a3a-45cc950d210f",
|
|
"observed-data--5720bf9e-b3fc-42ce-a32f-4d83950d210f",
|
|
"email-message--5720bf9e-b3fc-42ce-a32f-4d83950d210f",
|
|
"observed-data--5720bfb2-7df0-4ffe-af65-472b950d210f",
|
|
"email-message--5720bfb2-7df0-4ffe-af65-472b950d210f",
|
|
"file--5720bfb2-7df0-4ffe-af65-472b950d210f",
|
|
"indicator--5720bfc6-86bc-4717-b4b8-4d86950d210f",
|
|
"indicator--5720c036-f4b8-497c-ad91-45dc950d210f",
|
|
"indicator--5720c036-f710-4da1-8d4c-4a7c950d210f",
|
|
"indicator--5720c04c-a8bc-451d-9fe4-4e48950d210f",
|
|
"indicator--5720c04c-3a88-4a9e-b201-4d39950d210f",
|
|
"indicator--5720c04d-1d90-42ff-a0ef-4908950d210f",
|
|
"indicator--5720c04d-54fc-4671-9e61-4f48950d210f",
|
|
"indicator--5720c04d-3fc0-4c67-9c91-47a8950d210f",
|
|
"indicator--5720c0fc-b0d8-4fe9-bcc8-41b4950d210f",
|
|
"indicator--5720c0fd-a6a4-46e2-9458-4a9c950d210f",
|
|
"indicator--5720c0fd-5da4-4b5f-95ea-4aeb950d210f",
|
|
"indicator--5720c0fd-4d60-4474-b651-40ce950d210f",
|
|
"indicator--5720c0fe-dd94-46d5-a54a-4777950d210f",
|
|
"indicator--5720c0fe-8dcc-4d81-8b03-4f6c950d210f",
|
|
"indicator--5720d993-f430-46d3-8fa5-0fab02de0b81",
|
|
"indicator--5720d994-4600-4933-8dd4-0fab02de0b81",
|
|
"observed-data--5720d994-7ca4-455e-9f2e-0fab02de0b81",
|
|
"url--5720d994-7ca4-455e-9f2e-0fab02de0b81",
|
|
"indicator--5720d995-11b0-43a0-b5cc-0fab02de0b81",
|
|
"indicator--5720d995-8004-4dda-a959-0fab02de0b81",
|
|
"observed-data--5720d995-3140-46e7-b65a-0fab02de0b81",
|
|
"url--5720d995-3140-46e7-b65a-0fab02de0b81",
|
|
"indicator--5720d996-dce4-4184-ad02-0fab02de0b81",
|
|
"indicator--5720d996-99a0-4376-a595-0fab02de0b81",
|
|
"observed-data--5720d997-a6e8-44a7-b706-0fab02de0b81",
|
|
"url--5720d997-a6e8-44a7-b706-0fab02de0b81",
|
|
"indicator--5720d997-6b7c-4b03-a65b-0fab02de0b81",
|
|
"indicator--5720d998-7e78-4485-91c8-0fab02de0b81",
|
|
"observed-data--5720d998-f688-4bcc-88e6-0fab02de0b81",
|
|
"url--5720d998-f688-4bcc-88e6-0fab02de0b81",
|
|
"indicator--5720d998-d3b0-4521-ae7a-0fab02de0b81",
|
|
"indicator--5720d999-bb0c-4cf0-893b-0fab02de0b81",
|
|
"observed-data--5720d999-1650-4442-aca5-0fab02de0b81",
|
|
"url--5720d999-1650-4442-aca5-0fab02de0b81",
|
|
"indicator--5720d99a-15e8-4e7a-9fe5-0fab02de0b81",
|
|
"indicator--5720d99b-5644-4574-9a56-0fab02de0b81",
|
|
"observed-data--5720d99b-82fc-49a4-9701-0fab02de0b81",
|
|
"url--5720d99b-82fc-49a4-9701-0fab02de0b81",
|
|
"indicator--5721bda7-9dfc-4984-b012-4e32950d210f",
|
|
"indicator--5721bda6-8408-401a-96fe-40f3950d210f",
|
|
"indicator--5721bda5-90e4-460c-b362-4667950d210f",
|
|
"indicator--5721bda6-4520-4e2d-9136-4bd3950d210f",
|
|
"indicator--5721bda7-d424-4f46-8138-4133950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"ecsirt:malicious-code=\"ransomware\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5720bf30-342c-46e3-bbdd-49d2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:31:28.000Z",
|
|
"modified": "2016-04-27T13:31:28.000Z",
|
|
"first_observed": "2016-04-27T13:31:28Z",
|
|
"last_observed": "2016-04-27T13:31:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5720bf30-342c-46e3-bbdd-49d2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5720bf30-342c-46e3-bbdd-49d2950d210f",
|
|
"value": "https://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5720bf3e-32fc-4d28-9a3a-45cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:31:42.000Z",
|
|
"modified": "2016-04-27T13:31:42.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Through DTI Intelligence analysis, We have been observing Locky malware rise to fame recently. Locky is ransomware that is aggressively distributed via downloaders attached in spam emails, and it may have surpassed the Dridex banking trojan in popularity. In previous campaigns, the ransomware was downloaded by a macro-based downloader or a JavaScript downloader. However, in April 2016, FireEye Labs observed a new development in the way this ransomware is downloaded onto a compromised system."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5720bf9e-b3fc-42ce-a32f-4d83950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:33:18.000Z",
|
|
"modified": "2016-04-27T13:33:18.000Z",
|
|
"first_observed": "2016-04-27T13:33:18Z",
|
|
"last_observed": "2016-04-27T13:33:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"email-message--5720bf9e-b3fc-42ce-a32f-4d83950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"email-subject\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "email-message",
|
|
"spec_version": "2.1",
|
|
"id": "email-message--5720bf9e-b3fc-42ce-a32f-4d83950d210f",
|
|
"is_multipart": false,
|
|
"subject": "Photos"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5720bfb2-7df0-4ffe-af65-472b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:33:38.000Z",
|
|
"modified": "2016-04-27T13:33:38.000Z",
|
|
"first_observed": "2016-04-27T13:33:38Z",
|
|
"last_observed": "2016-04-27T13:33:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"email-message--5720bfb2-7df0-4ffe-af65-472b950d210f",
|
|
"file--5720bfb2-7df0-4ffe-af65-472b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"email-attachment\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "email-message",
|
|
"spec_version": "2.1",
|
|
"id": "email-message--5720bfb2-7df0-4ffe-af65-472b950d210f",
|
|
"is_multipart": true,
|
|
"body_multipart": [
|
|
{
|
|
"body_raw_ref": "file--5720bfb2-7df0-4ffe-af65-472b950d210f",
|
|
"content_disposition": "attachment; filename='Photos.zip'"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5720bfb2-7df0-4ffe-af65-472b950d210f",
|
|
"name": "Photos.zip"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720bfc6-86bc-4717-b4b8-4d86950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:33:58.000Z",
|
|
"modified": "2016-04-27T13:33:58.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://mrsweeter.ru/87h78rf33g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:33:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c036-f4b8-497c-ad91-45dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:35:50.000Z",
|
|
"modified": "2016-04-27T13:35:50.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.SHA256 = '7b45833d87d8bd38c44cbaeece65dbbd04e12b8c1ef81a383cf7f0fce9832660']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:35:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c036-f710-4da1-8d4c-4a7c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:35:50.000Z",
|
|
"modified": "2016-04-27T13:35:50.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.SHA256 = '9a0788ba4e0666e082e18d61fad0fa9d985e1c3223f910a50ec3834ba44cce10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:35:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c04c-a8bc-451d-9fe4-4e48950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:36:12.000Z",
|
|
"modified": "2016-04-27T13:36:12.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'b0ca8c5881c1d27684c23db7a88d11e1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:36:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c04c-3a88-4a9e-b201-4d39950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:36:12.000Z",
|
|
"modified": "2016-04-27T13:36:12.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'c5ad81d8d986c92f90d0462bc06ac9c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:36:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c04d-1d90-42ff-a0ef-4908950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:36:13.000Z",
|
|
"modified": "2016-04-27T13:36:13.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'ebf1f8951ec79f2e6bf40e6981c7dbfc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:36:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c04d-54fc-4671-9e61-4f48950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:36:13.000Z",
|
|
"modified": "2016-04-27T13:36:13.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.SHA256 = '357c162a35c3623d1a1791c18e9f56e72bcd76f6ef9f4cbcf5952f62b9bc8a08']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:36:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c04d-3fc0-4c67-9c91-47a8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:36:13.000Z",
|
|
"modified": "2016-04-27T13:36:13.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'c325dcf4c6c1e2b62a7c5b1245985083']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:36:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c0fc-b0d8-4fe9-bcc8-41b4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:39:08.000Z",
|
|
"modified": "2016-04-27T13:39:08.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://185.130.7.22/files/sBpFSa.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:39:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c0fd-a6a4-46e2-9458-4a9c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:39:09.000Z",
|
|
"modified": "2016-04-27T13:39:09.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://185.130.7.22/files/WRwe3X.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:39:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c0fd-5da4-4b5f-95ea-4aeb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:39:09.000Z",
|
|
"modified": "2016-04-27T13:39:09.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://slater.chat.ru/gvtg77996']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:39:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c0fd-4d60-4474-b651-40ce950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:39:09.000Z",
|
|
"modified": "2016-04-27T13:39:09.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://hundeschulegoerg.de/gvtg77996']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:39:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c0fe-dd94-46d5-a54a-4777950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:39:10.000Z",
|
|
"modified": "2016-04-27T13:39:10.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://buhjolk.at/files/dIseJh.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:39:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720c0fe-8dcc-4d81-8b03-4f6c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T13:39:10.000Z",
|
|
"modified": "2016-04-27T13:39:10.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://buhjolk.at/files/aY5TFn.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T13:39:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d993-f430-46d3-8fa5-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:03.000Z",
|
|
"modified": "2016-04-27T15:24:03.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 9a0788ba4e0666e082e18d61fad0fa9d985e1c3223f910a50ec3834ba44cce10",
|
|
"pattern": "[file:hashes.SHA1 = '39ad2102512f2d3b30e038354289b5b734d0d33f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d994-4600-4933-8dd4-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:04.000Z",
|
|
"modified": "2016-04-27T15:24:04.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 9a0788ba4e0666e082e18d61fad0fa9d985e1c3223f910a50ec3834ba44cce10",
|
|
"pattern": "[file:hashes.MD5 = '4df0079da5e37378b15bacc9e0631c33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5720d994-7ca4-455e-9f2e-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:04.000Z",
|
|
"modified": "2016-04-27T15:24:04.000Z",
|
|
"first_observed": "2016-04-27T15:24:04Z",
|
|
"last_observed": "2016-04-27T15:24:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5720d994-7ca4-455e-9f2e-0fab02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5720d994-7ca4-455e-9f2e-0fab02de0b81",
|
|
"value": "https://www.virustotal.com/file/9a0788ba4e0666e082e18d61fad0fa9d985e1c3223f910a50ec3834ba44cce10/analysis/1460046851/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d995-11b0-43a0-b5cc-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:05.000Z",
|
|
"modified": "2016-04-27T15:24:05.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 7b45833d87d8bd38c44cbaeece65dbbd04e12b8c1ef81a383cf7f0fce9832660",
|
|
"pattern": "[file:hashes.SHA1 = '626d2953e329debdd9ad3feda65341413094fed6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d995-8004-4dda-a959-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:05.000Z",
|
|
"modified": "2016-04-27T15:24:05.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 7b45833d87d8bd38c44cbaeece65dbbd04e12b8c1ef81a383cf7f0fce9832660",
|
|
"pattern": "[file:hashes.MD5 = '829653e8f2a9453b440ca11975c9aaa0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5720d995-3140-46e7-b65a-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:05.000Z",
|
|
"modified": "2016-04-27T15:24:05.000Z",
|
|
"first_observed": "2016-04-27T15:24:05Z",
|
|
"last_observed": "2016-04-27T15:24:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5720d995-3140-46e7-b65a-0fab02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5720d995-3140-46e7-b65a-0fab02de0b81",
|
|
"value": "https://www.virustotal.com/file/7b45833d87d8bd38c44cbaeece65dbbd04e12b8c1ef81a383cf7f0fce9832660/analysis/1459558891/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d996-dce4-4184-ad02-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:06.000Z",
|
|
"modified": "2016-04-27T15:24:06.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c325dcf4c6c1e2b62a7c5b1245985083",
|
|
"pattern": "[file:hashes.SHA256 = 'f6c463bbe4f5da7b0ce38e6b76cd1d687964bc787b63bb7a2338d36ef6c3a360']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d996-99a0-4376-a595-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:06.000Z",
|
|
"modified": "2016-04-27T15:24:06.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c325dcf4c6c1e2b62a7c5b1245985083",
|
|
"pattern": "[file:hashes.SHA1 = 'e701ff37e06e63232c0c47ae5867e7b05536ee36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5720d997-a6e8-44a7-b706-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:07.000Z",
|
|
"modified": "2016-04-27T15:24:07.000Z",
|
|
"first_observed": "2016-04-27T15:24:07Z",
|
|
"last_observed": "2016-04-27T15:24:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5720d997-a6e8-44a7-b706-0fab02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5720d997-a6e8-44a7-b706-0fab02de0b81",
|
|
"value": "https://www.virustotal.com/file/f6c463bbe4f5da7b0ce38e6b76cd1d687964bc787b63bb7a2338d36ef6c3a360/analysis/1461736669/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d997-6b7c-4b03-a65b-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:07.000Z",
|
|
"modified": "2016-04-27T15:24:07.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ebf1f8951ec79f2e6bf40e6981c7dbfc",
|
|
"pattern": "[file:hashes.SHA256 = 'a3d090f64b9dbca420f232966d65ecdca333cb497308cea94477e5219af685ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d998-7e78-4485-91c8-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:08.000Z",
|
|
"modified": "2016-04-27T15:24:08.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ebf1f8951ec79f2e6bf40e6981c7dbfc",
|
|
"pattern": "[file:hashes.SHA1 = 'b3a7f553c32a551786d873fa26047170f6f9c2e1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5720d998-f688-4bcc-88e6-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:08.000Z",
|
|
"modified": "2016-04-27T15:24:08.000Z",
|
|
"first_observed": "2016-04-27T15:24:08Z",
|
|
"last_observed": "2016-04-27T15:24:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5720d998-f688-4bcc-88e6-0fab02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5720d998-f688-4bcc-88e6-0fab02de0b81",
|
|
"value": "https://www.virustotal.com/file/a3d090f64b9dbca420f232966d65ecdca333cb497308cea94477e5219af685ae/analysis/1461571429/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d998-d3b0-4521-ae7a-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:08.000Z",
|
|
"modified": "2016-04-27T15:24:08.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c5ad81d8d986c92f90d0462bc06ac9c6",
|
|
"pattern": "[file:hashes.SHA256 = '5d6ddb8458ee5ab99f3e7d9a21490ff4e5bc9808e18b9e20b6dc2c5b27927ba1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d999-bb0c-4cf0-893b-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:09.000Z",
|
|
"modified": "2016-04-27T15:24:09.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c5ad81d8d986c92f90d0462bc06ac9c6",
|
|
"pattern": "[file:hashes.SHA1 = '21ac04e0d5acff88c83151a0e774001c0c06a744']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5720d999-1650-4442-aca5-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:09.000Z",
|
|
"modified": "2016-04-27T15:24:09.000Z",
|
|
"first_observed": "2016-04-27T15:24:09Z",
|
|
"last_observed": "2016-04-27T15:24:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5720d999-1650-4442-aca5-0fab02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5720d999-1650-4442-aca5-0fab02de0b81",
|
|
"value": "https://www.virustotal.com/file/5d6ddb8458ee5ab99f3e7d9a21490ff4e5bc9808e18b9e20b6dc2c5b27927ba1/analysis/1460448282/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d99a-15e8-4e7a-9fe5-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:10.000Z",
|
|
"modified": "2016-04-27T15:24:10.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b0ca8c5881c1d27684c23db7a88d11e1",
|
|
"pattern": "[file:hashes.SHA256 = 'e4c4e5337fa14ac8eb38376ec069173481f186692586edba805406fa756544d9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5720d99b-5644-4574-9a56-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:11.000Z",
|
|
"modified": "2016-04-27T15:24:11.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: b0ca8c5881c1d27684c23db7a88d11e1",
|
|
"pattern": "[file:hashes.SHA1 = 'b85a45350bc7c98bb9bae572cc861af51789ce69']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-27T15:24:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5720d99b-82fc-49a4-9701-0fab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-27T15:24:11.000Z",
|
|
"modified": "2016-04-27T15:24:11.000Z",
|
|
"first_observed": "2016-04-27T15:24:11Z",
|
|
"last_observed": "2016-04-27T15:24:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5720d99b-82fc-49a4-9701-0fab02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5720d99b-82fc-49a4-9701-0fab02de0b81",
|
|
"value": "https://www.virustotal.com/file/e4c4e5337fa14ac8eb38376ec069173481f186692586edba805406fa756544d9/analysis/1461052381/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5721bda7-9dfc-4984-b012-4e32950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-28T07:37:11.000Z",
|
|
"modified": "2016-04-28T07:37:11.000Z",
|
|
"pattern": "[domain-name:value = 'slater.chat.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-28T07:37:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5721bda6-8408-401a-96fe-40f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-28T07:37:10.000Z",
|
|
"modified": "2016-04-28T07:37:10.000Z",
|
|
"pattern": "[domain-name:value = 'hundeschulegoerg.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-28T07:37:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5721bda5-90e4-460c-b362-4667950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-28T07:37:09.000Z",
|
|
"modified": "2016-04-28T07:37:09.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.130.7.22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-28T07:37:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5721bda6-4520-4e2d-9136-4bd3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-28T07:37:10.000Z",
|
|
"modified": "2016-04-28T07:37:10.000Z",
|
|
"pattern": "[domain-name:value = 'buhjolk.at']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-28T07:37:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5721bda7-d424-4f46-8138-4133950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-04-28T07:37:11.000Z",
|
|
"modified": "2016-04-28T07:37:11.000Z",
|
|
"pattern": "[domain-name:value = 'mrsweeter.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-04-28T07:37:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |