misp-circl-feed/feeds/circl/misp/55a76999-52e4-45c0-ac44-2ce2950d210b.json

913 lines
No EOL
38 KiB
JSON

{
"type": "bundle",
"id": "bundle--55a76999-52e4-45c0-ac44-2ce2950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:46.000Z",
"modified": "2016-01-31T20:54:46.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--55a76999-52e4-45c0-ac44-2ce2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:46.000Z",
"modified": "2016-01-31T20:54:46.000Z",
"name": "OSINT An In-Depth Look at How Pawn Storm\u00e2\u20ac\u2122s Java Zero-Day Was Used by Trend Micro",
"published": "2015-07-23T11:27:11Z",
"object_refs": [
"observed-data--55a769b1-faf0-4553-b131-e4fd950d210b",
"url--55a769b1-faf0-4553-b131-e4fd950d210b",
"x-misp-attribute--55a769c5-83c8-41f9-a020-266f950d210b",
"x-misp-attribute--55a769c5-904c-44d3-a10e-266f950d210b",
"x-misp-attribute--55a769c5-3b70-40c6-8030-266f950d210b",
"x-misp-attribute--55a769c6-70cc-469e-bae4-266f950d210b",
"indicator--55a8cf34-5c94-40bf-9cfc-4301950d210b",
"observed-data--55a8cf34-29cc-480a-8bfd-43b9950d210b",
"url--55a8cf34-29cc-480a-8bfd-43b9950d210b",
"indicator--55a8cf34-0550-4b1f-b183-42ae950d210b",
"indicator--55a8cf35-add8-4854-b6c3-443b950d210b",
"indicator--55a8cf35-3b68-473a-8347-49c9950d210b",
"indicator--55a8cf35-e610-4d0b-b99a-44a5950d210b",
"indicator--55a8d02c-f300-4479-a2e9-1e08950d210b",
"indicator--55a8d02c-8f64-4dd0-a81e-1e08950d210b",
"indicator--55a8d02c-4300-4109-9e0d-1e08950d210b",
"indicator--55a8d02d-3cb4-424d-980f-1e08950d210b",
"indicator--55a8d02d-e680-47d6-ada7-1e08950d210b",
"indicator--55a8d02d-5a2c-49e1-bd33-1e08950d210b",
"indicator--55a8d02d-30f4-48a7-9ae8-1e08950d210b",
"indicator--55a8d02d-9718-48ec-8566-1e08950d210b",
"indicator--55a8d02d-b774-4483-bf97-1e08950d210b",
"indicator--55a8d02e-384c-4a0e-b776-1e08950d210b",
"indicator--55a8d02e-fa20-43d0-9a16-1e08950d210b",
"indicator--55a8d02e-71e4-484a-b446-1e08950d210b",
"indicator--55a8d02e-c688-4242-b2b6-1e08950d210b",
"indicator--55a8d02e-d3c4-41d0-adfe-1e08950d210b",
"x-misp-attribute--55a8d083-0df0-41d5-aaff-0a95950d210b",
"x-misp-attribute--55a8d083-889c-4378-8a87-0a95950d210b",
"x-misp-attribute--55a8d083-b298-4191-b334-0a95950d210b",
"indicator--56ae7496-ac98-437d-ba17-4bfa02de0b81",
"indicator--56ae7496-ab14-4ad0-a447-44be02de0b81",
"observed-data--56ae7497-80f0-4165-be41-49d402de0b81",
"url--56ae7497-80f0-4165-be41-49d402de0b81",
"indicator--56ae7497-8098-4ffc-b65e-47d302de0b81",
"indicator--56ae7497-5968-4028-ac90-4fb202de0b81",
"observed-data--56ae7498-0774-4bcb-ae08-492402de0b81",
"url--56ae7498-0774-4bcb-ae08-492402de0b81",
"indicator--56ae7498-5770-4232-9152-4a3102de0b81",
"indicator--56ae7498-cf28-4e29-81fb-47be02de0b81",
"observed-data--56ae7498-af00-40a5-9683-420102de0b81",
"url--56ae7498-af00-40a5-9683-420102de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55a769b1-faf0-4553-b131-e4fd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-16T08:22:09.000Z",
"modified": "2015-07-16T08:22:09.000Z",
"first_observed": "2015-07-16T08:22:09Z",
"last_observed": "2015-07-16T08:22:09Z",
"number_observed": 1,
"object_refs": [
"url--55a769b1-faf0-4553-b131-e4fd950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55a769b1-faf0-4553-b131-e4fd950d210b",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55a769c5-83c8-41f9-a020-266f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-16T08:22:29.000Z",
"modified": "2015-07-16T08:22:29.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "APT28"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55a769c5-904c-44d3-a10e-266f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-16T08:22:29.000Z",
"modified": "2015-07-16T08:22:29.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Pawn Storm"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55a769c5-3b70-40c6-8030-266f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-16T08:22:29.000Z",
"modified": "2015-07-16T08:22:29.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Sednit"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55a769c6-70cc-469e-bae4-266f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-16T08:22:30.000Z",
"modified": "2015-07-16T08:22:30.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Sofacy"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8cf34-5c94-40bf-9cfc-4301950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:47:32.000Z",
"modified": "2015-07-17T09:47:32.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA1 = '95dc765700f5af406883d07f165011d2ff8dd0fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:47:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55a8cf34-29cc-480a-8bfd-43b9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:48:13.000Z",
"modified": "2015-07-17T09:48:13.000Z",
"first_observed": "2015-07-17T09:48:13Z",
"last_observed": "2015-07-17T09:48:13Z",
"number_observed": 1,
"object_refs": [
"url--55a8cf34-29cc-480a-8bfd-43b9950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55a8cf34-29cc-480a-8bfd-43b9950d210b",
"value": "http://ausameetings.com/url?=[a-za-z0-9]{7}/2015annualmeeting/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8cf34-0550-4b1f-b183-42ae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:47:32.000Z",
"modified": "2015-07-17T09:47:32.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA1 = 'b4a515ef9de037f18d96b9b0e48271180f5725b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:47:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8cf35-add8-4854-b6c3-443b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:47:33.000Z",
"modified": "2015-07-17T09:47:33.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'vhgg5hkvn25.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:47:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8cf35-3b68-473a-8347-49c9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:47:33.000Z",
"modified": "2015-07-17T09:47:33.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.SHA1 = '21835aafe6d46840bb697e8b0d4aac06dec44f5b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:47:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8cf35-e610-4d0b-b99a-44a5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:47:33.000Z",
"modified": "2015-07-17T09:47:33.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'api-ms-win-downlevel-profile-l1-1-0.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:47:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02c-f300-4479-a2e9-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:40.000Z",
"modified": "2015-07-17T09:51:40.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'ausameetings.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02c-8f64-4dd0-a81e-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:40.000Z",
"modified": "2015-07-17T09:51:40.000Z",
"description": "Low precision",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.45.189']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02c-4300-4109-9e0d-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:40.000Z",
"modified": "2015-07-17T09:51:40.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.236.215.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02d-3cb4-424d-980f-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:41.000Z",
"modified": "2015-07-17T09:51:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'arrayreplace.class']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02d-e680-47d6-ada7-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:41.000Z",
"modified": "2015-07-17T09:51:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = 'App$PassHandleController.class']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02d-5a2c-49e1-bd33-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:41.000Z",
"modified": "2015-07-17T09:51:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'converter.class']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02d-30f4-48a7-9ae8-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:41.000Z",
"modified": "2015-07-17T09:51:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'mybytearrayinputstream.class']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02d-9718-48ec-8566-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:41.000Z",
"modified": "2015-07-17T09:51:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'none2.class']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02d-b774-4483-bf97-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:41.000Z",
"modified": "2015-07-17T09:51:41.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'none.class']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02e-384c-4a0e-b776-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:42.000Z",
"modified": "2015-07-17T09:51:42.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'cormac.mcr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02e-fa20-43d0-9a16-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:42.000Z",
"modified": "2015-07-17T09:51:42.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.111.146.185']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02e-71e4-484a-b446-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:51:42.000Z",
"modified": "2015-07-17T09:51:42.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.187.116.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:51:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02e-c688-4242-b2b6-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:52:02.000Z",
"modified": "2015-07-17T09:52:02.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'acledit.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:52:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55a8d02e-d3c4-41d0-adfe-1e08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:52:10.000Z",
"modified": "2015-07-17T09:52:10.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'biocpl.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-07-17T09:52:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55a8d083-0df0-41d5-aaff-0a95950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:53:07.000Z",
"modified": "2015-07-17T09:53:07.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "JAVA_DLOADR.EFD"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55a8d083-889c-4378-8a87-0a95950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:53:07.000Z",
"modified": "2015-07-17T09:53:07.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "TROJ_DROPPR.CXC"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55a8d083-b298-4191-b334-0a95950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-07-17T09:53:07.000Z",
"modified": "2015-07-17T09:53:07.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "TSPY_SEDNIT.C"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ae7496-ac98-437d-ba17-4bfa02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:46.000Z",
"modified": "2016-01-31T20:54:46.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 21835aafe6d46840bb697e8b0d4aac06dec44f5b",
"pattern": "[file:hashes.SHA256 = '3d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-31T20:54:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ae7496-ab14-4ad0-a447-44be02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:46.000Z",
"modified": "2016-01-31T20:54:46.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 21835aafe6d46840bb697e8b0d4aac06dec44f5b",
"pattern": "[file:hashes.MD5 = '211b7100fd799e9eaabeb13cfa446231']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-31T20:54:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ae7497-80f0-4165-be41-49d402de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:47.000Z",
"modified": "2016-01-31T20:54:47.000Z",
"first_observed": "2016-01-31T20:54:47Z",
"last_observed": "2016-01-31T20:54:47Z",
"number_observed": 1,
"object_refs": [
"url--56ae7497-80f0-4165-be41-49d402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ae7497-80f0-4165-be41-49d402de0b81",
"value": "https://www.virustotal.com/file/3d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8/analysis/1451306949/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ae7497-8098-4ffc-b65e-47d302de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:47.000Z",
"modified": "2016-01-31T20:54:47.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: b4a515ef9de037f18d96b9b0e48271180f5725b7",
"pattern": "[file:hashes.SHA256 = 'd93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-31T20:54:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ae7497-5968-4028-ac90-4fb202de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:47.000Z",
"modified": "2016-01-31T20:54:47.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: b4a515ef9de037f18d96b9b0e48271180f5725b7",
"pattern": "[file:hashes.MD5 = 'afe09fb5a2b97f9e119f70292092604e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-31T20:54:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ae7498-0774-4bcb-ae08-492402de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:48.000Z",
"modified": "2016-01-31T20:54:48.000Z",
"first_observed": "2016-01-31T20:54:48Z",
"last_observed": "2016-01-31T20:54:48Z",
"number_observed": 1,
"object_refs": [
"url--56ae7498-0774-4bcb-ae08-492402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ae7498-0774-4bcb-ae08-492402de0b81",
"value": "https://www.virustotal.com/file/d93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5/analysis/1449817909/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ae7498-5770-4232-9152-4a3102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:48.000Z",
"modified": "2016-01-31T20:54:48.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 95dc765700f5af406883d07f165011d2ff8dd0fb",
"pattern": "[file:hashes.SHA256 = '3f2d8744205b59f7bee5a8f13e6a15201f04663ce2c6f33b1684968778e44349']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-31T20:54:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ae7498-cf28-4e29-81fb-47be02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:48.000Z",
"modified": "2016-01-31T20:54:48.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 95dc765700f5af406883d07f165011d2ff8dd0fb",
"pattern": "[file:hashes.MD5 = '0c345969a5974e8b1ec6a5e23b2cf777']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-31T20:54:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ae7498-af00-40a5-9683-420102de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-01-31T20:54:48.000Z",
"modified": "2016-01-31T20:54:48.000Z",
"first_observed": "2016-01-31T20:54:48Z",
"last_observed": "2016-01-31T20:54:48Z",
"number_observed": 1,
"object_refs": [
"url--56ae7498-af00-40a5-9683-420102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ae7498-af00-40a5-9683-420102de0b81",
"value": "https://www.virustotal.com/file/3f2d8744205b59f7bee5a8f13e6a15201f04663ce2c6f33b1684968778e44349/analysis/1443100024/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}