3813 lines
No EOL
160 KiB
JSON
3813 lines
No EOL
160 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--58c06aeb-ea6c-48ee-a973-489502de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--58c06aeb-ea6c-48ee-a973-489502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"name": "OSINT - Crypt0l0cker (TorrentLocker): Old Dog, New Tricks",
|
|
"published": "2017-03-08T20:50:12Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--58c06b14-0c18-4c7f-ae01-47f202de0b81",
|
|
"observed-data--58c06b20-74a4-4016-9f7c-492802de0b81",
|
|
"url--58c06b20-74a4-4016-9f7c-492802de0b81",
|
|
"indicator--58c06b55-b7f4-486d-9aa2-e28002de0b81",
|
|
"indicator--58c06b56-2794-4453-b3cf-e28002de0b81",
|
|
"indicator--58c06b57-8a7c-4a8c-aa10-e28002de0b81",
|
|
"indicator--58c06b58-d010-4ed4-9a5d-e28002de0b81",
|
|
"indicator--58c06b59-a3b8-4117-a180-e28002de0b81",
|
|
"indicator--58c06b5a-60e0-4346-81d4-e28002de0b81",
|
|
"indicator--58c06b5b-d0c8-4404-8646-e28002de0b81",
|
|
"indicator--58c06b5c-5108-4829-8d0c-e28002de0b81",
|
|
"indicator--58c06b5d-c9b8-46d9-b503-e28002de0b81",
|
|
"indicator--58c06b5e-47ec-441d-b8d3-e28002de0b81",
|
|
"indicator--58c06b5f-4254-4ebd-ade2-e28002de0b81",
|
|
"indicator--58c06b5f-c644-46ed-b501-e28002de0b81",
|
|
"indicator--58c06b60-1b2c-46b9-85d5-e28002de0b81",
|
|
"indicator--58c06b61-f9a4-4a88-86e1-e28002de0b81",
|
|
"indicator--58c06b62-1f4c-4224-a913-e28002de0b81",
|
|
"indicator--58c06b63-c7ac-499e-84f0-e28002de0b81",
|
|
"indicator--58c06b64-4304-4ad4-ba85-e28002de0b81",
|
|
"indicator--58c06b65-9978-4e50-8c5a-e28002de0b81",
|
|
"indicator--58c06b66-86f8-40d2-89ff-e28002de0b81",
|
|
"indicator--58c06b67-390c-4ad5-a857-e28002de0b81",
|
|
"indicator--58c06bbe-0ab4-45cb-8478-467702de0b81",
|
|
"indicator--58c06bbf-b2f4-46f9-a27d-400c02de0b81",
|
|
"indicator--58c06bc0-331c-4f02-be39-4f1002de0b81",
|
|
"indicator--58c06bc1-c228-4a01-ac76-4c2602de0b81",
|
|
"indicator--58c06bc2-a958-429e-bcbc-467502de0b81",
|
|
"indicator--58c06bc3-4558-4715-aaa4-413502de0b81",
|
|
"indicator--58c06bc4-2470-483e-8f68-413f02de0b81",
|
|
"indicator--58c06bc5-2a8c-4eb9-a2bc-498a02de0b81",
|
|
"indicator--58c06c14-bdec-4bfa-a58b-486e02de0b81",
|
|
"indicator--58c06c15-914c-45fd-912f-484802de0b81",
|
|
"indicator--58c06c16-c2e4-45bf-8a75-4a0202de0b81",
|
|
"indicator--58c06c17-09d4-434b-add2-47c802de0b81",
|
|
"indicator--58c06c18-5940-443f-acdd-4f7d02de0b81",
|
|
"indicator--58c06c19-b5c0-4560-a2a2-444702de0b81",
|
|
"indicator--58c06c1a-5b2c-4094-8b83-446302de0b81",
|
|
"indicator--58c06c1b-45d8-4d2a-8804-4fae02de0b81",
|
|
"indicator--58c06c1c-3ce8-45a8-9f71-4e6602de0b81",
|
|
"indicator--58c06c1d-d7b0-4d04-85e1-4c7a02de0b81",
|
|
"indicator--58c06c1e-f844-40ea-8596-4e0302de0b81",
|
|
"indicator--58c06c1f-8cac-4c9f-a18c-4ccc02de0b81",
|
|
"indicator--58c06c20-5484-4a1a-b322-411e02de0b81",
|
|
"indicator--58c06c21-232c-4f86-870a-45b202de0b81",
|
|
"indicator--58c06c22-4950-4a79-9b2a-40cc02de0b81",
|
|
"indicator--58c06c22-b848-422c-b973-487702de0b81",
|
|
"indicator--58c06c23-9c68-40e7-b4a9-47bf02de0b81",
|
|
"indicator--58c06c24-97e4-4192-ac72-469602de0b81",
|
|
"indicator--58c06c25-3930-449f-aeb5-400702de0b81",
|
|
"indicator--58c06c26-6d30-435b-960c-462202de0b81",
|
|
"indicator--58c06c26-df44-43dc-a718-494e02de0b81",
|
|
"indicator--58c06c27-7dd4-4e21-b2f5-4e3502de0b81",
|
|
"indicator--58c06c28-6a10-49e0-83d8-411702de0b81",
|
|
"indicator--58c06c29-f9dc-4e41-a73e-444702de0b81",
|
|
"indicator--58c06c29-0b04-4269-ac80-436002de0b81",
|
|
"indicator--58c06c5f-67d0-4ec8-87d2-467602de0b81",
|
|
"indicator--58c06c60-64e8-4554-87df-4bb602de0b81",
|
|
"indicator--58c06c61-cacc-47c9-a986-453202de0b81",
|
|
"indicator--58c06c62-12a4-4de3-a380-4baa02de0b81",
|
|
"indicator--58c06c78-f468-416f-9a38-e28002de0b81",
|
|
"indicator--58c06c79-cb28-4447-9952-e28002de0b81",
|
|
"indicator--58c06c7a-c908-4307-925b-e28002de0b81",
|
|
"indicator--58c06ccf-2768-4486-a4ea-46e002de0b81",
|
|
"indicator--58c06cd0-4348-4431-8f21-405102de0b81",
|
|
"indicator--58c06cd1-1e20-4ea4-a12b-40cf02de0b81",
|
|
"indicator--58c06cd2-7c74-455e-90a3-455d02de0b81",
|
|
"indicator--58c06cd3-5f70-4ff9-8e95-42e002de0b81",
|
|
"indicator--58c06cf5-56b4-4bf0-875b-4b5802de0b81",
|
|
"indicator--58c06cf6-09e0-476a-b808-417102de0b81",
|
|
"indicator--58c06cf7-79b0-4faf-98e5-4f4d02de0b81",
|
|
"indicator--58c06cf8-7878-4641-b779-47d002de0b81",
|
|
"indicator--58c06cf9-29a8-47c3-8245-4bbc02de0b81",
|
|
"indicator--58c06cfa-c5c4-4ad9-908f-4b4d02de0b81",
|
|
"indicator--58c06cfb-2e04-422a-8885-4e0902de0b81",
|
|
"indicator--58c06cfc-fe60-4cb7-a5bc-4d3602de0b81",
|
|
"indicator--58c06cfd-dee4-4181-a4ee-4fb902de0b81",
|
|
"indicator--58c06cfe-b16c-4708-ba32-4cd302de0b81",
|
|
"indicator--58c06cff-eb24-49e8-8700-423b02de0b81",
|
|
"indicator--58c06d00-6c24-459f-ae56-4eb302de0b81",
|
|
"indicator--58c06d1b-dedc-4ce5-ab95-485902de0b81",
|
|
"indicator--58c06d1c-a634-485a-95db-4d8402de0b81",
|
|
"indicator--58c06ddb-da58-44d7-a64a-43b202de0b81",
|
|
"indicator--58c06ddc-a904-4cb4-aeba-439702de0b81",
|
|
"observed-data--58c06ddd-8100-44c6-881f-49f702de0b81",
|
|
"url--58c06ddd-8100-44c6-881f-49f702de0b81",
|
|
"indicator--58c06dde-73e8-4337-b76f-495c02de0b81",
|
|
"indicator--58c06ddf-9eac-489d-8e6e-4b3902de0b81",
|
|
"observed-data--58c06de0-f2c4-463e-bd4b-4b6602de0b81",
|
|
"url--58c06de0-f2c4-463e-bd4b-4b6602de0b81",
|
|
"indicator--58c06de1-a264-46e8-9a4f-40a302de0b81",
|
|
"indicator--58c06de2-0e34-42b4-8300-4dd502de0b81",
|
|
"observed-data--58c06de3-f73c-48e8-b7f5-49fc02de0b81",
|
|
"url--58c06de3-f73c-48e8-b7f5-49fc02de0b81",
|
|
"indicator--58c06de4-f324-443a-b0a0-4a1702de0b81",
|
|
"indicator--58c06de5-feb0-47ea-a3bf-40ca02de0b81",
|
|
"observed-data--58c06de6-6a70-4128-bbd3-469202de0b81",
|
|
"url--58c06de6-6a70-4128-bbd3-469202de0b81",
|
|
"indicator--58c06de7-ca18-4cc3-8cc4-448c02de0b81",
|
|
"indicator--58c06de8-eddc-4456-9551-49f202de0b81",
|
|
"observed-data--58c06de9-ec3c-493e-85e1-42df02de0b81",
|
|
"url--58c06de9-ec3c-493e-85e1-42df02de0b81",
|
|
"indicator--58c06dea-6524-45e0-82e2-466102de0b81",
|
|
"indicator--58c06deb-b528-4ea4-8011-453502de0b81",
|
|
"observed-data--58c06dec-f788-4467-8ad3-4d8e02de0b81",
|
|
"url--58c06dec-f788-4467-8ad3-4d8e02de0b81",
|
|
"indicator--58c06ded-51b0-45d0-a7cf-4a9502de0b81",
|
|
"indicator--58c06dee-1c1c-4b3f-bdff-495702de0b81",
|
|
"observed-data--58c06def-4e14-4ea8-a34b-43dd02de0b81",
|
|
"url--58c06def-4e14-4ea8-a34b-43dd02de0b81",
|
|
"indicator--58c06df0-e57c-4451-9041-459802de0b81",
|
|
"indicator--58c06df1-c6fc-4e2f-b850-491102de0b81",
|
|
"observed-data--58c06df2-8984-42bc-998b-47e702de0b81",
|
|
"url--58c06df2-8984-42bc-998b-47e702de0b81",
|
|
"indicator--58c06df3-02a0-47f7-9a0f-4fb202de0b81",
|
|
"indicator--58c06df4-847c-4764-b379-495902de0b81",
|
|
"observed-data--58c06df5-2fb0-434f-a58e-453402de0b81",
|
|
"url--58c06df5-2fb0-434f-a58e-453402de0b81",
|
|
"indicator--58c06df6-f840-4a31-a275-45ba02de0b81",
|
|
"indicator--58c06df7-d8cc-4c8e-a378-41ce02de0b81",
|
|
"observed-data--58c06df8-1eb0-49bd-9759-482802de0b81",
|
|
"url--58c06df8-1eb0-49bd-9759-482802de0b81",
|
|
"indicator--58c06df9-d908-483a-ae3c-466902de0b81",
|
|
"indicator--58c06dfa-e798-48e5-8ac8-4b4102de0b81",
|
|
"observed-data--58c06dfb-f924-4551-91e2-47c402de0b81",
|
|
"url--58c06dfb-f924-4551-91e2-47c402de0b81",
|
|
"indicator--58c06dfc-d37c-48f9-bc48-4e1502de0b81",
|
|
"indicator--58c06dfd-8b04-4bbd-9022-458802de0b81",
|
|
"observed-data--58c06dfe-dad0-4012-adfe-41ac02de0b81",
|
|
"url--58c06dfe-dad0-4012-adfe-41ac02de0b81",
|
|
"indicator--58c06dff-0be8-464a-af76-4a3d02de0b81",
|
|
"indicator--58c06e00-ba54-45ff-93af-487102de0b81",
|
|
"observed-data--58c06e01-0e04-4b57-b2c6-4f6502de0b81",
|
|
"url--58c06e01-0e04-4b57-b2c6-4f6502de0b81",
|
|
"indicator--58c06e02-e4e8-4837-83dc-45c102de0b81",
|
|
"indicator--58c06e03-d97c-4a5a-bbc5-459b02de0b81",
|
|
"observed-data--58c06e03-1618-4095-bb9d-470902de0b81",
|
|
"url--58c06e03-1618-4095-bb9d-470902de0b81",
|
|
"indicator--58c06e04-4064-4b07-8c4d-494902de0b81",
|
|
"indicator--58c06e05-7b90-4e41-9653-48e902de0b81",
|
|
"observed-data--58c06e06-7170-4253-abcb-490902de0b81",
|
|
"url--58c06e06-7170-4253-abcb-490902de0b81",
|
|
"indicator--58c06e07-38ac-4bcc-b8f6-436102de0b81",
|
|
"indicator--58c06e07-99f8-4a46-abe3-46dc02de0b81",
|
|
"observed-data--58c06e08-6200-423a-9bd1-405202de0b81",
|
|
"url--58c06e08-6200-423a-9bd1-405202de0b81",
|
|
"indicator--58c06e09-0e4c-470e-ad21-4a2802de0b81",
|
|
"indicator--58c06e0a-1694-4884-8622-454802de0b81",
|
|
"observed-data--58c06e0b-f190-4c0f-b624-4fcb02de0b81",
|
|
"url--58c06e0b-f190-4c0f-b624-4fcb02de0b81",
|
|
"indicator--58c06e0b-0024-4842-8d4b-469902de0b81",
|
|
"indicator--58c06e0c-4d5c-4cb2-905c-432602de0b81",
|
|
"observed-data--58c06e0d-a608-47d2-9d93-43fe02de0b81",
|
|
"url--58c06e0d-a608-47d2-9d93-43fe02de0b81",
|
|
"indicator--58c06e0e-f99c-4619-842a-4d7e02de0b81",
|
|
"indicator--58c06e0e-8cf0-4148-a86d-4aaf02de0b81",
|
|
"observed-data--58c06e0f-a220-4c43-b708-459b02de0b81",
|
|
"url--58c06e0f-a220-4c43-b708-459b02de0b81",
|
|
"indicator--58c06e10-a6d0-49f9-96e1-480802de0b81",
|
|
"indicator--58c06e11-0720-4ccf-ac51-456902de0b81",
|
|
"observed-data--58c06e12-3e50-4b82-bedb-43e102de0b81",
|
|
"url--58c06e12-3e50-4b82-bedb-43e102de0b81",
|
|
"indicator--58c06e12-e04c-4550-a1e6-422e02de0b81",
|
|
"indicator--58c06e13-c134-43a3-b86b-475e02de0b81",
|
|
"observed-data--58c06e14-dbf4-41d0-94a3-4ce202de0b81",
|
|
"url--58c06e14-dbf4-41d0-94a3-4ce202de0b81",
|
|
"indicator--58c06e15-aaec-4489-8f5b-416202de0b81",
|
|
"indicator--58c06e16-692c-4594-9be5-4d0902de0b81",
|
|
"observed-data--58c06e17-7398-4a16-b593-43e702de0b81",
|
|
"url--58c06e17-7398-4a16-b593-43e702de0b81",
|
|
"indicator--58c06e18-f534-4169-bd53-478602de0b81",
|
|
"indicator--58c06e19-f164-4cca-b673-409002de0b81",
|
|
"observed-data--58c06e1a-bbf8-4b6d-8747-42ee02de0b81",
|
|
"url--58c06e1a-bbf8-4b6d-8747-42ee02de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:ransomware=\"TorrentLocker\"",
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
"malware_classification:malware-category=\"Ransomware\"",
|
|
"ms-caro-malware:malware-type=\"Ransom\"",
|
|
"enisa:nefarious-activity-abuse=\"ransomware\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c06b14-0c18-4c7f-ae01-47f202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Ransomware continues to be a plague on the internet and still sets itself as the fastest growing malware family we have seen in the last number of years. In this post we describe the technical details about a newly observed campaign of the notorious Crypt0l0cker (aka TorrentLocker or Teerac) ransomware. Crypt0l0cker has gone through a long evolution, the adversaries are updating and improving the malware on a regular basis. Several indicators inside the samples we have analysed point to a new major version of the malware. We have already seen large campaigns targeting Europe and other parts of the world in 2014 and 2015. It seems to be that the actors behind these campaigns are back now and launching again massive spam attacks. This post will also give you insights about the level of sophistication this malware has reached."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06b20-74a4-4016-9f7c-492802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"first_observed": "2017-03-08T20:46:01Z",
|
|
"last_observed": "2017-03-08T20:46:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06b20-74a4-4016-9f7c-492802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06b20-74a4-4016-9f7c-492802de0b81",
|
|
"value": "http://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new.html"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b55-b7f4-486d-9aa2-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '7505f9a8c2092b255f9f41571fba2c09143b69c7ab9505c28188c88d4c80c5a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b56-2794-4453-b3cf-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = 'e3166a14289b69956beba9fe0ac91aaeeff4c50fc9eb6a15a22864575fcc22fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b57-8a7c-4a8c-aa10-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '2c8c0d8e1d74a02c44b92e1ee90a1f192e3ea3f65b29bcbba8fe6fc860e8dc6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b58-d010-4ed4-9a5d-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '197aa2490e81362e651af2ab8e4ae2c41a5da1a2812e4377719596a2eb2b8c8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b59-a3b8-4117-a180-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '899c4eb640f97c3b198970e9d25d0464361f3bf5f8839b16f1e10493a82c5382']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b5a-60e0-4346-81d4-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = 'e32cbfce6291382a188d2dae50c4b3c2a173097f2b4fc17904daceac9b2f3396']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b5b-d0c8-4404-8646-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '0044e8a82a234674a070e9695f80f418ab72d351a4123b528e51b2b9eb2e44eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b5c-5108-4829-8d0c-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '744b169cc40871e9c39409dbd89879c499433625f9fed1adfc700edcf293b1b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b5d-c9b8-46d9-b503-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = 'f893dbf5891995984e564c44878dd5c8dea94812c3df7b995d79159bca051f79']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b5e-47ec-441d-b8d3-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '3745e6e8419a2090130473cb0b8197031fee9c07a824395d1ab261257def3100']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b5f-4254-4ebd-ade2-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = 'ea1f0f1ff85130dc4634019d9e305d35097483d38e37c8aa4dc6c81b7aed1418']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b5f-c644-46ed-b501-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '1e2cb0cf9b5b7e7b825fda20a37e5c6e1bb9c548eb89cc457026e4cbee35cd23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b60-1b2c-46b9-85d5-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = 'cb9050f37dfc7e19b59d3ef4e332efcf2bc04c5707f41b43453f6c50d3740bc4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b61-f9a4-4a88-86e1-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = 'de183a7886c3dedbbb1d9260934f0d6e7d4abca72fb942c573dc74ac449c4bfc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b62-1f4c-4224-a913-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '9e0ee793008c69494627383251098e1d500212a77fd025f6645c47ffabf015eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b63-c7ac-499e-84f0-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '87fce23e17a86775b210c81089013ca7c058c03cd1b83b79b73413bd380efced']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b64-4304-4ad4-ba85-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = 'bcd94a7c4a24645948c46afb2616720e2bb166bc327e63dfe2b8c3135accb548']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b65-9978-4e50-8c5a-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = 'ccb3eba9526df1d9eb983bb5259c47e552efb4fdf8cd95e6a6b6856351114b8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b66-86f8-40d2-89ff-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '076bb85648f5a5e09c85dbf5997b58e7580031e64e5555a58ac0c3bce62a857b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06b67-390c-4ad5-a857-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Italian spam JS",
|
|
"pattern": "[file:hashes.SHA256 = '76f3828bfc53aa3d2f3057521c913797c1e3a7cb8331112bb1771ec6d4241e66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06bbe-0ab4-45cb-8478-467702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from the JS sample",
|
|
"pattern": "[url:value = 'http://directory.submitlocally.com/res.jnb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06bbf-b2f4-46f9-a27d-400c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from the JS sample",
|
|
"pattern": "[url:value = 'http://fanrp.com/test.bhu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06bc0-331c-4f02-be39-4f1002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from the JS sample",
|
|
"pattern": "[url:value = 'http://ileriteknikservis.com/wp-log.bnm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06bc1-c228-4a01-ac76-4c2602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from the JS sample",
|
|
"pattern": "[url:value = 'http://nji.fileserver4390.org/file/bord.vcx']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06bc2-a958-429e-bcbc-467502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from the JS sample",
|
|
"pattern": "[url:value = 'http://prorubim.com/led.poi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06bc3-4558-4715-aaa4-413502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from the JS sample",
|
|
"pattern": "[url:value = 'http://quatang.thackhoi.com/system.ohp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06bc4-2470-483e-8f68-413f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from the JS sample",
|
|
"pattern": "[url:value = 'http://rubbishinteriors.com/401.hji']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06bc5-2a8c-4eb9-a2bc-498a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from the JS sample",
|
|
"pattern": "[url:value = 'http://saudail-alpin.no/point.gkp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c14-bdec-4bfa-a58b-486e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://humannecessityfoundation.com/php.oiw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c15-914c-45fd-912f-484802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://ltmp.joymes.pl/file/bon.ijn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c16-c2e4-45bf-8a75-4a0202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://staracer.com.br/robots.ckl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c17-09d4-434b-add2-47c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://fms-uchet.ru/multi.rty']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c18-5940-443f-acdd-4f7d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://gidrostroy-nn.ru/wp-includes/feed.gtb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c19-b5c0-4560-a2a2-444702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://ltmp.applepice.pl/file/set.rte']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c1a-5b2c-4094-8b83-446302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://ltmp.joymes.pl/file/vet.bnm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c1b-45d8-4d2a-8804-4fae02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://arkatechknowledges.com/wp-admin/link.rew']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c1c-3ce8-45a8-9f71-4e6602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://blisunn.com/test.gtr']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c1d-d7b0-4d04-85e1-4c7a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://iuhd873.omniheart.pl/file/set.rte']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c1e-f844-40ea-8596-4e0302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://saunabau.sk/index.pjk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c1f-8cac-4c9f-a18c-4ccc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://ltmp.joymes.pl/file/nib.vcb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c20-5484-4a1a-b322-411e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://cyjt.com/left.lop']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c21-232c-4f86-870a-45b202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://48f4339.js2-order.pl/file/set.rte']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c22-4950-4a79-9b2a-40cc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://4839.js2-order.pl/file/set.rte']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c22-b848-422c-b973-487702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://drjacobberger.com/fav.vcb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c23-9c68-40e7-b4a9-47bf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://biotechclinical.com/leet.tjr']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c24-97e4-4192-ac72-469602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://partylimobusnj.com/wp-conf.tyu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c25-3930-449f-aeb5-400702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://glutenfreeworks.com/lftAd.vfd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c26-6d30-435b-960c-462202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://mayaastro.com/wp-conf.bgt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c26-df44-43dc-a718-494e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://ansagoldcoast.com/pols.vfr']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c27-7dd4-4e21-b2f5-4e3502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://www.mmgmarketing.com/wu.vbn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c28-6a10-49e0-83d8-411702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://flyanairliner.com/tire.bnm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c29-f9dc-4e41-a73e-444702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://activmedia.net/license.ttx']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c29-0b04-4269-ac80-436002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "URL from our telemetry",
|
|
"pattern": "[url:value = 'http://www.girokonto.club/wp-conf.ghj']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c5f-67d0-4ec8-87d2-467602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Incognito.dll",
|
|
"pattern": "[file:hashes.SHA256 = '78f720f09a6ad23a0332c6531c4792a74d554d66d36f007d1e94bdd9c4fb2d1a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c60-64e8-4554-87df-4bb602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Crytp0l0cker.exe",
|
|
"pattern": "[file:hashes.SHA256 = '07dab1e46585e90dd9fc1d82b572d454102e09e25e50fc634145dd999b440ee7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c61-cacc-47c9-a986-453202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Crytp0l0cker.dll",
|
|
"pattern": "[file:hashes.SHA256 = 'ace22efeff8824d0297d7ecd7430ca1f89bf49f394185ec6208e754d0bf505bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c62-12a4-4de3-a380-4baa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Crytp0l0cker.Upack.dll",
|
|
"pattern": "[file:hashes.SHA256 = '5bd73eb812173508fc8dc2d8d23f50ea219dc94211a64d5840655ba3e6b0d889']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c78-f468-416f-9a38-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "AMP sample",
|
|
"pattern": "[file:hashes.SHA256 = 'c326b820c6184521b18fef27741fadb628414839ace202352db29608f17f995d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c79-cb28-4447-9952-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "AMP sample",
|
|
"pattern": "[file:hashes.SHA256 = '3c413bf58186282a6ecfec8e6a3f7a6b931b15cd404961accfc7665ad8372a92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06c7a-c908-4307-925b-e28002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "AMP sample",
|
|
"pattern": "[file:hashes.SHA256 = 'c11762004e8a1f31e5e45c21c7af2db2fb304952f0d02e467bc55a8fc0194e8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06ccf-2768-4486-a4ea-46e002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Tor addresses found in the sample:",
|
|
"pattern": "[domain-name:value = 'xiodc6dmizahhijj.onion']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cd0-4348-4431-8f21-405102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Tor addresses found in the sample:",
|
|
"pattern": "[domain-name:value = 'w7yr6b5oktcjo2jj.onion']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cd1-1e20-4ea4-a12b-40cf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Tor addresses found in the sample:",
|
|
"pattern": "[domain-name:value = 'kghynzmoq7kvdzis.onion']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cd2-7c74-455e-90a3-455d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Tor addresses found in the sample:",
|
|
"pattern": "[domain-name:value = 'syhkhuiml35mt5qh.onion']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cd3-5f70-4ff9-8e95-42e002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Tor addresses found in the sample:",
|
|
"pattern": "[domain-name:value = 'x5sbb5gesp6kzwsh.onion']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cf5-56b4-4bf0-875b-4b5802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'ajysivilaz.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cf6-09e0-476a-b808-417102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'ecpficy.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cf7-79b0-4faf-98e5-4f4d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'eruhec.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cf8-7878-4641-b779-47d002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'hjaqvd.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cf9-29a8-47c3-8245-4bbc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'ivejuciwazu.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cfa-c5c4-4ad9-908f-4b4d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'jzawocenigy.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cfb-2e04-422a-8885-4e0902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'ogalysupuho.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cfc-fe60-4cb7-a5bc-4d3602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'otuk.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cfd-dee4-4181-a4ee-4fb902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'udyrhxu.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cfe-b16c-4708-ba32-4cd302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'ujihyjyredi.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06cff-eb24-49e8-8700-423b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'uqaxu.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06d00-6c24-459f-ae56-4eb302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"description": "Domains from initial sample",
|
|
"pattern": "[domain-name:value = 'uryk.giftbests.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06d1b-dedc-4ce5-ab95-485902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"pattern": "[domain-name:value = '.sharptok.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06d1c-a634-485a-95db-4d8402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:46:01.000Z",
|
|
"modified": "2017-03-08T20:46:01.000Z",
|
|
"pattern": "[domain-name:value = '.divamind.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06ddb-da58-44d7-a64a-43b202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:23.000Z",
|
|
"modified": "2017-03-08T20:47:23.000Z",
|
|
"description": "AMP sample - Xchecked via VT: 3c413bf58186282a6ecfec8e6a3f7a6b931b15cd404961accfc7665ad8372a92",
|
|
"pattern": "[file:hashes.SHA1 = 'c24ea0b7bd3008a3eed7ddd1b27d14e5f45207a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06ddc-a904-4cb4-aeba-439702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:24.000Z",
|
|
"modified": "2017-03-08T20:47:24.000Z",
|
|
"description": "AMP sample - Xchecked via VT: 3c413bf58186282a6ecfec8e6a3f7a6b931b15cd404961accfc7665ad8372a92",
|
|
"pattern": "[file:hashes.MD5 = 'bc95e03baffdb157918149cce3d8d344']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06ddd-8100-44c6-881f-49f702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:25.000Z",
|
|
"modified": "2017-03-08T20:47:25.000Z",
|
|
"first_observed": "2017-03-08T20:47:25Z",
|
|
"last_observed": "2017-03-08T20:47:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06ddd-8100-44c6-881f-49f702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06ddd-8100-44c6-881f-49f702de0b81",
|
|
"value": "https://www.virustotal.com/file/3c413bf58186282a6ecfec8e6a3f7a6b931b15cd404961accfc7665ad8372a92/analysis/1486988187/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06dde-73e8-4337-b76f-495c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:26.000Z",
|
|
"modified": "2017-03-08T20:47:26.000Z",
|
|
"description": "AMP sample - Xchecked via VT: c326b820c6184521b18fef27741fadb628414839ace202352db29608f17f995d",
|
|
"pattern": "[file:hashes.SHA1 = 'b1fdce07107fb9aef8b11663b0284139e67e3c27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06ddf-9eac-489d-8e6e-4b3902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:27.000Z",
|
|
"modified": "2017-03-08T20:47:27.000Z",
|
|
"description": "AMP sample - Xchecked via VT: c326b820c6184521b18fef27741fadb628414839ace202352db29608f17f995d",
|
|
"pattern": "[file:hashes.MD5 = '4368cbb153a94d77bc7aa525e560b905']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06de0-f2c4-463e-bd4b-4b6602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:28.000Z",
|
|
"modified": "2017-03-08T20:47:28.000Z",
|
|
"first_observed": "2017-03-08T20:47:28Z",
|
|
"last_observed": "2017-03-08T20:47:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06de0-f2c4-463e-bd4b-4b6602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06de0-f2c4-463e-bd4b-4b6602de0b81",
|
|
"value": "https://www.virustotal.com/file/c326b820c6184521b18fef27741fadb628414839ace202352db29608f17f995d/analysis/1488429363/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06de1-a264-46e8-9a4f-40a302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:29.000Z",
|
|
"modified": "2017-03-08T20:47:29.000Z",
|
|
"description": "Incognito.dll - Xchecked via VT: 78f720f09a6ad23a0332c6531c4792a74d554d66d36f007d1e94bdd9c4fb2d1a",
|
|
"pattern": "[file:hashes.SHA1 = '999fbe88a99a933fbf930651982a674c6f54f2ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06de2-0e34-42b4-8300-4dd502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:30.000Z",
|
|
"modified": "2017-03-08T20:47:30.000Z",
|
|
"description": "Incognito.dll - Xchecked via VT: 78f720f09a6ad23a0332c6531c4792a74d554d66d36f007d1e94bdd9c4fb2d1a",
|
|
"pattern": "[file:hashes.MD5 = 'c484d2f873621855d7885cec6cf63020']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06de3-f73c-48e8-b7f5-49fc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:31.000Z",
|
|
"modified": "2017-03-08T20:47:31.000Z",
|
|
"first_observed": "2017-03-08T20:47:31Z",
|
|
"last_observed": "2017-03-08T20:47:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06de3-f73c-48e8-b7f5-49fc02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06de3-f73c-48e8-b7f5-49fc02de0b81",
|
|
"value": "https://www.virustotal.com/file/78f720f09a6ad23a0332c6531c4792a74d554d66d36f007d1e94bdd9c4fb2d1a/analysis/1487770143/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06de4-f324-443a-b0a0-4a1702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:32.000Z",
|
|
"modified": "2017-03-08T20:47:32.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 76f3828bfc53aa3d2f3057521c913797c1e3a7cb8331112bb1771ec6d4241e66",
|
|
"pattern": "[file:hashes.SHA1 = '7707e33e284eb0981ccbe0e8af4ecb136e2a8709']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06de5-feb0-47ea-a3bf-40ca02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:33.000Z",
|
|
"modified": "2017-03-08T20:47:33.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 76f3828bfc53aa3d2f3057521c913797c1e3a7cb8331112bb1771ec6d4241e66",
|
|
"pattern": "[file:hashes.MD5 = '9a8ddb3d089e47015372cc359a574893']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06de6-6a70-4128-bbd3-469202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:34.000Z",
|
|
"modified": "2017-03-08T20:47:34.000Z",
|
|
"first_observed": "2017-03-08T20:47:34Z",
|
|
"last_observed": "2017-03-08T20:47:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06de6-6a70-4128-bbd3-469202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06de6-6a70-4128-bbd3-469202de0b81",
|
|
"value": "https://www.virustotal.com/file/76f3828bfc53aa3d2f3057521c913797c1e3a7cb8331112bb1771ec6d4241e66/analysis/1487718199/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06de7-ca18-4cc3-8cc4-448c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:35.000Z",
|
|
"modified": "2017-03-08T20:47:35.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 076bb85648f5a5e09c85dbf5997b58e7580031e64e5555a58ac0c3bce62a857b",
|
|
"pattern": "[file:hashes.SHA1 = 'c4c05fda1bf66ee3af794df4ef17d09c62f7e205']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06de8-eddc-4456-9551-49f202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:36.000Z",
|
|
"modified": "2017-03-08T20:47:36.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 076bb85648f5a5e09c85dbf5997b58e7580031e64e5555a58ac0c3bce62a857b",
|
|
"pattern": "[file:hashes.MD5 = '9c52c1cbd3382065fcc0fc567e6ce892']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06de9-ec3c-493e-85e1-42df02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:37.000Z",
|
|
"modified": "2017-03-08T20:47:37.000Z",
|
|
"first_observed": "2017-03-08T20:47:37Z",
|
|
"last_observed": "2017-03-08T20:47:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06de9-ec3c-493e-85e1-42df02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06de9-ec3c-493e-85e1-42df02de0b81",
|
|
"value": "https://www.virustotal.com/file/076bb85648f5a5e09c85dbf5997b58e7580031e64e5555a58ac0c3bce62a857b/analysis/1487484510/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06dea-6524-45e0-82e2-466102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:38.000Z",
|
|
"modified": "2017-03-08T20:47:38.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: ccb3eba9526df1d9eb983bb5259c47e552efb4fdf8cd95e6a6b6856351114b8f",
|
|
"pattern": "[file:hashes.SHA1 = '9a188d94c1f15da3b31ee5b5758ccfa736a9fe37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06deb-b528-4ea4-8011-453502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:39.000Z",
|
|
"modified": "2017-03-08T20:47:39.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: ccb3eba9526df1d9eb983bb5259c47e552efb4fdf8cd95e6a6b6856351114b8f",
|
|
"pattern": "[file:hashes.MD5 = 'da6f362e59a354f1e9aba6e3459c64c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06dec-f788-4467-8ad3-4d8e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:40.000Z",
|
|
"modified": "2017-03-08T20:47:40.000Z",
|
|
"first_observed": "2017-03-08T20:47:40Z",
|
|
"last_observed": "2017-03-08T20:47:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06dec-f788-4467-8ad3-4d8e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06dec-f788-4467-8ad3-4d8e02de0b81",
|
|
"value": "https://www.virustotal.com/file/ccb3eba9526df1d9eb983bb5259c47e552efb4fdf8cd95e6a6b6856351114b8f/analysis/1488023624/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06ded-51b0-45d0-a7cf-4a9502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:41.000Z",
|
|
"modified": "2017-03-08T20:47:41.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: bcd94a7c4a24645948c46afb2616720e2bb166bc327e63dfe2b8c3135accb548",
|
|
"pattern": "[file:hashes.SHA1 = '941247fbe437170b1f8aa63a64cb32b96fdb7149']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06dee-1c1c-4b3f-bdff-495702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:42.000Z",
|
|
"modified": "2017-03-08T20:47:42.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: bcd94a7c4a24645948c46afb2616720e2bb166bc327e63dfe2b8c3135accb548",
|
|
"pattern": "[file:hashes.MD5 = 'ee9715fe05cf675d93b1a7d62b9f91d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06def-4e14-4ea8-a34b-43dd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:43.000Z",
|
|
"modified": "2017-03-08T20:47:43.000Z",
|
|
"first_observed": "2017-03-08T20:47:43Z",
|
|
"last_observed": "2017-03-08T20:47:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06def-4e14-4ea8-a34b-43dd02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06def-4e14-4ea8-a34b-43dd02de0b81",
|
|
"value": "https://www.virustotal.com/file/bcd94a7c4a24645948c46afb2616720e2bb166bc327e63dfe2b8c3135accb548/analysis/1488187298/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06df0-e57c-4451-9041-459802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:44.000Z",
|
|
"modified": "2017-03-08T20:47:44.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 87fce23e17a86775b210c81089013ca7c058c03cd1b83b79b73413bd380efced",
|
|
"pattern": "[file:hashes.SHA1 = 'c2b058909484e9a53a39b7674fd8200553d36c19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06df1-c6fc-4e2f-b850-491102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:45.000Z",
|
|
"modified": "2017-03-08T20:47:45.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 87fce23e17a86775b210c81089013ca7c058c03cd1b83b79b73413bd380efced",
|
|
"pattern": "[file:hashes.MD5 = '12e334231ecbfb1fc74b22b1cbfb053f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06df2-8984-42bc-998b-47e702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:46.000Z",
|
|
"modified": "2017-03-08T20:47:46.000Z",
|
|
"first_observed": "2017-03-08T20:47:46Z",
|
|
"last_observed": "2017-03-08T20:47:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06df2-8984-42bc-998b-47e702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06df2-8984-42bc-998b-47e702de0b81",
|
|
"value": "https://www.virustotal.com/file/87fce23e17a86775b210c81089013ca7c058c03cd1b83b79b73413bd380efced/analysis/1488803940/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06df3-02a0-47f7-9a0f-4fb202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:47.000Z",
|
|
"modified": "2017-03-08T20:47:47.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 9e0ee793008c69494627383251098e1d500212a77fd025f6645c47ffabf015eb",
|
|
"pattern": "[file:hashes.SHA1 = 'a6e5ab9a89e803bb48793c545ca7ef547ef2b155']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06df4-847c-4764-b379-495902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:48.000Z",
|
|
"modified": "2017-03-08T20:47:48.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 9e0ee793008c69494627383251098e1d500212a77fd025f6645c47ffabf015eb",
|
|
"pattern": "[file:hashes.MD5 = '3cab16b7faa3407d6a08c15eb478ea97']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06df5-2fb0-434f-a58e-453402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:49.000Z",
|
|
"modified": "2017-03-08T20:47:49.000Z",
|
|
"first_observed": "2017-03-08T20:47:49Z",
|
|
"last_observed": "2017-03-08T20:47:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06df5-2fb0-434f-a58e-453402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06df5-2fb0-434f-a58e-453402de0b81",
|
|
"value": "https://www.virustotal.com/file/9e0ee793008c69494627383251098e1d500212a77fd025f6645c47ffabf015eb/analysis/1488429222/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06df6-f840-4a31-a275-45ba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:50.000Z",
|
|
"modified": "2017-03-08T20:47:50.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: de183a7886c3dedbbb1d9260934f0d6e7d4abca72fb942c573dc74ac449c4bfc",
|
|
"pattern": "[file:hashes.SHA1 = 'c3ac47eab687009097f593e01c83baf80bdd03ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06df7-d8cc-4c8e-a378-41ce02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:51.000Z",
|
|
"modified": "2017-03-08T20:47:51.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: de183a7886c3dedbbb1d9260934f0d6e7d4abca72fb942c573dc74ac449c4bfc",
|
|
"pattern": "[file:hashes.MD5 = 'f73c357b554d3759a81f9c351db09911']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06df8-1eb0-49bd-9759-482802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:52.000Z",
|
|
"modified": "2017-03-08T20:47:52.000Z",
|
|
"first_observed": "2017-03-08T20:47:52Z",
|
|
"last_observed": "2017-03-08T20:47:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06df8-1eb0-49bd-9759-482802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06df8-1eb0-49bd-9759-482802de0b81",
|
|
"value": "https://www.virustotal.com/file/de183a7886c3dedbbb1d9260934f0d6e7d4abca72fb942c573dc74ac449c4bfc/analysis/1488189016/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06df9-d908-483a-ae3c-466902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:53.000Z",
|
|
"modified": "2017-03-08T20:47:53.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: cb9050f37dfc7e19b59d3ef4e332efcf2bc04c5707f41b43453f6c50d3740bc4",
|
|
"pattern": "[file:hashes.SHA1 = 'ec419d1bfb435d5dd132f76b7218b0acf01b792c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06dfa-e798-48e5-8ac8-4b4102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:54.000Z",
|
|
"modified": "2017-03-08T20:47:54.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: cb9050f37dfc7e19b59d3ef4e332efcf2bc04c5707f41b43453f6c50d3740bc4",
|
|
"pattern": "[file:hashes.MD5 = 'b88e5f37bc137b5892fcd399ff49e924']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06dfb-f924-4551-91e2-47c402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:55.000Z",
|
|
"modified": "2017-03-08T20:47:55.000Z",
|
|
"first_observed": "2017-03-08T20:47:55Z",
|
|
"last_observed": "2017-03-08T20:47:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06dfb-f924-4551-91e2-47c402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06dfb-f924-4551-91e2-47c402de0b81",
|
|
"value": "https://www.virustotal.com/file/cb9050f37dfc7e19b59d3ef4e332efcf2bc04c5707f41b43453f6c50d3740bc4/analysis/1487887735/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06dfc-d37c-48f9-bc48-4e1502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:56.000Z",
|
|
"modified": "2017-03-08T20:47:56.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 1e2cb0cf9b5b7e7b825fda20a37e5c6e1bb9c548eb89cc457026e4cbee35cd23",
|
|
"pattern": "[file:hashes.SHA1 = '08dc3de9ed98cb37cc45fdf3232acd9b128d10fd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06dfd-8b04-4bbd-9022-458802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:57.000Z",
|
|
"modified": "2017-03-08T20:47:57.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 1e2cb0cf9b5b7e7b825fda20a37e5c6e1bb9c548eb89cc457026e4cbee35cd23",
|
|
"pattern": "[file:hashes.MD5 = 'ef55d0d85d324cebdd42eca5b826a1c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06dfe-dad0-4012-adfe-41ac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:58.000Z",
|
|
"modified": "2017-03-08T20:47:58.000Z",
|
|
"first_observed": "2017-03-08T20:47:58Z",
|
|
"last_observed": "2017-03-08T20:47:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06dfe-dad0-4012-adfe-41ac02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06dfe-dad0-4012-adfe-41ac02de0b81",
|
|
"value": "https://www.virustotal.com/file/1e2cb0cf9b5b7e7b825fda20a37e5c6e1bb9c548eb89cc457026e4cbee35cd23/analysis/1487791753/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06dff-0be8-464a-af76-4a3d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:47:59.000Z",
|
|
"modified": "2017-03-08T20:47:59.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: ea1f0f1ff85130dc4634019d9e305d35097483d38e37c8aa4dc6c81b7aed1418",
|
|
"pattern": "[file:hashes.SHA1 = 'adad50138fc9a2939430093a365c804047cc0f9b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:47:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e00-ba54-45ff-93af-487102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:00.000Z",
|
|
"modified": "2017-03-08T20:48:00.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: ea1f0f1ff85130dc4634019d9e305d35097483d38e37c8aa4dc6c81b7aed1418",
|
|
"pattern": "[file:hashes.MD5 = '57ee7e54cd4c17a66535c0b18d3fca6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e01-0e04-4b57-b2c6-4f6502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:01.000Z",
|
|
"modified": "2017-03-08T20:48:01.000Z",
|
|
"first_observed": "2017-03-08T20:48:01Z",
|
|
"last_observed": "2017-03-08T20:48:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e01-0e04-4b57-b2c6-4f6502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e01-0e04-4b57-b2c6-4f6502de0b81",
|
|
"value": "https://www.virustotal.com/file/ea1f0f1ff85130dc4634019d9e305d35097483d38e37c8aa4dc6c81b7aed1418/analysis/1488180723/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e02-e4e8-4837-83dc-45c102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:02.000Z",
|
|
"modified": "2017-03-08T20:48:02.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 3745e6e8419a2090130473cb0b8197031fee9c07a824395d1ab261257def3100",
|
|
"pattern": "[file:hashes.SHA1 = '6ff7d641a87e90bbe0353b2cf8f3d30f350eca2b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e03-d97c-4a5a-bbc5-459b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:03.000Z",
|
|
"modified": "2017-03-08T20:48:03.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 3745e6e8419a2090130473cb0b8197031fee9c07a824395d1ab261257def3100",
|
|
"pattern": "[file:hashes.MD5 = 'fd9677589ae986955fa84fddedff95a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e03-1618-4095-bb9d-470902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:03.000Z",
|
|
"modified": "2017-03-08T20:48:03.000Z",
|
|
"first_observed": "2017-03-08T20:48:03Z",
|
|
"last_observed": "2017-03-08T20:48:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e03-1618-4095-bb9d-470902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e03-1618-4095-bb9d-470902de0b81",
|
|
"value": "https://www.virustotal.com/file/3745e6e8419a2090130473cb0b8197031fee9c07a824395d1ab261257def3100/analysis/1488452522/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e04-4064-4b07-8c4d-494902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:04.000Z",
|
|
"modified": "2017-03-08T20:48:04.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: f893dbf5891995984e564c44878dd5c8dea94812c3df7b995d79159bca051f79",
|
|
"pattern": "[file:hashes.SHA1 = '17847e340239bf3fd112c29b259a9fbab3b2cf66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e05-7b90-4e41-9653-48e902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:05.000Z",
|
|
"modified": "2017-03-08T20:48:05.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: f893dbf5891995984e564c44878dd5c8dea94812c3df7b995d79159bca051f79",
|
|
"pattern": "[file:hashes.MD5 = 'cfe3be97137aeda22f71504320c01bce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e06-7170-4253-abcb-490902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:06.000Z",
|
|
"modified": "2017-03-08T20:48:06.000Z",
|
|
"first_observed": "2017-03-08T20:48:06Z",
|
|
"last_observed": "2017-03-08T20:48:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e06-7170-4253-abcb-490902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e06-7170-4253-abcb-490902de0b81",
|
|
"value": "https://www.virustotal.com/file/f893dbf5891995984e564c44878dd5c8dea94812c3df7b995d79159bca051f79/analysis/1488187294/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e07-38ac-4bcc-b8f6-436102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:07.000Z",
|
|
"modified": "2017-03-08T20:48:07.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 744b169cc40871e9c39409dbd89879c499433625f9fed1adfc700edcf293b1b0",
|
|
"pattern": "[file:hashes.SHA1 = '7f3d264e8095a4ca8cf3e3e69bdcb79cdb6b66d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e07-99f8-4a46-abe3-46dc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:07.000Z",
|
|
"modified": "2017-03-08T20:48:07.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 744b169cc40871e9c39409dbd89879c499433625f9fed1adfc700edcf293b1b0",
|
|
"pattern": "[file:hashes.MD5 = 'b6a3f25c51cabc1383ae60071e093b66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e08-6200-423a-9bd1-405202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:08.000Z",
|
|
"modified": "2017-03-08T20:48:08.000Z",
|
|
"first_observed": "2017-03-08T20:48:08Z",
|
|
"last_observed": "2017-03-08T20:48:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e08-6200-423a-9bd1-405202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e08-6200-423a-9bd1-405202de0b81",
|
|
"value": "https://www.virustotal.com/file/744b169cc40871e9c39409dbd89879c499433625f9fed1adfc700edcf293b1b0/analysis/1488203443/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e09-0e4c-470e-ad21-4a2802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:09.000Z",
|
|
"modified": "2017-03-08T20:48:09.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 0044e8a82a234674a070e9695f80f418ab72d351a4123b528e51b2b9eb2e44eb",
|
|
"pattern": "[file:hashes.SHA1 = '63e3eeef3506527b5e9aa5ba98d7caf75d536641']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e0a-1694-4884-8622-454802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:10.000Z",
|
|
"modified": "2017-03-08T20:48:10.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 0044e8a82a234674a070e9695f80f418ab72d351a4123b528e51b2b9eb2e44eb",
|
|
"pattern": "[file:hashes.MD5 = '60e43530b64e1183628a66fb39fe1392']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e0b-f190-4c0f-b624-4fcb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:11.000Z",
|
|
"modified": "2017-03-08T20:48:11.000Z",
|
|
"first_observed": "2017-03-08T20:48:11Z",
|
|
"last_observed": "2017-03-08T20:48:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e0b-f190-4c0f-b624-4fcb02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e0b-f190-4c0f-b624-4fcb02de0b81",
|
|
"value": "https://www.virustotal.com/file/0044e8a82a234674a070e9695f80f418ab72d351a4123b528e51b2b9eb2e44eb/analysis/1488452270/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e0b-0024-4842-8d4b-469902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:11.000Z",
|
|
"modified": "2017-03-08T20:48:11.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: e32cbfce6291382a188d2dae50c4b3c2a173097f2b4fc17904daceac9b2f3396",
|
|
"pattern": "[file:hashes.SHA1 = '9236ea3e97b358729188e16dc285fd4987250ba8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e0c-4d5c-4cb2-905c-432602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:12.000Z",
|
|
"modified": "2017-03-08T20:48:12.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: e32cbfce6291382a188d2dae50c4b3c2a173097f2b4fc17904daceac9b2f3396",
|
|
"pattern": "[file:hashes.MD5 = '51b99671029d548f9e8efe1117d82292']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e0d-a608-47d2-9d93-43fe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:13.000Z",
|
|
"modified": "2017-03-08T20:48:13.000Z",
|
|
"first_observed": "2017-03-08T20:48:13Z",
|
|
"last_observed": "2017-03-08T20:48:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e0d-a608-47d2-9d93-43fe02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e0d-a608-47d2-9d93-43fe02de0b81",
|
|
"value": "https://www.virustotal.com/file/e32cbfce6291382a188d2dae50c4b3c2a173097f2b4fc17904daceac9b2f3396/analysis/1488129622/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e0e-f99c-4619-842a-4d7e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:14.000Z",
|
|
"modified": "2017-03-08T20:48:14.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 899c4eb640f97c3b198970e9d25d0464361f3bf5f8839b16f1e10493a82c5382",
|
|
"pattern": "[file:hashes.SHA1 = 'f0baeab465f247b66a6037655766ca06b5ae7362']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e0e-8cf0-4148-a86d-4aaf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:14.000Z",
|
|
"modified": "2017-03-08T20:48:14.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 899c4eb640f97c3b198970e9d25d0464361f3bf5f8839b16f1e10493a82c5382",
|
|
"pattern": "[file:hashes.MD5 = 'ce59571268952173487c507951899424']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e0f-a220-4c43-b708-459b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:15.000Z",
|
|
"modified": "2017-03-08T20:48:15.000Z",
|
|
"first_observed": "2017-03-08T20:48:15Z",
|
|
"last_observed": "2017-03-08T20:48:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e0f-a220-4c43-b708-459b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e0f-a220-4c43-b708-459b02de0b81",
|
|
"value": "https://www.virustotal.com/file/899c4eb640f97c3b198970e9d25d0464361f3bf5f8839b16f1e10493a82c5382/analysis/1487771117/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e10-a6d0-49f9-96e1-480802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:16.000Z",
|
|
"modified": "2017-03-08T20:48:16.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 197aa2490e81362e651af2ab8e4ae2c41a5da1a2812e4377719596a2eb2b8c8f",
|
|
"pattern": "[file:hashes.SHA1 = 'eec3c6580175784d68aed941de45326c0e85eee9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e11-0720-4ccf-ac51-456902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:17.000Z",
|
|
"modified": "2017-03-08T20:48:17.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 197aa2490e81362e651af2ab8e4ae2c41a5da1a2812e4377719596a2eb2b8c8f",
|
|
"pattern": "[file:hashes.MD5 = '1b21501a12733c0450e96643edb8f5f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e12-3e50-4b82-bedb-43e102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:18.000Z",
|
|
"modified": "2017-03-08T20:48:18.000Z",
|
|
"first_observed": "2017-03-08T20:48:18Z",
|
|
"last_observed": "2017-03-08T20:48:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e12-3e50-4b82-bedb-43e102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e12-3e50-4b82-bedb-43e102de0b81",
|
|
"value": "https://www.virustotal.com/file/197aa2490e81362e651af2ab8e4ae2c41a5da1a2812e4377719596a2eb2b8c8f/analysis/1488658947/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e12-e04c-4550-a1e6-422e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:18.000Z",
|
|
"modified": "2017-03-08T20:48:18.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 2c8c0d8e1d74a02c44b92e1ee90a1f192e3ea3f65b29bcbba8fe6fc860e8dc6b",
|
|
"pattern": "[file:hashes.SHA1 = '98943ea8f56edfd7bf5a09e54aaf2548bc7ff225']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e13-c134-43a3-b86b-475e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:19.000Z",
|
|
"modified": "2017-03-08T20:48:19.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 2c8c0d8e1d74a02c44b92e1ee90a1f192e3ea3f65b29bcbba8fe6fc860e8dc6b",
|
|
"pattern": "[file:hashes.MD5 = '1a2aae516a2985af8b19438764eab690']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e14-dbf4-41d0-94a3-4ce202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:20.000Z",
|
|
"modified": "2017-03-08T20:48:20.000Z",
|
|
"first_observed": "2017-03-08T20:48:20Z",
|
|
"last_observed": "2017-03-08T20:48:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e14-dbf4-41d0-94a3-4ce202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e14-dbf4-41d0-94a3-4ce202de0b81",
|
|
"value": "https://www.virustotal.com/file/2c8c0d8e1d74a02c44b92e1ee90a1f192e3ea3f65b29bcbba8fe6fc860e8dc6b/analysis/1488348430/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e15-aaec-4489-8f5b-416202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:21.000Z",
|
|
"modified": "2017-03-08T20:48:21.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: e3166a14289b69956beba9fe0ac91aaeeff4c50fc9eb6a15a22864575fcc22fc",
|
|
"pattern": "[file:hashes.SHA1 = 'a71998700fa4abf1aa0c30d85f32862f5589a2e2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e16-692c-4594-9be5-4d0902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:22.000Z",
|
|
"modified": "2017-03-08T20:48:22.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: e3166a14289b69956beba9fe0ac91aaeeff4c50fc9eb6a15a22864575fcc22fc",
|
|
"pattern": "[file:hashes.MD5 = '358ca9784fb2f5ccfb34acc4998833f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e17-7398-4a16-b593-43e702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:23.000Z",
|
|
"modified": "2017-03-08T20:48:23.000Z",
|
|
"first_observed": "2017-03-08T20:48:23Z",
|
|
"last_observed": "2017-03-08T20:48:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e17-7398-4a16-b593-43e702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e17-7398-4a16-b593-43e702de0b81",
|
|
"value": "https://www.virustotal.com/file/e3166a14289b69956beba9fe0ac91aaeeff4c50fc9eb6a15a22864575fcc22fc/analysis/1488974143/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e18-f534-4169-bd53-478602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:24.000Z",
|
|
"modified": "2017-03-08T20:48:24.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 7505f9a8c2092b255f9f41571fba2c09143b69c7ab9505c28188c88d4c80c5a7",
|
|
"pattern": "[file:hashes.SHA1 = 'df93630beb56a6ed0dba7c0969431ccb0d64e5d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c06e19-f164-4cca-b673-409002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:25.000Z",
|
|
"modified": "2017-03-08T20:48:25.000Z",
|
|
"description": "Italian spam JS - Xchecked via VT: 7505f9a8c2092b255f9f41571fba2c09143b69c7ab9505c28188c88d4c80c5a7",
|
|
"pattern": "[file:hashes.MD5 = 'fef70ba52555fa58ad714e30a7288de9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-08T20:48:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c06e1a-bbf8-4b6d-8747-42ee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-08T20:48:26.000Z",
|
|
"modified": "2017-03-08T20:48:26.000Z",
|
|
"first_observed": "2017-03-08T20:48:26Z",
|
|
"last_observed": "2017-03-08T20:48:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c06e1a-bbf8-4b6d-8747-42ee02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c06e1a-bbf8-4b6d-8747-42ee02de0b81",
|
|
"value": "https://www.virustotal.com/file/7505f9a8c2092b255f9f41571fba2c09143b69c7ab9505c28188c88d4c80c5a7/analysis/1488963532/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |