1714 lines
No EOL
73 KiB
JSON
1714 lines
No EOL
73 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5a3c2fcd-8328-42bb-a95e-4f4402de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:17:25.000Z",
|
|
"modified": "2017-12-22T13:17:25.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--5a3c2fcd-8328-42bb-a95e-4f4402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:17:25.000Z",
|
|
"modified": "2017-12-22T13:17:25.000Z",
|
|
"name": "OSINT - Sednit update: How Fancy Bear Spent the Year",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"observed-data--5a3c2fda-78f4-44b7-8366-46da02de0b81",
|
|
"url--5a3c2fda-78f4-44b7-8366-46da02de0b81",
|
|
"x-misp-attribute--5a3c2fee-7c8c-438a-8f7f-465402de0b81",
|
|
"indicator--5a3c3045-ab0c-4d38-8efe-459002de0b81",
|
|
"indicator--5a3c3045-61dc-495c-ae8a-471e02de0b81",
|
|
"indicator--5a3c3045-e354-4978-a6b4-49ad02de0b81",
|
|
"indicator--5a3c3045-968c-4572-9f64-491502de0b81",
|
|
"indicator--5a3c3045-eb44-433f-a13a-44b902de0b81",
|
|
"indicator--5a3c3045-6a88-479d-b799-4d3d02de0b81",
|
|
"indicator--5a3c3045-7480-4831-a5c4-48c802de0b81",
|
|
"indicator--5a3cd5b6-9568-4342-b2ab-4c62950d210f",
|
|
"indicator--5a3cd604-e11c-4de5-bbbf-c170950d210f",
|
|
"indicator--5a3cd693-fd9c-4fcf-b69a-439c950d210f",
|
|
"indicator--5a3cd6c2-d290-4787-910f-4e6d950d210f",
|
|
"indicator--5a3cd74e-1504-40ff-9a28-4501950d210f",
|
|
"indicator--5a3cd775-e4cc-44bb-89b6-4c5a950d210f",
|
|
"indicator--5a3cd82f-2788-4561-bbeb-5165950d210f",
|
|
"indicator--5a3cd847-b5a0-42f7-ac4b-5165950d210f",
|
|
"indicator--5a3cd861-65c0-4b69-9429-4f37950d210f",
|
|
"indicator--5a3cd87d-f514-4071-a5f7-4ec2950d210f",
|
|
"indicator--5a3cd896-f6cc-4e52-bcb2-442c950d210f",
|
|
"indicator--5a3cd8ae-54d0-46bb-adbb-4c5a950d210f",
|
|
"indicator--5a3cd8bb-a704-4f1d-a235-444e950d210f",
|
|
"indicator--5a3cd8c9-6568-406a-853c-4862950d210f",
|
|
"indicator--5a3cd8db-2838-4466-a986-4afb950d210f",
|
|
"indicator--5a3cd8fb-cd14-4b00-9710-430c950d210f",
|
|
"indicator--5a3cd90e-538c-4b7e-95dc-5276950d210f",
|
|
"indicator--5a3cd927-e410-489c-abfc-4b63950d210f",
|
|
"indicator--5a3cd93c-716c-4918-a00f-4671950d210f",
|
|
"indicator--5a3cda96-85c4-45a1-82ea-c5ed950d210f",
|
|
"indicator--5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f",
|
|
"indicator--5a3cdbf6-f814-491f-9f93-4c59950d210f",
|
|
"indicator--5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f",
|
|
"indicator--5a3cdc21-856c-48bd-a757-4f4b950d210f",
|
|
"indicator--5a3cdc37-89e8-4a2d-823a-4af8950d210f",
|
|
"indicator--5a3cdc48-b9a0-4775-a03f-5156950d210f",
|
|
"indicator--5a3cdc5a-8760-4efa-949a-4c5a950d210f",
|
|
"indicator--5a3cdc72-1538-4c66-af46-427b950d210f",
|
|
"indicator--5a3ce3a9-f070-4403-a1f6-4b8c950d210f",
|
|
"indicator--5a3ce3c3-34b4-4e1f-b238-4399950d210f",
|
|
"indicator--5a3ce3d4-07bc-4af3-90fc-4798950d210f",
|
|
"indicator--5a3ce3ea-580c-477c-9b73-4e57950d210f",
|
|
"indicator--5a3ce404-efc0-4f15-864e-55ea950d210f",
|
|
"indicator--5a3ce417-7cd4-4c36-8a73-55ea950d210f",
|
|
"indicator--5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
|
|
"indicator--5a3ce43a-5478-4f65-95b2-4e1e950d210f",
|
|
"indicator--5a3ce44a-ce70-42b7-80b8-c328950d210f",
|
|
"indicator--5a3ce58a-3198-4cb8-9d51-44e5950d210f",
|
|
"indicator--5a3ce5f8-3418-4f7b-ae41-4bca950d210f",
|
|
"indicator--5a3ce60a-6db8-4212-b194-4339950d210f",
|
|
"indicator--5a3ce61a-c1f0-4c7c-b815-4fa9950d210f",
|
|
"indicator--5a3ce63e-0240-46f5-b9ed-4759950d210f",
|
|
"indicator--5a3ce64e-8bf8-4dc6-be49-437f950d210f",
|
|
"indicator--5a3ce65c-fc40-4585-817e-4ca3950d210f",
|
|
"indicator--5a3ce66e-70b4-47e7-b965-46f6950d210f",
|
|
"indicator--5a3ce680-90d4-478d-95db-48a6950d210f",
|
|
"indicator--5a3ce68d-1940-4ea6-becd-44fe950d210f",
|
|
"indicator--5a3ce6a1-3f1c-4d5d-bac7-406d950d210f",
|
|
"indicator--5a3ce6ae-98d8-4270-b88f-47f2950d210f",
|
|
"relationship--12bb92dd-cefa-4c2e-826d-b408116fbf5b",
|
|
"relationship--0ed9442f-cb55-4453-b25e-89c196d2c980",
|
|
"relationship--2fb61492-dc07-412a-87a8-ded74aa71b57",
|
|
"relationship--c52343b9-4eb3-45b8-9f85-08408d263595",
|
|
"relationship--0fe13909-0bba-4ba3-b545-2f4311c88a00",
|
|
"relationship--6d2cd6e7-1f86-4a36-bc69-7c4729adfb6d",
|
|
"relationship--ac52e84d-2f03-44c7-a9cb-e794266fb8da",
|
|
"relationship--6d522a6d-1eda-4746-ae08-d267fdbe36c7",
|
|
"relationship--a792ddb6-4992-44b8-b557-9a21fce72d69",
|
|
"relationship--620c6c82-f592-441a-804a-ad3357fea3d3",
|
|
"relationship--2285832b-78f6-4117-9264-a2645ccb9097",
|
|
"relationship--3f0d6188-ad05-4288-bae6-f9bbe7164eb8",
|
|
"relationship--f4c92a8b-ccb9-4f9a-b2bb-8ba75ee79868",
|
|
"relationship--cf2a064e-bd41-4b32-8d29-961d60ff34e8",
|
|
"relationship--47463f48-7c21-4adc-bc13-aee8fb38fc6b",
|
|
"relationship--ba75b1e0-8fac-4afb-9ef3-5a307b9abc92",
|
|
"relationship--475a78f7-c550-44c3-b86f-50b6035d8382",
|
|
"relationship--53df75b4-d988-48b8-a45a-60804a8414c9",
|
|
"relationship--aaae1b8b-50d4-406f-93a2-d15a1b7063bd",
|
|
"relationship--5265d432-1266-4380-9274-df50bf1195f9"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"workflow:state=\"incomplete\"",
|
|
"workflow:todo=\"create-missing-misp-galaxy-cluster-values\"",
|
|
"workflow:todo=\"create-missing-misp-galaxy-cluster\"",
|
|
"misp-galaxy:threat-actor=\"Sofacy\"",
|
|
"misp-galaxy:exploit-kit=\"Sednit EK\"",
|
|
"misp-galaxy:tool=\"GAMEFISH\"",
|
|
"misp-galaxy:mitre-malware=\"JHUHUGIT\"",
|
|
"misp-galaxy:tool=\"X-Tunnel\"",
|
|
"misp-galaxy:mitre-malware=\"XTunnel\"",
|
|
"misp-galaxy:mitre-malware=\"ADVSTORESHELL\"",
|
|
"misp-galaxy:tool=\"EVILTOSS\"",
|
|
"misp-galaxy:mitre-malware=\"USBStealer\"",
|
|
"misp-galaxy:tool=\"X-Agent\"",
|
|
"misp-galaxy:mitre-malware=\"XAgentOSX\"",
|
|
"misp-galaxy:mitre-malware=\"CHOPSTICK\"",
|
|
"misp-galaxy:exploit-kit=\"DealersChoice\"",
|
|
"misp-galaxy:mitre-malware=\"Downdelph\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a3c2fda-78f4-44b7-8366-46da02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:21.000Z",
|
|
"modified": "2017-12-21T22:05:21.000Z",
|
|
"first_observed": "2017-12-21T22:05:21Z",
|
|
"last_observed": "2017-12-21T22:05:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a3c2fda-78f4-44b7-8366-46da02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"osint:certainty=\"93\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a3c2fda-78f4-44b7-8366-46da02de0b81",
|
|
"value": "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5a3c2fee-7c8c-438a-8f7f-465402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:21.000Z",
|
|
"modified": "2017-12-21T22:05:21.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"osint:certainty=\"93\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "The Sednit group \u2014 also known as Strontium, APT28, Fancy Bear or Sofacy\u2009\u2014\u2009is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nThis article is a follow-up to ESET\u2019s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit\u2019s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group\u2019s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-ab0c-4d38-8efe-459002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'movieultimate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-61dc-495c-ae8a-471e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'meteost.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-e354-4978-a6b4-49ad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'faststoragefiles.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-968c-4572-9f64-491502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'nethostnet.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-eb44-433f-a13a-44b902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'fsportal.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-6a88-479d-b799-4d3d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'fastdataexchange.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-7480-4831-a5c4-48c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'newfilmts.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd5b6-9568-4342-b2ab-4c62950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:51:50.000Z",
|
|
"modified": "2017-12-22T09:51:50.000Z",
|
|
"description": "Win32/Sednit.AX",
|
|
"pattern": "[file:hashes.SHA1 = '68064fc152e23d56e541714af52651cb4ba81aaf' AND file:name = 'Bulletin.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:51:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd604-e11c-4de5-bbbf-c170950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:53:08.000Z",
|
|
"modified": "2017-12-22T09:53:08.000Z",
|
|
"description": "Win32/Exploit.CVE-2016-4117.A",
|
|
"pattern": "[file:hashes.SHA1 = 'f3805382ae2e23ff1147301d131a06e00e4ff75f' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:53:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd693-fd9c-4fcf-b69a-439c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:55:31.000Z",
|
|
"modified": "2017-12-22T09:55:31.000Z",
|
|
"description": "Win32/Exploit.Agent.NUB",
|
|
"pattern": "[file:hashes.SHA1 = '512bdfe937314ac3f195c462c395feeb36932971' AND file:name = 'OC_PSO_2017.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:55:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd6c2-d290-4787-910f-4e6d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:56:18.000Z",
|
|
"modified": "2017-12-22T09:56:18.000Z",
|
|
"description": "Win32/Exploit.Agent.NTR",
|
|
"pattern": "[file:hashes.SHA1 = '30b3e8c0f3f3cf200daa21c267ffab3cad64e68b' AND file:name = 'NASAMS.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:56:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd74e-1504-40ff-9a28-4501950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:58:38.000Z",
|
|
"modified": "2017-12-22T09:58:38.000Z",
|
|
"description": "Win32/Exploit.Agent.NTO",
|
|
"pattern": "[file:hashes.SHA1 = '4173b29a251cd9c1cab135f67cb60acab4ace0c5' AND file:name = 'Programm_Details.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:58:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd775-e4cc-44bb-89b6-4c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:59:17.000Z",
|
|
"modified": "2017-12-22T09:59:17.000Z",
|
|
"description": "Win32/Exploit.Agent.NTR",
|
|
"pattern": "[file:hashes.SHA1 = '12a37cfdd3f3671074dd5b0f354269cec028fb52' AND file:name = 'Operation_in_Mosul.rtf' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:59:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd82f-2788-4561-bbeb-5165950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:02:23.000Z",
|
|
"modified": "2017-12-22T10:02:23.000Z",
|
|
"description": "SWF/Agent.L",
|
|
"pattern": "[file:hashes.SHA1 = '15201766bd964b7c405aeb11db81457220c31e46' AND file:name = 'ARM-NATO_ENGLISH_30_NOV_2016.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:02:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd847-b5a0-42f7-ac4b-5165950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:02:47.000Z",
|
|
"modified": "2017-12-22T10:02:47.000Z",
|
|
"description": "Win32/Exploit.Agent.BL",
|
|
"pattern": "[file:hashes.SHA1 = '8078e411fbe33864dfd8f87ad5105cc1fd26d62e' AND file:name = 'Olympic-Agenda-2020-20-20-Recommendations.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:02:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd861-65c0-4b69-9429-4f37950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:03:13.000Z",
|
|
"modified": "2017-12-22T10:03:13.000Z",
|
|
"description": "Win32/Exploit.Agent.NUG",
|
|
"pattern": "[file:hashes.SHA1 = '33447383379ca99083442b852589111296f0c603' AND file:name = 'Merry_Christmas!.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:03:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd87d-f514-4071-a5f7-4ec2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:03:41.000Z",
|
|
"modified": "2017-12-22T10:03:41.000Z",
|
|
"description": "Win32/Exploit.Agent.NWZ",
|
|
"pattern": "[file:hashes.SHA1 = 'd5235d136cfcadbef431eea7253d80bde414db9d' AND file:name = 'Trump\u2019s_Attack_on_Syria_English.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:03:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd896-f6cc-4e52-bcb2-442c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:04:06.000Z",
|
|
"modified": "2017-12-22T10:04:06.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = 'f293a2bfb728060c54efeeb03c5323893b5c80df' AND file:name = 'Hotel_Reservation_Form.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:04:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd8ae-54d0-46bb-adbb-4c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:04:30.000Z",
|
|
"modified": "2017-12-22T10:04:30.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = 'bb10ed5d59672fbc6178e35d0feac0562513e9f0' AND file:name = 'SB_Doc_2017-3_Implementation_of_Key_Taskings_and_Next_Steps.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:04:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd8bb-a704-4f1d-a235-444e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:04:43.000Z",
|
|
"modified": "2017-12-22T10:04:43.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '4873bafe44cff06845faa0ce7c270c4ce3c9f7b9' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:04:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd8c9-6568-406a-853c-4862950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:04:57.000Z",
|
|
"modified": "2017-12-22T10:04:57.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '169c8f3e3d22e192c108bc95164d362ce5437465' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:04:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd8db-2838-4466-a986-4afb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:05:15.000Z",
|
|
"modified": "2017-12-22T10:05:15.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = 'cc7607015cd7a1a4452acd3d87adabdd7e005bd7' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:05:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd8fb-cd14-4b00-9710-430c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:05:47.000Z",
|
|
"modified": "2017-12-22T10:05:47.000Z",
|
|
"description": "Win32/Exploit.Agent.NTM",
|
|
"pattern": "[file:hashes.SHA1 = '5d2c7d87995cc5b8184baba2c7a1900a48b2f42d' AND file:name = 'Caucasian_Eagle_ENG.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:05:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd90e-538c-4b7e-95dc-5276950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:06:06.000Z",
|
|
"modified": "2017-12-22T10:06:06.000Z",
|
|
"description": "SWF/Exploit.CVE-2017-11292.A",
|
|
"pattern": "[file:hashes.SHA1 = '7aada8bcc0d1ab8ffb1f0fae4757789c6f5546a3' AND file:name = 'World War3.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:06:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd927-e410-489c-abfc-4b63950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:06:31.000Z",
|
|
"modified": "2017-12-22T10:06:31.000Z",
|
|
"description": "VBA/DDE.E",
|
|
"pattern": "[file:hashes.SHA1 = '68c2809560c7623d2307d8797691abf3eafe319a' AND file:name = 'SaberGuardian2017.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:06:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd93c-716c-4918-a00f-4671950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:06:52.000Z",
|
|
"modified": "2017-12-22T10:06:52.000Z",
|
|
"description": "VBA/DDE.L",
|
|
"pattern": "[file:hashes.SHA1 = '1c6c700ceebfbe799e115582665105caa03c5c9e' AND file:name = 'IsisAttackInNewYork.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:06:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cda96-85c4-45a1-82ea-c5ed950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:17:09.000Z",
|
|
"modified": "2017-12-22T10:17:09.000Z",
|
|
"description": "Win64/Sednit.Z",
|
|
"pattern": "[file:hashes.SHA1 = '6f0fc0ebba3e4c8b26a69cdf519edf8d1aa2f4bb' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:17:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:21:34.000Z",
|
|
"modified": "2017-12-22T10:21:34.000Z",
|
|
"description": "Win64/Sednit.Z",
|
|
"pattern": "[file:hashes.SHA1 = 'e19f753e514f6adec8f81bcdefb9117979e69627' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:21:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdbf6-f814-491f-9f93-4c59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:23:33.000Z",
|
|
"modified": "2017-12-22T10:23:33.000Z",
|
|
"description": "Win32/Sednit.BO",
|
|
"pattern": "[file:hashes.SHA1 = '961468ddd3d0fa25beb8210c81ba620f9170ed30' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:23:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:22:52.000Z",
|
|
"modified": "2017-12-22T10:22:52.000Z",
|
|
"description": "Win32/Sednit.BO",
|
|
"pattern": "[file:hashes.SHA1 = 'a0719b50265505c8432616c0a4e14ed206981e95' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:22:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc21-856c-48bd-a757-4f4b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:23:49.000Z",
|
|
"modified": "2017-12-22T10:23:49.000Z",
|
|
"description": "Win64/Sednit.Y",
|
|
"pattern": "[file:hashes.SHA1 = '2cf6436b99d11d9d1e0c488af518e35162ecbc9c' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:23:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc37-89e8-4a2d-823a-4af8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:23:13.000Z",
|
|
"modified": "2017-12-22T10:23:13.000Z",
|
|
"description": "Win64/Sednit.Y",
|
|
"pattern": "[file:hashes.SHA1 = 'fec29b4f4dccc59770c65c128dfe4564d7c13d33' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:23:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc48-b9a0-4775-a03f-5156950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:22:12.000Z",
|
|
"modified": "2017-12-22T10:22:12.000Z",
|
|
"description": "Win64/Sednit.Z",
|
|
"pattern": "[file:hashes.SHA1 = '57d7f3d31c491f8aef4665ca4dd905c3c8a98795' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:22:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc5a-8760-4efa-949a-4c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:24:43.000Z",
|
|
"modified": "2017-12-22T10:24:43.000Z",
|
|
"description": "Win32/Sednit.BO",
|
|
"pattern": "[file:hashes.SHA1 = 'a3bf5b5cf5a5ef438a198a6f61f7225c0a4a7138' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:24:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc72-1538-4c66-af46-427b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:24:27.000Z",
|
|
"modified": "2017-12-22T10:24:27.000Z",
|
|
"description": "Win32/Sednit.BO",
|
|
"pattern": "[file:hashes.SHA1 = '1958e722afd0dba266576922abc98aa505cf5f9a' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:24:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce3a9-f070-4403-a1f6-4b8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:17:25.000Z",
|
|
"modified": "2017-12-22T13:17:25.000Z",
|
|
"description": "Win32/Sednit.AX\t",
|
|
"pattern": "[file:hashes.SHA1 = '9f6bed7d7f4728490117cbc85819c2e6c494251b' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:17:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce3c3-34b4-4e1f-b238-4399950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:15:38.000Z",
|
|
"modified": "2017-12-22T13:15:38.000Z",
|
|
"description": "Win32/Sednit.BS",
|
|
"pattern": "[file:hashes.SHA1 = '4bc722a9b0492a50bd86a1341f02c74c0d773db7' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:15:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce3d4-07bc-4af3-90fc-4798950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:16:40.000Z",
|
|
"modified": "2017-12-22T13:16:40.000Z",
|
|
"description": "Win32/Sednit.BS",
|
|
"pattern": "[file:hashes.SHA1 = 'ab354807e687993fbeb1b325eb6e4ab38d428a1e' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:16:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce3ea-580c-477c-9b73-4e57950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:17:09.000Z",
|
|
"modified": "2017-12-22T13:17:09.000Z",
|
|
"description": "Win32/Sednit.BR",
|
|
"pattern": "[file:hashes.SHA1 = '9c47ca3883196b3a84d67676a804ff50e22b0a9f' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:17:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce404-efc0-4f15-864e-55ea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:07:56.000Z",
|
|
"modified": "2017-12-22T13:07:56.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = '8a68f26d01372114f660e32ac4c9117e5d0577f1' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:07:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce417-7cd4-4c36-8a73-55ea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:15:01.000Z",
|
|
"modified": "2017-12-22T13:15:01.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = '476fc1d31722ac26b46154cbf0c631d60268b28a' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:15:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:08:51.000Z",
|
|
"modified": "2017-12-22T13:08:51.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = 'f9fd3f1d8da4ffd6a494228b934549d09e3c59d1' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:08:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce43a-5478-4f65-95b2-4e1e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:12:22.000Z",
|
|
"modified": "2017-12-22T13:12:22.000Z",
|
|
"description": "Win32/Sednit.BG",
|
|
"pattern": "[file:hashes.SHA1 = 'e338d49c270baf64363879e5eecb8fa6bdde8ad9' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:12:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce44a-ce70-42b7-80b8-c328950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:05:56.000Z",
|
|
"modified": "2017-12-22T11:05:56.000Z",
|
|
"description": "Win32/Sednit.BG",
|
|
"pattern": "[file:hashes.SHA1 = '6e167da3c5d887fa2e58da848a2245d11b6c5ad6' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:05:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce58a-3198-4cb8-9d51-44e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:59:22.000Z",
|
|
"modified": "2017-12-22T10:59:22.000Z",
|
|
"pattern": "[domain-name:value = 'servicecdp.com' AND domain-name:resolves_to_refs[*].value = '87.236.211.182']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:59:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce5f8-3418-4f7b-ae41-4bca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:01:12.000Z",
|
|
"modified": "2017-12-22T11:01:12.000Z",
|
|
"pattern": "[domain-name:value = 'wmdmediacodecs.com' AND domain-name:resolves_to_refs[*].value = '95.215.45.43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:01:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce60a-6db8-4212-b194-4339950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:01:30.000Z",
|
|
"modified": "2017-12-22T11:01:30.000Z",
|
|
"pattern": "[domain-name:value = 'mvband.net' AND domain-name:resolves_to_refs[*].value = '89.45.67.144']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:01:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce61a-c1f0-4c7c-b815-4fa9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:01:46.000Z",
|
|
"modified": "2017-12-22T11:01:46.000Z",
|
|
"pattern": "[domain-name:value = 'mvtband.net' AND domain-name:resolves_to_refs[*].value = '89.33.246.117']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:01:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce63e-0240-46f5-b9ed-4759950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:02:22.000Z",
|
|
"modified": "2017-12-22T11:02:22.000Z",
|
|
"pattern": "[domain-name:value = 'servicecdp.com' AND domain-name:resolves_to_refs[*].value = '87.236.211.182']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:02:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce64e-8bf8-4dc6-be49-437f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:02:38.000Z",
|
|
"modified": "2017-12-22T11:02:38.000Z",
|
|
"pattern": "[domain-name:value = 'runvercheck.com' AND domain-name:resolves_to_refs[*].value = '185.156.173.70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:02:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce65c-fc40-4585-817e-4ca3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:02:52.000Z",
|
|
"modified": "2017-12-22T11:02:52.000Z",
|
|
"pattern": "[domain-name:value = 'remsupport.org' AND domain-name:resolves_to_refs[*].value = '191.101.31.96']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:02:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce66e-70b4-47e7-b965-46f6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:03:10.000Z",
|
|
"modified": "2017-12-22T11:03:10.000Z",
|
|
"pattern": "[domain-name:value = 'viters.org' AND domain-name:resolves_to_refs[*].value = '89.187.150.44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:03:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce680-90d4-478d-95db-48a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:03:28.000Z",
|
|
"modified": "2017-12-22T11:03:28.000Z",
|
|
"pattern": "[domain-name:value = 'myinvestgroup.com' AND domain-name:resolves_to_refs[*].value = '146.185.253.132']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:03:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce68d-1940-4ea6-becd-44fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:03:41.000Z",
|
|
"modified": "2017-12-22T11:03:41.000Z",
|
|
"pattern": "[domain-name:value = 'space-delivery.com' AND domain-name:resolves_to_refs[*].value = '86.106.131.141']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:03:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce6a1-3f1c-4d5d-bac7-406d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:04:01.000Z",
|
|
"modified": "2017-12-22T11:04:01.000Z",
|
|
"pattern": "[domain-name:value = 'satellitedeluxpanorama.com' AND domain-name:resolves_to_refs[*].value = '89.34.111.160']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:04:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce6ae-98d8-4270-b88f-47f2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:04:14.000Z",
|
|
"modified": "2017-12-22T11:04:14.000Z",
|
|
"pattern": "[domain-name:value = 'webviewres.net' AND domain-name:resolves_to_refs[*].value = '185.216.35.26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:04:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--12bb92dd-cefa-4c2e-826d-b408116fbf5b",
|
|
"created": "2017-12-22T10:17:06.000Z",
|
|
"modified": "2017-12-22T10:17:06.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cda96-85c4-45a1-82ea-c5ed950d210f",
|
|
"target_ref": "indicator--5a3c3045-ab0c-4d38-8efe-459002de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0ed9442f-cb55-4453-b25e-89c196d2c980",
|
|
"created": "2017-12-22T10:21:31.000Z",
|
|
"modified": "2017-12-22T10:21:31.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f",
|
|
"target_ref": "indicator--5a3c3045-61dc-495c-ae8a-471e02de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2fb61492-dc07-412a-87a8-ded74aa71b57",
|
|
"created": "2017-12-22T10:23:30.000Z",
|
|
"modified": "2017-12-22T10:23:30.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdbf6-f814-491f-9f93-4c59950d210f",
|
|
"target_ref": "indicator--5a3c3045-e354-4978-a6b4-49ad02de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c52343b9-4eb3-45b8-9f85-08408d263595",
|
|
"created": "2017-12-22T10:22:49.000Z",
|
|
"modified": "2017-12-22T10:22:49.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f",
|
|
"target_ref": "indicator--5a3c3045-968c-4572-9f64-491502de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0fe13909-0bba-4ba3-b545-2f4311c88a00",
|
|
"created": "2017-12-22T10:23:46.000Z",
|
|
"modified": "2017-12-22T10:23:46.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc21-856c-48bd-a757-4f4b950d210f",
|
|
"target_ref": "indicator--5a3c3045-e354-4978-a6b4-49ad02de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6d2cd6e7-1f86-4a36-bc69-7c4729adfb6d",
|
|
"created": "2017-12-22T10:23:09.000Z",
|
|
"modified": "2017-12-22T10:23:09.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc37-89e8-4a2d-823a-4af8950d210f",
|
|
"target_ref": "indicator--5a3c3045-eb44-433f-a13a-44b902de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ac52e84d-2f03-44c7-a9cb-e794266fb8da",
|
|
"created": "2017-12-22T10:22:09.000Z",
|
|
"modified": "2017-12-22T10:22:09.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc48-b9a0-4775-a03f-5156950d210f",
|
|
"target_ref": "indicator--5a3c3045-6a88-479d-b799-4d3d02de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6d522a6d-1eda-4746-ae08-d267fdbe36c7",
|
|
"created": "2017-12-22T10:24:40.000Z",
|
|
"modified": "2017-12-22T10:24:40.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc5a-8760-4efa-949a-4c5a950d210f",
|
|
"target_ref": "indicator--5a3c3045-7480-4831-a5c4-48c802de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a792ddb6-4992-44b8-b557-9a21fce72d69",
|
|
"created": "2017-12-22T10:24:24.000Z",
|
|
"modified": "2017-12-22T10:24:24.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc72-1538-4c66-af46-427b950d210f",
|
|
"target_ref": "indicator--5a3c3045-7480-4831-a5c4-48c802de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--620c6c82-f592-441a-804a-ad3357fea3d3",
|
|
"created": "2017-12-22T12:57:39.000Z",
|
|
"modified": "2017-12-22T12:57:39.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce3a9-f070-4403-a1f6-4b8c950d210f",
|
|
"target_ref": "indicator--5a3ce58a-3198-4cb8-9d51-44e5950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2285832b-78f6-4117-9264-a2645ccb9097",
|
|
"created": "2017-12-22T13:15:18.000Z",
|
|
"modified": "2017-12-22T13:15:18.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce3c3-34b4-4e1f-b238-4399950d210f",
|
|
"target_ref": "indicator--5a3ce6ae-98d8-4270-b88f-47f2950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3f0d6188-ad05-4288-bae6-f9bbe7164eb8",
|
|
"created": "2017-12-22T13:15:28.000Z",
|
|
"modified": "2017-12-22T13:15:28.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce3d4-07bc-4af3-90fc-4798950d210f",
|
|
"target_ref": "indicator--5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f4c92a8b-ccb9-4f9a-b2bb-8ba75ee79868",
|
|
"created": "2017-12-22T13:16:54.000Z",
|
|
"modified": "2017-12-22T13:16:54.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce3ea-580c-477c-9b73-4e57950d210f",
|
|
"target_ref": "indicator--5a3ce68d-1940-4ea6-becd-44fe950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cf2a064e-bd41-4b32-8d29-961d60ff34e8",
|
|
"created": "2017-12-22T13:07:24.000Z",
|
|
"modified": "2017-12-22T13:07:24.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce404-efc0-4f15-864e-55ea950d210f",
|
|
"target_ref": "indicator--5a3ce680-90d4-478d-95db-48a6950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--47463f48-7c21-4adc-bc13-aee8fb38fc6b",
|
|
"created": "2017-12-22T13:14:43.000Z",
|
|
"modified": "2017-12-22T13:14:43.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce417-7cd4-4c36-8a73-55ea950d210f",
|
|
"target_ref": "indicator--5a3ce66e-70b4-47e7-b965-46f6950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ba75b1e0-8fac-4afb-9ef3-5a307b9abc92",
|
|
"created": "2017-12-22T13:08:26.000Z",
|
|
"modified": "2017-12-22T13:08:26.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
|
|
"target_ref": "indicator--5a3ce60a-6db8-4212-b194-4339950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--475a78f7-c550-44c3-b86f-50b6035d8382",
|
|
"created": "2017-12-22T13:08:37.000Z",
|
|
"modified": "2017-12-22T13:08:37.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
|
|
"target_ref": "indicator--5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--53df75b4-d988-48b8-a45a-60804a8414c9",
|
|
"created": "2017-12-22T13:12:00.000Z",
|
|
"modified": "2017-12-22T13:12:00.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce43a-5478-4f65-95b2-4e1e950d210f",
|
|
"target_ref": "indicator--5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--aaae1b8b-50d4-406f-93a2-d15a1b7063bd",
|
|
"created": "2017-12-22T11:05:34.000Z",
|
|
"modified": "2017-12-22T11:05:34.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce44a-ce70-42b7-80b8-c328950d210f",
|
|
"target_ref": "indicator--5a3ce64e-8bf8-4dc6-be49-437f950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5265d432-1266-4380-9274-df50bf1195f9",
|
|
"created": "2017-12-22T11:05:53.000Z",
|
|
"modified": "2017-12-22T11:05:53.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce44a-ce70-42b7-80b8-c328950d210f",
|
|
"target_ref": "indicator--5a3ce65c-fc40-4585-817e-4ca3950d210f"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |