misp-circl-feed/feeds/circl/misp/55014970-d82c-4b60-ba8e-0958950d210b.json

780 lines
No EOL
32 KiB
JSON

{
"type": "bundle",
"id": "bundle--55014970-d82c-4b60-ba8e-0958950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T09:10:31.000Z",
"modified": "2015-03-12T09:10:31.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--55014970-d82c-4b60-ba8e-0958950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T09:10:31.000Z",
"modified": "2015-03-12T09:10:31.000Z",
"name": "OSINT Hacking Team Reloaded? US-Based Ethiopian Journalists Again Targeted with Spyware by Citizen Lab",
"published": "2015-03-12T10:27:51Z",
"object_refs": [
"observed-data--5501497e-f5b4-4d6b-92bf-0ff5950d210b",
"url--5501497e-f5b4-4d6b-92bf-0ff5950d210b",
"x-misp-attribute--55014987-3a78-406d-aa41-9778950d210b",
"observed-data--55014abc-9460-4b8b-a820-42d2950d210b",
"email-message--55014abc-9460-4b8b-a820-42d2950d210b",
"file--55014abc-9460-4b8b-a820-42d2950d210b",
"indicator--55014ad9-d5b8-4fe7-bf8a-1c3d950d210b",
"indicator--55014ad9-e458-4f10-b3ac-1c3d950d210b",
"indicator--55014ad9-a528-4287-a16c-1c3d950d210b",
"indicator--55014af5-d320-4de2-b480-0958950d210b",
"indicator--55014af5-5ea8-43de-8acb-0958950d210b",
"indicator--55014af5-d6f4-4664-96ed-0958950d210b",
"x-misp-attribute--55014b5b-1f84-4f2c-be35-4822950d210b",
"x-misp-attribute--55014b8b-151c-42a3-a79f-0ff5950d210b",
"x-misp-attribute--55014b8b-d5dc-499f-9195-0ff5950d210b",
"indicator--55014bbd-ba10-4461-adaf-094a950d210b",
"indicator--55014bbd-ead8-48e6-bc6b-094a950d210b",
"indicator--55014c70-ccec-4df0-aef8-1c3d950d210b",
"indicator--55014c70-a0ec-449f-a810-1c3d950d210b",
"indicator--55014c8e-3628-4ee7-88df-0959950d210b",
"indicator--55014cb9-e1b0-4579-8dac-9778950d210b",
"indicator--55014cd5-a430-42d2-a64a-0958950d210b",
"indicator--55014ce9-1a58-4546-8f32-0ff5950d210b",
"indicator--55014d39-e548-4875-8c18-9778950d210b",
"indicator--55014d39-d250-462a-ac15-9778950d210b",
"indicator--55014d61-8b34-4970-879e-0958950d210b",
"indicator--55014d61-80e0-4a38-96f4-0958950d210b",
"indicator--55014d61-edf4-4c05-99e9-0958950d210b",
"indicator--55014d7e-02e4-48a2-9e51-9778950d210b",
"indicator--55014d7e-1624-4baf-8040-9778950d210b",
"indicator--55014d7e-7a88-4f1e-af39-9778950d210b",
"indicator--55014da1-60c4-4a27-8eba-2983950d210b",
"indicator--55014da1-c904-4a5f-8b8d-2983950d210b",
"indicator--55014da2-1340-4185-a32c-2983950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5501497e-f5b4-4d6b-92bf-0ff5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:08:30.000Z",
"modified": "2015-03-12T08:08:30.000Z",
"first_observed": "2015-03-12T08:08:30Z",
"last_observed": "2015-03-12T08:08:30Z",
"number_observed": 1,
"object_refs": [
"url--5501497e-f5b4-4d6b-92bf-0ff5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5501497e-f5b4-4d6b-92bf-0ff5950d210b",
"value": "https://citizenlab.org/2015/03/hacking-team-reloaded-us-based-ethiopian-journalists-targeted-spyware/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55014987-3a78-406d-aa41-9778950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:08:39.000Z",
"modified": "2015-03-12T08:08:39.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Hacking Team"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55014abc-9460-4b8b-a820-42d2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:13:48.000Z",
"modified": "2015-03-12T08:13:48.000Z",
"first_observed": "2015-03-12T08:13:48Z",
"last_observed": "2015-03-12T08:13:48Z",
"number_observed": 1,
"object_refs": [
"email-message--55014abc-9460-4b8b-a820-42d2950d210b",
"file--55014abc-9460-4b8b-a820-42d2950d210b"
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--55014abc-9460-4b8b-a820-42d2950d210b",
"is_multipart": true,
"body_multipart": [
{
"body_raw_ref": "file--55014abc-9460-4b8b-a820-42d2950d210b",
"content_disposition": "attachment; filename='u121Du122Du132B 2007.doc'"
}
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--55014abc-9460-4b8b-a820-42d2950d210b",
"name": "u121Du122Du132B 2007.doc"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014ad9-d5b8-4fe7-bf8a-1c3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:14:17.000Z",
"modified": "2015-03-12T08:14:17.000Z",
"pattern": "[file:hashes.SHA256 = 'b2683b3a214cda3f741fe5ff0850e69420d94174852a194ce9fc5f0db05c1633']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:14:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014ad9-e458-4f10-b3ac-1c3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:14:17.000Z",
"modified": "2015-03-12T08:14:17.000Z",
"pattern": "[file:hashes.SHA1 = '03ae6619c2e6dc93d1d3cd218db337aa797b480a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:14:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014ad9-a528-4287-a16c-1c3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:14:17.000Z",
"modified": "2015-03-12T08:14:17.000Z",
"pattern": "[file:hashes.MD5 = '91961aad912dc790943a1cb23b6e8297']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:14:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014af5-d320-4de2-b480-0958950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:14:45.000Z",
"modified": "2015-03-12T08:14:45.000Z",
"pattern": "[file:hashes.SHA256 = '5509462906e832350ea48f37e2e399669214c90b18023c94949036b254f7a681']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014af5-5ea8-43de-8acb-0958950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:14:45.000Z",
"modified": "2015-03-12T08:14:45.000Z",
"pattern": "[file:hashes.SHA1 = 'f9bebcc72bf7bb51e3e3cbd002bf7f8eea398f2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014af5-d6f4-4664-96ed-0958950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:14:45.000Z",
"modified": "2015-03-12T08:14:45.000Z",
"pattern": "[file:hashes.MD5 = 'f6a793a177447e3cab4108a707db65cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55014b5b-1f84-4f2c-be35-4822950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:16:27.000Z",
"modified": "2015-03-12T08:16:27.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "The payload is signed by the following code signing certificate:\r\n\r\nSerial Number: 4fc13d6220c629043a26f81b1cad72d8\r\n\r\nIssuer\r\nCN = Certum Level III CA\r\nOU = Certum Certification Authority\r\nO = Unizeto Technologies S.A.\r\nC = PL\r\n\r\nSubject\r\nE = meicunge@gmail.com\r\nCN = Open Source Developer, meicun ge\r\nO = Meicun Ge\r\nC = CN"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55014b8b-151c-42a3-a79f-0ff5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:17:15.000Z",
"modified": "2015-03-12T08:17:15.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Code signing certificate subject email",
"x_misp_type": "text",
"x_misp_value": "meicunge@gmail.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55014b8b-d5dc-499f-9195-0ff5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:17:33.000Z",
"modified": "2015-03-12T08:17:33.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Code signing certificate serial number",
"x_misp_type": "text",
"x_misp_value": "4fc13d6220c629043a26f81b1cad72d8"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014bbd-ba10-4461-adaf-094a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:18:05.000Z",
"modified": "2015-03-12T08:18:05.000Z",
"description": "Samples on VT signed with same certificate",
"pattern": "[file:hashes.SHA256 = 'e5cc130dbea95c78cf88807852fad7dcca3a1d6bd7ec86488b6157ba3451a0c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:18:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014bbd-ead8-48e6-bc6b-094a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:18:05.000Z",
"modified": "2015-03-12T08:18:05.000Z",
"description": "Samples on VT signed with same certificate",
"pattern": "[file:hashes.SHA256 = '299f1f25c268d814a85b37fb36e83b891b094baee95c8b739c04b5c134db84c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:18:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014c70-ccec-4df0-aef8-1c3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:21:04.000Z",
"modified": "2015-03-12T08:21:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.74.178.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:21:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014c70-a0ec-449f-a810-1c3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:21:04.000Z",
"modified": "2015-03-12T08:21:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.74.178.203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:21:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014c8e-3628-4ee7-88df-0959950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:21:34.000Z",
"modified": "2015-03-12T08:21:34.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.4.69.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:21:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014cb9-e1b0-4579-8dac-9778950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:22:17.000Z",
"modified": "2015-03-12T08:22:17.000Z",
"pattern": "[email-message:from_ref.value = 'fretar19@yahoo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:22:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014cd5-a430-42d2-a64a-0958950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:22:45.000Z",
"modified": "2015-03-12T08:22:45.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.156.68.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:22:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014ce9-1a58-4546-8f32-0ff5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:23:05.000Z",
"modified": "2015-03-12T08:23:05.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.118.233.250']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014d39-e548-4875-8c18-9778950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:24:25.000Z",
"modified": "2015-03-12T08:24:25.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'Seminar Anti G7 Movement.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:24:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014d39-d250-462a-ac15-9778950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:24:25.000Z",
"modified": "2015-03-12T08:24:25.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'Please save our dad from execution.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:24:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014d61-8b34-4970-879e-0958950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:25:05.000Z",
"modified": "2015-03-12T08:25:05.000Z",
"pattern": "[file:hashes.SHA256 = '47f9a2daa161eeb0f7c88af92d3b346ee140ffbb0c310d0e6fbc7c91d42faace']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014d61-80e0-4a38-96f4-0958950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:25:05.000Z",
"modified": "2015-03-12T08:25:05.000Z",
"pattern": "[file:hashes.SHA1 = 'b39dcf93c88d202a582ab4a589cacae3e5d6650c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014d61-edf4-4c05-99e9-0958950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:25:05.000Z",
"modified": "2015-03-12T08:25:05.000Z",
"pattern": "[file:hashes.MD5 = '4faeaed1065815e40bc7c4d9b943f439']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014d7e-02e4-48a2-9e51-9778950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:25:34.000Z",
"modified": "2015-03-12T08:25:34.000Z",
"pattern": "[file:hashes.SHA256 = 'af6137a1fe785cc865ea5ba2310cb81b4c6996f224dda2425d0c5b6995983e3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:25:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014d7e-1624-4baf-8040-9778950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:25:34.000Z",
"modified": "2015-03-12T08:25:34.000Z",
"pattern": "[file:hashes.SHA1 = '519bb2b2c3d0c7e67be735c4d384d832fcc89d67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:25:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014d7e-7a88-4f1e-af39-9778950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:25:34.000Z",
"modified": "2015-03-12T08:25:34.000Z",
"pattern": "[file:hashes.MD5 = '3a7ef9a8c216bcdbbfecef934196d9c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:25:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014da1-60c4-4a27-8eba-2983950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:26:09.000Z",
"modified": "2015-03-12T08:26:09.000Z",
"pattern": "[file:hashes.SHA256 = '84f87c6d85211fe7c7f7fb1321e7f4db917bc6a7f2e51b7a8357fb4351b5a58d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:26:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014da1-c904-4a5f-8b8d-2983950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:26:09.000Z",
"modified": "2015-03-12T08:26:09.000Z",
"pattern": "[file:hashes.SHA1 = '669246636ec6e3422a81ee2cb77c78c8420f9006']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:26:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014da2-1340-4185-a32c-2983950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:26:10.000Z",
"modified": "2015-03-12T08:26:10.000Z",
"pattern": "[file:hashes.MD5 = 'b7f54924450ae0675ce67c5edad1f243']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:26:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}