3021 lines
No EOL
128 KiB
JSON
3021 lines
No EOL
128 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--59b23be2-f440-4083-85d5-4e35950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:36.000Z",
|
|
"modified": "2017-09-08T11:42:36.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--59b23be2-f440-4083-85d5-4e35950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:36.000Z",
|
|
"modified": "2017-09-08T11:42:36.000Z",
|
|
"name": "OSINT - Votiro Labs exposed a new hacking campaign targeting Vietnamese organisations using weaponized Word documents",
|
|
"published": "2017-09-08T11:45:01Z",
|
|
"object_refs": [
|
|
"observed-data--59b23c1c-ab7c-4add-8969-46f3950d210f",
|
|
"url--59b23c1c-ab7c-4add-8969-46f3950d210f",
|
|
"x-misp-attribute--59b23c2a-9474-463b-8006-4e80950d210f",
|
|
"indicator--59b23cc0-d194-41aa-b82e-4fe5950d210f",
|
|
"indicator--59b23cc0-42e0-4478-ac9e-41ae950d210f",
|
|
"indicator--59b23cc0-eb50-4ea4-9e20-48d8950d210f",
|
|
"observed-data--59b23ce7-0250-47c5-808e-475c950d210f",
|
|
"url--59b23ce7-0250-47c5-808e-475c950d210f",
|
|
"indicator--59b23d33-16a4-4ad7-8b42-4426950d210f",
|
|
"indicator--59b23d33-f6f8-4296-bef9-469c950d210f",
|
|
"indicator--59b23d33-2590-4f0d-af24-4c89950d210f",
|
|
"indicator--59b23d33-da18-447d-9a6a-4d5c950d210f",
|
|
"indicator--59b23d33-f7f4-4253-9cda-4f4e950d210f",
|
|
"indicator--59b23d33-99fc-4437-9681-4dc2950d210f",
|
|
"indicator--59b23d33-0468-4ef9-bb77-490f950d210f",
|
|
"indicator--59b23d33-d5a4-4540-a35f-4145950d210f",
|
|
"indicator--59b23d33-80a8-4743-8f36-47f8950d210f",
|
|
"indicator--59b23d33-2f94-486f-810b-4f94950d210f",
|
|
"indicator--59b23d33-9f9c-458e-bd02-40c8950d210f",
|
|
"indicator--59b23d33-8874-482d-ba15-42ad950d210f",
|
|
"indicator--59b23daf-d7b0-4780-9824-4f09950d210f",
|
|
"indicator--59b23db0-3ae8-449a-ad09-4755950d210f",
|
|
"indicator--59b23db0-361c-4b3d-b79f-44b5950d210f",
|
|
"indicator--59b23db0-8298-4fad-b3a0-455a950d210f",
|
|
"indicator--59b23db0-f87c-463e-8e92-4142950d210f",
|
|
"indicator--59b23db0-2e50-4c4b-be11-449b950d210f",
|
|
"indicator--59b23dbd-a6b0-4af8-bc8f-42e1950d210f",
|
|
"indicator--59b23dbd-76b0-45b6-8bea-413d950d210f",
|
|
"indicator--59b23dbd-c388-48b7-8b7d-4431950d210f",
|
|
"indicator--59b23dbd-516c-48b3-9a7a-4364950d210f",
|
|
"indicator--59b23dbd-4264-46bc-a7c3-4f25950d210f",
|
|
"indicator--59b23dbd-704c-48b0-8f60-4d80950d210f",
|
|
"indicator--59b23dbd-51a4-47ce-bae3-4bb7950d210f",
|
|
"indicator--59b23dbd-b254-48bf-ad72-4028950d210f",
|
|
"indicator--59b23dbd-8af0-44cf-81af-4f24950d210f",
|
|
"indicator--59b23dbd-2570-4f52-8905-4528950d210f",
|
|
"indicator--59b23dbd-83c8-4e79-8a9c-41ea950d210f",
|
|
"indicator--59b23dbd-3298-4bf1-b083-4a9f950d210f",
|
|
"indicator--59b23dd3-90f8-407d-ad0f-4ee2950d210f",
|
|
"indicator--59b23f2c-b950-4e65-87c1-4c8b950d210f",
|
|
"indicator--59b23f2d-c0b8-4fa9-bb9c-4b47950d210f",
|
|
"indicator--59b23f2d-6360-49ba-8f4d-40f3950d210f",
|
|
"indicator--59b23f2d-6358-4119-a390-4a8a950d210f",
|
|
"indicator--59b23f2d-d888-4146-a8bd-4f3e950d210f",
|
|
"indicator--59b23f2d-d240-42bb-8c43-48ec950d210f",
|
|
"indicator--59b23f2d-207c-4334-83ad-40de950d210f",
|
|
"indicator--59b23f2d-3eec-457a-affd-4a73950d210f",
|
|
"indicator--59b23f2d-8ad0-4ca6-ab40-4cb0950d210f",
|
|
"indicator--59b23f2d-0e90-4e06-9ec1-417d950d210f",
|
|
"indicator--59b23f2d-982c-43a4-858d-4e83950d210f",
|
|
"indicator--59b23f2d-89f0-49b0-9161-4fe4950d210f",
|
|
"indicator--59b23f2d-1dd8-427d-850d-4bef950d210f",
|
|
"indicator--59b23f2d-d5f0-4df2-8add-4e02950d210f",
|
|
"indicator--59b23f2d-9b50-48ac-ae5c-4bb2950d210f",
|
|
"indicator--59b23f2d-0214-41cb-b9f3-44c1950d210f",
|
|
"indicator--59b23f2d-b87c-4856-a19c-473c950d210f",
|
|
"indicator--59b23f2d-1c78-4200-b9c8-4ec5950d210f",
|
|
"indicator--59b23f2d-a20c-4827-8553-4b48950d210f",
|
|
"indicator--59b23f2d-2564-41dd-b2b7-49fc950d210f",
|
|
"indicator--59b28227-1bd0-4a00-9eb7-4e3a02de0b81",
|
|
"indicator--59b28227-64fc-42f7-8dd9-48d702de0b81",
|
|
"observed-data--59b28227-3894-4a03-b7c1-49f902de0b81",
|
|
"url--59b28227-3894-4a03-b7c1-49f902de0b81",
|
|
"indicator--59b28227-c578-4a2e-a9ee-4c6c02de0b81",
|
|
"indicator--59b28227-bd24-40d1-97a3-44f102de0b81",
|
|
"observed-data--59b28227-d85c-4929-92e8-41ec02de0b81",
|
|
"url--59b28227-d85c-4929-92e8-41ec02de0b81",
|
|
"indicator--59b28227-49a8-4e88-87cf-4acc02de0b81",
|
|
"indicator--59b28227-c7d8-4de1-8e6a-440202de0b81",
|
|
"observed-data--59b28227-ca2c-4ff9-b544-4fd602de0b81",
|
|
"url--59b28227-ca2c-4ff9-b544-4fd602de0b81",
|
|
"indicator--59b28227-489c-49df-9311-417502de0b81",
|
|
"indicator--59b28227-b640-4636-aff3-413e02de0b81",
|
|
"observed-data--59b28227-88d0-403f-a374-4c0f02de0b81",
|
|
"url--59b28227-88d0-403f-a374-4c0f02de0b81",
|
|
"indicator--59b28227-2dac-4768-97cc-4d7802de0b81",
|
|
"indicator--59b28227-77e8-4ca0-8f2f-4a1c02de0b81",
|
|
"observed-data--59b28227-3ec0-432d-b0cf-418602de0b81",
|
|
"url--59b28227-3ec0-432d-b0cf-418602de0b81",
|
|
"indicator--59b28227-7768-4ca9-9b7c-48c002de0b81",
|
|
"indicator--59b28227-83c8-4ad8-adfa-4eec02de0b81",
|
|
"observed-data--59b28227-7b10-41f9-a474-4fa702de0b81",
|
|
"url--59b28227-7b10-41f9-a474-4fa702de0b81",
|
|
"indicator--59b28227-c7a4-4116-a5c1-4a7a02de0b81",
|
|
"indicator--59b28227-b5b0-41da-bccb-450c02de0b81",
|
|
"observed-data--59b28227-51f4-4740-b91f-487d02de0b81",
|
|
"url--59b28227-51f4-4740-b91f-487d02de0b81",
|
|
"indicator--59b28227-d790-4e24-9d0f-498102de0b81",
|
|
"indicator--59b28227-2e70-4d38-baf7-4f8202de0b81",
|
|
"observed-data--59b28227-87e8-491e-b205-4cad02de0b81",
|
|
"url--59b28227-87e8-491e-b205-4cad02de0b81",
|
|
"indicator--59b28227-4728-4062-942d-4bca02de0b81",
|
|
"indicator--59b28227-b2d8-4694-90d6-4fbe02de0b81",
|
|
"observed-data--59b28227-b768-469b-aaca-4aac02de0b81",
|
|
"url--59b28227-b768-469b-aaca-4aac02de0b81",
|
|
"indicator--59b28227-0c0c-4ac0-9351-409402de0b81",
|
|
"indicator--59b28227-790c-41f5-8b37-430a02de0b81",
|
|
"observed-data--59b28227-487c-43b5-be94-4bcb02de0b81",
|
|
"url--59b28227-487c-43b5-be94-4bcb02de0b81",
|
|
"indicator--59b28227-ebec-453b-b977-489502de0b81",
|
|
"indicator--59b28227-4b1c-41de-a994-4c9302de0b81",
|
|
"observed-data--59b28227-8ae8-406a-b60b-449a02de0b81",
|
|
"url--59b28227-8ae8-406a-b60b-449a02de0b81",
|
|
"indicator--59b28227-91f4-4f14-bffa-461402de0b81",
|
|
"indicator--59b28227-5d7c-45ac-ad95-458602de0b81",
|
|
"observed-data--59b28227-d698-423d-967e-4ce802de0b81",
|
|
"url--59b28227-d698-423d-967e-4ce802de0b81",
|
|
"indicator--59b28227-07d4-4785-a161-474b02de0b81",
|
|
"indicator--59b28227-13f4-495f-9729-4fb002de0b81",
|
|
"observed-data--59b28227-7e38-45b2-a53a-4bfa02de0b81",
|
|
"url--59b28227-7e38-45b2-a53a-4bfa02de0b81",
|
|
"indicator--59b28227-bf14-4971-93b1-4c9302de0b81",
|
|
"indicator--59b28227-99fc-46ee-bf42-457c02de0b81",
|
|
"observed-data--59b28227-09b8-47a3-a5b4-4a8302de0b81",
|
|
"url--59b28227-09b8-47a3-a5b4-4a8302de0b81",
|
|
"indicator--59b28227-564c-4ffa-9632-40d302de0b81",
|
|
"indicator--59b28227-7dc4-4847-bb7a-46a402de0b81",
|
|
"observed-data--59b28227-3178-480a-a988-421502de0b81",
|
|
"url--59b28227-3178-480a-a988-421502de0b81",
|
|
"indicator--59b28227-989c-4a09-8a50-451602de0b81",
|
|
"indicator--59b28227-087c-4552-8b1e-4a6402de0b81",
|
|
"observed-data--59b28227-5830-4260-801c-415f02de0b81",
|
|
"url--59b28227-5830-4260-801c-415f02de0b81",
|
|
"indicator--59b28227-b91c-4a4e-b633-419a02de0b81",
|
|
"indicator--59b28227-eee4-467f-89d8-4f3e02de0b81",
|
|
"observed-data--59b28227-b35c-426d-8612-45aa02de0b81",
|
|
"url--59b28227-b35c-426d-8612-45aa02de0b81",
|
|
"indicator--59b28227-191c-4bca-aa92-469502de0b81",
|
|
"indicator--59b28227-21ac-4633-9e1a-4cdb02de0b81",
|
|
"observed-data--59b28227-3d24-49fd-ad90-4db002de0b81",
|
|
"url--59b28227-3d24-49fd-ad90-4db002de0b81",
|
|
"indicator--59b28227-51bc-4037-a99c-465302de0b81",
|
|
"indicator--59b28227-c578-42ee-bf7f-44ac02de0b81",
|
|
"observed-data--59b28227-1650-419b-9f6a-4d7302de0b81",
|
|
"url--59b28227-1650-419b-9f6a-4d7302de0b81",
|
|
"indicator--59b28227-e21c-4b0a-aa16-42c402de0b81",
|
|
"indicator--59b28227-6624-4757-8f2e-4c1602de0b81",
|
|
"observed-data--59b28227-c3c4-4814-9b0a-40ef02de0b81",
|
|
"url--59b28227-c3c4-4814-9b0a-40ef02de0b81",
|
|
"indicator--59b28227-0224-4874-9d84-450502de0b81",
|
|
"indicator--59b28227-7ff0-45e2-a605-4ed802de0b81",
|
|
"observed-data--59b28227-0e64-4103-8bac-42ae02de0b81",
|
|
"url--59b28227-0e64-4103-8bac-42ae02de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b23c1c-ab7c-4add-8969-46f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"first_observed": "2017-09-08T11:42:30Z",
|
|
"last_observed": "2017-09-08T11:42:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b23c1c-ab7c-4add-8969-46f3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b23c1c-ab7c-4add-8969-46f3950d210f",
|
|
"value": "https://www.votiro.com/single-post/2017/08/23/Votiro-Labs-exposed-a-new-hacking-campaign-targeting-Vietnamese-organisations-using-a-weaponized-Word-documents"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--59b23c2a-9474-463b-8006-4e80950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Over the last few weeks, we collaborated with ClearSky and uncovered several indicators that were researched and found to be related to a new hacking campaign targeting large Vietnamese organisations. This campaign was found to be connected to the same party which previously targeted Vietnam Airlines and some other high profile targets possibly led by the Chinese 1937CN group. In this post we will review the research results of Votiro Labs and ClearSky, the weaponized documents and campaign infrastructure."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23cc0-d194-41aa-b82e-4fe5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = '2017_08_03_Th\u00c3\u00b4ng b\u00c3\u00a1o t\u00e1\u00bb\u2022 ch\u00e1\u00bb\u00a9c thi \u00c4\u2018\u00e1\u00ba\u00a5u m\u00c3\u00b4n Tennis v\u00c3\u00a0 b\u00c3\u00b3ng b\u00c3\u00a0n gi\u00e1\u00ba\u00a3i C\u00c4\u0090TTTT.doc' AND file:hashes.MD5 = '58c4d4e0aaefe4c5493243c877bbbe74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23cc0-42e0-4478-ac9e-41ae950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = '517_CV-DU 10.8 sao gui CV 950-CV-BTCTW 18.5 sao g\u00e1\u00bb\u00adi v\u00c4\u0192n b\u00e1\u00ba\u00a3n x\u00c3\u00a1c \u00c4\u2018\u00e1\u00bb\u2039nh t\u00c6\u00b0\u00c6\u00a1ng \u00c4\u2018\u00c6\u00b0\u00c6\u00a1ng tr\u00c3\u00acnh \u00c4\u2018\u00e1\u00bb\u2122 cao c\u00e1\u00ba\u00a5p l\u00c3\u00bd lu\u00e1\u00ba\u00adn ch\u00c3\u00adnh tr\u00e1\u00bb\u2039.doc' AND file:hashes.MD5 = 'b147314203f74fdda266805cf6f84876']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23cc0-eb50-4ea4-9e20-48d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Goopdate.dll' AND file:hashes.MD5 = 'c3e9c9e99ed1b1116aaa9f93a36824ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b23ce7-0250-47c5-808e-475c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"first_observed": "2017-09-08T11:42:30Z",
|
|
"last_observed": "2017-09-08T11:42:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b23ce7-0250-47c5-808e-475c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b23ce7-0250-47c5-808e-475c950d210f",
|
|
"value": "https://www.virustotal.com/en/file/9cebae97a067cd7c2be50d7fd8afe5e9cf935c11914a1ab5ff59e91c1e7e5fc4/analysis/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-16a4-4ad7-8b42-4426950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'hanoi.danang.dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-f6f8-4296-bef9-469c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'dalat.dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-2590-4f0d-af24-4c89950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[file:name = 'hanoi.dulichovietnam.net\u00d7\u201c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-da18-447d-9a6a-4d5c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'danang.dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-f7f4-4253-9cda-4f4e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'dalat.hanoi.dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-99fc-4437-9681-4dc2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'hanoi.hanoi.dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-0468-4ef9-bb77-490f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'danang.danang.dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-d5a4-4540-a35f-4145950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'danang.dalat.dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-80a8-4743-8f36-47f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'danang.hanoi.dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-2f94-486f-810b-4f94950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'dalat.dalat.dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-9f9c-458e-bd02-40c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'hanoi.dalat.dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23d33-8874-482d-ba15-42ad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"description": "dulichovietnam.net subdomain",
|
|
"pattern": "[domain-name:value = 'dulichovietnam.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23daf-d7b0-4780-9824-4f09950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.58.179.202']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23db0-3ae8-449a-ad09-4755950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.58.176.46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23db0-361c-4b3d-b79f-44b5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.42.254.112']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23db0-8298-4fad-b3a0-455a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.154.125.145']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23db0-f87c-463e-8e92-4142950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.223.165.165']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23db0-2e50-4c4b-be11-449b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.251.29.40']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-a6b0-4af8-bc8f-42e1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'anh.phimhainhat.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-76b0-45b6-8bea-413d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'data.dcsvn.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-c388-48b7-8b7d-4431950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'data.phimnoi.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-516c-48b3-9a7a-4364950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'dav.thanhnlen.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-4264-46bc-a7c3-4f25950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'home.phimnoi.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-704c-48b0-8f60-4d80950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'home.vietnamplos.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-51a4-47ce-bae3-4bb7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'login.phimhainhat.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-b254-48bf-ad72-4028950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'login.phimnoi.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-8af0-44cf-81af-4f24950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'my.phimhainhat.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-2570-4f52-8905-4528950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'news.phapluats.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-83c8-4e79-8a9c-41ea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'news.vietnannet.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dbd-3298-4bf1-b083-4a9f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'vietnam.phimhainhat.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23dd3-90f8-407d-ad0f-4ee2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[domain-name:value = 'dcsvn.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2c-b950-4e65-87c1-4c8b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = '17_CV-DU 10.8 sao gui CV 950-CV-BTCTW 18.5 sao g\u00e1\u00bb\u00adi v\u00c4\u0192n b\u00e1\u00ba\u00a3n x\u00c3\u00a1c \u00c4\u2018\u00e1\u00bb\u2039nh t\u00c6\u00b0\u00c6\u00a1ng \u00c4\u2018\u00c6\u00b0\u00c6\u00a1ng tr\u00c3\u00acnh \u00c4\u2018\u00e1\u00bb\u2122 cao c\u00e1\u00ba\u00a5p l\u00c3\u00bd lu\u00e1\u00ba\u00adn ch\u00c3\u00adnh tr\u00e1\u00bb\u2039.doc' AND file:hashes.MD5 = 'b147314203f74fdda266805cf6f84876']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-c0b8-4fa9-bb9c-4b47950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = '2017_08_03_Thng bo t chc thi u mn Tennis v bng bn gii CTTTT.doc' AND file:hashes.MD5 = '58c4d4e0aaefe4c5493243c877bbbe74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-6360-49ba-8f4d-40f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Kim Jong Un lm Bc Kinh mt n, mt ng .doc' AND file:hashes.MD5 = '3975c3ae679aff3e0d0db5622b6c31a5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-6358-4119-a390-4a8a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'KS_ATTT_2017.doc' AND file:hashes.MD5 = 'a64264e872f551b0b0140603293c24c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-d888-4146-a8bd-4f3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'nhatdoinhatlo(TOAN VAN).doc' AND file:hashes.MD5 = '4965b96bef1353006008d55e178e72b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-d240-42bb-8c43-48ec950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'K hoch kim tra kho st Quyt nh 221 - BBT.doc' AND file:hashes.MD5 = '2cb51010abee4dee8aec5e16f2982e8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-207c-4334-83ad-40de950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'XY DNG PHONG CCH NGI CNG AN NHN DN.doc, BC.doc' AND file:hashes.MD5 = 'b5e473936d325b79d463e9f46602254b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-3eec-457a-affd-4a73950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Biu mu kim tra, gim st- nm 2017(s dng ti cc chi b).doc' AND file:hashes.MD5 = 'e58c41231eeba4952c03038d585ecca3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-8ad0-4ca6-ab40-4cb0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Tai Liu Phong Chng DBHB.doc' AND file:hashes.MD5 = '9fab515721ce1123e065497e6c854fd3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-0e90-4e06-9ec1-417d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'm bo an ton APEC 2017.doc' AND file:hashes.MD5 = '0f1d8c43863231a3fe86c62894aa48e4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-982c-43a4-858d-4e83950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Gii thiu cng ty Huawei.doc' AND file:hashes.MD5 = 'cd718baf0ec7284769c8f65dadde8bae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-89f0-49b0-9161-4fe4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Gioi Thieu Alibaba Group in VN Dec 2016.doc' AND file:hashes.MD5 = '7a618059557654214a1ba2370a48b887']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-1dd8-427d-850d-4bef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'De tai cuong quoc bien TQ.doc' AND file:hashes.MD5 = '6b44a8f4dcd0802a2cb6275d97362fb2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-d5f0-4df2-8add-4e02950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Bo co cho cuc gp tng b th thng 1 nm 2017.doc' AND file:hashes.MD5 = '7a95abdf426144aa5305f1a59247f9aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-9b50-48ac-ae5c-4bb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Yu cu gi bi v bnh chn bi vit hay.doc' AND file:hashes.MD5 = '850172afad42dcfeb87af969f65759a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-0214-41cb-b9f3-44c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Chuyn giao quyn i din ch s hu vn nh nc v SCIC.doc' AND file:hashes.MD5 = 'e27e1759081284db15da140132bbd79f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-b87c-4856-a19c-473c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Gop y phieu ghi y kien.doc' AND file:hashes.MD5 = 'e27026fdaa4c118b9dac9592a0ea2003']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-1c78-4200-b9c8-4ec5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'K hoch tng lng, ngh Tt nm 2017.doc' AND file:hashes.MD5 = '4e78b1b95056c188753a8f79b2a41f0f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-a20c-4827-8553-4b48950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'Danh sch ngi Vit ti h s Panama.doc' AND file:hashes.MD5 = 'f1a8aadb10a3c5c192b6d06d9699c276']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b23f2d-2564-41dd-b2b7-49fc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:30.000Z",
|
|
"modified": "2017-09-08T11:42:30.000Z",
|
|
"pattern": "[file:name = 'danh sch ban CT.doc' AND file:hashes.MD5 = '46c522cba5ce9d837f983206441bbd5b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename|md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-1bd0-4a00-9eb7-4e3a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 46c522cba5ce9d837f983206441bbd5b",
|
|
"pattern": "[file:hashes.SHA256 = 'c5042912272a2977577ee41c5d5d747cbc39b68df4dfe44fbf79c6184ab11896']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-64fc-42f7-8dd9-48d702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 46c522cba5ce9d837f983206441bbd5b",
|
|
"pattern": "[file:hashes.SHA1 = '7c2ac162878f05e5c49f2c4d9cc34ad945803d7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-3894-4a03-b7c1-49f902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-3894-4a03-b7c1-49f902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-3894-4a03-b7c1-49f902de0b81",
|
|
"value": "https://www.virustotal.com/file/c5042912272a2977577ee41c5d5d747cbc39b68df4dfe44fbf79c6184ab11896/analysis/1503607934/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-c578-4a2e-a9ee-4c6c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: f1a8aadb10a3c5c192b6d06d9699c276",
|
|
"pattern": "[file:hashes.SHA256 = '52638a6f90084dc547c8b701bb0cbf7b7e7bb0bf3fecdb1809e37e45b4af8c37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-bd24-40d1-97a3-44f102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: f1a8aadb10a3c5c192b6d06d9699c276",
|
|
"pattern": "[file:hashes.SHA1 = '9b5be449e9191c079a78cef33c1f6cd2802b9895']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-d85c-4929-92e8-41ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-d85c-4929-92e8-41ec02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-d85c-4929-92e8-41ec02de0b81",
|
|
"value": "https://www.virustotal.com/file/52638a6f90084dc547c8b701bb0cbf7b7e7bb0bf3fecdb1809e37e45b4af8c37/analysis/1503607934/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-49a8-4e88-87cf-4acc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 4e78b1b95056c188753a8f79b2a41f0f",
|
|
"pattern": "[file:hashes.SHA256 = '9eee7f6ab649d60485eaaf042a4830ba19a8fc6731b3c2b58f7ac94dc7f5d150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-c7d8-4de1-8e6a-440202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 4e78b1b95056c188753a8f79b2a41f0f",
|
|
"pattern": "[file:hashes.SHA1 = '95ee6071cf8dde4861e68e28d05acf444491e66e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-ca2c-4ff9-b544-4fd602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-ca2c-4ff9-b544-4fd602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-ca2c-4ff9-b544-4fd602de0b81",
|
|
"value": "https://www.virustotal.com/file/9eee7f6ab649d60485eaaf042a4830ba19a8fc6731b3c2b58f7ac94dc7f5d150/analysis/1503607934/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-489c-49df-9311-417502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: e27026fdaa4c118b9dac9592a0ea2003",
|
|
"pattern": "[file:hashes.SHA256 = '54285d3db6cee82ee40f512ff123661b158e2f621e08707320619413f1b69cec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-b640-4636-aff3-413e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: e27026fdaa4c118b9dac9592a0ea2003",
|
|
"pattern": "[file:hashes.SHA1 = 'ab479fbd7e25b32f4e04b262816a5886be3f5cd7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-88d0-403f-a374-4c0f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-88d0-403f-a374-4c0f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-88d0-403f-a374-4c0f02de0b81",
|
|
"value": "https://www.virustotal.com/file/54285d3db6cee82ee40f512ff123661b158e2f621e08707320619413f1b69cec/analysis/1503607933/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-2dac-4768-97cc-4d7802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: e27e1759081284db15da140132bbd79f",
|
|
"pattern": "[file:hashes.SHA256 = '4d1d2b2df13c47cd0dddfee035191ec31a87e9e1e203290da47aa5d945c158d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-77e8-4ca0-8f2f-4a1c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: e27e1759081284db15da140132bbd79f",
|
|
"pattern": "[file:hashes.SHA1 = 'b5b9bcebb4fd64572b96714a16dae67d80d2dc19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-3ec0-432d-b0cf-418602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-3ec0-432d-b0cf-418602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-3ec0-432d-b0cf-418602de0b81",
|
|
"value": "https://www.virustotal.com/file/4d1d2b2df13c47cd0dddfee035191ec31a87e9e1e203290da47aa5d945c158d0/analysis/1503607933/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-7768-4ca9-9b7c-48c002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 850172afad42dcfeb87af969f65759a6",
|
|
"pattern": "[file:hashes.SHA256 = 'f830b1331f1f49dea56fc1198115b779bc8e24d883e3fb2caa080e80601d0211']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-83c8-4ad8-adfa-4eec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 850172afad42dcfeb87af969f65759a6",
|
|
"pattern": "[file:hashes.SHA1 = '93e5aa15d65b39bd4ba1c52d9d5e47df35a56015']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-7b10-41f9-a474-4fa702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-7b10-41f9-a474-4fa702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-7b10-41f9-a474-4fa702de0b81",
|
|
"value": "https://www.virustotal.com/file/f830b1331f1f49dea56fc1198115b779bc8e24d883e3fb2caa080e80601d0211/analysis/1503607933/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-c7a4-4116-a5c1-4a7a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 7a95abdf426144aa5305f1a59247f9aa",
|
|
"pattern": "[file:hashes.SHA256 = 'efb14d8b1f30b4e9969cffb289929ed84b8e9208ce832d5945ad59ea4d8f3ae3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-b5b0-41da-bccb-450c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 7a95abdf426144aa5305f1a59247f9aa",
|
|
"pattern": "[file:hashes.SHA1 = 'c31b516aaadf2bc5c82f339ba9979c45c3256217']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-51f4-4740-b91f-487d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-51f4-4740-b91f-487d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-51f4-4740-b91f-487d02de0b81",
|
|
"value": "https://www.virustotal.com/file/efb14d8b1f30b4e9969cffb289929ed84b8e9208ce832d5945ad59ea4d8f3ae3/analysis/1503607932/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-d790-4e24-9d0f-498102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 6b44a8f4dcd0802a2cb6275d97362fb2",
|
|
"pattern": "[file:hashes.SHA256 = 'e8181f199706e0f1c2158b1a0d16d2a899a1e5caf012554fbd9a7a6faca0dff6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-2e70-4d38-baf7-4f8202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 6b44a8f4dcd0802a2cb6275d97362fb2",
|
|
"pattern": "[file:hashes.SHA1 = '3613b7e444986f07c38116d2e610b54c85863ffe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-87e8-491e-b205-4cad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-87e8-491e-b205-4cad02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-87e8-491e-b205-4cad02de0b81",
|
|
"value": "https://www.virustotal.com/file/e8181f199706e0f1c2158b1a0d16d2a899a1e5caf012554fbd9a7a6faca0dff6/analysis/1503607932/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-4728-4062-942d-4bca02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 7a618059557654214a1ba2370a48b887",
|
|
"pattern": "[file:hashes.SHA256 = '862e8a52d07df75f75a21785999bc2a2ad4b6816cadb0bb853dba0415903726c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-b2d8-4694-90d6-4fbe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 7a618059557654214a1ba2370a48b887",
|
|
"pattern": "[file:hashes.SHA1 = '8614940ee0d7ae2cc11eaccb6eafe380b598c409']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-b768-469b-aaca-4aac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-b768-469b-aaca-4aac02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-b768-469b-aaca-4aac02de0b81",
|
|
"value": "https://www.virustotal.com/file/862e8a52d07df75f75a21785999bc2a2ad4b6816cadb0bb853dba0415903726c/analysis/1494033988/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-0c0c-4ac0-9351-409402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: cd718baf0ec7284769c8f65dadde8bae",
|
|
"pattern": "[file:hashes.SHA256 = '1e072e0153fe964a3699b6f8f183d70a33774199af0ff1f971a5f1dc0008bcba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-790c-41f5-8b37-430a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: cd718baf0ec7284769c8f65dadde8bae",
|
|
"pattern": "[file:hashes.SHA1 = 'd0df24da6237009c8c10ba6a9b77d82fb30a8eeb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-487c-43b5-be94-4bcb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-487c-43b5-be94-4bcb02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-487c-43b5-be94-4bcb02de0b81",
|
|
"value": "https://www.virustotal.com/file/1e072e0153fe964a3699b6f8f183d70a33774199af0ff1f971a5f1dc0008bcba/analysis/1503607932/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-ebec-453b-b977-489502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 0f1d8c43863231a3fe86c62894aa48e4",
|
|
"pattern": "[file:hashes.SHA256 = '099627735a52b6998d820fa89adfb110d30dd586b3bafff55be2a4fce6f7d5ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-4b1c-41de-a994-4c9302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 0f1d8c43863231a3fe86c62894aa48e4",
|
|
"pattern": "[file:hashes.SHA1 = '79d6b55f271f1d38ec3d9074295afa9b41f2154d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-8ae8-406a-b60b-449a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-8ae8-406a-b60b-449a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-8ae8-406a-b60b-449a02de0b81",
|
|
"value": "https://www.virustotal.com/file/099627735a52b6998d820fa89adfb110d30dd586b3bafff55be2a4fce6f7d5ee/analysis/1492670051/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-91f4-4f14-bffa-461402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 9fab515721ce1123e065497e6c854fd3",
|
|
"pattern": "[file:hashes.SHA256 = '2c531ed13fb12dbd649dcfbf56a41a7e530040943b69322c7f15cec4ddab78df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-5d7c-45ac-ad95-458602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 9fab515721ce1123e065497e6c854fd3",
|
|
"pattern": "[file:hashes.SHA1 = 'd7589920f5f88ab49568b06e796059979176b6bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-d698-423d-967e-4ce802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-d698-423d-967e-4ce802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-d698-423d-967e-4ce802de0b81",
|
|
"value": "https://www.virustotal.com/file/2c531ed13fb12dbd649dcfbf56a41a7e530040943b69322c7f15cec4ddab78df/analysis/1493601780/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-07d4-4785-a161-474b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: e58c41231eeba4952c03038d585ecca3",
|
|
"pattern": "[file:hashes.SHA256 = '9587fc6d04090991402e4ebdecc78326c982fd2535012afa5539fa1568b8f7a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-13f4-495f-9729-4fb002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: e58c41231eeba4952c03038d585ecca3",
|
|
"pattern": "[file:hashes.SHA1 = '2b27ca2365a67fa35e5888c472105280081edcab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-7e38-45b2-a53a-4bfa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-7e38-45b2-a53a-4bfa02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-7e38-45b2-a53a-4bfa02de0b81",
|
|
"value": "https://www.virustotal.com/file/9587fc6d04090991402e4ebdecc78326c982fd2535012afa5539fa1568b8f7a0/analysis/1493429244/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-bf14-4971-93b1-4c9302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: b5e473936d325b79d463e9f46602254b",
|
|
"pattern": "[file:hashes.SHA256 = 'a502b4ad425feabc0d68a994628956ae235cc6be2de86446137dfcc13ec8ab6a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-99fc-46ee-bf42-457c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: b5e473936d325b79d463e9f46602254b",
|
|
"pattern": "[file:hashes.SHA1 = '02227ab65f98be405407273cbb291480630c090e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-09b8-47a3-a5b4-4a8302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-09b8-47a3-a5b4-4a8302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-09b8-47a3-a5b4-4a8302de0b81",
|
|
"value": "https://www.virustotal.com/file/a502b4ad425feabc0d68a994628956ae235cc6be2de86446137dfcc13ec8ab6a/analysis/1493429421/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-564c-4ffa-9632-40d302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 2cb51010abee4dee8aec5e16f2982e8f",
|
|
"pattern": "[file:hashes.SHA256 = '2718e266802959ff3930188e4796ae4661cbb79c5249691d2a8ffbbf9e2c7e2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-7dc4-4847-bb7a-46a402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 2cb51010abee4dee8aec5e16f2982e8f",
|
|
"pattern": "[file:hashes.SHA1 = '943b771e002a2431a160ece7afd559ad000aa679']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-3178-480a-a988-421502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-3178-480a-a988-421502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-3178-480a-a988-421502de0b81",
|
|
"value": "https://www.virustotal.com/file/2718e266802959ff3930188e4796ae4661cbb79c5249691d2a8ffbbf9e2c7e2a/analysis/1494376965/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-989c-4a09-8a50-451602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 4965b96bef1353006008d55e178e72b0",
|
|
"pattern": "[file:hashes.SHA256 = 'f5c0c928eeea0ab0f5d33b91e5b81e1ea1ea04bb1abd9a0d213c67763dcbdc4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-087c-4552-8b1e-4a6402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 4965b96bef1353006008d55e178e72b0",
|
|
"pattern": "[file:hashes.SHA1 = '940b7e7f2a0da6a94d991239d2116b4fea5cb0be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-5830-4260-801c-415f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-5830-4260-801c-415f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-5830-4260-801c-415f02de0b81",
|
|
"value": "https://www.virustotal.com/file/f5c0c928eeea0ab0f5d33b91e5b81e1ea1ea04bb1abd9a0d213c67763dcbdc4c/analysis/1495848754/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-b91c-4a4e-b633-419a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: a64264e872f551b0b0140603293c24c7",
|
|
"pattern": "[file:hashes.SHA256 = '4fe949b7834e2ed7abdda6583b9dd97c232aeb5cc403ec9d0beb576f7ca3cec8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-eee4-467f-89d8-4f3e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: a64264e872f551b0b0140603293c24c7",
|
|
"pattern": "[file:hashes.SHA1 = 'ffeff0b7fa768d28fd4f8f740fb5bae1f327e20b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-b35c-426d-8612-45aa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-b35c-426d-8612-45aa02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-b35c-426d-8612-45aa02de0b81",
|
|
"value": "https://www.virustotal.com/file/4fe949b7834e2ed7abdda6583b9dd97c232aeb5cc403ec9d0beb576f7ca3cec8/analysis/1497498716/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-191c-4bca-aa92-469502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 3975c3ae679aff3e0d0db5622b6c31a5",
|
|
"pattern": "[file:hashes.SHA256 = '6ebdd1bc7c99fd0a123618f008aa49f766da9d2fd239033995e34a21a82753f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-21ac-4633-9e1a-4cdb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 3975c3ae679aff3e0d0db5622b6c31a5",
|
|
"pattern": "[file:hashes.SHA1 = '2a573176724b918ba073cae197b5e08a28f80507']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-3d24-49fd-ad90-4db002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-3d24-49fd-ad90-4db002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-3d24-49fd-ad90-4db002de0b81",
|
|
"value": "https://www.virustotal.com/file/6ebdd1bc7c99fd0a123618f008aa49f766da9d2fd239033995e34a21a82753f7/analysis/1495206672/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-51bc-4037-a99c-465302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 58c4d4e0aaefe4c5493243c877bbbe74",
|
|
"pattern": "[file:hashes.SHA256 = 'f6a4bab7d5664d7802f1007daa04ae71e0e2b829cd06faa9b93a465546837eb4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-c578-42ee-bf7f-44ac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: 58c4d4e0aaefe4c5493243c877bbbe74",
|
|
"pattern": "[file:hashes.SHA1 = '0ef1f16d230ea2f5908948f852e81812faa66383']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-1650-419b-9f6a-4d7302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-1650-419b-9f6a-4d7302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-1650-419b-9f6a-4d7302de0b81",
|
|
"value": "https://www.virustotal.com/file/f6a4bab7d5664d7802f1007daa04ae71e0e2b829cd06faa9b93a465546837eb4/analysis/1504774170/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-e21c-4b0a-aa16-42c402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: b147314203f74fdda266805cf6f84876",
|
|
"pattern": "[file:hashes.SHA256 = '5bdbf536e12c9150d15ae4af2d825ff2ec432d5147b0c3404c5d24655d9ebe52']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-6624-4757-8f2e-4c1602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: b147314203f74fdda266805cf6f84876",
|
|
"pattern": "[file:hashes.SHA1 = '71307676b576e674e0a1f02d2366b1722b02a018']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-c3c4-4814-9b0a-40ef02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-c3c4-4814-9b0a-40ef02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-c3c4-4814-9b0a-40ef02de0b81",
|
|
"value": "https://www.virustotal.com/file/5bdbf536e12c9150d15ae4af2d825ff2ec432d5147b0c3404c5d24655d9ebe52/analysis/1504774081/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-0224-4874-9d84-450502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: c3e9c9e99ed1b1116aaa9f93a36824ff",
|
|
"pattern": "[file:hashes.SHA256 = '9cebae97a067cd7c2be50d7fd8afe5e9cf935c11914a1ab5ff59e91c1e7e5fc4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b28227-7ff0-45e2-a605-4ed802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"description": "- Xchecked via VT: c3e9c9e99ed1b1116aaa9f93a36824ff",
|
|
"pattern": "[file:hashes.SHA1 = 'e37fe6d35dbe6b3a3a381e10db880a6048ef0c0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T11:42:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b28227-0e64-4103-8bac-42ae02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T11:42:31.000Z",
|
|
"modified": "2017-09-08T11:42:31.000Z",
|
|
"first_observed": "2017-09-08T11:42:31Z",
|
|
"last_observed": "2017-09-08T11:42:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b28227-0e64-4103-8bac-42ae02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b28227-0e64-4103-8bac-42ae02de0b81",
|
|
"value": "https://www.virustotal.com/file/9cebae97a067cd7c2be50d7fd8afe5e9cf935c11914a1ab5ff59e91c1e7e5fc4/analysis/1504741754/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |