adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/57a89edc-e184-41da-8e51-4f98950d210f.json

939 lines
No EOL
39 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--57a89edc-e184-41da-8e51-4f98950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:54.000Z",
"modified": "2016-08-08T15:36:54.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57a89edc-e184-41da-8e51-4f98950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:54.000Z",
"modified": "2016-08-08T15:36:54.000Z",
"name": "OSINT Group5: Syria and the Iranian Connection by Citizen Lab",
"published": "2016-08-09T07:35:10Z",
"object_refs": [
"observed-data--57a89ef1-3684-48b6-9cd9-4cec950d210f",
"url--57a89ef1-3684-48b6-9cd9-4cec950d210f",
"indicator--57a89f46-5164-4d62-8950-4010950d210f",
"indicator--57a89f5b-3f98-466d-b470-45ae950d210f",
"indicator--57a89f5c-d490-4b3d-a562-4ea1950d210f",
"indicator--57a89f6f-88e4-4f31-bf88-415d950d210f",
"indicator--57a89f6f-7f94-4071-8a23-4708950d210f",
"indicator--57a89fab-e96c-48d6-9442-4b20950d210f",
"x-misp-attribute--57a8a01e-2584-4989-b50e-459f950d210f",
"x-misp-attribute--57a8a01e-e384-4834-900a-4bf6950d210f",
"x-misp-attribute--57a8a01e-8d70-4809-a4c1-4158950d210f",
"indicator--57a8a053-5038-4cb1-ac18-4dcc950d210f",
"indicator--57a8a053-b898-48f8-9c30-4008950d210f",
"indicator--57a8a053-1490-4c4e-88b5-4c61950d210f",
"indicator--57a8a053-b750-48d2-9d45-4063950d210f",
"indicator--57a8a053-2210-463f-b62e-4265950d210f",
"indicator--57a8a054-3510-4d4b-bd37-40e7950d210f",
"indicator--57a8a054-5cc4-4553-b98f-413a950d210f",
"indicator--57a8a054-b8ec-46a3-b7fe-4c77950d210f",
"indicator--57a8a054-20dc-40ab-8aed-4d5e950d210f",
"indicator--57a8a054-cf94-4942-8e56-466f950d210f",
"indicator--57a8a055-6638-4b69-9e04-43a9950d210f",
"indicator--57a8a055-731c-479e-a426-466c950d210f",
"indicator--57a8a716-1d6c-41e8-be1b-4d2902de0b81",
"indicator--57a8a717-d62c-4284-a088-47df02de0b81",
"observed-data--57a8a717-834c-4153-b603-4d9902de0b81",
"url--57a8a717-834c-4153-b603-4d9902de0b81",
"indicator--57a8a717-7ec4-42fc-b873-440e02de0b81",
"indicator--57a8a717-84cc-4665-8892-4e7e02de0b81",
"observed-data--57a8a717-2594-4bb1-b473-49cc02de0b81",
"url--57a8a717-2594-4bb1-b473-49cc02de0b81",
"indicator--57a8a717-c404-4e9f-9104-41b902de0b81",
"indicator--57a8a718-aef0-42d1-a4d8-419202de0b81",
"observed-data--57a8a718-f384-49b9-89d6-4bbe02de0b81",
"url--57a8a718-f384-49b9-89d6-4bbe02de0b81",
"indicator--57a8a718-32a8-4164-9838-450302de0b81",
"indicator--57a8a718-25ac-479c-96fa-403602de0b81",
"observed-data--57a8a718-4c30-445b-81d3-4d5902de0b81",
"url--57a8a718-4c30-445b-81d3-4d5902de0b81",
"indicator--57a8a719-d824-49f3-bd2f-4dae02de0b81",
"indicator--57a8a719-0518-4529-875f-425c02de0b81",
"observed-data--57a8a719-c3a4-4e5b-ac9d-4d5f02de0b81",
"url--57a8a719-c3a4-4e5b-ac9d-4d5f02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a89ef1-3684-48b6-9cd9-4cec950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:02:09.000Z",
"modified": "2016-08-08T15:02:09.000Z",
"first_observed": "2016-08-08T15:02:09Z",
"last_observed": "2016-08-08T15:02:09Z",
"number_observed": 1,
"object_refs": [
"url--57a89ef1-3684-48b6-9cd9-4cec950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a89ef1-3684-48b6-9cd9-4cec950d210f",
"value": "https://citizenlab.org/2016/08/group5-syria/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a89f46-5164-4d62-8950-4010950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:03:34.000Z",
"modified": "2016-08-08T15:03:34.000Z",
"pattern": "[file:hashes.MD5 = '76f8142b4e52c671871b3df87f10c30c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:03:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a89f5b-3f98-466d-b470-45ae950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:03:55.000Z",
"modified": "2016-08-08T15:03:55.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '7d898530d2e77f15f5badce8d7df215e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:03:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a89f5c-d490-4b3d-a562-4ea1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:03:56.000Z",
"modified": "2016-08-08T15:03:56.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'c19bc1ff5f8472fb7ba64f33c2168b42ea881a6ae6e134a1cc142e984fb6647f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:03:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a89f6f-88e4-4f31-bf88-415d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:04:15.000Z",
"modified": "2016-08-08T15:04:15.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = 'a4f1f4921bb11ff9d22fad89b19b155d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:04:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a89f6f-7f94-4071-8a23-4708950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:04:15.000Z",
"modified": "2016-08-08T15:04:15.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'd81ec563387e2ea47bc8ed50fd36e1de955cb2331d6eaae9f966b5d7ab094806']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:04:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a89fab-e96c-48d6-9442-4b20950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:05:15.000Z",
"modified": "2016-08-08T15:05:15.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.198.222.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:05:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57a8a01e-2584-4989-b50e-459f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:07:10.000Z",
"modified": "2016-08-08T15:07:10.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "%USERPROFILE%\\documents\\visual studio 2013\\projects\\paccryptnano core dehgani -vds\\windowsapplication2\\obj\\debug\\launch manager.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57a8a01e-e384-4834-900a-4bf6950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:07:10.000Z",
"modified": "2016-08-08T15:07:10.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "%USERPROFILE%\\Documents\\Visual Studio 2013\\Projects\\paccrypt11njratmalii\\paccryptalipnahzade\\obj\\Debug\\LManager.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57a8a01e-8d70-4809-a4c1-4158950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:07:10.000Z",
"modified": "2016-08-08T15:07:10.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "%USERPROFILE%\\Documents\\Visual Studio 2013\\Projects\\njrat7stubsoures \u00e2\u20ac\u201c Copy\\njrat7stubsoures\\obj\\Debug\\dvvm.pdb"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a053-5038-4cb1-ac18-4dcc950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:03.000Z",
"modified": "2016-08-08T15:08:03.000Z",
"pattern": "[file:hashes.MD5 = '2fc276e1c06c3c78c6d7b66a141213be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a053-b898-48f8-9c30-4008950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:03.000Z",
"modified": "2016-08-08T15:08:03.000Z",
"pattern": "[file:hashes.MD5 = '30bb678db3ad0140fc33acd9803385c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a053-1490-4c4e-88b5-4c61950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:03.000Z",
"modified": "2016-08-08T15:08:03.000Z",
"pattern": "[file:hashes.MD5 = '366908f6c5c4f4329478d60586eca5bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a053-b750-48d2-9d45-4063950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:03.000Z",
"modified": "2016-08-08T15:08:03.000Z",
"pattern": "[file:hashes.MD5 = '494bab7fd0b42b0b14051ed9abbd651f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a053-2210-463f-b62e-4265950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:03.000Z",
"modified": "2016-08-08T15:08:03.000Z",
"pattern": "[file:hashes.MD5 = '5c4ec3d93a664e4bfa1ce6286ccf0249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a054-3510-4d4b-bd37-40e7950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:04.000Z",
"modified": "2016-08-08T15:08:04.000Z",
"pattern": "[file:hashes.MD5 = '6161083021b695814434450c1882f9f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a054-5cc4-4553-b98f-413a950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:04.000Z",
"modified": "2016-08-08T15:08:04.000Z",
"pattern": "[file:hashes.MD5 = '7d898530d2e77f15f5badce8d7df215e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a054-b8ec-46a3-b7fe-4c77950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:04.000Z",
"modified": "2016-08-08T15:08:04.000Z",
"pattern": "[file:hashes.MD5 = '8ebeb3f91cda8e985a9c61beb8cdde9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a054-20dc-40ab-8aed-4d5e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:04.000Z",
"modified": "2016-08-08T15:08:04.000Z",
"pattern": "[file:hashes.MD5 = 'a4f1f4921bb11ff9d22fad89b19b155d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a054-cf94-4942-8e56-466f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:04.000Z",
"modified": "2016-08-08T15:08:04.000Z",
"pattern": "[file:hashes.MD5 = 'b4121c3a1892332402000ef0d587c0ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a055-6638-4b69-9e04-43a9950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:05.000Z",
"modified": "2016-08-08T15:08:05.000Z",
"pattern": "[file:hashes.MD5 = 'dd5bedd915967c5efe00733cf7478cb4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a055-731c-479e-a426-466c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:08:05.000Z",
"modified": "2016-08-08T15:08:05.000Z",
"pattern": "[file:hashes.MD5 = 'f1f84ea3229dca0ccacb7381a2f49f99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a716-1d6c-41e8-be1b-4d2902de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:54.000Z",
"modified": "2016-08-08T15:36:54.000Z",
"description": "- Xchecked via VT: f1f84ea3229dca0ccacb7381a2f49f99",
"pattern": "[file:hashes.SHA256 = '29cedb039e43988730c13f702deb3cb90e2fd9927538d172ad7e1ed50f8ca67b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:36:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a717-d62c-4284-a088-47df02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:55.000Z",
"modified": "2016-08-08T15:36:55.000Z",
"description": "- Xchecked via VT: f1f84ea3229dca0ccacb7381a2f49f99",
"pattern": "[file:hashes.SHA1 = '9801609d68d925b9dc9ef653be10467b1bcc3b92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a8a717-834c-4153-b603-4d9902de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:55.000Z",
"modified": "2016-08-08T15:36:55.000Z",
"first_observed": "2016-08-08T15:36:55Z",
"last_observed": "2016-08-08T15:36:55Z",
"number_observed": 1,
"object_refs": [
"url--57a8a717-834c-4153-b603-4d9902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a8a717-834c-4153-b603-4d9902de0b81",
"value": "https://www.virustotal.com/file/29cedb039e43988730c13f702deb3cb90e2fd9927538d172ad7e1ed50f8ca67b/analysis/1470114448/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a717-7ec4-42fc-b873-440e02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:55.000Z",
"modified": "2016-08-08T15:36:55.000Z",
"description": "- Xchecked via VT: 8ebeb3f91cda8e985a9c61beb8cdde9d",
"pattern": "[file:hashes.SHA256 = '19febea0be411a36ea9cdc46241242fe103d043a8aaf932cba53cf8f04a54973']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a717-84cc-4665-8892-4e7e02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:55.000Z",
"modified": "2016-08-08T15:36:55.000Z",
"description": "- Xchecked via VT: 8ebeb3f91cda8e985a9c61beb8cdde9d",
"pattern": "[file:hashes.SHA1 = 'bbf4836a86604d1f54a8d3335653625c5f813e71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a8a717-2594-4bb1-b473-49cc02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:55.000Z",
"modified": "2016-08-08T15:36:55.000Z",
"first_observed": "2016-08-08T15:36:55Z",
"last_observed": "2016-08-08T15:36:55Z",
"number_observed": 1,
"object_refs": [
"url--57a8a717-2594-4bb1-b473-49cc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a8a717-2594-4bb1-b473-49cc02de0b81",
"value": "https://www.virustotal.com/file/19febea0be411a36ea9cdc46241242fe103d043a8aaf932cba53cf8f04a54973/analysis/1470114667/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a717-c404-4e9f-9104-41b902de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:55.000Z",
"modified": "2016-08-08T15:36:55.000Z",
"description": "- Xchecked via VT: 494bab7fd0b42b0b14051ed9abbd651f",
"pattern": "[file:hashes.SHA256 = '511801eda3d01c580f1e999f5c9d50d0f0d539d560e6d2476a9ee822029bafd8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a718-aef0-42d1-a4d8-419202de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:56.000Z",
"modified": "2016-08-08T15:36:56.000Z",
"description": "- Xchecked via VT: 494bab7fd0b42b0b14051ed9abbd651f",
"pattern": "[file:hashes.SHA1 = 'e555e5d99d1f52b484aa1c26ec45cb2dce054203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:36:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a8a718-f384-49b9-89d6-4bbe02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:56.000Z",
"modified": "2016-08-08T15:36:56.000Z",
"first_observed": "2016-08-08T15:36:56Z",
"last_observed": "2016-08-08T15:36:56Z",
"number_observed": 1,
"object_refs": [
"url--57a8a718-f384-49b9-89d6-4bbe02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a8a718-f384-49b9-89d6-4bbe02de0b81",
"value": "https://www.virustotal.com/file/511801eda3d01c580f1e999f5c9d50d0f0d539d560e6d2476a9ee822029bafd8/analysis/1470114544/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a718-32a8-4164-9838-450302de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:56.000Z",
"modified": "2016-08-08T15:36:56.000Z",
"description": "- Xchecked via VT: 30bb678db3ad0140fc33acd9803385c3",
"pattern": "[file:hashes.SHA256 = 'dd35724d3d1167d917234d0321aa5b874d15cb62d2e95a246a96d6c0b77580c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:36:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a718-25ac-479c-96fa-403602de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:56.000Z",
"modified": "2016-08-08T15:36:56.000Z",
"description": "- Xchecked via VT: 30bb678db3ad0140fc33acd9803385c3",
"pattern": "[file:hashes.SHA1 = '110fe73259097d12f52e1843470d41b2bb7f6132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:36:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a8a718-4c30-445b-81d3-4d5902de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:56.000Z",
"modified": "2016-08-08T15:36:56.000Z",
"first_observed": "2016-08-08T15:36:56Z",
"last_observed": "2016-08-08T15:36:56Z",
"number_observed": 1,
"object_refs": [
"url--57a8a718-4c30-445b-81d3-4d5902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a8a718-4c30-445b-81d3-4d5902de0b81",
"value": "https://www.virustotal.com/file/dd35724d3d1167d917234d0321aa5b874d15cb62d2e95a246a96d6c0b77580c9/analysis/1470114482/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a719-d824-49f3-bd2f-4dae02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:57.000Z",
"modified": "2016-08-08T15:36:57.000Z",
"description": "- Xchecked via VT: 76f8142b4e52c671871b3df87f10c30c",
"pattern": "[file:hashes.SHA256 = '16b8b3b9969660f773e611438e0455082cfafb277ea9256bacc028cdf85f25ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:36:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a8a719-0518-4529-875f-425c02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:57.000Z",
"modified": "2016-08-08T15:36:57.000Z",
"description": "- Xchecked via VT: 76f8142b4e52c671871b3df87f10c30c",
"pattern": "[file:hashes.SHA1 = '1dd44a61faee089f7d31d870fd1a5cc635701952']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-08T15:36:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a8a719-c3a4-4e5b-ac9d-4d5f02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-08T15:36:57.000Z",
"modified": "2016-08-08T15:36:57.000Z",
"first_observed": "2016-08-08T15:36:57Z",
"last_observed": "2016-08-08T15:36:57Z",
"number_observed": 1,
"object_refs": [
"url--57a8a719-c3a4-4e5b-ac9d-4d5f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a8a719-c3a4-4e5b-ac9d-4d5f02de0b81",
"value": "https://www.virustotal.com/file/16b8b3b9969660f773e611438e0455082cfafb277ea9256bacc028cdf85f25ec/analysis/1470114420/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink