7244 lines
No EOL
310 KiB
JSON
7244 lines
No EOL
310 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--594e5f0a-da78-4d3c-b9d4-4f8502de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:53:14.000Z",
|
|
"modified": "2017-06-26T09:53:14.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--594e5f0a-da78-4d3c-b9d4-4f8502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:53:14.000Z",
|
|
"modified": "2017-06-26T09:53:14.000Z",
|
|
"name": "OSINT - El Machete's Malware Attacks Cut Through LATAM",
|
|
"published": "2017-06-26T09:53:22Z",
|
|
"object_refs": [
|
|
"observed-data--594e5f15-a4b4-4267-ab79-b0d302de0b81",
|
|
"url--594e5f15-a4b4-4267-ab79-b0d302de0b81",
|
|
"indicator--594e5f29-5268-4108-9cbd-41ac02de0b81",
|
|
"indicator--594e5f29-21c8-4d19-b649-48b702de0b81",
|
|
"indicator--594e5f29-8888-4433-9502-48fb02de0b81",
|
|
"indicator--594e5f29-7a7c-48eb-affe-4cc302de0b81",
|
|
"indicator--594e5f29-02b0-447f-a27c-4ab002de0b81",
|
|
"indicator--594e5f29-08f4-4a01-aaab-4a7602de0b81",
|
|
"indicator--594e5f29-30f4-450c-a4a0-422d02de0b81",
|
|
"indicator--594e5f29-663c-4ac5-a395-4e5d02de0b81",
|
|
"indicator--594e5f29-e74c-474a-9106-462002de0b81",
|
|
"indicator--594e5f29-60f0-407b-8579-409a02de0b81",
|
|
"indicator--594e5f29-c004-4adf-a091-471202de0b81",
|
|
"indicator--594e5f29-242c-482a-abb8-4cb302de0b81",
|
|
"indicator--594e5f29-a0f0-4fff-b8b5-454202de0b81",
|
|
"indicator--594e5f29-507c-4232-99f0-498a02de0b81",
|
|
"indicator--594e5f29-6378-42d9-bbd2-495202de0b81",
|
|
"indicator--594e5f29-3928-4418-94ad-45c102de0b81",
|
|
"indicator--594e5f29-8bd8-4da2-9651-456302de0b81",
|
|
"indicator--594e5f29-8514-41ca-a816-46f802de0b81",
|
|
"indicator--594e5f29-8d28-475d-bd56-4a8102de0b81",
|
|
"indicator--594e5f29-8790-4b02-ab29-456202de0b81",
|
|
"indicator--594e5f47-0c94-4e75-b41a-454a02de0b81",
|
|
"indicator--594e5f47-77cc-4d47-8929-498902de0b81",
|
|
"indicator--594e5f47-ef78-48d9-a132-4f3002de0b81",
|
|
"indicator--594e5f47-0bcc-4e7a-b6c2-4a8902de0b81",
|
|
"indicator--594e5f47-180c-46c9-a95a-4d9902de0b81",
|
|
"indicator--594e5f47-6fb0-4cb0-9b63-436802de0b81",
|
|
"indicator--594e5f47-930c-4e9a-a099-4af902de0b81",
|
|
"indicator--594e5f47-b6cc-4f2b-b8fc-477002de0b81",
|
|
"indicator--594e5f47-d788-4766-8963-489302de0b81",
|
|
"indicator--594e5f47-7374-40ea-aae1-4b4a02de0b81",
|
|
"indicator--594e5f47-eef4-4f70-adb7-45b802de0b81",
|
|
"indicator--594e5f47-8c0c-4d23-a1e8-4c7a02de0b81",
|
|
"indicator--594e5f47-d0dc-49a4-bdc1-4fc602de0b81",
|
|
"indicator--594e5f47-9cf8-41b4-9bb4-408102de0b81",
|
|
"indicator--594e5f48-332c-4941-a52f-471202de0b81",
|
|
"indicator--594e5f48-c3c4-48f8-acc3-4b8602de0b81",
|
|
"indicator--594e5f48-c774-4ea9-9ad9-4e4b02de0b81",
|
|
"indicator--594e5f48-46d4-48c0-9ce6-442302de0b81",
|
|
"indicator--594e5f48-f580-4661-a938-4aa302de0b81",
|
|
"indicator--594e5f48-50f8-453a-ab57-446a02de0b81",
|
|
"indicator--594e5f48-c148-49d5-bcfe-48f902de0b81",
|
|
"indicator--594e5f48-4c28-46c7-be78-438f02de0b81",
|
|
"indicator--594e5f48-e620-42b0-ba56-4c9d02de0b81",
|
|
"indicator--594e5f48-b088-4237-9e86-426202de0b81",
|
|
"indicator--594e5f48-a070-40c2-9f00-468302de0b81",
|
|
"indicator--594e5f48-37ac-4f98-9fc1-4f2302de0b81",
|
|
"indicator--594e5f48-c5ec-48b0-a996-40ca02de0b81",
|
|
"indicator--594e5f5b-c6c0-4194-a028-491202de0b81",
|
|
"indicator--594e5f5b-21f8-4270-a333-473f02de0b81",
|
|
"indicator--594e5f5b-e52c-4185-818d-4f1602de0b81",
|
|
"indicator--594e5f5b-2fb4-4869-a56a-464902de0b81",
|
|
"indicator--594e5f5b-54bc-49f3-a342-4bbd02de0b81",
|
|
"indicator--594e5f6e-9748-4a0a-8e84-462802de0b81",
|
|
"indicator--594e5f6e-f134-4308-ae54-41df02de0b81",
|
|
"indicator--594e5f6e-6a1c-45fe-a1e1-4cc402de0b81",
|
|
"indicator--594e5f6e-9cbc-45a2-9d04-4a1a02de0b81",
|
|
"indicator--594e5f6e-2bb0-4e66-a32b-45ec02de0b81",
|
|
"indicator--5950d552-7c28-478f-b356-8c36950d210f",
|
|
"indicator--5950d552-729c-4be4-b76c-8c36950d210f",
|
|
"indicator--5950d552-7d0c-4fb2-b342-8c36950d210f",
|
|
"indicator--5950d552-3ffc-4911-aa33-8c36950d210f",
|
|
"indicator--5950d552-e410-49af-a85d-8c36950d210f",
|
|
"indicator--5950d552-5368-4433-85e5-8c36950d210f",
|
|
"indicator--5950d552-85d0-4378-bf21-8c36950d210f",
|
|
"indicator--5950d552-ed6c-4e03-9282-8c36950d210f",
|
|
"indicator--5950d552-cbc0-4c1c-8053-8c36950d210f",
|
|
"observed-data--5950d591-5e78-440d-92bb-d5d1950d210f",
|
|
"file--5950d591-5e78-440d-92bb-d5d1950d210f",
|
|
"observed-data--5950d591-98e8-433e-8340-d5d1950d210f",
|
|
"file--5950d591-98e8-433e-8340-d5d1950d210f",
|
|
"observed-data--5950d591-d040-4407-ae7d-d5d1950d210f",
|
|
"file--5950d591-d040-4407-ae7d-d5d1950d210f",
|
|
"observed-data--5950d591-1950-44db-86a6-d5d1950d210f",
|
|
"file--5950d591-1950-44db-86a6-d5d1950d210f",
|
|
"observed-data--5950d591-40c8-4144-b00f-d5d1950d210f",
|
|
"file--5950d591-40c8-4144-b00f-d5d1950d210f",
|
|
"observed-data--5950d591-8780-4f43-bf96-d5d1950d210f",
|
|
"file--5950d591-8780-4f43-bf96-d5d1950d210f",
|
|
"observed-data--5950d591-a91c-4bfc-9c40-d5d1950d210f",
|
|
"file--5950d591-a91c-4bfc-9c40-d5d1950d210f",
|
|
"observed-data--5950d591-946c-4640-8d70-d5d1950d210f",
|
|
"file--5950d591-946c-4640-8d70-d5d1950d210f",
|
|
"observed-data--5950d591-d260-4ece-ae16-d5d1950d210f",
|
|
"file--5950d591-d260-4ece-ae16-d5d1950d210f",
|
|
"observed-data--5950d591-e4a8-4c76-b9ef-d5d1950d210f",
|
|
"file--5950d591-e4a8-4c76-b9ef-d5d1950d210f",
|
|
"observed-data--5950d591-11c0-403a-b36f-d5d1950d210f",
|
|
"file--5950d591-11c0-403a-b36f-d5d1950d210f",
|
|
"observed-data--5950d591-9da8-413c-a526-d5d1950d210f",
|
|
"file--5950d591-9da8-413c-a526-d5d1950d210f",
|
|
"observed-data--5950d591-8818-4a9a-a7d0-d5d1950d210f",
|
|
"file--5950d591-8818-4a9a-a7d0-d5d1950d210f",
|
|
"observed-data--5950d591-95b0-409d-9d4c-d5d1950d210f",
|
|
"file--5950d591-95b0-409d-9d4c-d5d1950d210f",
|
|
"observed-data--5950d591-00a4-48e3-b4b6-d5d1950d210f",
|
|
"file--5950d591-00a4-48e3-b4b6-d5d1950d210f",
|
|
"observed-data--5950d591-7b38-4c92-bebe-d5d1950d210f",
|
|
"file--5950d591-7b38-4c92-bebe-d5d1950d210f",
|
|
"observed-data--5950d591-2d84-4d7d-8943-d5d1950d210f",
|
|
"file--5950d591-2d84-4d7d-8943-d5d1950d210f",
|
|
"observed-data--5950d591-573c-49f6-a41f-d5d1950d210f",
|
|
"file--5950d591-573c-49f6-a41f-d5d1950d210f",
|
|
"observed-data--5950d591-2ff4-427e-a1ff-d5d1950d210f",
|
|
"file--5950d591-2ff4-427e-a1ff-d5d1950d210f",
|
|
"observed-data--5950d591-297c-4347-93cd-d5d1950d210f",
|
|
"file--5950d591-297c-4347-93cd-d5d1950d210f",
|
|
"observed-data--5950d591-5824-463c-93ac-d5d1950d210f",
|
|
"file--5950d591-5824-463c-93ac-d5d1950d210f",
|
|
"observed-data--5950d591-ec80-46f8-8ae9-d5d1950d210f",
|
|
"file--5950d591-ec80-46f8-8ae9-d5d1950d210f",
|
|
"observed-data--5950d591-afbc-4e64-869d-d5d1950d210f",
|
|
"file--5950d591-afbc-4e64-869d-d5d1950d210f",
|
|
"observed-data--5950d591-0a50-42a3-9b2f-d5d1950d210f",
|
|
"file--5950d591-0a50-42a3-9b2f-d5d1950d210f",
|
|
"observed-data--5950d591-9c1c-40e8-972b-d5d1950d210f",
|
|
"file--5950d591-9c1c-40e8-972b-d5d1950d210f",
|
|
"observed-data--5950d591-01b4-4c70-a67d-d5d1950d210f",
|
|
"file--5950d591-01b4-4c70-a67d-d5d1950d210f",
|
|
"observed-data--5950d591-2284-4612-8d92-d5d1950d210f",
|
|
"file--5950d591-2284-4612-8d92-d5d1950d210f",
|
|
"observed-data--5950d591-c11c-4e1f-b89b-d5d1950d210f",
|
|
"file--5950d591-c11c-4e1f-b89b-d5d1950d210f",
|
|
"observed-data--5950d591-1f2c-46cd-a41d-d5d1950d210f",
|
|
"file--5950d591-1f2c-46cd-a41d-d5d1950d210f",
|
|
"indicator--5950d5b0-9d20-47d2-b34b-8c2d950d210f",
|
|
"indicator--5950d5c3-1534-423e-a305-8c96950d210f",
|
|
"indicator--5950d5c3-6dcc-4837-b90f-8c96950d210f",
|
|
"indicator--5950d5c3-7e14-48ef-a2d9-8c96950d210f",
|
|
"indicator--5950d5de-7aac-446f-b1fe-8d0b950d210f",
|
|
"indicator--5950d5de-016c-499d-9cd1-8d0b950d210f",
|
|
"indicator--5950d5de-5fe0-4ce7-8fb3-8d0b950d210f",
|
|
"indicator--5950d628-f528-43b9-b16b-8c96950d210f",
|
|
"indicator--5950d628-23c8-425f-b191-8c96950d210f",
|
|
"indicator--5950d645-7e6c-4aa9-9a64-d5c6950d210f",
|
|
"indicator--5950d645-1ffc-4232-935c-d5c6950d210f",
|
|
"indicator--5950d645-e30c-4df6-8d73-d5c6950d210f",
|
|
"indicator--5950d6b7-abc8-48a5-a695-4f14950d210f",
|
|
"indicator--5950d6b7-e2fc-4b69-a964-473a950d210f",
|
|
"indicator--5950d6b7-ee8c-4e44-b9e4-49b2950d210f",
|
|
"indicator--5950d6b7-2648-4192-99b4-4331950d210f",
|
|
"indicator--5950d6b7-fdb8-4a08-9ae3-466a950d210f",
|
|
"x-misp-attribute--5950d6cc-d8b4-4114-af10-4102950d210f",
|
|
"indicator--5950d913-8e10-4b31-bc4a-d5d102de0b81",
|
|
"indicator--5950d913-9f60-4bd1-a466-d5d102de0b81",
|
|
"observed-data--5950d914-2c74-44c2-ae83-d5d102de0b81",
|
|
"url--5950d914-2c74-44c2-ae83-d5d102de0b81",
|
|
"indicator--5950d914-db24-4191-87bb-d5d102de0b81",
|
|
"indicator--5950d914-8bf8-4195-8b0f-d5d102de0b81",
|
|
"observed-data--5950d914-b334-44d6-a013-d5d102de0b81",
|
|
"url--5950d914-b334-44d6-a013-d5d102de0b81",
|
|
"indicator--5950d914-d19c-4cfb-9f40-d5d102de0b81",
|
|
"indicator--5950d914-4a44-433a-a3f3-d5d102de0b81",
|
|
"observed-data--5950d914-5678-44bd-8a52-d5d102de0b81",
|
|
"url--5950d914-5678-44bd-8a52-d5d102de0b81",
|
|
"indicator--5950d914-584c-4e24-ab73-d5d102de0b81",
|
|
"indicator--5950d914-2138-42f9-98cc-d5d102de0b81",
|
|
"observed-data--5950d914-9928-437f-831e-d5d102de0b81",
|
|
"url--5950d914-9928-437f-831e-d5d102de0b81",
|
|
"indicator--5950d914-c810-40ba-9461-d5d102de0b81",
|
|
"indicator--5950d914-2ae0-43a0-83b9-d5d102de0b81",
|
|
"observed-data--5950d914-d524-4115-80e9-d5d102de0b81",
|
|
"url--5950d914-d524-4115-80e9-d5d102de0b81",
|
|
"indicator--5950d914-10f8-4db6-99fd-d5d102de0b81",
|
|
"indicator--5950d914-0214-4db5-8aa9-d5d102de0b81",
|
|
"observed-data--5950d914-b388-4c77-acde-d5d102de0b81",
|
|
"url--5950d914-b388-4c77-acde-d5d102de0b81",
|
|
"indicator--5950d914-1b88-4197-9e7b-d5d102de0b81",
|
|
"indicator--5950d914-9774-43fd-bf93-d5d102de0b81",
|
|
"observed-data--5950d914-9b50-4ac7-9021-d5d102de0b81",
|
|
"url--5950d914-9b50-4ac7-9021-d5d102de0b81",
|
|
"indicator--5950d914-a300-4cc2-b9bd-d5d102de0b81",
|
|
"indicator--5950d914-0160-4d27-9b8c-d5d102de0b81",
|
|
"observed-data--5950d914-ce94-4907-91f7-d5d102de0b81",
|
|
"url--5950d914-ce94-4907-91f7-d5d102de0b81",
|
|
"indicator--5950d914-c080-471e-b3f7-d5d102de0b81",
|
|
"indicator--5950d914-b8a4-416d-b587-d5d102de0b81",
|
|
"observed-data--5950d914-4274-4311-8cdf-d5d102de0b81",
|
|
"url--5950d914-4274-4311-8cdf-d5d102de0b81",
|
|
"indicator--5950d914-53f4-4fb7-888b-d5d102de0b81",
|
|
"indicator--5950d914-64c4-4323-889a-d5d102de0b81",
|
|
"observed-data--5950d914-2a20-4b93-a14c-d5d102de0b81",
|
|
"url--5950d914-2a20-4b93-a14c-d5d102de0b81",
|
|
"indicator--5950d914-d294-4280-8e84-d5d102de0b81",
|
|
"indicator--5950d914-cc90-49ce-9b03-d5d102de0b81",
|
|
"observed-data--5950d914-b72c-45ed-b937-d5d102de0b81",
|
|
"url--5950d914-b72c-45ed-b937-d5d102de0b81",
|
|
"indicator--5950d914-9a0c-4a31-84e9-d5d102de0b81",
|
|
"indicator--5950d914-ebec-4e54-8e1e-d5d102de0b81",
|
|
"observed-data--5950d914-e028-4140-be18-d5d102de0b81",
|
|
"url--5950d914-e028-4140-be18-d5d102de0b81",
|
|
"indicator--5950d914-ff14-4bb9-90c2-d5d102de0b81",
|
|
"indicator--5950d914-5ab0-4e2a-965c-d5d102de0b81",
|
|
"observed-data--5950d914-7bd0-491d-b954-d5d102de0b81",
|
|
"url--5950d914-7bd0-491d-b954-d5d102de0b81",
|
|
"indicator--5950d914-293c-4a1f-95e9-d5d102de0b81",
|
|
"indicator--5950d914-c9ec-4e72-83f0-d5d102de0b81",
|
|
"observed-data--5950d914-a810-4449-bea1-d5d102de0b81",
|
|
"url--5950d914-a810-4449-bea1-d5d102de0b81",
|
|
"indicator--5950d914-3dbc-4842-b8eb-d5d102de0b81",
|
|
"indicator--5950d914-c218-4f8e-8e35-d5d102de0b81",
|
|
"observed-data--5950d914-5dd0-4b7b-b727-d5d102de0b81",
|
|
"url--5950d914-5dd0-4b7b-b727-d5d102de0b81",
|
|
"indicator--5950d914-0988-4106-b155-d5d102de0b81",
|
|
"indicator--5950d914-c1f8-4013-b1be-d5d102de0b81",
|
|
"observed-data--5950d914-b70c-4c95-b5e6-d5d102de0b81",
|
|
"url--5950d914-b70c-4c95-b5e6-d5d102de0b81",
|
|
"indicator--5950d914-a9e4-449a-8c74-d5d102de0b81",
|
|
"indicator--5950d915-6be4-46c9-8172-d5d102de0b81",
|
|
"observed-data--5950d915-42c0-4bd4-9913-d5d102de0b81",
|
|
"url--5950d915-42c0-4bd4-9913-d5d102de0b81",
|
|
"indicator--5950d915-a7bc-482a-b788-d5d102de0b81",
|
|
"indicator--5950d915-9df4-4917-a904-d5d102de0b81",
|
|
"observed-data--5950d915-4778-450d-bd6e-d5d102de0b81",
|
|
"url--5950d915-4778-450d-bd6e-d5d102de0b81",
|
|
"indicator--5950d915-671c-4746-a3cf-d5d102de0b81",
|
|
"indicator--5950d915-d238-4130-88ee-d5d102de0b81",
|
|
"observed-data--5950d915-6290-4683-8f9d-d5d102de0b81",
|
|
"url--5950d915-6290-4683-8f9d-d5d102de0b81",
|
|
"indicator--5950d915-d928-479d-b238-d5d102de0b81",
|
|
"indicator--5950d915-09cc-487f-9458-d5d102de0b81",
|
|
"observed-data--5950d915-9d8c-477a-9e10-d5d102de0b81",
|
|
"url--5950d915-9d8c-477a-9e10-d5d102de0b81",
|
|
"indicator--5950d915-07c8-4bdf-afb0-d5d102de0b81",
|
|
"indicator--5950d915-82ac-4d27-9d39-d5d102de0b81",
|
|
"observed-data--5950d915-5f4c-4c65-be0c-d5d102de0b81",
|
|
"url--5950d915-5f4c-4c65-be0c-d5d102de0b81",
|
|
"indicator--5950d915-a6e4-4892-9169-d5d102de0b81",
|
|
"indicator--5950d915-0f88-418f-8c34-d5d102de0b81",
|
|
"observed-data--5950d915-6e98-44a9-a2d2-d5d102de0b81",
|
|
"url--5950d915-6e98-44a9-a2d2-d5d102de0b81",
|
|
"indicator--5950d915-c834-48c7-adb2-d5d102de0b81",
|
|
"indicator--5950d915-4bf0-4be2-a8e1-d5d102de0b81",
|
|
"observed-data--5950d915-d8c4-4853-8470-d5d102de0b81",
|
|
"url--5950d915-d8c4-4853-8470-d5d102de0b81",
|
|
"indicator--5950d915-73f0-47d5-9969-d5d102de0b81",
|
|
"indicator--5950d915-2eac-4d02-a6cb-d5d102de0b81",
|
|
"observed-data--5950d915-4b6c-4173-862c-d5d102de0b81",
|
|
"url--5950d915-4b6c-4173-862c-d5d102de0b81",
|
|
"indicator--5950d915-4778-4d80-9147-d5d102de0b81",
|
|
"indicator--5950d915-6d10-46b1-b459-d5d102de0b81",
|
|
"observed-data--5950d915-0430-49d7-987d-d5d102de0b81",
|
|
"url--5950d915-0430-49d7-987d-d5d102de0b81",
|
|
"indicator--5950d915-a5c0-4894-8ad5-d5d102de0b81",
|
|
"indicator--5950d915-8b5c-49a1-9beb-d5d102de0b81",
|
|
"observed-data--5950d915-0b54-46c0-8499-d5d102de0b81",
|
|
"url--5950d915-0b54-46c0-8499-d5d102de0b81",
|
|
"indicator--5950d915-615c-4ad9-9e93-d5d102de0b81",
|
|
"indicator--5950d915-f8c4-4941-8978-d5d102de0b81",
|
|
"observed-data--5950d915-f914-4ded-beb1-d5d102de0b81",
|
|
"url--5950d915-f914-4ded-beb1-d5d102de0b81",
|
|
"indicator--5950d915-3d24-45d8-a674-d5d102de0b81",
|
|
"indicator--5950d915-c5ec-4bcd-9f58-d5d102de0b81",
|
|
"observed-data--5950d915-677c-4041-a274-d5d102de0b81",
|
|
"url--5950d915-677c-4041-a274-d5d102de0b81",
|
|
"indicator--5950d915-cee8-45c4-9152-d5d102de0b81",
|
|
"indicator--5950d915-9e2c-44a1-8e9d-d5d102de0b81",
|
|
"observed-data--5950d915-3bb4-4686-bf0a-d5d102de0b81",
|
|
"url--5950d915-3bb4-4686-bf0a-d5d102de0b81",
|
|
"indicator--5950d915-f878-4c4e-ab79-d5d102de0b81",
|
|
"indicator--5950d915-6d14-486e-882e-d5d102de0b81",
|
|
"observed-data--5950d916-2798-4d2e-8d23-d5d102de0b81",
|
|
"url--5950d916-2798-4d2e-8d23-d5d102de0b81",
|
|
"indicator--5950d916-6b58-4d1f-82c0-d5d102de0b81",
|
|
"indicator--5950d916-b550-4ba1-8621-d5d102de0b81",
|
|
"observed-data--5950d916-92b4-4c31-bc18-d5d102de0b81",
|
|
"url--5950d916-92b4-4c31-bc18-d5d102de0b81",
|
|
"indicator--5950d916-8e70-49f3-bbea-d5d102de0b81",
|
|
"indicator--5950d916-6638-4587-b598-d5d102de0b81",
|
|
"observed-data--5950d916-f020-4f0a-bd09-d5d102de0b81",
|
|
"url--5950d916-f020-4f0a-bd09-d5d102de0b81",
|
|
"indicator--5950d916-4b60-49f8-b7a4-d5d102de0b81",
|
|
"indicator--5950d916-c5f0-4ddc-ac98-d5d102de0b81",
|
|
"observed-data--5950d916-7b3c-419d-b10f-d5d102de0b81",
|
|
"url--5950d916-7b3c-419d-b10f-d5d102de0b81",
|
|
"indicator--5950d916-f6c4-4626-af93-d5d102de0b81",
|
|
"indicator--5950d916-a820-445c-b14e-d5d102de0b81",
|
|
"observed-data--5950d916-362c-4401-83c1-d5d102de0b81",
|
|
"url--5950d916-362c-4401-83c1-d5d102de0b81",
|
|
"indicator--5950d916-3060-40ea-892e-d5d102de0b81",
|
|
"indicator--5950d916-cf98-48aa-89f8-d5d102de0b81",
|
|
"observed-data--5950d916-9b44-496e-b594-d5d102de0b81",
|
|
"url--5950d916-9b44-496e-b594-d5d102de0b81",
|
|
"indicator--5950d916-4618-43bd-abdc-d5d102de0b81",
|
|
"indicator--5950d916-0d10-4fe1-95dc-d5d102de0b81",
|
|
"observed-data--5950d916-c494-422e-8c97-d5d102de0b81",
|
|
"url--5950d916-c494-422e-8c97-d5d102de0b81",
|
|
"indicator--5950d916-15a8-4b83-995e-d5d102de0b81",
|
|
"indicator--5950d916-07b4-4992-a93e-d5d102de0b81",
|
|
"observed-data--5950d916-dd30-4f9c-a5f1-d5d102de0b81",
|
|
"url--5950d916-dd30-4f9c-a5f1-d5d102de0b81",
|
|
"indicator--5950d916-7eac-475f-8354-d5d102de0b81",
|
|
"indicator--5950d916-56a4-45ba-a33c-d5d102de0b81",
|
|
"observed-data--5950d916-fee0-4979-be35-d5d102de0b81",
|
|
"url--5950d916-fee0-4979-be35-d5d102de0b81",
|
|
"indicator--5950d917-fd54-44a0-8fdd-d5d102de0b81",
|
|
"indicator--5950d917-4888-4267-a04d-d5d102de0b81",
|
|
"observed-data--5950d917-b164-42ff-b691-d5d102de0b81",
|
|
"url--5950d917-b164-42ff-b691-d5d102de0b81",
|
|
"indicator--5950d917-55d0-4c67-92f2-d5d102de0b81",
|
|
"indicator--5950d917-6adc-4ad4-a91f-d5d102de0b81",
|
|
"observed-data--5950d917-1a54-415d-9a3f-d5d102de0b81",
|
|
"url--5950d917-1a54-415d-9a3f-d5d102de0b81",
|
|
"indicator--5950d917-162c-4126-a683-d5d102de0b81",
|
|
"indicator--5950d917-af78-4997-9a36-d5d102de0b81",
|
|
"observed-data--5950d917-7b10-4c03-8965-d5d102de0b81",
|
|
"url--5950d917-7b10-4c03-8965-d5d102de0b81",
|
|
"indicator--5950d917-c494-42fb-928b-d5d102de0b81",
|
|
"indicator--5950d917-ab48-4396-bd23-d5d102de0b81",
|
|
"observed-data--5950d917-9fa4-4152-9372-d5d102de0b81",
|
|
"url--5950d917-9fa4-4152-9372-d5d102de0b81",
|
|
"indicator--5950d917-6ba8-4619-b67d-d5d102de0b81",
|
|
"indicator--5950d917-bad8-4184-876d-d5d102de0b81",
|
|
"observed-data--5950d917-84cc-4f6b-8bf3-d5d102de0b81",
|
|
"url--5950d917-84cc-4f6b-8bf3-d5d102de0b81",
|
|
"indicator--5950d917-c84c-49d8-b2e1-d5d102de0b81",
|
|
"indicator--5950d917-323c-4d17-b991-d5d102de0b81",
|
|
"observed-data--5950d917-00f0-4de3-81ed-d5d102de0b81",
|
|
"url--5950d917-00f0-4de3-81ed-d5d102de0b81",
|
|
"indicator--5950d917-e9e0-4ceb-8df4-d5d102de0b81",
|
|
"indicator--5950d917-9744-425c-aa4c-d5d102de0b81",
|
|
"observed-data--5950d917-afcc-4140-851b-d5d102de0b81",
|
|
"url--5950d917-afcc-4140-851b-d5d102de0b81",
|
|
"indicator--5950d917-648c-422a-9c7b-d5d102de0b81",
|
|
"indicator--5950d917-7170-42ab-b635-d5d102de0b81",
|
|
"observed-data--5950d917-3900-4072-8459-d5d102de0b81",
|
|
"url--5950d917-3900-4072-8459-d5d102de0b81",
|
|
"indicator--5950d917-54fc-4765-9e37-d5d102de0b81",
|
|
"indicator--5950d917-9554-496e-9702-d5d102de0b81",
|
|
"observed-data--5950d917-2fac-4491-aa69-d5d102de0b81",
|
|
"url--5950d917-2fac-4491-aa69-d5d102de0b81",
|
|
"indicator--5950d917-d9e4-413c-b071-d5d102de0b81",
|
|
"indicator--5950d917-cd00-4d69-a1c7-d5d102de0b81",
|
|
"observed-data--5950d917-5354-4c54-bf02-d5d102de0b81",
|
|
"url--5950d917-5354-4c54-bf02-d5d102de0b81",
|
|
"indicator--5950d917-c250-41ab-ba1b-d5d102de0b81",
|
|
"indicator--5950d917-c5fc-415b-8baf-d5d102de0b81",
|
|
"observed-data--5950d917-cbec-4cce-bf55-d5d102de0b81",
|
|
"url--5950d917-cbec-4cce-bf55-d5d102de0b81",
|
|
"indicator--5950d917-09e8-44f7-9fe6-d5d102de0b81",
|
|
"indicator--5950d917-4548-4528-ae4c-d5d102de0b81",
|
|
"observed-data--5950d917-3eac-4e8e-89ba-d5d102de0b81",
|
|
"url--5950d917-3eac-4e8e-89ba-d5d102de0b81",
|
|
"indicator--5950d917-f9c0-4f97-94a9-d5d102de0b81",
|
|
"indicator--5950d917-d188-4fb0-ae7d-d5d102de0b81",
|
|
"observed-data--5950d917-f2f4-49c0-99db-d5d102de0b81",
|
|
"url--5950d917-f2f4-49c0-99db-d5d102de0b81",
|
|
"indicator--5950d917-1d24-4d1d-840a-d5d102de0b81",
|
|
"indicator--5950d917-43f4-4aef-b7d1-d5d102de0b81",
|
|
"observed-data--5950d917-6dc8-4ccb-8710-d5d102de0b81",
|
|
"url--5950d917-6dc8-4ccb-8710-d5d102de0b81",
|
|
"indicator--5950d917-18f4-402a-9975-d5d102de0b81",
|
|
"indicator--5950d917-d778-461c-9cd1-d5d102de0b81",
|
|
"observed-data--5950d917-69d8-4ece-9ed1-d5d102de0b81",
|
|
"url--5950d917-69d8-4ece-9ed1-d5d102de0b81",
|
|
"indicator--5950d917-1eac-4b42-aa2d-d5d102de0b81",
|
|
"indicator--5950d917-7c6c-4c66-9d81-d5d102de0b81",
|
|
"observed-data--5950d917-2bac-4d18-af4f-d5d102de0b81",
|
|
"url--5950d917-2bac-4d18-af4f-d5d102de0b81",
|
|
"indicator--5950d917-7d74-4a94-8fe4-d5d102de0b81",
|
|
"indicator--5950d917-f9ac-4c83-aa1d-d5d102de0b81",
|
|
"observed-data--5950d917-2760-4b0a-82ae-d5d102de0b81",
|
|
"url--5950d917-2760-4b0a-82ae-d5d102de0b81",
|
|
"indicator--5950d918-b700-4fe0-944f-d5d102de0b81",
|
|
"indicator--5950d918-c458-44df-b564-d5d102de0b81",
|
|
"observed-data--5950d918-6004-4376-8fa3-d5d102de0b81",
|
|
"url--5950d918-6004-4376-8fa3-d5d102de0b81",
|
|
"indicator--5950d918-49dc-47a3-b9a4-d5d102de0b81",
|
|
"indicator--5950d918-5424-45e7-b598-d5d102de0b81",
|
|
"observed-data--5950d918-7838-4036-af92-d5d102de0b81",
|
|
"url--5950d918-7838-4036-af92-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"misp-galaxy:threat-actor=\"El Machete\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594e5f15-a4b4-4267-ab79-b0d302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--594e5f15-a4b4-4267-ab79-b0d302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--594e5f15-a4b4-4267-ab79-b0d302de0b81",
|
|
"value": "https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.html"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-5268-4108-9cbd-41ac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '0972e075b70ea6f43b4a6f2c5e7f9329c3f4b382d7327b556131587142a3751f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-21c8-4d19-b649-48b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '14e3053393d9b3845cec621cd79b0c5d7cd7cf656be0f5a78bb16fd0439c9917']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-8888-4433-9502-48fb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '1c0f253b91b651e8cb61ea5dc6f0bf077bec3ab9612e78f9a30c3026e39bf8a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-7a7c-48eb-affe-4cc302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '28131cea5009f680064a7962279ebdff7728463a6d0a30ef2077999abe27bee7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-02b0-447f-a27c-4ab002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '282651843b51a1c81fb4c2d94f319439c66101d2a0d10552940ede5c382dc995']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-08f4-4a01-aaab-4a7602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '2f878a3043d8f506fa53265afcea40b622e82806d1438cf4a07f92fb01d9962f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-30f4-450c-a4a0-422d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '3b326f99ce3f4d8fa86135a567ba236fcc0eb308cd5bbfc74404a5fe3737682a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-663c-4ac5-a395-4e5d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '52cec92c27d99c397e6104e89923aa126b94d3b1cf3afa1c49b353494219162e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-e74c-474a-9106-462002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '5fed1bda348468eddbdd3cdefd03b6add327ff4d9cf5d2300201e08724b24c9a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-60f0-407b-8579-409a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '613351824cabdb3932ab0709138de1fcff63f3f8926d51b23291ebf345df4471']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-c004-4adf-a091-471202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '6917db24c61e6de8be08d02febe764fe7e63218b37e4a22e9d7e8691eee38dcb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-242c-482a-abb8-4cb302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '732ceaf2ce6f233bb4a305edc8d2bb59587a92bd6f03ea748bef6dd13bf38499']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-a0f0-4fff-b8b5-454202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '76af6661f95bf45537c961d4446d924a70b9b053ddbf02c8bfda2918d5ac90f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-507c-4232-99f0-498a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '93348d6dffd45a4c01b10fc90501c666f7a5360547e2a025d5980f235e815cc9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-6378-42d9-bbd2-495202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = '9d124733378333e556d29684eb05060e8c88eb476a5803d0879c41f4344f6bd9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-3928-4418-94ad-45c102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = 'b8341d72c3b2ecd90a18d428a7ea81a267eb105a36692042fe8904b0b0ea6b07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-8bd8-4da2-9651-456302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = 'bc3cedfa6a2c05717116b29c2b387a985a504a97ce0e0a43212b3bc89ac9cf95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-8514-41ca-a816-46f802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = 'c634f10a475df833c55610e38e947dda278b474b6650bb8570ab3801be43739f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-8d28-475d-bd56-4a8102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = 'd2b81d32ceb61640c72d2af241527e942218e2067c7a0ae4ff5b6eabe659255e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f29-8790-4b02-ab29-456202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Primary Droppers",
|
|
"pattern": "[file:hashes.SHA256 = 'f98ef639797013d6eddfcc00f7d208510ac02ca49bed1eb9250156081d5ed0ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-0c94-4e75-b41a-454a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '06ae08f9628f40a75a01c266caaa440ec664c3138f9fd39b273e6d8c9ec50f17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-77cc-4d47-8929-498902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '0970e43cf5458b0cf77e2232f724a651e9f37513f5cb3c58b51d357c21e18e4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-ef78-48d9-a132-4f3002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '0ebdf2390584d1c66dc908bd8b95c96673428c1c22fb495075b4c79e2f54f796']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-0bcc-4e7a-b6c2-4a8902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '1661fb2e2b4f701203bf22b3cf339cc12f5779999ee1ced6818e5087714b074c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-180c-46c9-a95a-4d9902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '17236e97e665a0766be612e57a90332e86e44d18f31ccd2beb7487cfdfd2bb8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-6fb0-4cb0-9b63-436802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '1a5dcc6e43aac2f1fdf0928d817ef5358ba5420fc578f5ec3fa4fbd304d02f36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-930c-4e9a-a099-4af902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '1d1dc7fe128330558f071aebdd9a6ee76ac24fd0009661f90ae8dc9ce8ec10d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-b6cc-4f2b-b8fc-477002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '495aa2ac2c666e82c7244a74ac025006c3476f348105253adef7a225f98aeba1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-d788-4766-8963-489302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '4c14f7e1323a26d00cc9bf516ae1137a97e84691e4c2f525b16828e217ff037c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-7374-40ea-aae1-4b4a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '58207b19c327b3590c92279006458356249f929c71cdb18791b498dd08f36cc8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-eef4-4f70-adb7-45b802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '6b8a536740e8e5af9b472f90925856eb44e272f88a90ecaad1714576dae83f88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-8c0c-4d23-a1e8-4c7a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '6bc30bd07cfbf20051057483b9883925bd4eda545376a793286e2d5315389181']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-d0dc-49a4-bdc1-4fc602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '6c60ff5e52c5b77012de3e43a1ba88b6c952e51b98d9651ddd6791c4af4a6607']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f47-9cf8-41b4-9bb4-408102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '7567935a0e3882278455f4b6e434021d6bdee51be56d455ce1a13e13fe28cdcd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-332c-4941-a52f-471202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '82ee78877adeb3db055d924cc08148db03f7b6d4734b7deb2f59ab37269ffeb4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-c3c4-48f8-acc3-4b8602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '8434227d1db2679a36d767e7b0ffa5934496d947f4dcd765961d539108534df8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-c774-4ea9-9ad9-4e4b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '89e2bf8e057e5e5c1d99e5c533cc0352f4f86dd9bea03aae01b8c02454eed7a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-46d4-48c0-9ce6-442302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = '9641553bfdffbeb4e786f36ed9fc6545d6b8c624eddb576cc234ab43d4afff2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-f580-4661-a938-4aa302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = 'acb60ec5dc7778fd4ab1f21bd9a406c04455f8d28b1e01e97bd0ac036d1e72e2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-50f8-453a-ab57-446a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = 'bba13073badce1669d858955613c4e10adf6d4577a517a618009bde93639d47a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-c148-49d5-bcfe-48f902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = 'c5278dabf24ecf9207ad8ee4ac3a4dd087ed3d671983c84c0babfc94a52da182']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-4c28-46c7-be78-438f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = 'eab46451c053b6a606655a69c381a56a9afca4bf1bd2882c7c030ae69f892da7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-e620-42b0-ba56-4c9d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = 'ec2ac42b822de3ef7ec5c980075fd32ef134bf2fd31bfd368c563faee5702b60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-b088-4237-9e86-426202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = 'f258d903d23e34b6109294e4ca3d18078652dea23eea13f77f496303d6798995']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-a070-40c2-9f00-468302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = 'fa97b9f4d1f5f401f8bdb4c989d10e1c4d7f76e65a31a3b9ac34c10c17653a64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-37ac-4f98-9fc1-4f2302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = 'ffba9c46c2b991dabfa3b1e3d91dc4b4126086ba288b594836936145e9a8454b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f48-c5ec-48b0-a996-40ca02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Initial Payload With Decoy",
|
|
"pattern": "[file:hashes.SHA256 = 'd21d981bc5efba11e8abf17cd369045d3eefa5268d7457bce5136e399bedb241']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f5b-c6c0-4194-a028-491202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "RAR Files",
|
|
"pattern": "[file:hashes.SHA256 = '048d43882bd7e55a245f11931f577e7ec706f2d64ba37c3372bc73f6971dc233']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f5b-21f8-4270-a333-473f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "RAR Files",
|
|
"pattern": "[file:hashes.SHA256 = '6d73387c8c132c8bfbc7a644524b4995cdb3b4c8700a8f12921bcb0f9b573ede']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f5b-e52c-4185-818d-4f1602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "RAR Files",
|
|
"pattern": "[file:hashes.SHA256 = '601587809f2da4b6bdfa8fdab087209bfe9555e68f34d9c0ba18a2a76eecfdb3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f5b-2fb4-4869-a56a-464902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "RAR Files",
|
|
"pattern": "[file:hashes.SHA256 = '2265ad57ec790a239eea12af5398819cab744fe167142346055b36a32482e06e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f5b-54bc-49f3-a342-4bbd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "RAR Files",
|
|
"pattern": "[file:hashes.SHA256 = '27443b0e1864cee5ad787ec6dcdd4521186163b090278ddb4f75c35d0f52864e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f6e-9748-4a0a-8e84-462802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Zip File",
|
|
"pattern": "[file:hashes.SHA256 = 'a8f0a470d5365c58e8cdfe8b62d5b11e4fc0197731695868c583fc89b19ef130']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f6e-f134-4308-ae54-41df02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Zip File",
|
|
"pattern": "[file:hashes.SHA256 = '6ba72f5c88f3253c196fc4e5c0b41c2b5dfba9456ce7e8393c4a36fdfc1c6add']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f6e-6a1c-45fe-a1e1-4cc402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Zip File",
|
|
"pattern": "[file:hashes.SHA256 = '3e08e7f85c1185a1583955f9efa247addef11991beb36eb8b3f89c555707575e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f6e-9cbc-45a2-9d04-4a1a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Zip File",
|
|
"pattern": "[file:hashes.SHA256 = 'f7107b9fdba48cefeff824f45b7268dd083accc847836f16dae740ce3d3d6543']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594e5f6e-2bb0-4e66-a32b-45ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "Zip File",
|
|
"pattern": "[file:hashes.SHA256 = '55ac70ec30269428626ba3c9433b4c9421712ec1a960b4590247447f45f26ac4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d552-7c28-478f-b356-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR identified the following URLs were used in phishing attempts",
|
|
"pattern": "[url:value = 'http://actualizacion.esy.es/Mision_Secreta_de_la_DINA_en_Washigton.rar']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d552-729c-4be4-b76c-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR identified the following URLs were used in phishing attempts",
|
|
"pattern": "[url:value = 'http://almuerzowordaula3.16mb.com/ORDENES_GENERALES.rar']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d552-7d0c-4fb2-b342-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR identified the following URLs were used in phishing attempts",
|
|
"pattern": "[url:value = 'http://carolinaz25.esy.es/DECRETO_No_18_Duelo_Virgilio_Godoy_.rar']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d552-3ffc-4911-aa33-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR identified the following URLs were used in phishing attempts",
|
|
"pattern": "[url:value = 'http://carolinaz25.esy.es/RDGMA_07_4432.rar']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d552-e410-49af-a85d-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR identified the following URLs were used in phishing attempts",
|
|
"pattern": "[url:value = 'http://cristianoo.esy.es/Padrino_Lopez_Hay_un_golpe_de_Estado_en_desarrollo.zip']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d552-5368-4433-85e5-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR identified the following URLs were used in phishing attempts",
|
|
"pattern": "[url:value = 'http://cristianoo.esy.es/ROSARIO_EN_MULTINOTICIAS_13_ABRIL_2016.zip']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d552-85d0-4378-bf21-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR identified the following URLs were used in phishing attempts",
|
|
"pattern": "[url:value = 'http://flipjbl.esy.es/Suport/Articulo\\\\%20sobre\\\\%20funcionarias\\\\%20de\\\\%20Nicaragua\\\\%20docx.rar']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d552-ed6c-4e03-9282-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR identified the following URLs were used in phishing attempts",
|
|
"pattern": "[url:value = 'http://flipjbl.esy.es/Suport/Debes\\\\%20utilizar\\\\%20una\\\\%20computadora\\\\%20para\\\\%20extraer\\\\%20el\\\\%20contenido.rar']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d552-cbc0-4c1c-8053-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR identified the following URLs were used in phishing attempts",
|
|
"pattern": "[url:value = 'http://informesanddocumentos.esy.es/semanario_en_marcha_1758_1.zip']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-5e78-440d-92bb-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-5e78-440d-92bb-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-5e78-440d-92bb-d5d1950d210f",
|
|
"name": "977_REG_IN_CO_012_V1.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-98e8-433e-8340-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-98e8-433e-8340-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-98e8-433e-8340-d5d1950d210f",
|
|
"name": "Aniversario_de_cascos_azules_ecuatorianos.docx.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-d040-4407-ae7d-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-d040-4407-ae7d-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-d040-4407-ae7d-d5d1950d210f",
|
|
"name": "Articulo sobre funcionarias de Nicaragua docx.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-1950-44db-86a6-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-1950-44db-86a6-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-1950-44db-86a6-d5d1950d210f",
|
|
"name": "Articulo_de_Opinion_Heinz_Dieterich.docx.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-40c8-4144-b00f-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-40c8-4144-b00f-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-40c8-4144-b00f-d5d1950d210f",
|
|
"name": "Bolet\u00c3\u00adn_PAT_034_UADMNE_Visita_de_Guardianes_del_Mar_a_repartos_navales.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-8780-4f43-bf96-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-8780-4f43-bf96-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-8780-4f43-bf96-d5d1950d210f",
|
|
"name": "Citacion Judicial expediente 10388-17 Oficio 35467pdf.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-a91c-4bfc-9c40-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-a91c-4bfc-9c40-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-a91c-4bfc-9c40-d5d1950d210f",
|
|
"name": "CIRCULAR_8_OCT_2016.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-946c-4640-8d70-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-946c-4640-8d70-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-946c-4640-8d70-d5d1950d210f",
|
|
"name": "Cuestionario.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-d260-4ece-ae16-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-d260-4ece-ae16-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-d260-4ece-ae16-d5d1950d210f",
|
|
"name": "DECRETO_No_18_Duelo_Virgilio_Godoy_.docx.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-e4a8-4c76-b9ef-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-e4a8-4c76-b9ef-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-e4a8-4c76-b9ef-d5d1950d210f",
|
|
"name": "Demanda.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-11c0-403a-b36f-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-11c0-403a-b36f-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-11c0-403a-b36f-d5d1950d210f",
|
|
"name": "Denuncia_penal_o_querella.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-9da8-413c-a526-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-9da8-413c-a526-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-9da8-413c-a526-d5d1950d210f",
|
|
"name": "DIRECTIVA_MANDO_OPERACIONAL.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-8818-4a9a-a7d0-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-8818-4a9a-a7d0-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-8818-4a9a-a7d0-d5d1950d210f",
|
|
"name": "Informe Derechos Humanos en Nicaragua docx.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-95b0-409d-9d4c-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-95b0-409d-9d4c-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-95b0-409d-9d4c-d5d1950d210f",
|
|
"name": "INSTRUCTIVO LOGISTICO.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-00a4-48e3-b4b6-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-00a4-48e3-b4b6-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-00a4-48e3-b4b6-d5d1950d210f",
|
|
"name": "Jungmann verifica o funcionamento do SISFRON, em Dourados (MS).docx.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-7b38-4c92-bebe-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-7b38-4c92-bebe-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-7b38-4c92-bebe-d5d1950d210f",
|
|
"name": "LISTA DEL RADG N\u00c2\u00b0 0931208.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-2d84-4d7d-8943-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-2d84-4d7d-8943-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-2d84-4d7d-8943-d5d1950d210f",
|
|
"name": "Ministerio_de_Defensa_ordena_al_Issfa_que_no_suspenda_tres_prestaciones.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-573c-49f6-a41f-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-573c-49f6-a41f-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-573c-49f6-a41f-d5d1950d210f",
|
|
"name": "Mision_Secreta_de_la_DINA_en_Washigton.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-2ff4-427e-a1ff-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-2ff4-427e-a1ff-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-2ff4-427e-a1ff-d5d1950d210f",
|
|
"name": "Nicaragua denuncia ante la CIJ las.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-297c-4347-93cd-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-297c-4347-93cd-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-297c-4347-93cd-d5d1950d210f",
|
|
"name": "Notificacion_Judicial_No_121523_2015.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-5824-463c-93ac-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-5824-463c-93ac-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-5824-463c-93ac-d5d1950d210f",
|
|
"name": "Notificacion_Judicial_No_121523_2016.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-ec80-46f8-8ae9-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-ec80-46f8-8ae9-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-ec80-46f8-8ae9-d5d1950d210f",
|
|
"name": "Notificacion_Judicial_No_8030923_2015.exe"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-afbc-4e64-869d-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-afbc-4e64-869d-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-afbc-4e64-869d-d5d1950d210f",
|
|
"name": "ORDENES_GENERALES.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-0a50-42a3-9b2f-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-0a50-42a3-9b2f-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-0a50-42a3-9b2f-d5d1950d210f",
|
|
"name": "Padrino_Lopez_Hay_un_golpe_de_Estado_en_desarrollo.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-9c1c-40e8-972b-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-9c1c-40e8-972b-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-9c1c-40e8-972b-d5d1950d210f",
|
|
"name": "PARTE ESPECIAL COMANDANCIA GENERAL DE LA AVIACI\u00c3\u201cN 20SEP15.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-01b4-4c70-a67d-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-01b4-4c70-a67d-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-01b4-4c70-a67d-d5d1950d210f",
|
|
"name": "RDGMA_07_4432.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-2284-4612-8d92-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-2284-4612-8d92-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-2284-4612-8d92-d5d1950d210f",
|
|
"name": "REINCORPORACION.SCR"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-c11c-4e1f-b89b-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-c11c-4e1f-b89b-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-c11c-4e1f-b89b-d5d1950d210f",
|
|
"name": "ROSARIO_EN_MULTINOTICIAS_13_ABRIL_2016.scr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d591-1f2c-46cd-a41d-d5d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"first_observed": "2017-06-26T09:51:13Z",
|
|
"last_observed": "2017-06-26T09:51:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5950d591-1f2c-46cd-a41d-d5d1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5950d591-1f2c-46cd-a41d-d5d1950d210f",
|
|
"name": "Semanario_En_Marcha_1756_11.scr"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d5b0-9d20-47d2-b34b-8c2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"pattern": "[domain-name:value = 'idrt.gotdns.ch']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d5c3-1534-423e-a305-8c96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"pattern": "[domain-name:value = 'derte.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d5c3-6dcc-4837-b90f-8c96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"pattern": "[domain-name:value = 'jristr.hopto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d5c3-7e14-48ef-a2d9-8c96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"pattern": "[domain-name:value = 'wbgs.3utilities.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d5de-7aac-446f-b1fe-8d0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.9.3.184']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d5de-016c-499d-9cd1-8d0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.239.232.149']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d5de-5fe0-4ce7-8fb3-8d0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.64.43.33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d628-f528-43b9-b16b-8c96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "The domain \u00e2\u20ac\u02dcjristr.hopto[dot]org\u00e2\u20ac\u2122 shared a direct link to past El Machete activity via the IP address \u00e2\u20ac\u02dc181.50.98.50\u00e2\u20ac\u2122, which was also previously used by \u00e2\u20ac\u02dcjava.serveblog[dot]net\u00e2\u20ac\u2122.",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.50.98.50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d628-23c8-425f-b191-8c96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "The domain \u00e2\u20ac\u02dcjristr.hopto[dot]org\u00e2\u20ac\u2122 shared a direct link to past El Machete activity via the IP address \u00e2\u20ac\u02dc181.50.98.50\u00e2\u20ac\u2122, which was also previously used by \u00e2\u20ac\u02dcjava.serveblog[dot]net\u00e2\u20ac\u2122.",
|
|
"pattern": "[domain-name:value = 'java.serveblog.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d645-7e6c-4aa9-9a64-d5c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR found that El Machete relied on two primary means to achieve persistence: scheduled tasks and the startup folder. Scheduled tasks commonly used \u00e2\u20ac\u02dcHD_Audio\u00e2\u20ac\u2122, \u00e2\u20ac\u02dcJava_Upda\u00e2\u20ac\u2122, or \u00e2\u20ac\u02dcMicrosoft_up\u00e2\u20ac\u2122 as the task name and generally pointed to one of the executable:",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\Desjr\\\\jfxrt.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d645-1ffc-4232-935c-d5c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR found that El Machete relied on two primary means to achieve persistence: scheduled tasks and the startup folder. Scheduled tasks commonly used \u00e2\u20ac\u02dcHD_Audio\u00e2\u20ac\u2122, \u00e2\u20ac\u02dcJava_Upda\u00e2\u20ac\u2122, or \u00e2\u20ac\u02dcMicrosoft_up\u00e2\u20ac\u2122 as the task name and generally pointed to one of the executable:",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\unijr\\\\kfxw.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d645-e30c-4df6-8d73-d5c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "SPEAR found that El Machete relied on two primary means to achieve persistence: scheduled tasks and the startup folder. Scheduled tasks commonly used \u00e2\u20ac\u02dcHD_Audio\u00e2\u20ac\u2122, \u00e2\u20ac\u02dcJava_Upda\u00e2\u20ac\u2122, or \u00e2\u20ac\u02dcMicrosoft_up\u00e2\u20ac\u2122 as the task name and generally pointed to one of the executable:",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\MicroDes\\\\javaH.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d6b7-abc8-48a5-a695-4f14950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "The group preferred to create their own directories to drop files into",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\unijr\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d6b7-e2fc-4b69-a964-473a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "The group preferred to create their own directories to drop files into",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\HDA\\\\Bush\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d6b7-ee8c-4e44-b9e4-49b2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "The group preferred to create their own directories to drop files into",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\jre8\\\\lib\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d6b7-2648-4192-99b4-4331950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "The group preferred to create their own directories to drop files into",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\java.\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d6b7-fdb8-4a08-9ae3-466a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"description": "The group preferred to create their own directories to drop files into",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\MicroDes\\\\']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5950d6cc-d8b4-4114-af10-4102950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:13.000Z",
|
|
"modified": "2017-06-26T09:51:13.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "El Machete has continued largely unimpeded in their espionage activities for the past several years, despite the abundance of publicly available indicators. Many of these indicators should have allowed defenders to reliably identify this threat, but the majority of antivirus (AV) solutions continue to have very low detection rates across current samples. Compiled scripts are an increasingly complicated area of detection for security companies and will likely continue to be adopted by both skilled and unskilled attackers alike. Scripting languages natively provide an easy means of developing cross platform compatibility for other operating systems like OSX and Linux, however, all of the scripts SPEAR found appeared to be heavily reliant upon Windows APIs to perform critical functions.\r\n\r\nEl Machete will no doubt continue to be successful across most Latin American countries as they struggle to build up both their offensive and defensive cyber capabilities. Many of the targeted countries were listed as customers in the leaks of both Finfisher and Hacking Team, which suggests they likely have yet to fully mature and develop their own internal cyber capabilities. In any case, whoever is behind El Machete is certainly reaping the rewards of building and deploying their own custom malware."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d913-8e10-4b31-bc4a-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:15.000Z",
|
|
"modified": "2017-06-26T09:51:15.000Z",
|
|
"description": "Zip File - Xchecked via VT: 55ac70ec30269428626ba3c9433b4c9421712ec1a960b4590247447f45f26ac4",
|
|
"pattern": "[file:hashes.SHA1 = '09924d284497fcb0fc4f60756c931b174fafbbe4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d913-9f60-4bd1-a466-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:15.000Z",
|
|
"modified": "2017-06-26T09:51:15.000Z",
|
|
"description": "Zip File - Xchecked via VT: 55ac70ec30269428626ba3c9433b4c9421712ec1a960b4590247447f45f26ac4",
|
|
"pattern": "[file:hashes.MD5 = '7aea8468677608e0b81c80edc3fab292']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-2c74-44c2-ae83-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-2c74-44c2-ae83-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-2c74-44c2-ae83-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/55ac70ec30269428626ba3c9433b4c9421712ec1a960b4590247447f45f26ac4/analysis/1491946094/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-db24-4191-87bb-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Zip File - Xchecked via VT: f7107b9fdba48cefeff824f45b7268dd083accc847836f16dae740ce3d3d6543",
|
|
"pattern": "[file:hashes.SHA1 = '7fd2fb33e3ff03f307885b48737f42021d6cfb38']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-8bf8-4195-8b0f-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Zip File - Xchecked via VT: f7107b9fdba48cefeff824f45b7268dd083accc847836f16dae740ce3d3d6543",
|
|
"pattern": "[file:hashes.MD5 = '7cd5fed328110ffe6a3e3ef1404516b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-b334-44d6-a013-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-b334-44d6-a013-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-b334-44d6-a013-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/f7107b9fdba48cefeff824f45b7268dd083accc847836f16dae740ce3d3d6543/analysis/1491771893/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-d19c-4cfb-9f40-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Zip File - Xchecked via VT: 3e08e7f85c1185a1583955f9efa247addef11991beb36eb8b3f89c555707575e",
|
|
"pattern": "[file:hashes.SHA1 = '0172e46b364c765ff8fb7bf3e3cc66160babd89c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-4a44-433a-a3f3-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Zip File - Xchecked via VT: 3e08e7f85c1185a1583955f9efa247addef11991beb36eb8b3f89c555707575e",
|
|
"pattern": "[file:hashes.MD5 = '7b06b3442600c5e661ffbad2e7257608']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-5678-44bd-8a52-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-5678-44bd-8a52-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-5678-44bd-8a52-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/3e08e7f85c1185a1583955f9efa247addef11991beb36eb8b3f89c555707575e/analysis/1485530100/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-584c-4e24-ab73-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Zip File - Xchecked via VT: 6ba72f5c88f3253c196fc4e5c0b41c2b5dfba9456ce7e8393c4a36fdfc1c6add",
|
|
"pattern": "[file:hashes.SHA1 = '4efdedadc97e6998abc824c57b9110de3b3150b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-2138-42f9-98cc-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Zip File - Xchecked via VT: 6ba72f5c88f3253c196fc4e5c0b41c2b5dfba9456ce7e8393c4a36fdfc1c6add",
|
|
"pattern": "[file:hashes.MD5 = 'b85d07ea85445688d17532b387828019']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-9928-437f-831e-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-9928-437f-831e-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-9928-437f-831e-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/6ba72f5c88f3253c196fc4e5c0b41c2b5dfba9456ce7e8393c4a36fdfc1c6add/analysis/1490205158/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-c810-40ba-9461-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Zip File - Xchecked via VT: a8f0a470d5365c58e8cdfe8b62d5b11e4fc0197731695868c583fc89b19ef130",
|
|
"pattern": "[file:hashes.SHA1 = '7094d2f3503d89e00c228fd7dc5447e01d161e30']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-2ae0-43a0-83b9-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Zip File - Xchecked via VT: a8f0a470d5365c58e8cdfe8b62d5b11e4fc0197731695868c583fc89b19ef130",
|
|
"pattern": "[file:hashes.MD5 = '702b3da308e5d7e6ab640e51cfb9f0cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-d524-4115-80e9-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-d524-4115-80e9-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-d524-4115-80e9-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/a8f0a470d5365c58e8cdfe8b62d5b11e4fc0197731695868c583fc89b19ef130/analysis/1491771795/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-10f8-4db6-99fd-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "RAR Files - Xchecked via VT: 27443b0e1864cee5ad787ec6dcdd4521186163b090278ddb4f75c35d0f52864e",
|
|
"pattern": "[file:hashes.SHA1 = 'd117992f091278ba767637217f566c24ac03750f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-0214-4db5-8aa9-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "RAR Files - Xchecked via VT: 27443b0e1864cee5ad787ec6dcdd4521186163b090278ddb4f75c35d0f52864e",
|
|
"pattern": "[file:hashes.MD5 = 'd3e8f5a25f61b637d8f9ac30caa10e16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-b388-4c77-acde-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-b388-4c77-acde-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-b388-4c77-acde-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/27443b0e1864cee5ad787ec6dcdd4521186163b090278ddb4f75c35d0f52864e/analysis/1490205162/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-1b88-4197-9e7b-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "RAR Files - Xchecked via VT: 2265ad57ec790a239eea12af5398819cab744fe167142346055b36a32482e06e",
|
|
"pattern": "[file:hashes.SHA1 = '5d477990a422789c5ef0b7e10563a184e96ec3b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-9774-43fd-bf93-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "RAR Files - Xchecked via VT: 2265ad57ec790a239eea12af5398819cab744fe167142346055b36a32482e06e",
|
|
"pattern": "[file:hashes.MD5 = '5b8c1ade0287bee0d1d794a396caaf5d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-9b50-4ac7-9021-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-9b50-4ac7-9021-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-9b50-4ac7-9021-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/2265ad57ec790a239eea12af5398819cab744fe167142346055b36a32482e06e/analysis/1481112113/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-a300-4cc2-b9bd-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "RAR Files - Xchecked via VT: 601587809f2da4b6bdfa8fdab087209bfe9555e68f34d9c0ba18a2a76eecfdb3",
|
|
"pattern": "[file:hashes.SHA1 = '9914d4bcc396db9f1470a37c0242ceb95fc97906']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-0160-4d27-9b8c-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "RAR Files - Xchecked via VT: 601587809f2da4b6bdfa8fdab087209bfe9555e68f34d9c0ba18a2a76eecfdb3",
|
|
"pattern": "[file:hashes.MD5 = 'e2013d4e600c5c42e312aafdc661d0d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-ce94-4907-91f7-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-ce94-4907-91f7-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-ce94-4907-91f7-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/601587809f2da4b6bdfa8fdab087209bfe9555e68f34d9c0ba18a2a76eecfdb3/analysis/1474197911/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-c080-471e-b3f7-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "RAR Files - Xchecked via VT: 6d73387c8c132c8bfbc7a644524b4995cdb3b4c8700a8f12921bcb0f9b573ede",
|
|
"pattern": "[file:hashes.SHA1 = 'a094a0196bc83b536c3c8be58cd3a78d84055f95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-b8a4-416d-b587-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "RAR Files - Xchecked via VT: 6d73387c8c132c8bfbc7a644524b4995cdb3b4c8700a8f12921bcb0f9b573ede",
|
|
"pattern": "[file:hashes.MD5 = '2093ee12517a2dd29c6e39f5d697a71e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-4274-4311-8cdf-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-4274-4311-8cdf-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-4274-4311-8cdf-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/6d73387c8c132c8bfbc7a644524b4995cdb3b4c8700a8f12921bcb0f9b573ede/analysis/1491771246/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-53f4-4fb7-888b-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "RAR Files - Xchecked via VT: 048d43882bd7e55a245f11931f577e7ec706f2d64ba37c3372bc73f6971dc233",
|
|
"pattern": "[file:hashes.SHA1 = 'ffd6c98a17db2e346f29fdc0cc3dc91b5764da9c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-64c4-4323-889a-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "RAR Files - Xchecked via VT: 048d43882bd7e55a245f11931f577e7ec706f2d64ba37c3372bc73f6971dc233",
|
|
"pattern": "[file:hashes.MD5 = 'be098a2a4c29742981239bc9d39a1804']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-2a20-4b93-a14c-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-2a20-4b93-a14c-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-2a20-4b93-a14c-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/048d43882bd7e55a245f11931f577e7ec706f2d64ba37c3372bc73f6971dc233/analysis/1490205160/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-d294-4280-8e84-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: d21d981bc5efba11e8abf17cd369045d3eefa5268d7457bce5136e399bedb241",
|
|
"pattern": "[file:hashes.SHA1 = '5f00c9a8616cacac8b1c6660531545b5b6371457']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-cc90-49ce-9b03-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: d21d981bc5efba11e8abf17cd369045d3eefa5268d7457bce5136e399bedb241",
|
|
"pattern": "[file:hashes.MD5 = '5d08fc538329fa9305586b5e1f21ad83']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-b72c-45ed-b937-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-b72c-45ed-b937-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-b72c-45ed-b937-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/d21d981bc5efba11e8abf17cd369045d3eefa5268d7457bce5136e399bedb241/analysis/1490205181/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-9a0c-4a31-84e9-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: ffba9c46c2b991dabfa3b1e3d91dc4b4126086ba288b594836936145e9a8454b",
|
|
"pattern": "[file:hashes.SHA1 = '90d185af8746b5f846f3f2ad4d921cfaaa878463']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-ebec-4e54-8e1e-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: ffba9c46c2b991dabfa3b1e3d91dc4b4126086ba288b594836936145e9a8454b",
|
|
"pattern": "[file:hashes.MD5 = 'f315699edaa4737ab11c6be2b12fa16d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-e028-4140-be18-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-e028-4140-be18-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-e028-4140-be18-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/ffba9c46c2b991dabfa3b1e3d91dc4b4126086ba288b594836936145e9a8454b/analysis/1490678997/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-ff14-4bb9-90c2-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: fa97b9f4d1f5f401f8bdb4c989d10e1c4d7f76e65a31a3b9ac34c10c17653a64",
|
|
"pattern": "[file:hashes.SHA1 = 'dea1b49fb799d6a7c68dc21831f02c836550d782']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-5ab0-4e2a-965c-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: fa97b9f4d1f5f401f8bdb4c989d10e1c4d7f76e65a31a3b9ac34c10c17653a64",
|
|
"pattern": "[file:hashes.MD5 = 'ad5a546d40681295fe2c1c2daca900cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-7bd0-491d-b954-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-7bd0-491d-b954-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-7bd0-491d-b954-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/fa97b9f4d1f5f401f8bdb4c989d10e1c4d7f76e65a31a3b9ac34c10c17653a64/analysis/1490577299/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-293c-4a1f-95e9-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: f258d903d23e34b6109294e4ca3d18078652dea23eea13f77f496303d6798995",
|
|
"pattern": "[file:hashes.SHA1 = '974e0d6731a97f1283f2194a81392e6e46fbe10b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-c9ec-4e72-83f0-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: f258d903d23e34b6109294e4ca3d18078652dea23eea13f77f496303d6798995",
|
|
"pattern": "[file:hashes.MD5 = 'e0afb50f7b22259635238e8d2a331ace']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-a810-4449-bea1-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-a810-4449-bea1-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-a810-4449-bea1-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/f258d903d23e34b6109294e4ca3d18078652dea23eea13f77f496303d6798995/analysis/1490205179/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-3dbc-4842-b8eb-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: ec2ac42b822de3ef7ec5c980075fd32ef134bf2fd31bfd368c563faee5702b60",
|
|
"pattern": "[file:hashes.SHA1 = '8b3bcd0cadfb720c7fe032fcb5c310b4a3f44c8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-c218-4f8e-8e35-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: ec2ac42b822de3ef7ec5c980075fd32ef134bf2fd31bfd368c563faee5702b60",
|
|
"pattern": "[file:hashes.MD5 = '4605e835d7b2b9a1b3c4c55749889432']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-5dd0-4b7b-b727-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-5dd0-4b7b-b727-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-5dd0-4b7b-b727-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/ec2ac42b822de3ef7ec5c980075fd32ef134bf2fd31bfd368c563faee5702b60/analysis/1490205178/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-0988-4106-b155-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: eab46451c053b6a606655a69c381a56a9afca4bf1bd2882c7c030ae69f892da7",
|
|
"pattern": "[file:hashes.SHA1 = 'e5165d72082334bde3943b1e584e7847ccd33158']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-c1f8-4013-b1be-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: eab46451c053b6a606655a69c381a56a9afca4bf1bd2882c7c030ae69f892da7",
|
|
"pattern": "[file:hashes.MD5 = 'd59e80ca9ef695553fc48012a8c3ccc9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d914-b70c-4c95-b5e6-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"first_observed": "2017-06-26T09:51:16Z",
|
|
"last_observed": "2017-06-26T09:51:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d914-b70c-4c95-b5e6-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d914-b70c-4c95-b5e6-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/eab46451c053b6a606655a69c381a56a9afca4bf1bd2882c7c030ae69f892da7/analysis/1490205178/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d914-a9e4-449a-8c74-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:16.000Z",
|
|
"modified": "2017-06-26T09:51:16.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: c5278dabf24ecf9207ad8ee4ac3a4dd087ed3d671983c84c0babfc94a52da182",
|
|
"pattern": "[file:hashes.SHA1 = 'fe2016d2573e9909870f6167eba3c70d92fc4cf9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-6be4-46c9-8172-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: c5278dabf24ecf9207ad8ee4ac3a4dd087ed3d671983c84c0babfc94a52da182",
|
|
"pattern": "[file:hashes.MD5 = 'ab0a4dc1c8d067ca58e89b4cd9a71154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-42c0-4bd4-9913-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-42c0-4bd4-9913-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-42c0-4bd4-9913-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/c5278dabf24ecf9207ad8ee4ac3a4dd087ed3d671983c84c0babfc94a52da182/analysis/1492290842/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-a7bc-482a-b788-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: bba13073badce1669d858955613c4e10adf6d4577a517a618009bde93639d47a",
|
|
"pattern": "[file:hashes.SHA1 = '4a2ed3e4a0b25b2e824ae75661e8379a3d9eec26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-9df4-4917-a904-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: bba13073badce1669d858955613c4e10adf6d4577a517a618009bde93639d47a",
|
|
"pattern": "[file:hashes.MD5 = 'eb23912f533bad9366793daf06a2b567']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-4778-450d-bd6e-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-4778-450d-bd6e-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-4778-450d-bd6e-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/bba13073badce1669d858955613c4e10adf6d4577a517a618009bde93639d47a/analysis/1490205176/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-671c-4746-a3cf-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: acb60ec5dc7778fd4ab1f21bd9a406c04455f8d28b1e01e97bd0ac036d1e72e2",
|
|
"pattern": "[file:hashes.SHA1 = '5c383432ff5a42f3c52b6db9562e408104ff2395']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-d238-4130-88ee-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: acb60ec5dc7778fd4ab1f21bd9a406c04455f8d28b1e01e97bd0ac036d1e72e2",
|
|
"pattern": "[file:hashes.MD5 = 'c7a08cccf51050165a91295a147f227f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-6290-4683-8f9d-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-6290-4683-8f9d-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-6290-4683-8f9d-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/acb60ec5dc7778fd4ab1f21bd9a406c04455f8d28b1e01e97bd0ac036d1e72e2/analysis/1492291643/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-d928-479d-b238-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 9641553bfdffbeb4e786f36ed9fc6545d6b8c624eddb576cc234ab43d4afff2a",
|
|
"pattern": "[file:hashes.SHA1 = '2d772f7763fc778fd61d6aaa27b86e11aaa5ede3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-09cc-487f-9458-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 9641553bfdffbeb4e786f36ed9fc6545d6b8c624eddb576cc234ab43d4afff2a",
|
|
"pattern": "[file:hashes.MD5 = 'f8e81d84a3ffa651ba3925379d9fa8a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-9d8c-477a-9e10-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-9d8c-477a-9e10-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-9d8c-477a-9e10-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/9641553bfdffbeb4e786f36ed9fc6545d6b8c624eddb576cc234ab43d4afff2a/analysis/1490205175/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-07c8-4bdf-afb0-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 89e2bf8e057e5e5c1d99e5c533cc0352f4f86dd9bea03aae01b8c02454eed7a7",
|
|
"pattern": "[file:hashes.SHA1 = 'a5c21d669d659857a56366db5d27161b415298bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-82ac-4d27-9d39-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 89e2bf8e057e5e5c1d99e5c533cc0352f4f86dd9bea03aae01b8c02454eed7a7",
|
|
"pattern": "[file:hashes.MD5 = '7ac1fa84d0fec58c43d7d5e905e12299']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-5f4c-4c65-be0c-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-5f4c-4c65-be0c-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-5f4c-4c65-be0c-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/89e2bf8e057e5e5c1d99e5c533cc0352f4f86dd9bea03aae01b8c02454eed7a7/analysis/1491945957/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-a6e4-4892-9169-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 8434227d1db2679a36d767e7b0ffa5934496d947f4dcd765961d539108534df8",
|
|
"pattern": "[file:hashes.SHA1 = '0d0acaa5995bf2ce52d2b86079ec4e1bdaf0159c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-0f88-418f-8c34-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 8434227d1db2679a36d767e7b0ffa5934496d947f4dcd765961d539108534df8",
|
|
"pattern": "[file:hashes.MD5 = 'df6b74721b9fd643867423e242d30e08']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-6e98-44a9-a2d2-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-6e98-44a9-a2d2-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-6e98-44a9-a2d2-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/8434227d1db2679a36d767e7b0ffa5934496d947f4dcd765961d539108534df8/analysis/1490205173/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-c834-48c7-adb2-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 82ee78877adeb3db055d924cc08148db03f7b6d4734b7deb2f59ab37269ffeb4",
|
|
"pattern": "[file:hashes.SHA1 = '09e2087fb1b23c7d63824df69ddfe3ec3c16dfc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-4bf0-4be2-a8e1-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 82ee78877adeb3db055d924cc08148db03f7b6d4734b7deb2f59ab37269ffeb4",
|
|
"pattern": "[file:hashes.MD5 = 'baa9fe022093f692d8c33b9fdc4e0246']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-d8c4-4853-8470-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-d8c4-4853-8470-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-d8c4-4853-8470-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/82ee78877adeb3db055d924cc08148db03f7b6d4734b7deb2f59ab37269ffeb4/analysis/1490935704/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-73f0-47d5-9969-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 7567935a0e3882278455f4b6e434021d6bdee51be56d455ce1a13e13fe28cdcd",
|
|
"pattern": "[file:hashes.SHA1 = '751411d175258da50446ceaa8962e3cfdf613d03']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-2eac-4d02-a6cb-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 7567935a0e3882278455f4b6e434021d6bdee51be56d455ce1a13e13fe28cdcd",
|
|
"pattern": "[file:hashes.MD5 = 'b992f57ac0550f1df0e6b29f3dd8f0ef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-4b6c-4173-862c-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-4b6c-4173-862c-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-4b6c-4173-862c-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/7567935a0e3882278455f4b6e434021d6bdee51be56d455ce1a13e13fe28cdcd/analysis/1490205172/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-4778-4d80-9147-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 6c60ff5e52c5b77012de3e43a1ba88b6c952e51b98d9651ddd6791c4af4a6607",
|
|
"pattern": "[file:hashes.SHA1 = '1df8d441670e82fa9f57447ca58148456bc5c058']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-6d10-46b1-b459-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 6c60ff5e52c5b77012de3e43a1ba88b6c952e51b98d9651ddd6791c4af4a6607",
|
|
"pattern": "[file:hashes.MD5 = '4b29580d94598a9fb088b9c798e3b0ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-0430-49d7-987d-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-0430-49d7-987d-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-0430-49d7-987d-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/6c60ff5e52c5b77012de3e43a1ba88b6c952e51b98d9651ddd6791c4af4a6607/analysis/1474210832/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-a5c0-4894-8ad5-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 6bc30bd07cfbf20051057483b9883925bd4eda545376a793286e2d5315389181",
|
|
"pattern": "[file:hashes.SHA1 = '0747947b71fd07f8ea548c55c36c7f4e6e3672d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-8b5c-49a1-9beb-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 6bc30bd07cfbf20051057483b9883925bd4eda545376a793286e2d5315389181",
|
|
"pattern": "[file:hashes.MD5 = 'c3fbc02c15d361f9f4cb19881c270e5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-0b54-46c0-8499-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-0b54-46c0-8499-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-0b54-46c0-8499-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/6bc30bd07cfbf20051057483b9883925bd4eda545376a793286e2d5315389181/analysis/1490205170/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-615c-4ad9-9e93-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 6b8a536740e8e5af9b472f90925856eb44e272f88a90ecaad1714576dae83f88",
|
|
"pattern": "[file:hashes.SHA1 = 'bad84949da011f6daa46a07913c7a2627c9a6b06']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-f8c4-4941-8978-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 6b8a536740e8e5af9b472f90925856eb44e272f88a90ecaad1714576dae83f88",
|
|
"pattern": "[file:hashes.MD5 = '5a82c6482b97f4bfac507f79d11a6854']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-f914-4ded-beb1-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-f914-4ded-beb1-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-f914-4ded-beb1-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/6b8a536740e8e5af9b472f90925856eb44e272f88a90ecaad1714576dae83f88/analysis/1490205170/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-3d24-45d8-a674-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 58207b19c327b3590c92279006458356249f929c71cdb18791b498dd08f36cc8",
|
|
"pattern": "[file:hashes.SHA1 = '6abfb7257e3e59ed8574a2327cf6fafb86eb34f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-c5ec-4bcd-9f58-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 58207b19c327b3590c92279006458356249f929c71cdb18791b498dd08f36cc8",
|
|
"pattern": "[file:hashes.MD5 = '2d87f53f7f7e513c4257959b140bd50b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-677c-4041-a274-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-677c-4041-a274-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-677c-4041-a274-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/58207b19c327b3590c92279006458356249f929c71cdb18791b498dd08f36cc8/analysis/1490205169/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-cee8-45c4-9152-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 4c14f7e1323a26d00cc9bf516ae1137a97e84691e4c2f525b16828e217ff037c",
|
|
"pattern": "[file:hashes.SHA1 = '25434ac27e290709bd8aebc05f9060084e78bfca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-9e2c-44a1-8e9d-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 4c14f7e1323a26d00cc9bf516ae1137a97e84691e4c2f525b16828e217ff037c",
|
|
"pattern": "[file:hashes.MD5 = '742a8c60a6942b8aa5416aad69719d55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d915-3bb4-4686-bf0a-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"first_observed": "2017-06-26T09:51:17Z",
|
|
"last_observed": "2017-06-26T09:51:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d915-3bb4-4686-bf0a-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d915-3bb4-4686-bf0a-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/4c14f7e1323a26d00cc9bf516ae1137a97e84691e4c2f525b16828e217ff037c/analysis/1489677388/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-f878-4c4e-ab79-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 495aa2ac2c666e82c7244a74ac025006c3476f348105253adef7a225f98aeba1",
|
|
"pattern": "[file:hashes.SHA1 = '60efdff19f91e2ab01fac076111680d6a9fbfc83']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d915-6d14-486e-882e-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:17.000Z",
|
|
"modified": "2017-06-26T09:51:17.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 495aa2ac2c666e82c7244a74ac025006c3476f348105253adef7a225f98aeba1",
|
|
"pattern": "[file:hashes.MD5 = 'ec86dc8f2dbc082e67c3947ea2f45c48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d916-2798-4d2e-8d23-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"first_observed": "2017-06-26T09:51:18Z",
|
|
"last_observed": "2017-06-26T09:51:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d916-2798-4d2e-8d23-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d916-2798-4d2e-8d23-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/495aa2ac2c666e82c7244a74ac025006c3476f348105253adef7a225f98aeba1/analysis/1490205168/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-6b58-4d1f-82c0-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 1d1dc7fe128330558f071aebdd9a6ee76ac24fd0009661f90ae8dc9ce8ec10d1",
|
|
"pattern": "[file:hashes.SHA1 = 'a1f1b0d0dfd8403b3aee9b1fe224dcf3d3596a09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-b550-4ba1-8621-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 1d1dc7fe128330558f071aebdd9a6ee76ac24fd0009661f90ae8dc9ce8ec10d1",
|
|
"pattern": "[file:hashes.MD5 = 'a7c66e88a7c7ad34d0eb5db9b41ffb5f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d916-92b4-4c31-bc18-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"first_observed": "2017-06-26T09:51:18Z",
|
|
"last_observed": "2017-06-26T09:51:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d916-92b4-4c31-bc18-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d916-92b4-4c31-bc18-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/1d1dc7fe128330558f071aebdd9a6ee76ac24fd0009661f90ae8dc9ce8ec10d1/analysis/1481941243/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-8e70-49f3-bbea-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 1a5dcc6e43aac2f1fdf0928d817ef5358ba5420fc578f5ec3fa4fbd304d02f36",
|
|
"pattern": "[file:hashes.SHA1 = 'ffce2b5be67b8c2d03be4e3fc935a6a645c581f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-6638-4587-b598-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 1a5dcc6e43aac2f1fdf0928d817ef5358ba5420fc578f5ec3fa4fbd304d02f36",
|
|
"pattern": "[file:hashes.MD5 = '023af81312bad70bd7dfc49b5269e419']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d916-f020-4f0a-bd09-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"first_observed": "2017-06-26T09:51:18Z",
|
|
"last_observed": "2017-06-26T09:51:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d916-f020-4f0a-bd09-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d916-f020-4f0a-bd09-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/1a5dcc6e43aac2f1fdf0928d817ef5358ba5420fc578f5ec3fa4fbd304d02f36/analysis/1490205166/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-4b60-49f8-b7a4-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 17236e97e665a0766be612e57a90332e86e44d18f31ccd2beb7487cfdfd2bb8f",
|
|
"pattern": "[file:hashes.SHA1 = '3091685ab6fcf39736157b37b99c30731f9533f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-c5f0-4ddc-ac98-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 17236e97e665a0766be612e57a90332e86e44d18f31ccd2beb7487cfdfd2bb8f",
|
|
"pattern": "[file:hashes.MD5 = '6ee614c1f9314c888a58ecaf350be782']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d916-7b3c-419d-b10f-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"first_observed": "2017-06-26T09:51:18Z",
|
|
"last_observed": "2017-06-26T09:51:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d916-7b3c-419d-b10f-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d916-7b3c-419d-b10f-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/17236e97e665a0766be612e57a90332e86e44d18f31ccd2beb7487cfdfd2bb8f/analysis/1490205166/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-f6c4-4626-af93-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 1661fb2e2b4f701203bf22b3cf339cc12f5779999ee1ced6818e5087714b074c",
|
|
"pattern": "[file:hashes.SHA1 = 'ee45640d238bded70a443a61460dd4e1231865aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-a820-445c-b14e-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 1661fb2e2b4f701203bf22b3cf339cc12f5779999ee1ced6818e5087714b074c",
|
|
"pattern": "[file:hashes.MD5 = '9cdd74d3891feae6e330b95d1ced7d0f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d916-362c-4401-83c1-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"first_observed": "2017-06-26T09:51:18Z",
|
|
"last_observed": "2017-06-26T09:51:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d916-362c-4401-83c1-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d916-362c-4401-83c1-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/1661fb2e2b4f701203bf22b3cf339cc12f5779999ee1ced6818e5087714b074c/analysis/1492290422/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-3060-40ea-892e-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 0ebdf2390584d1c66dc908bd8b95c96673428c1c22fb495075b4c79e2f54f796",
|
|
"pattern": "[file:hashes.SHA1 = '2a85eae10ee004d60307737f6abd2e206b9e48a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-cf98-48aa-89f8-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 0ebdf2390584d1c66dc908bd8b95c96673428c1c22fb495075b4c79e2f54f796",
|
|
"pattern": "[file:hashes.MD5 = 'a854ec9ca4c220274a075a792a8e1c67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d916-9b44-496e-b594-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"first_observed": "2017-06-26T09:51:18Z",
|
|
"last_observed": "2017-06-26T09:51:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d916-9b44-496e-b594-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d916-9b44-496e-b594-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/0ebdf2390584d1c66dc908bd8b95c96673428c1c22fb495075b4c79e2f54f796/analysis/1492290764/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-4618-43bd-abdc-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 0970e43cf5458b0cf77e2232f724a651e9f37513f5cb3c58b51d357c21e18e4c",
|
|
"pattern": "[file:hashes.SHA1 = '35777dd976d186b5882134f9910e31f9cf98e939']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-0d10-4fe1-95dc-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 0970e43cf5458b0cf77e2232f724a651e9f37513f5cb3c58b51d357c21e18e4c",
|
|
"pattern": "[file:hashes.MD5 = 'cf90a40ba183d89244f966780845a2f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d916-c494-422e-8c97-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"first_observed": "2017-06-26T09:51:18Z",
|
|
"last_observed": "2017-06-26T09:51:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d916-c494-422e-8c97-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d916-c494-422e-8c97-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/0970e43cf5458b0cf77e2232f724a651e9f37513f5cb3c58b51d357c21e18e4c/analysis/1490214442/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-15a8-4b83-995e-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 06ae08f9628f40a75a01c266caaa440ec664c3138f9fd39b273e6d8c9ec50f17",
|
|
"pattern": "[file:hashes.SHA1 = '9e959e77b372a09d827f7d565e1769c4d41fc68e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-07b4-4992-a93e-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Initial Payload With Decoy - Xchecked via VT: 06ae08f9628f40a75a01c266caaa440ec664c3138f9fd39b273e6d8c9ec50f17",
|
|
"pattern": "[file:hashes.MD5 = 'e2da476bf44c48b7dd2d40d8e686281a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d916-dd30-4f9c-a5f1-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"first_observed": "2017-06-26T09:51:18Z",
|
|
"last_observed": "2017-06-26T09:51:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d916-dd30-4f9c-a5f1-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d916-dd30-4f9c-a5f1-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/06ae08f9628f40a75a01c266caaa440ec664c3138f9fd39b273e6d8c9ec50f17/analysis/1490205162/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-7eac-475f-8354-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: f98ef639797013d6eddfcc00f7d208510ac02ca49bed1eb9250156081d5ed0ab",
|
|
"pattern": "[file:hashes.SHA1 = '4c15817d8a0dbb3c00d5b612379d1e4dd9c90a47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d916-56a4-45ba-a33c-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: f98ef639797013d6eddfcc00f7d208510ac02ca49bed1eb9250156081d5ed0ab",
|
|
"pattern": "[file:hashes.MD5 = 'addd0069320fd8482650ab135dc7819c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d916-fee0-4979-be35-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:18.000Z",
|
|
"modified": "2017-06-26T09:51:18.000Z",
|
|
"first_observed": "2017-06-26T09:51:18Z",
|
|
"last_observed": "2017-06-26T09:51:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d916-fee0-4979-be35-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d916-fee0-4979-be35-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/f98ef639797013d6eddfcc00f7d208510ac02ca49bed1eb9250156081d5ed0ab/analysis/1490205195/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-fd54-44a0-8fdd-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: d2b81d32ceb61640c72d2af241527e942218e2067c7a0ae4ff5b6eabe659255e",
|
|
"pattern": "[file:hashes.SHA1 = '09d6fbaccc661da06f61c46280e1e622ee889189']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-4888-4267-a04d-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: d2b81d32ceb61640c72d2af241527e942218e2067c7a0ae4ff5b6eabe659255e",
|
|
"pattern": "[file:hashes.MD5 = '38e5ee2aecf10fe7f02bd4f0c1c20058']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-b164-42ff-b691-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-b164-42ff-b691-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-b164-42ff-b691-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/d2b81d32ceb61640c72d2af241527e942218e2067c7a0ae4ff5b6eabe659255e/analysis/1492031179/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-55d0-4c67-92f2-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: c634f10a475df833c55610e38e947dda278b474b6650bb8570ab3801be43739f",
|
|
"pattern": "[file:hashes.SHA1 = '1381995f2ee091ce29840775139683a5b2fa4a86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-6adc-4ad4-a91f-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: c634f10a475df833c55610e38e947dda278b474b6650bb8570ab3801be43739f",
|
|
"pattern": "[file:hashes.MD5 = '1a7f741e2e200bd75c89e0a6e0726c4d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-1a54-415d-9a3f-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-1a54-415d-9a3f-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-1a54-415d-9a3f-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/c634f10a475df833c55610e38e947dda278b474b6650bb8570ab3801be43739f/analysis/1490205193/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-162c-4126-a683-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: bc3cedfa6a2c05717116b29c2b387a985a504a97ce0e0a43212b3bc89ac9cf95",
|
|
"pattern": "[file:hashes.SHA1 = '33e7fb869467d12979979c3d326ed2c0da29c215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-af78-4997-9a36-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: bc3cedfa6a2c05717116b29c2b387a985a504a97ce0e0a43212b3bc89ac9cf95",
|
|
"pattern": "[file:hashes.MD5 = 'd7accc228fcb5e7975415d9d3d5de44c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-7b10-4c03-8965-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-7b10-4c03-8965-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-7b10-4c03-8965-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/bc3cedfa6a2c05717116b29c2b387a985a504a97ce0e0a43212b3bc89ac9cf95/analysis/1490205193/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-c494-42fb-928b-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: b8341d72c3b2ecd90a18d428a7ea81a267eb105a36692042fe8904b0b0ea6b07",
|
|
"pattern": "[file:hashes.SHA1 = '95d3dcfebc67d4fed91b162d67f2f76892926ad1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-ab48-4396-bd23-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: b8341d72c3b2ecd90a18d428a7ea81a267eb105a36692042fe8904b0b0ea6b07",
|
|
"pattern": "[file:hashes.MD5 = '2298d4514829801ffac579e712c59216']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-9fa4-4152-9372-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-9fa4-4152-9372-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-9fa4-4152-9372-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/b8341d72c3b2ecd90a18d428a7ea81a267eb105a36692042fe8904b0b0ea6b07/analysis/1491771270/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-6ba8-4619-b67d-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 9d124733378333e556d29684eb05060e8c88eb476a5803d0879c41f4344f6bd9",
|
|
"pattern": "[file:hashes.SHA1 = '3edb64ba9a641707c289da03f3f43afb5c061f06']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-bad8-4184-876d-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 9d124733378333e556d29684eb05060e8c88eb476a5803d0879c41f4344f6bd9",
|
|
"pattern": "[file:hashes.MD5 = 'a834ae9731f6677677a3ed4d9dd4793c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-84cc-4f6b-8bf3-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-84cc-4f6b-8bf3-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-84cc-4f6b-8bf3-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/9d124733378333e556d29684eb05060e8c88eb476a5803d0879c41f4344f6bd9/analysis/1489922179/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-c84c-49d8-b2e1-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 93348d6dffd45a4c01b10fc90501c666f7a5360547e2a025d5980f235e815cc9",
|
|
"pattern": "[file:hashes.SHA1 = '70af0b26c4bfedee4b243e50a0e6a4a8f92ac6f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-323c-4d17-b991-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 93348d6dffd45a4c01b10fc90501c666f7a5360547e2a025d5980f235e815cc9",
|
|
"pattern": "[file:hashes.MD5 = '9429ed8bcb57267d55e1b990310e701e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-00f0-4de3-81ed-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-00f0-4de3-81ed-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-00f0-4de3-81ed-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/93348d6dffd45a4c01b10fc90501c666f7a5360547e2a025d5980f235e815cc9/analysis/1490205190/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-e9e0-4ceb-8df4-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 76af6661f95bf45537c961d4446d924a70b9b053ddbf02c8bfda2918d5ac90f5",
|
|
"pattern": "[file:hashes.SHA1 = '82a77fd6a4914fa1fa37e4240e24f76045f100d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-9744-425c-aa4c-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 76af6661f95bf45537c961d4446d924a70b9b053ddbf02c8bfda2918d5ac90f5",
|
|
"pattern": "[file:hashes.MD5 = 'e761bef078b8774c3d9027d07bef5c45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-afcc-4140-851b-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-afcc-4140-851b-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-afcc-4140-851b-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/76af6661f95bf45537c961d4446d924a70b9b053ddbf02c8bfda2918d5ac90f5/analysis/1490205189/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-648c-422a-9c7b-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 732ceaf2ce6f233bb4a305edc8d2bb59587a92bd6f03ea748bef6dd13bf38499",
|
|
"pattern": "[file:hashes.SHA1 = '1d6e8aa62e43c698c387040afac5111b82f25664']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-7170-42ab-b635-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 732ceaf2ce6f233bb4a305edc8d2bb59587a92bd6f03ea748bef6dd13bf38499",
|
|
"pattern": "[file:hashes.MD5 = 'b2b3fd5e2b4bca2a4f1ebc710350e584']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-3900-4072-8459-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-3900-4072-8459-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-3900-4072-8459-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/732ceaf2ce6f233bb4a305edc8d2bb59587a92bd6f03ea748bef6dd13bf38499/analysis/1492291077/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-54fc-4765-9e37-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 6917db24c61e6de8be08d02febe764fe7e63218b37e4a22e9d7e8691eee38dcb",
|
|
"pattern": "[file:hashes.SHA1 = 'c6a530d2d1c9011c15b8b4d95f3ef057d814fc7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-9554-496e-9702-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 6917db24c61e6de8be08d02febe764fe7e63218b37e4a22e9d7e8691eee38dcb",
|
|
"pattern": "[file:hashes.MD5 = 'c00b206bb563413c35523b06719bae64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-2fac-4491-aa69-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-2fac-4491-aa69-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-2fac-4491-aa69-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/6917db24c61e6de8be08d02febe764fe7e63218b37e4a22e9d7e8691eee38dcb/analysis/1480111318/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-d9e4-413c-b071-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 613351824cabdb3932ab0709138de1fcff63f3f8926d51b23291ebf345df4471",
|
|
"pattern": "[file:hashes.SHA1 = '3497c9dfc0fc9b1b864100772d3455a9f2a2f175']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-cd00-4d69-a1c7-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 613351824cabdb3932ab0709138de1fcff63f3f8926d51b23291ebf345df4471",
|
|
"pattern": "[file:hashes.MD5 = '171ffc2331fc59c7166b22507754722f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-5354-4c54-bf02-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-5354-4c54-bf02-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-5354-4c54-bf02-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/613351824cabdb3932ab0709138de1fcff63f3f8926d51b23291ebf345df4471/analysis/1491771190/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-c250-41ab-ba1b-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 5fed1bda348468eddbdd3cdefd03b6add327ff4d9cf5d2300201e08724b24c9a",
|
|
"pattern": "[file:hashes.SHA1 = 'fa485313785324bc44a275a6d01e50812f5dde92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-c5fc-415b-8baf-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 5fed1bda348468eddbdd3cdefd03b6add327ff4d9cf5d2300201e08724b24c9a",
|
|
"pattern": "[file:hashes.MD5 = '8be54309aea92e4a9fd9e15d68cd89c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-cbec-4cce-bf55-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-cbec-4cce-bf55-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-cbec-4cce-bf55-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/5fed1bda348468eddbdd3cdefd03b6add327ff4d9cf5d2300201e08724b24c9a/analysis/1490205188/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-09e8-44f7-9fe6-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 52cec92c27d99c397e6104e89923aa126b94d3b1cf3afa1c49b353494219162e",
|
|
"pattern": "[file:hashes.SHA1 = '4c1e4ba82491c8f1f9ab3aa9da9175edfc9557f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-4548-4528-ae4c-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 52cec92c27d99c397e6104e89923aa126b94d3b1cf3afa1c49b353494219162e",
|
|
"pattern": "[file:hashes.MD5 = 'ae1614194512e79314f41a94e0fb4701']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-3eac-4e8e-89ba-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-3eac-4e8e-89ba-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-3eac-4e8e-89ba-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/52cec92c27d99c397e6104e89923aa126b94d3b1cf3afa1c49b353494219162e/analysis/1490205187/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-f9c0-4f97-94a9-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 3b326f99ce3f4d8fa86135a567ba236fcc0eb308cd5bbfc74404a5fe3737682a",
|
|
"pattern": "[file:hashes.SHA1 = '6d028cd4a9e5ee42b7277c5bb102e9c990906905']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-d188-4fb0-ae7d-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 3b326f99ce3f4d8fa86135a567ba236fcc0eb308cd5bbfc74404a5fe3737682a",
|
|
"pattern": "[file:hashes.MD5 = 'dffce034cb32015ed78aed37e1833629']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-f2f4-49c0-99db-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-f2f4-49c0-99db-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-f2f4-49c0-99db-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/3b326f99ce3f4d8fa86135a567ba236fcc0eb308cd5bbfc74404a5fe3737682a/analysis/1490205186/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-1d24-4d1d-840a-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 2f878a3043d8f506fa53265afcea40b622e82806d1438cf4a07f92fb01d9962f",
|
|
"pattern": "[file:hashes.SHA1 = '74687a39a3df9e923af9d7825641f645d75576b1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-43f4-4aef-b7d1-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 2f878a3043d8f506fa53265afcea40b622e82806d1438cf4a07f92fb01d9962f",
|
|
"pattern": "[file:hashes.MD5 = 'ee2f5fe72962adc42b1c0e71972ab02a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-6dc8-4ccb-8710-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-6dc8-4ccb-8710-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-6dc8-4ccb-8710-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/2f878a3043d8f506fa53265afcea40b622e82806d1438cf4a07f92fb01d9962f/analysis/1479922426/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-18f4-402a-9975-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 282651843b51a1c81fb4c2d94f319439c66101d2a0d10552940ede5c382dc995",
|
|
"pattern": "[file:hashes.SHA1 = 'b781e3d90ff37208cd6c775e2ac4479885ec3f17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-d778-461c-9cd1-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 282651843b51a1c81fb4c2d94f319439c66101d2a0d10552940ede5c382dc995",
|
|
"pattern": "[file:hashes.MD5 = 'd867b6fef025d27f203851fb74aa26c1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-69d8-4ece-9ed1-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-69d8-4ece-9ed1-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-69d8-4ece-9ed1-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/282651843b51a1c81fb4c2d94f319439c66101d2a0d10552940ede5c382dc995/analysis/1490205185/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-1eac-4b42-aa2d-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 28131cea5009f680064a7962279ebdff7728463a6d0a30ef2077999abe27bee7",
|
|
"pattern": "[file:hashes.SHA1 = '56f6ba99b6a12a9745c5e4e9574ed5a187258bd5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-7c6c-4c66-9d81-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 28131cea5009f680064a7962279ebdff7728463a6d0a30ef2077999abe27bee7",
|
|
"pattern": "[file:hashes.MD5 = 'a132cba5d33b96a4ba2609458a1dbdfa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-2bac-4d18-af4f-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-2bac-4d18-af4f-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-2bac-4d18-af4f-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/28131cea5009f680064a7962279ebdff7728463a6d0a30ef2077999abe27bee7/analysis/1490205185/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-7d74-4a94-8fe4-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 1c0f253b91b651e8cb61ea5dc6f0bf077bec3ab9612e78f9a30c3026e39bf8a8",
|
|
"pattern": "[file:hashes.SHA1 = 'e966e31b3e1b44453997498fbdd42826bb6a906c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d917-f9ac-4c83-aa1d-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 1c0f253b91b651e8cb61ea5dc6f0bf077bec3ab9612e78f9a30c3026e39bf8a8",
|
|
"pattern": "[file:hashes.MD5 = '63d7e9ee1086e81873a9275eab8d9cea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d917-2760-4b0a-82ae-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:19.000Z",
|
|
"modified": "2017-06-26T09:51:19.000Z",
|
|
"first_observed": "2017-06-26T09:51:19Z",
|
|
"last_observed": "2017-06-26T09:51:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d917-2760-4b0a-82ae-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d917-2760-4b0a-82ae-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/1c0f253b91b651e8cb61ea5dc6f0bf077bec3ab9612e78f9a30c3026e39bf8a8/analysis/1490205183/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d918-b700-4fe0-944f-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:20.000Z",
|
|
"modified": "2017-06-26T09:51:20.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 14e3053393d9b3845cec621cd79b0c5d7cd7cf656be0f5a78bb16fd0439c9917",
|
|
"pattern": "[file:hashes.SHA1 = 'dc6cee068161031e1de5372fad380bf21de24465']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d918-c458-44df-b564-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:20.000Z",
|
|
"modified": "2017-06-26T09:51:20.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 14e3053393d9b3845cec621cd79b0c5d7cd7cf656be0f5a78bb16fd0439c9917",
|
|
"pattern": "[file:hashes.MD5 = '075cb8a337270bce038e33951d884650']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d918-6004-4376-8fa3-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:20.000Z",
|
|
"modified": "2017-06-26T09:51:20.000Z",
|
|
"first_observed": "2017-06-26T09:51:20Z",
|
|
"last_observed": "2017-06-26T09:51:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d918-6004-4376-8fa3-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d918-6004-4376-8fa3-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/14e3053393d9b3845cec621cd79b0c5d7cd7cf656be0f5a78bb16fd0439c9917/analysis/1489922216/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d918-49dc-47a3-b9a4-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:20.000Z",
|
|
"modified": "2017-06-26T09:51:20.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 0972e075b70ea6f43b4a6f2c5e7f9329c3f4b382d7327b556131587142a3751f",
|
|
"pattern": "[file:hashes.SHA1 = '5e30430a0f1427ffa72c1dc0c48e404e937b83aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950d918-5424-45e7-b598-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:20.000Z",
|
|
"modified": "2017-06-26T09:51:20.000Z",
|
|
"description": "Primary Droppers - Xchecked via VT: 0972e075b70ea6f43b4a6f2c5e7f9329c3f4b382d7327b556131587142a3751f",
|
|
"pattern": "[file:hashes.MD5 = 'b697146395114080ff16623388085fd4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-26T09:51:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950d918-7838-4036-af92-d5d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-26T09:51:20.000Z",
|
|
"modified": "2017-06-26T09:51:20.000Z",
|
|
"first_observed": "2017-06-26T09:51:20Z",
|
|
"last_observed": "2017-06-26T09:51:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950d918-7838-4036-af92-d5d102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950d918-7838-4036-af92-d5d102de0b81",
|
|
"value": "https://www.virustotal.com/file/0972e075b70ea6f43b4a6f2c5e7f9329c3f4b382d7327b556131587142a3751f/analysis/1492291081/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |