2456 lines
No EOL
103 KiB
JSON
2456 lines
No EOL
103 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--59ad5d34-5dc0-46fb-8ecf-47a9950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:46.000Z",
|
|
"modified": "2017-09-04T14:27:46.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--59ad5d34-5dc0-46fb-8ecf-47a9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:46.000Z",
|
|
"modified": "2017-09-04T14:27:46.000Z",
|
|
"name": "OSINT - Emotet Trojan Acts as Loader, Spreads Automatically",
|
|
"published": "2017-09-04T14:28:06Z",
|
|
"object_refs": [
|
|
"observed-data--59ad5d47-4e98-460a-94e5-458e950d210f",
|
|
"url--59ad5d47-4e98-460a-94e5-458e950d210f",
|
|
"x-misp-attribute--59ad5d53-4304-4f22-afab-4f4f950d210f",
|
|
"indicator--59ad5df3-a514-4b67-9a88-423e950d210f",
|
|
"indicator--59ad5df3-0000-4df3-9f0e-46b3950d210f",
|
|
"indicator--59ad5df3-431c-4d25-9798-47c7950d210f",
|
|
"indicator--59ad5e2c-b9c4-40d5-9759-448a950d210f",
|
|
"indicator--59ad5e2c-0e20-4575-9544-4819950d210f",
|
|
"indicator--59ad5e2c-62a0-4df9-9306-4143950d210f",
|
|
"indicator--59ad5e2c-6838-41f6-975c-4f26950d210f",
|
|
"indicator--59ad5e2d-3a40-4582-8c9a-4355950d210f",
|
|
"indicator--59ad5e2d-4408-4429-af9c-43d7950d210f",
|
|
"indicator--59ad5e2d-ceb8-4290-b128-4bf6950d210f",
|
|
"indicator--59ad5e2d-c4d4-4892-b92a-46fb950d210f",
|
|
"indicator--59ad5e2d-4b30-4be0-a8b7-49dc950d210f",
|
|
"indicator--59ad5e2d-33a0-4d5e-90e0-4d42950d210f",
|
|
"indicator--59ad5e2d-86d8-4b8f-b612-4cbd950d210f",
|
|
"indicator--59ad5e2d-6a98-4c1e-a3c5-48a5950d210f",
|
|
"indicator--59ad5e2d-dcac-458f-adc4-428c950d210f",
|
|
"indicator--59ad5e2d-1918-46b4-a1ca-4ff5950d210f",
|
|
"indicator--59ad5e2d-98b4-41ab-9c08-42cd950d210f",
|
|
"indicator--59ad5e2d-c454-4967-a809-45c0950d210f",
|
|
"indicator--59ad5e2d-7d1c-48e5-b7b2-4aa0950d210f",
|
|
"indicator--59ad5e2d-305c-44d6-88b6-4ab7950d210f",
|
|
"indicator--59ad5e2d-c2b0-4c38-a721-4242950d210f",
|
|
"indicator--59ad5e2d-2318-42d1-a5df-4dd1950d210f",
|
|
"indicator--59ad5e2d-6ee8-4e75-8331-4cfb950d210f",
|
|
"indicator--59ad5e2d-ec6c-41f5-a282-4ed5950d210f",
|
|
"indicator--59ad5e2d-ac10-4777-8071-4265950d210f",
|
|
"indicator--59ad5e2d-df78-43b3-8e26-494a950d210f",
|
|
"indicator--59ad5e2d-c258-4f28-8dc3-49dc950d210f",
|
|
"indicator--59ad5e2d-0434-4925-9591-430a950d210f",
|
|
"indicator--59ad5e2d-4b80-4621-b689-4472950d210f",
|
|
"indicator--59ad5e2d-0784-43c4-96fd-4879950d210f",
|
|
"indicator--59ad5e2d-46d0-4e02-a4d0-4081950d210f",
|
|
"indicator--59ad5e2d-be5c-485d-816b-4a4b950d210f",
|
|
"indicator--59ad5e2d-6828-4aef-a548-4b97950d210f",
|
|
"indicator--59ad5e2d-67c4-4764-9333-4ee0950d210f",
|
|
"indicator--59ad5e2d-9a98-47d5-8c87-404e950d210f",
|
|
"indicator--59ad5e2d-1f2c-4f5f-864c-4dd4950d210f",
|
|
"indicator--59ad5e3f-a604-4b9d-902c-42a1950d210f",
|
|
"indicator--59ad5e3f-8940-4dd4-847a-4fb9950d210f",
|
|
"indicator--59ad5e3f-dfac-4d68-bf2f-4f49950d210f",
|
|
"indicator--59ad5e3f-c070-4df2-b483-486c950d210f",
|
|
"indicator--59ad5e3f-524c-4355-a4c1-4c6b950d210f",
|
|
"indicator--59ad5e3f-faac-4ef7-ba9a-4c71950d210f",
|
|
"indicator--59ad5e3f-76c4-487d-91d5-48f1950d210f",
|
|
"indicator--59ad5e3f-70a4-4181-b5ac-45c2950d210f",
|
|
"indicator--59ad5e3f-f360-437a-bd7c-4006950d210f",
|
|
"indicator--59ad5e3f-ce88-4da4-aea0-4417950d210f",
|
|
"indicator--59ad5e3f-264c-463f-a080-4211950d210f",
|
|
"indicator--59ad5e3f-1434-425c-8937-40f1950d210f",
|
|
"indicator--59ad5e3f-5f78-4e97-9c3a-4036950d210f",
|
|
"indicator--59ad5e3f-1cf0-400f-a1db-4074950d210f",
|
|
"indicator--59ad5e3f-8b80-4f6c-a743-4828950d210f",
|
|
"indicator--59ad62c2-06ec-49ed-aa28-43b702de0b81",
|
|
"observed-data--59ad62c2-aac4-461d-baa4-47ec02de0b81",
|
|
"url--59ad62c2-aac4-461d-baa4-47ec02de0b81",
|
|
"indicator--59ad62c2-f6b8-47b4-a38c-41ff02de0b81",
|
|
"indicator--59ad62c2-f3e0-4803-832c-4e1902de0b81",
|
|
"observed-data--59ad62c2-eeb0-4c4d-9c33-42a202de0b81",
|
|
"url--59ad62c2-eeb0-4c4d-9c33-42a202de0b81",
|
|
"indicator--59ad62c2-9f10-4e8b-92da-45ad02de0b81",
|
|
"indicator--59ad62c2-870c-41a8-ad79-48bd02de0b81",
|
|
"observed-data--59ad62c2-e4a4-45fc-a8ac-44bf02de0b81",
|
|
"url--59ad62c2-e4a4-45fc-a8ac-44bf02de0b81",
|
|
"indicator--59ad62c2-8fa8-4705-9650-491902de0b81",
|
|
"indicator--59ad62c2-f0fc-4eff-b422-4a8002de0b81",
|
|
"observed-data--59ad62c2-ae40-4537-b15b-4e7c02de0b81",
|
|
"url--59ad62c2-ae40-4537-b15b-4e7c02de0b81",
|
|
"indicator--59ad62c2-4d04-4afe-8764-465302de0b81",
|
|
"indicator--59ad62c2-5cf4-4bf3-92f8-493b02de0b81",
|
|
"observed-data--59ad62c2-f750-4150-b820-4a6a02de0b81",
|
|
"url--59ad62c2-f750-4150-b820-4a6a02de0b81",
|
|
"indicator--59ad62c2-18f0-4d02-834e-496902de0b81",
|
|
"indicator--59ad62c2-fef0-4bc8-b669-4abb02de0b81",
|
|
"observed-data--59ad62c2-3484-4be3-b149-409502de0b81",
|
|
"url--59ad62c2-3484-4be3-b149-409502de0b81",
|
|
"indicator--59ad62c2-08b8-409a-b4e3-49f202de0b81",
|
|
"indicator--59ad62c2-a004-4e83-a431-4e9802de0b81",
|
|
"observed-data--59ad62c2-e2e8-4a50-a632-4a4002de0b81",
|
|
"url--59ad62c2-e2e8-4a50-a632-4a4002de0b81",
|
|
"indicator--59ad62c2-1538-4740-aee1-496102de0b81",
|
|
"indicator--59ad62c2-b2ec-4f9e-b9ba-46dc02de0b81",
|
|
"observed-data--59ad62c2-0b10-4cc9-a5e1-44f102de0b81",
|
|
"url--59ad62c2-0b10-4cc9-a5e1-44f102de0b81",
|
|
"indicator--59ad62c2-2358-4f3f-8467-4cdf02de0b81",
|
|
"indicator--59ad62c2-d90c-4226-b9b2-413402de0b81",
|
|
"observed-data--59ad62c2-cb8c-4223-9ece-4bdf02de0b81",
|
|
"url--59ad62c2-cb8c-4223-9ece-4bdf02de0b81",
|
|
"indicator--59ad62c2-0d58-48b2-8b28-4da302de0b81",
|
|
"indicator--59ad62c2-ab54-4252-b698-473102de0b81",
|
|
"observed-data--59ad62c2-de48-461a-b61e-4b7a02de0b81",
|
|
"url--59ad62c2-de48-461a-b61e-4b7a02de0b81",
|
|
"indicator--59ad62c2-ca24-45be-a850-426e02de0b81",
|
|
"indicator--59ad62c2-4328-45bb-8fc4-4b2002de0b81",
|
|
"observed-data--59ad62c2-c888-4836-8aba-42dd02de0b81",
|
|
"url--59ad62c2-c888-4836-8aba-42dd02de0b81",
|
|
"indicator--59ad62c3-a8ec-4473-ba1c-4e2a02de0b81",
|
|
"indicator--59ad62c3-88ec-4c40-a181-478202de0b81",
|
|
"observed-data--59ad62c3-ee68-4f06-a1c6-434502de0b81",
|
|
"url--59ad62c3-ee68-4f06-a1c6-434502de0b81",
|
|
"indicator--59ad62c3-3930-41ff-9751-49c502de0b81",
|
|
"indicator--59ad62c3-6c88-4d1a-9813-4d9602de0b81",
|
|
"observed-data--59ad62c3-03e0-43f1-95f6-471102de0b81",
|
|
"url--59ad62c3-03e0-43f1-95f6-471102de0b81",
|
|
"indicator--59ad62c3-eb70-45ad-a5f7-4e9f02de0b81",
|
|
"indicator--59ad62c3-a5f0-481b-9e83-43a202de0b81",
|
|
"observed-data--59ad62c3-0ef0-4bb4-ae89-4dc002de0b81",
|
|
"url--59ad62c3-0ef0-4bb4-ae89-4dc002de0b81",
|
|
"indicator--59ad62c3-e590-4908-9a03-49a002de0b81",
|
|
"indicator--59ad62c3-19b0-4461-9c9a-4fd602de0b81",
|
|
"observed-data--59ad62c3-47a0-4b2c-9adb-43f202de0b81",
|
|
"url--59ad62c3-47a0-4b2c-9adb-43f202de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"malware_classification:malware-category=\"Trojan\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"misp-galaxy:tool=\"Emotet\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad5d47-4e98-460a-94e5-458e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"first_observed": "2017-09-04T14:27:13Z",
|
|
"last_observed": "2017-09-04T14:27:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad5d47-4e98-460a-94e5-458e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad5d47-4e98-460a-94e5-458e950d210f",
|
|
"value": "https://securingtomorrow.mcafee.com/mcafee-labs/emotet-trojan-acts-as-loader-spreads-automatically/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--59ad5d53-4304-4f22-afab-4f4f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Since the middle of July, McAfee has observed new updates of the Emotet, a Trojan that was first discovered in 2014. This malware harvests banking credentials. Early variants used Outlook contact harvesting to spread via malicious spam.\r\n\r\nThe latest variants act as loaders and use several mechanisms to spread over the network and send spam email. They also use techniques to bypass antimalware products and avoid detection. Initial infection vectors are emails containing a link to download a malicious Office document. Once a system is infected, Emotet collects the computer name and running process information, which are encrypted and sent to a control server via a Post request."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5df3-a514-4b67-9a88-423e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:name = 'certtask.exe' AND file:hashes.MD5 = '6c58a58c0d1d27d35e72579ab7dcdf2e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5df3-0000-4df3-9f0e-46b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:name = 'certtask.exe' AND file:hashes.SHA1 = 'beab969a48bb6dd026e70fc514a9f1de1493cc7b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5df3-431c-4d25-9798-47c7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'abc167e74f4da8bc1115fa92f78ef068']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2c-b9c4-40d5-9759-448a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.81.62.54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2c-0e20-4575-9544-4819950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.106.1.205']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2c-62a0-4df9-9306-4143950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.254.40.5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2c-6838-41f6-975c-4f26950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.23.244.244']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-3a40-4582-8c9a-4355950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.160.15.198']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-4408-4429-af9c-43d7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.160.178.17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-ceb8-4290-b128-4bf6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.188.40.189']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-c4d4-4892-b92a-46fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.86.91.232']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-4b30-4be0-a8b7-49dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.134.140.21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-33a0-4d5e-90e0-4d42950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.196.73.150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-86d8-4b8f-b612-4cbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.121.121.72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-6a98-4c1e-a3c5-48a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.187.103.156']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-dcac-458f-adc4-428c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.210.206.25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-1918-46b4-a1ca-4ff5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.79.132.214']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-98b4-41ab-9c08-42cd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.110.224.51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-c454-4967-a809-45c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.166.175.18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-7d1c-48e5-b7b2-4aa0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.138.200.249']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-305c-44d6-88b6-4ab7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.191.233.221']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-c2b0-4c38-a721-4242950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.150.19.63']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-2318-42d1-a5df-4dd1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.21.183.63']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-6ee8-4e75-8331-4cfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.81.128.131']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-ec6c-41f5-a282-4ed5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.230.145.224']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-ac10-4777-8071-4265950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.21.113.151']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-df78-43b3-8e26-494a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.3.75.246']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-c258-4f28-8dc3-49dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.218.156.113']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-0434-4925-9591-430a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '128.31.0.39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-4b80-4621-b689-4472950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '8.253.164.249']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-0784-43c4-96fd-4879950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.81.212.79']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-46d0-4e02-a4d0-4081950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.83.223.34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-be5c-485d-816b-4a4b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.243.126.142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-6828-4aef-a548-4b97950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '207.210.245.164']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-67c4-4764-9333-4ee0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.43.168.206']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-9a98-47d5-8c87-404e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.243.159.58']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e2d-1f2c-4f5f-864c-4dd4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.241.222.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-a604-4b9d-902c-42a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '741f04a17426cf07922b5fcc8ea561fb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-8940-4dd4-847a-4fb9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '12c8365a75dd78a4f01abcce80fbabd6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-dfac-4d68-bf2f-4f49950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1e8fb9592c540b3d08d6a11625c11f29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-c070-4df2-b483-486c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9ae00902d729c271587178d1cbc0e22e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-524c-4355-a4c1-4c6b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'eb93ca04522bfe16e8c2a96bd43828b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-faac-4ef7-ba9a-4c71950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2c2046617bb3c1d9ad98650bc17100c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-76c4-487d-91d5-48f1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '03c66f518dd64e123dd79b68b0eb6a24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-70a4-4181-b5ac-45c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6c58a58c0d1d27d35e72579ab7dcdf2e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-f360-437a-bd7c-4006950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a3227b853fa657cf1a66b4ebed869f5b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-ce88-4da4-aea0-4417950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '56c709681b3c88e22538bcad11c5ebc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-264c-463f-a080-4211950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a7ae7df15f40aa0698896284cf6b283b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-1434-425c-8937-40f1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '158b0960e5024cd3ded8224bd1674c1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-5f78-4e97-9c3a-4036950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5f40e4ddf7ecc2b7c1f02f03b5a6f766']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-1cf0-400f-a1db-4074950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f459a5750fea85db0b21b6fcf6b64687']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad5e3f-8b80-4f6c-a743-4828950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:13.000Z",
|
|
"modified": "2017-09-04T14:27:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b3745eb2919d1441baf59a1278a1d199']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-06ec-49ed-aa28-43b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: beab969a48bb6dd026e70fc514a9f1de1493cc7b",
|
|
"pattern": "[file:hashes.SHA256 = '4bae21211ad857bb303f32e278776d6540e9ae478e3bf5b697ae46575e4234d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-aac4-461d-baa4-47ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-aac4-461d-baa4-47ec02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-aac4-461d-baa4-47ec02de0b81",
|
|
"value": "https://www.virustotal.com/file/4bae21211ad857bb303f32e278776d6540e9ae478e3bf5b697ae46575e4234d0/analysis/1504505197/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-f6b8-47b4-a38c-41ff02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: b3745eb2919d1441baf59a1278a1d199",
|
|
"pattern": "[file:hashes.SHA256 = 'aeb990c5c0cd43c39acef20ad7abaaf608f75c06128948e4a322299b88182e86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-f3e0-4803-832c-4e1902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: b3745eb2919d1441baf59a1278a1d199",
|
|
"pattern": "[file:hashes.SHA1 = '5d304648d2545f1982e02652c0e87a3c3407c025']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-eeb0-4c4d-9c33-42a202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-eeb0-4c4d-9c33-42a202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-eeb0-4c4d-9c33-42a202de0b81",
|
|
"value": "https://www.virustotal.com/file/aeb990c5c0cd43c39acef20ad7abaaf608f75c06128948e4a322299b88182e86/analysis/1504489312/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-9f10-4e8b-92da-45ad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: f459a5750fea85db0b21b6fcf6b64687",
|
|
"pattern": "[file:hashes.SHA256 = 'd038914f2aad2a34c7b2ea196a2f528d4f38b8b6cd2954d248a366b231a34989']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-870c-41a8-ad79-48bd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: f459a5750fea85db0b21b6fcf6b64687",
|
|
"pattern": "[file:hashes.SHA1 = '1a12faf489082cd53722fd48761200855f4eb75f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-e4a4-45fc-a8ac-44bf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-e4a4-45fc-a8ac-44bf02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-e4a4-45fc-a8ac-44bf02de0b81",
|
|
"value": "https://www.virustotal.com/file/d038914f2aad2a34c7b2ea196a2f528d4f38b8b6cd2954d248a366b231a34989/analysis/1504107438/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-8fa8-4705-9650-491902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: 5f40e4ddf7ecc2b7c1f02f03b5a6f766",
|
|
"pattern": "[file:hashes.SHA256 = '8cc5ab5f131ea2026d3bf5cafd8bfc0bcd4ce49dc8fed20dcdaa88e6026814b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-f0fc-4eff-b422-4a8002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: 5f40e4ddf7ecc2b7c1f02f03b5a6f766",
|
|
"pattern": "[file:hashes.SHA1 = '58b011a0f20187ef16df98a1311be0a85d368e4e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-ae40-4537-b15b-4e7c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-ae40-4537-b15b-4e7c02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-ae40-4537-b15b-4e7c02de0b81",
|
|
"value": "https://www.virustotal.com/file/8cc5ab5f131ea2026d3bf5cafd8bfc0bcd4ce49dc8fed20dcdaa88e6026814b4/analysis/1503490939/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-4d04-4afe-8764-465302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: 158b0960e5024cd3ded8224bd1674c1f",
|
|
"pattern": "[file:hashes.SHA256 = '95dd3200bdcd9c9c52a0e2a0b72ce16fd36679a1591a743bb22c50f0bb69bd43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-5cf4-4bf3-92f8-493b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: 158b0960e5024cd3ded8224bd1674c1f",
|
|
"pattern": "[file:hashes.SHA1 = 'c8c7e5ecc43800fcb6522f9ecdb6a9304bef3360']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-f750-4150-b820-4a6a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-f750-4150-b820-4a6a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-f750-4150-b820-4a6a02de0b81",
|
|
"value": "https://www.virustotal.com/file/95dd3200bdcd9c9c52a0e2a0b72ce16fd36679a1591a743bb22c50f0bb69bd43/analysis/1503612909/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-18f0-4d02-834e-496902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: a7ae7df15f40aa0698896284cf6b283b",
|
|
"pattern": "[file:hashes.SHA256 = '3eab67208efa7a6f6f6b8bb0fd7640c2e981e44a822363974e4c2f17ced35cea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-fef0-4bc8-b669-4abb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: a7ae7df15f40aa0698896284cf6b283b",
|
|
"pattern": "[file:hashes.SHA1 = 'bed76a33bce619245c305f27bdccc1a048e4a620']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-3484-4be3-b149-409502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-3484-4be3-b149-409502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-3484-4be3-b149-409502de0b81",
|
|
"value": "https://www.virustotal.com/file/3eab67208efa7a6f6f6b8bb0fd7640c2e981e44a822363974e4c2f17ced35cea/analysis/1504317682/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-08b8-409a-b4e3-49f202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: 56c709681b3c88e22538bcad11c5ebc6",
|
|
"pattern": "[file:hashes.SHA256 = 'b4bc52aabe484d4e77589cfce9cc3cb44b2af313545b8d95a130cfd0be6a8681']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-a004-4e83-a431-4e9802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: 56c709681b3c88e22538bcad11c5ebc6",
|
|
"pattern": "[file:hashes.SHA1 = 'b7d3f83be7f676cd891bafaed191f01d16a9c7d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-e2e8-4a50-a632-4a4002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-e2e8-4a50-a632-4a4002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-e2e8-4a50-a632-4a4002de0b81",
|
|
"value": "https://www.virustotal.com/file/b4bc52aabe484d4e77589cfce9cc3cb44b2af313545b8d95a130cfd0be6a8681/analysis/1504335549/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-1538-4740-aee1-496102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: a3227b853fa657cf1a66b4ebed869f5b",
|
|
"pattern": "[file:hashes.SHA256 = 'a730e696d2c956041fe914565e1a18e0ca7f6817b5490881236b66167578f5f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-b2ec-4f9e-b9ba-46dc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: a3227b853fa657cf1a66b4ebed869f5b",
|
|
"pattern": "[file:hashes.SHA1 = '8ce61ab567b998a996864ff0e27cf5debe641a4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-0b10-4cc9-a5e1-44f102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-0b10-4cc9-a5e1-44f102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-0b10-4cc9-a5e1-44f102de0b81",
|
|
"value": "https://www.virustotal.com/file/a730e696d2c956041fe914565e1a18e0ca7f6817b5490881236b66167578f5f8/analysis/1503487155/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-2358-4f3f-8467-4cdf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: 03c66f518dd64e123dd79b68b0eb6a24",
|
|
"pattern": "[file:hashes.SHA256 = '163278f8c95d8fcaa824f5d5903b54f72d1601d0f3b89e1203ebcc5b688d98ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-d90c-4226-b9b2-413402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: 03c66f518dd64e123dd79b68b0eb6a24",
|
|
"pattern": "[file:hashes.SHA1 = '3868e43aaa64685023420b3f82dacde54e332c84']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-cb8c-4223-9ece-4bdf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-cb8c-4223-9ece-4bdf02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-cb8c-4223-9ece-4bdf02de0b81",
|
|
"value": "https://www.virustotal.com/file/163278f8c95d8fcaa824f5d5903b54f72d1601d0f3b89e1203ebcc5b688d98ed/analysis/1504338958/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-0d58-48b2-8b28-4da302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: 2c2046617bb3c1d9ad98650bc17100c9",
|
|
"pattern": "[file:hashes.SHA256 = '881c5a483e9766e641437df6b2dfa79960ae353b9a90407b6ebf6ae33498edd8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-ab54-4252-b698-473102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: 2c2046617bb3c1d9ad98650bc17100c9",
|
|
"pattern": "[file:hashes.SHA1 = '4fad4c71e08f9933c9961ee606e8f22498797207']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-de48-461a-b61e-4b7a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-de48-461a-b61e-4b7a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-de48-461a-b61e-4b7a02de0b81",
|
|
"value": "https://www.virustotal.com/file/881c5a483e9766e641437df6b2dfa79960ae353b9a90407b6ebf6ae33498edd8/analysis/1504337107/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-ca24-45be-a850-426e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: eb93ca04522bfe16e8c2a96bd43828b4",
|
|
"pattern": "[file:hashes.SHA256 = '9ccbdf2fb651fd46b4ac4437e71f89ddbfbc94d2018e871ccc534746f74e88eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c2-4328-45bb-8fc4-4b2002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"description": "- Xchecked via VT: eb93ca04522bfe16e8c2a96bd43828b4",
|
|
"pattern": "[file:hashes.SHA1 = '5c2048bc23096c32cf6c276aa3d086b0111df1dd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c2-c888-4836-8aba-42dd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:14.000Z",
|
|
"modified": "2017-09-04T14:27:14.000Z",
|
|
"first_observed": "2017-09-04T14:27:14Z",
|
|
"last_observed": "2017-09-04T14:27:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c2-c888-4836-8aba-42dd02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c2-c888-4836-8aba-42dd02de0b81",
|
|
"value": "https://www.virustotal.com/file/9ccbdf2fb651fd46b4ac4437e71f89ddbfbc94d2018e871ccc534746f74e88eb/analysis/1504317666/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c3-a8ec-4473-ba1c-4e2a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"description": "- Xchecked via VT: 9ae00902d729c271587178d1cbc0e22e",
|
|
"pattern": "[file:hashes.SHA256 = '8c610977850dae5f3369865ed1583167556e0fa544b2de651c4ac217621d2dea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c3-88ec-4c40-a181-478202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"description": "- Xchecked via VT: 9ae00902d729c271587178d1cbc0e22e",
|
|
"pattern": "[file:hashes.SHA1 = 'dba92d9d8b4ed8fcc2d3bdb7a5e9868253dc7c7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c3-ee68-4f06-a1c6-434502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"first_observed": "2017-09-04T14:27:15Z",
|
|
"last_observed": "2017-09-04T14:27:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c3-ee68-4f06-a1c6-434502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c3-ee68-4f06-a1c6-434502de0b81",
|
|
"value": "https://www.virustotal.com/file/8c610977850dae5f3369865ed1583167556e0fa544b2de651c4ac217621d2dea/analysis/1504447774/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c3-3930-41ff-9751-49c502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"description": "- Xchecked via VT: 1e8fb9592c540b3d08d6a11625c11f29",
|
|
"pattern": "[file:hashes.SHA256 = 'cc73d5d14ff263f5a364d53d70a3dbc0a5ccddcfbfc325b4912cf00717c62271']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c3-6c88-4d1a-9813-4d9602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"description": "- Xchecked via VT: 1e8fb9592c540b3d08d6a11625c11f29",
|
|
"pattern": "[file:hashes.SHA1 = '5192881ebb293eca74a12bfff4932a310294ad27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c3-03e0-43f1-95f6-471102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"first_observed": "2017-09-04T14:27:15Z",
|
|
"last_observed": "2017-09-04T14:27:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c3-03e0-43f1-95f6-471102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c3-03e0-43f1-95f6-471102de0b81",
|
|
"value": "https://www.virustotal.com/file/cc73d5d14ff263f5a364d53d70a3dbc0a5ccddcfbfc325b4912cf00717c62271/analysis/1504336282/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c3-eb70-45ad-a5f7-4e9f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"description": "- Xchecked via VT: 12c8365a75dd78a4f01abcce80fbabd6",
|
|
"pattern": "[file:hashes.SHA256 = '76f4c1f1fda795e5b0a00be3833787c568cacf5ec6ea3275dc1e6ec2a4e282a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c3-a5f0-481b-9e83-43a202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"description": "- Xchecked via VT: 12c8365a75dd78a4f01abcce80fbabd6",
|
|
"pattern": "[file:hashes.SHA1 = '8169a86173bb4c77aafb7ab903213db55b87500a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c3-0ef0-4bb4-ae89-4dc002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"first_observed": "2017-09-04T14:27:15Z",
|
|
"last_observed": "2017-09-04T14:27:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c3-0ef0-4bb4-ae89-4dc002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c3-0ef0-4bb4-ae89-4dc002de0b81",
|
|
"value": "https://www.virustotal.com/file/76f4c1f1fda795e5b0a00be3833787c568cacf5ec6ea3275dc1e6ec2a4e282a0/analysis/1502182822/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c3-e590-4908-9a03-49a002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"description": "- Xchecked via VT: 741f04a17426cf07922b5fcc8ea561fb",
|
|
"pattern": "[file:hashes.SHA256 = '752c5a1fb7a0e6681639fa737e73ae6aa3a0f3b7973fe3fd59b4b2014bbcd9c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ad62c3-19b0-4461-9c9a-4fd602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"description": "- Xchecked via VT: 741f04a17426cf07922b5fcc8ea561fb",
|
|
"pattern": "[file:hashes.SHA1 = 'b4a3ebc915630f644af225501f04cf604bcad544']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-04T14:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ad62c3-47a0-4b2c-9adb-43f202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-04T14:27:15.000Z",
|
|
"modified": "2017-09-04T14:27:15.000Z",
|
|
"first_observed": "2017-09-04T14:27:15Z",
|
|
"last_observed": "2017-09-04T14:27:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ad62c3-47a0-4b2c-9adb-43f202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ad62c3-47a0-4b2c-9adb-43f202de0b81",
|
|
"value": "https://www.virustotal.com/file/752c5a1fb7a0e6681639fa737e73ae6aa3a0f3b7973fe3fd59b4b2014bbcd9c2/analysis/1504335316/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |