adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a044fae-c0b0-45d4-8f7e-75a9950d210f.json

1339 lines
No EOL
53 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5a044fae-c0b0-45d4-8f7e-75a9950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:37.000Z",
"modified": "2017-11-09T20:30:37.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a044fae-c0b0-45d4-8f7e-75a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:37.000Z",
"modified": "2017-11-09T20:30:37.000Z",
"name": "M2M - Locky Affid=3, \".asasin\" 2017-11-01 : \"Emailing: AZ123 - 01.11.2017\" - \"AZ123 - 01.11.2017.doc\"",
"published": "2017-11-09T20:56:07Z",
"object_refs": [
"indicator--5a044faf-1740-49d9-81ba-cdab950d210f",
"indicator--5a044faf-54f4-4491-b99f-4123950d210f",
"indicator--5a044fb0-a288-45d1-9725-991b950d210f",
"indicator--5a044fb0-a498-4bd8-ab13-425d950d210f",
"observed-data--5a044fb0-6290-4e2b-bc0a-cdab950d210f",
"network-traffic--5a044fb0-6290-4e2b-bc0a-cdab950d210f",
"ipv4-addr--5a044fb0-6290-4e2b-bc0a-cdab950d210f",
"indicator--5a044fb1-d70c-44bb-9573-4169950d210f",
"indicator--5a044fb1-09f4-4c61-a3a5-4d5e950d210f",
"observed-data--5a044fb1-ee0c-4fb5-a145-42e7950d210f",
"network-traffic--5a044fb1-ee0c-4fb5-a145-42e7950d210f",
"ipv4-addr--5a044fb1-ee0c-4fb5-a145-42e7950d210f",
"indicator--5a044fb1-2d68-4677-ac89-cda3950d210f",
"indicator--5a044fb1-4278-4910-a2ee-cd7d950d210f",
"observed-data--5a044fb2-8a28-4317-8b1e-cd35950d210f",
"network-traffic--5a044fb2-8a28-4317-8b1e-cd35950d210f",
"ipv4-addr--5a044fb2-8a28-4317-8b1e-cd35950d210f",
"indicator--5a044fb2-9178-468b-a6f4-717b950d210f",
"indicator--5a044fb2-6970-4667-be0d-4a7f950d210f",
"observed-data--5a044fb3-ec34-4aee-a8cc-4a40950d210f",
"network-traffic--5a044fb3-ec34-4aee-a8cc-4a40950d210f",
"ipv4-addr--5a044fb3-ec34-4aee-a8cc-4a40950d210f",
"indicator--5a044fb3-c344-4a32-aff8-cd7d950d210f",
"indicator--5a044fb3-5620-4538-9949-cdab950d210f",
"observed-data--5a044fb3-11f0-49a0-a962-4886950d210f",
"network-traffic--5a044fb3-11f0-49a0-a962-4886950d210f",
"ipv4-addr--5a044fb3-11f0-49a0-a962-4886950d210f",
"indicator--5a044fb3-4aac-4822-bfe8-49a1950d210f",
"indicator--5a044fb4-924c-4f29-93e8-991b950d210f",
"observed-data--5a044fb4-3848-41bf-96bd-474a950d210f",
"network-traffic--5a044fb4-3848-41bf-96bd-474a950d210f",
"ipv4-addr--5a044fb4-3848-41bf-96bd-474a950d210f",
"indicator--5a044fb4-9cf8-4fdd-8f52-cd7d950d210f",
"indicator--5a044fb4-34a0-41e8-af8b-43c0950d210f",
"observed-data--5a044fb5-9eb0-4dcb-b43b-4214950d210f",
"network-traffic--5a044fb5-9eb0-4dcb-b43b-4214950d210f",
"ipv4-addr--5a044fb5-9eb0-4dcb-b43b-4214950d210f",
"indicator--5a044fb5-fd40-4d1c-8fd5-991b950d210f",
"indicator--5a044fb5-9624-413b-a55f-41ad950d210f",
"observed-data--5a044fb5-442c-4309-8df0-cdb1950d210f",
"network-traffic--5a044fb5-442c-4309-8df0-cdb1950d210f",
"ipv4-addr--5a044fb5-442c-4309-8df0-cdb1950d210f",
"indicator--5a044fb5-80fc-4cd0-acfc-43f5950d210f",
"indicator--5a044fb6-de14-4a74-9cf2-4f68950d210f",
"observed-data--5a044fb6-6590-4067-98e9-4ddc950d210f",
"network-traffic--5a044fb6-6590-4067-98e9-4ddc950d210f",
"ipv4-addr--5a044fb6-6590-4067-98e9-4ddc950d210f",
"indicator--5a044fb6-66cc-4a89-91a8-cda3950d210f",
"indicator--5a044fb6-a04c-46df-a166-4317950d210f",
"observed-data--5a044fb7-64e4-4314-acfc-4ef0950d210f",
"network-traffic--5a044fb7-64e4-4314-acfc-4ef0950d210f",
"ipv4-addr--5a044fb7-64e4-4314-acfc-4ef0950d210f",
"indicator--5a044fb7-d03c-44af-a1b3-4316950d210f",
"indicator--5a044fb7-6770-46e6-9bcb-4b36950d210f",
"observed-data--5a044fb7-2d3c-446d-b59a-cda3950d210f",
"network-traffic--5a044fb7-2d3c-446d-b59a-cda3950d210f",
"ipv4-addr--5a044fb7-2d3c-446d-b59a-cda3950d210f",
"indicator--5a044fb7-090c-4132-a448-cd7d950d210f",
"indicator--5a044fb8-e9d8-4d64-87a0-cdab950d210f",
"observed-data--5a044fb8-ab5c-4761-956c-75a9950d210f",
"network-traffic--5a044fb8-ab5c-4761-956c-75a9950d210f",
"ipv4-addr--5a044fb8-ab5c-4761-956c-75a9950d210f",
"indicator--5a044fb8-21b4-4f97-9b23-cc6f950d210f",
"indicator--5a044fb8-1790-4307-81a4-4e67950d210f",
"indicator--5a044fd7-53f0-4220-b8fe-cdb4950d210f",
"indicator--5a04bae8-5cd8-4824-810c-4ab102de0b81",
"indicator--5a04bae8-1fb0-4d87-a54a-4b0e02de0b81",
"observed-data--5a04bae8-a9f8-4bc1-88b2-409d02de0b81",
"url--5a04bae8-a9f8-4bc1-88b2-409d02de0b81",
"indicator--5a04bae9-e030-4c7e-a163-447602de0b81",
"indicator--5a04bae9-48e8-4cb5-8358-4b6902de0b81",
"observed-data--5a04bae9-e8c4-4e3e-b4ee-48c602de0b81",
"url--5a04bae9-e8c4-4e3e-b4ee-48c602de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044faf-1740-49d9-81ba-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:31.000Z",
"modified": "2017-11-09T20:30:31.000Z",
"pattern": "[file:hashes.MD5 = '9280a952e5ff85d8f67bf71f590d00ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044faf-54f4-4491-b99f-4123950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:31.000Z",
"modified": "2017-11-09T20:30:31.000Z",
"pattern": "[file:hashes.MD5 = '081940b655e22f06ba067fd09467b215']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb0-a288-45d1-9725-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:31.000Z",
"modified": "2017-11-09T20:30:31.000Z",
"pattern": "[url:value = 'http://apply.pam-innovation.com/djhvg3674f343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb0-a498-4bd8-ab13-425d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:31.000Z",
"modified": "2017-11-09T20:30:31.000Z",
"pattern": "[domain-name:value = 'apply.pam-innovation.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb0-6290-4e2b-bc0a-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:31.000Z",
"modified": "2017-11-09T20:30:31.000Z",
"first_observed": "2017-11-09T20:30:31Z",
"last_observed": "2017-11-09T20:30:31Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb0-6290-4e2b-bc0a-cdab950d210f",
"ipv4-addr--5a044fb0-6290-4e2b-bc0a-cdab950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb0-6290-4e2b-bc0a-cdab950d210f",
"dst_ref": "ipv4-addr--5a044fb0-6290-4e2b-bc0a-cdab950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb0-6290-4e2b-bc0a-cdab950d210f",
"value": "202.129.207.71"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb1-d70c-44bb-9573-4169950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://ist-profy.ru/djhvg3674f343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb1-09f4-4c61-a3a5-4d5e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'ist-profy.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb1-ee0c-4fb5-a145-42e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb1-ee0c-4fb5-a145-42e7950d210f",
"ipv4-addr--5a044fb1-ee0c-4fb5-a145-42e7950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb1-ee0c-4fb5-a145-42e7950d210f",
"dst_ref": "ipv4-addr--5a044fb1-ee0c-4fb5-a145-42e7950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb1-ee0c-4fb5-a145-42e7950d210f",
"value": "90.156.144.159"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb1-2d68-4677-ac89-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://localesynavesalquiler.com/djhvg3674f343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb1-4278-4910-a2ee-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'localesynavesalquiler.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb2-8a28-4317-8b1e-cd35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb2-8a28-4317-8b1e-cd35950d210f",
"ipv4-addr--5a044fb2-8a28-4317-8b1e-cd35950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb2-8a28-4317-8b1e-cd35950d210f",
"dst_ref": "ipv4-addr--5a044fb2-8a28-4317-8b1e-cd35950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb2-8a28-4317-8b1e-cd35950d210f",
"value": "91.142.213.150"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb2-9178-468b-a6f4-717b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://lopezfranco.com/djhvg3674f343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb2-6970-4667-be0d-4a7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'lopezfranco.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb3-ec34-4aee-a8cc-4a40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb3-ec34-4aee-a8cc-4a40950d210f",
"ipv4-addr--5a044fb3-ec34-4aee-a8cc-4a40950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb3-ec34-4aee-a8cc-4a40950d210f",
"dst_ref": "ipv4-addr--5a044fb3-ec34-4aee-a8cc-4a40950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb3-ec34-4aee-a8cc-4a40950d210f",
"value": "89.140.72.153"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb3-c344-4a32-aff8-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://spooner-motorsport.com/djhvg3674f343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb3-5620-4538-9949-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'spooner-motorsport.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb3-11f0-49a0-a962-4886950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb3-11f0-49a0-a962-4886950d210f",
"ipv4-addr--5a044fb3-11f0-49a0-a962-4886950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb3-11f0-49a0-a962-4886950d210f",
"dst_ref": "ipv4-addr--5a044fb3-11f0-49a0-a962-4886950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb3-11f0-49a0-a962-4886950d210f",
"value": "77.72.150.42"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb3-4aac-4822-bfe8-49a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://zahntechnik-imlau.de/djhvg3674f343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb4-924c-4f29-93e8-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'zahntechnik-imlau.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb4-3848-41bf-96bd-474a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb4-3848-41bf-96bd-474a950d210f",
"ipv4-addr--5a044fb4-3848-41bf-96bd-474a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb4-3848-41bf-96bd-474a950d210f",
"dst_ref": "ipv4-addr--5a044fb4-3848-41bf-96bd-474a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb4-3848-41bf-96bd-474a950d210f",
"value": "185.138.24.185"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb4-9cf8-4fdd-8f52-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://dvprojekt.hr/Omnnd64335']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb4-34a0-41e8-af8b-43c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'dvprojekt.hr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb5-9eb0-4dcb-b43b-4214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb5-9eb0-4dcb-b43b-4214950d210f",
"ipv4-addr--5a044fb5-9eb0-4dcb-b43b-4214950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb5-9eb0-4dcb-b43b-4214950d210f",
"dst_ref": "ipv4-addr--5a044fb5-9eb0-4dcb-b43b-4214950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb5-9eb0-4dcb-b43b-4214950d210f",
"value": "213.202.100.90"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb5-fd40-4d1c-8fd5-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://fuettern24.de/Omnnd64335']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb5-9624-413b-a55f-41ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'fuettern24.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb5-442c-4309-8df0-cdb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb5-442c-4309-8df0-cdb1950d210f",
"ipv4-addr--5a044fb5-442c-4309-8df0-cdb1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb5-442c-4309-8df0-cdb1950d210f",
"dst_ref": "ipv4-addr--5a044fb5-442c-4309-8df0-cdb1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb5-442c-4309-8df0-cdb1950d210f",
"value": "176.28.9.111"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb5-80fc-4cd0-acfc-43f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://pciholog.ru/Omnnd64335']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb6-de14-4a74-9cf2-4f68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'pciholog.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb6-6590-4067-98e9-4ddc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb6-6590-4067-98e9-4ddc950d210f",
"ipv4-addr--5a044fb6-6590-4067-98e9-4ddc950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb6-6590-4067-98e9-4ddc950d210f",
"dst_ref": "ipv4-addr--5a044fb6-6590-4067-98e9-4ddc950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb6-6590-4067-98e9-4ddc950d210f",
"value": "89.253.235.118"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb6-66cc-4a89-91a8-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://3overpar.com/Omnnd64335']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb6-a04c-46df-a166-4317950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = '3overpar.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb7-64e4-4314-acfc-4ef0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb7-64e4-4314-acfc-4ef0950d210f",
"ipv4-addr--5a044fb7-64e4-4314-acfc-4ef0950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb7-64e4-4314-acfc-4ef0950d210f",
"dst_ref": "ipv4-addr--5a044fb7-64e4-4314-acfc-4ef0950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb7-64e4-4314-acfc-4ef0950d210f",
"value": "98.124.251.167"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb7-d03c-44af-a1b3-4316950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://first-paris-properties.com/Omnnd64335']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb7-6770-46e6-9bcb-4b36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'first-paris-properties.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb7-2d3c-446d-b59a-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb7-2d3c-446d-b59a-cda3950d210f",
"ipv4-addr--5a044fb7-2d3c-446d-b59a-cda3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb7-2d3c-446d-b59a-cda3950d210f",
"dst_ref": "ipv4-addr--5a044fb7-2d3c-446d-b59a-cda3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb7-2d3c-446d-b59a-cda3950d210f",
"value": "151.80.157.121"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb7-090c-4132-a448-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://mercurysound.es/Omnnd64335']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb8-e9d8-4d64-87a0-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'mercurysound.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fb8-ab5c-4761-956c-75a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fb8-ab5c-4761-956c-75a9950d210f",
"ipv4-addr--5a044fb8-ab5c-4761-956c-75a9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fb8-ab5c-4761-956c-75a9950d210f",
"dst_ref": "ipv4-addr--5a044fb8-ab5c-4761-956c-75a9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fb8-ab5c-4761-956c-75a9950d210f",
"value": "149.62.173.10"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb8-21b4-4f97-9b23-cc6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://heckhegrijus.net/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fb8-1790-4307-81a4-4e67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[domain-name:value = 'heckhegrijus.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fd7-53f0-4220-b8fe-cdb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"pattern": "[url:value = 'http://kvonline']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04bae8-5cd8-4824-810c-4ab102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"description": "- Xchecked via VT: 081940b655e22f06ba067fd09467b215",
"pattern": "[file:hashes.SHA256 = '1b087b85b0f1c2b14dfa1b9c82004de598903a89a76af49ee4c4eed03bfefe24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04bae8-1fb0-4d87-a54a-4b0e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"description": "- Xchecked via VT: 081940b655e22f06ba067fd09467b215",
"pattern": "[file:hashes.SHA1 = '69df47a405d55b935cc0d53ccd54c0a8f9067f36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04bae8-a9f8-4bc1-88b2-409d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:32.000Z",
"modified": "2017-11-09T20:30:32.000Z",
"first_observed": "2017-11-09T20:30:32Z",
"last_observed": "2017-11-09T20:30:32Z",
"number_observed": 1,
"object_refs": [
"url--5a04bae8-a9f8-4bc1-88b2-409d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a04bae8-a9f8-4bc1-88b2-409d02de0b81",
"value": "https://www.virustotal.com/file/1b087b85b0f1c2b14dfa1b9c82004de598903a89a76af49ee4c4eed03bfefe24/analysis/1509675596/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04bae9-e030-4c7e-a163-447602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:33.000Z",
"modified": "2017-11-09T20:30:33.000Z",
"description": "- Xchecked via VT: 9280a952e5ff85d8f67bf71f590d00ac",
"pattern": "[file:hashes.SHA256 = '411510e651f5a3b8687d8e20b492d187f37032d57e3480c9a9a15104516de2a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04bae9-48e8-4cb5-8358-4b6902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:33.000Z",
"modified": "2017-11-09T20:30:33.000Z",
"description": "- Xchecked via VT: 9280a952e5ff85d8f67bf71f590d00ac",
"pattern": "[file:hashes.SHA1 = 'b9b508e6defc4f25d48b75d076311e15b81cb8b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:30:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04bae9-e8c4-4e3e-b4ee-48c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:30:33.000Z",
"modified": "2017-11-09T20:30:33.000Z",
"first_observed": "2017-11-09T20:30:33Z",
"last_observed": "2017-11-09T20:30:33Z",
"number_observed": 1,
"object_refs": [
"url--5a04bae9-e8c4-4e3e-b4ee-48c602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a04bae9-e8c4-4e3e-b4ee-48c602de0b81",
"value": "https://www.virustotal.com/file/411510e651f5a3b8687d8e20b492d187f37032d57e3480c9a9a15104516de2a1/analysis/1510167318/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink