misp-circl-feed/feeds/circl/misp/5b0598ec-97ac-4456-9246-dcdb0acd0835.json

2247 lines
No EOL
91 KiB
JSON

{
"type": "bundle",
"id": "bundle--5b0598ec-97ac-4456-9246-dcdb0acd0835",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T19:35:59.000Z",
"modified": "2018-05-23T19:35:59.000Z",
"name": "Synovus Financial",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b0598ec-97ac-4456-9246-dcdb0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T19:35:59.000Z",
"modified": "2018-05-23T19:35:59.000Z",
"name": "Talos Blog: VPNFilter",
"published": "2019-05-07T08:22:20Z",
"object_refs": [
"indicator--5b059a7d-a3e0-4d18-a7fe-b8400acd0835",
"indicator--5b059a7d-1974-4a65-b03c-e0b50acd0835",
"indicator--5b059a7d-0b64-42db-a129-dbf60acd0835",
"indicator--5b059a7d-f178-4202-86cf-fb970acd0835",
"indicator--5b059a7d-5ad0-4008-8ae8-ce320acd0835",
"indicator--5b059a7d-4a20-47ac-b50a-ecde0acd0835",
"indicator--5b059a7d-81bc-4322-b2c7-04370acd0835",
"indicator--5b059a7f-c824-4320-a8a6-085b0acd0835",
"indicator--5b059a7f-d374-412e-9380-085a0acd0835",
"indicator--5b059a80-3624-47c5-9527-08d20acd0835",
"indicator--5b059a80-5060-4284-bc21-08d10acd0835",
"indicator--5b059a81-fa30-4539-8c5f-095f0acd0835",
"indicator--5b059a81-6d98-4ec6-9560-09610acd0835",
"indicator--5b059a81-6dfc-49b8-90be-095d0acd0835",
"indicator--5b059a81-6d98-49ac-9b95-09630acd0835",
"indicator--5b059a81-6e60-44a1-814b-095e0acd0835",
"indicator--5b059a82-4d68-4ef7-b896-0a990acd0835",
"indicator--5b059a82-7dd0-419a-b375-0aa00acd0835",
"indicator--5b059a82-ebf4-4907-970c-0aa70acd0835",
"indicator--5b059a82-a558-4725-8498-0a9a0acd0835",
"indicator--5b059a82-92b8-469e-8156-0a980acd0835",
"indicator--5b059a82-20e4-4bb7-9818-0aa50acd0835",
"indicator--5b059a82-6be0-4ba5-896b-0a9e0acd0835",
"indicator--5b059a82-85c0-4e16-9e4d-0a9f0acd0835",
"indicator--5b059a82-458c-4317-9ac7-0aa80acd0835",
"observed-data--5b059abb-af74-4f75-bf51-0aa00acd0835",
"x509-certificate--5b059abb-af74-4f75-bf51-0aa00acd0835",
"observed-data--5b059abb-3038-4637-a319-0aa00acd0835",
"x509-certificate--5b059abb-3038-4637-a319-0aa00acd0835",
"observed-data--5b059abb-8f64-4625-a3ed-0aa00acd0835",
"x509-certificate--5b059abb-8f64-4625-a3ed-0aa00acd0835",
"observed-data--5b059abb-d4c8-41ed-ab2d-0aa00acd0835",
"x509-certificate--5b059abb-d4c8-41ed-ab2d-0aa00acd0835",
"observed-data--5b059abb-01f4-4734-a5a2-0aa00acd0835",
"x509-certificate--5b059abb-01f4-4734-a5a2-0aa00acd0835",
"observed-data--5b059abb-3ec0-4ac8-a8b6-0aa00acd0835",
"x509-certificate--5b059abb-3ec0-4ac8-a8b6-0aa00acd0835",
"observed-data--5b059abb-6994-433a-bc16-0aa00acd0835",
"x509-certificate--5b059abb-6994-433a-bc16-0aa00acd0835",
"observed-data--5b059abb-df04-424a-831b-0aa00acd0835",
"x509-certificate--5b059abb-df04-424a-831b-0aa00acd0835",
"observed-data--5b059abb-06b8-4eea-9ef5-0aa00acd0835",
"x509-certificate--5b059abb-06b8-4eea-9ef5-0aa00acd0835",
"observed-data--5b059abb-2bb0-4fe2-abdb-0aa00acd0835",
"x509-certificate--5b059abb-2bb0-4fe2-abdb-0aa00acd0835",
"observed-data--5b059abb-63cc-4cf3-8f1e-0aa00acd0835",
"x509-certificate--5b059abb-63cc-4cf3-8f1e-0aa00acd0835",
"observed-data--5b059abb-9990-4e08-bf61-0aa00acd0835",
"x509-certificate--5b059abb-9990-4e08-bf61-0aa00acd0835",
"observed-data--5b059abb-baa0-4df2-9da5-0aa00acd0835",
"x509-certificate--5b059abb-baa0-4df2-9da5-0aa00acd0835",
"observed-data--5b059abb-ec7c-4959-9548-0aa00acd0835",
"x509-certificate--5b059abb-ec7c-4959-9548-0aa00acd0835",
"observed-data--5b059b06-76c8-42ef-a695-0ce50acd0835",
"url--5b059b06-76c8-42ef-a695-0ce50acd0835",
"observed-data--5b059b42-1798-4ab9-92df-0d3005dc1b25",
"file--5b059b42-1798-4ab9-92df-0d3005dc1b25",
"observed-data--5b059b43-3ca8-4c94-a835-0d3005dc1b25",
"file--5b059b43-3ca8-4c94-a835-0d3005dc1b25",
"observed-data--5b059b46-3d9c-458f-80bb-0d3005dc1b25",
"file--5b059b46-3d9c-458f-80bb-0d3005dc1b25",
"observed-data--5b059b4a-bde0-4a4f-acae-0d3005dc1b25",
"file--5b059b4a-bde0-4a4f-acae-0d3005dc1b25",
"observed-data--5b059b4d-cb7c-4a49-b039-0d3005dc1b25",
"file--5b059b4d-cb7c-4a49-b039-0d3005dc1b25",
"observed-data--5b059b51-6b8c-4566-ad05-0d3005dc1b25",
"file--5b059b51-6b8c-4566-ad05-0d3005dc1b25",
"observed-data--5b059b54-8974-4c23-a736-0d3005dc1b25",
"file--5b059b54-8974-4c23-a736-0d3005dc1b25",
"observed-data--5b059b58-5a9c-4784-b358-0d3005dc1b25",
"file--5b059b58-5a9c-4784-b358-0d3005dc1b25",
"observed-data--5b059b5b-7ba4-4371-8e6a-0d3005dc1b25",
"file--5b059b5b-7ba4-4371-8e6a-0d3005dc1b25",
"observed-data--5b059b5b-46ec-4e86-8e00-0d3005dc1b25",
"file--5b059b5b-46ec-4e86-8e00-0d3005dc1b25",
"indicator--5b059b5e-3da8-4fc2-8da7-08d20acd0835",
"observed-data--5b059b5f-d4d0-4640-8fd0-0d3005dc1b25",
"file--5b059b5f-d4d0-4640-8fd0-0d3005dc1b25",
"observed-data--5b059b63-af28-4bbc-bb18-0d3005dc1b25",
"file--5b059b63-af28-4bbc-bb18-0d3005dc1b25",
"observed-data--5b059b67-4818-4075-a163-0d3005dc1b25",
"file--5b059b67-4818-4075-a163-0d3005dc1b25",
"observed-data--5b059b6a-b2c4-43a8-80d0-0d3005dc1b25",
"file--5b059b6a-b2c4-43a8-80d0-0d3005dc1b25",
"indicator--5b059b81-1950-4d6a-a03e-0aa30acd0835",
"indicator--5b059b81-5cbc-44f0-8aa5-0aa30acd0835",
"indicator--5b059b81-fc3c-4407-b68c-0aa30acd0835",
"indicator--5b059b82-4d84-4afe-9c9b-0aa30acd0835",
"indicator--5b059b82-4b90-4e10-8744-0aa30acd0835",
"indicator--5b059b82-843c-47bc-bc1e-0aa30acd0835",
"indicator--5b059b82-cf94-4cab-8abc-0aa30acd0835",
"indicator--5b059b82-ce54-4359-8228-0aa30acd0835",
"indicator--5b059b82-5f9c-4949-b910-0aa30acd0835",
"indicator--5b059b82-baa0-4804-a02c-0aa30acd0835",
"indicator--5b059b82-e848-4bb6-a465-0aa30acd0835",
"indicator--5b059b82-85e4-48be-b33d-0aa30acd0835",
"indicator--5b059b82-c03c-4400-983a-0aa30acd0835",
"indicator--5b059e0e-9e7c-4f4a-a1a3-0aa30acd0835",
"indicator--5b059e0e-8b0c-486a-b473-0aa30acd0835",
"indicator--5b059e84-0dec-4d5e-b31c-0f810acd0835",
"indicator--5b059e84-b6f0-4a60-8d6e-0f810acd0835",
"indicator--5b059e84-3408-4d9c-94d6-0f810acd0835",
"indicator--5b059e84-5850-4b83-a6e6-0f810acd0835",
"indicator--5b059e84-1d48-43aa-ae5b-0f810acd0835",
"indicator--5b059e84-4ed8-4713-809f-0f810acd0835",
"indicator--5b059e84-17b8-4674-bbb7-0f810acd0835",
"indicator--5b059e84-d8c8-43a8-8069-0f810acd0835",
"indicator--5b059eb4-c45c-4cd3-8de0-0f810acd0835",
"indicator--5b059eb4-f058-450a-b54f-0f810acd0835"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a7d-a3e0-4d18-a7fe-b8400acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:46.000Z",
"modified": "2018-05-23T16:44:46.000Z",
"description": "Stage 1",
"pattern": "[file:hashes.SHA256 = '0e0094d9bd396a6594da8e21911a3982cd737b445f591581560d766755097d92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a7d-1974-4a65-b03c-e0b50acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:46.000Z",
"modified": "2018-05-23T16:44:46.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.SHA256 = '8a20dc9538d639623878a3d3d18d88da8b635ea52e5e2d0c2cce4a8c5a703db1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a7d-0b64-42db-a129-dbf60acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:46.000Z",
"modified": "2018-05-23T16:44:46.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.SHA256 = '9683b04123d7e9fe4c8c26c69b09c2233f7e1440f828837422ce330040782d17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a7d-f178-4202-86cf-fb970acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:46.000Z",
"modified": "2018-05-23T16:44:46.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.SHA256 = '37e29b0ea7a9b97597385a12f525e13c3a7d02ba4161a6946f2a7d978cc045b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a7d-5ad0-4008-8ae8-ce320acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:46.000Z",
"modified": "2018-05-23T16:44:46.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.SHA256 = 'd6097e942dd0fdc1fb28ec1814780e6ecc169ec6d24f9954e71954eedbc4c70e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a7d-4a20-47ac-b50a-ecde0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:54:38.000Z",
"modified": "2018-05-23T16:54:38.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/saragray1/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:54:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a7d-81bc-4322-b2c7-04370acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:54:41.000Z",
"modified": "2018-05-23T16:54:41.000Z",
"description": "Stage 2",
"pattern": "[url:value = 'http://zuh3vcyskd4gipkm.onion/bin32/update.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:54:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a7f-c824-4320-a8a6-085b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:54:43.000Z",
"modified": "2018-05-23T16:54:43.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/bob7301/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:54:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a7f-d374-412e-9380-085a0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:47.000Z",
"modified": "2018-05-23T16:44:47.000Z",
"description": "Stage 1",
"pattern": "[file:hashes.SHA256 = '50ac4fcd3fbc8abcaa766449841b3a0a684b3e217fc40935f1ac22c34c58a9ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a80-3624-47c5-9527-08d20acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:54:46.000Z",
"modified": "2018-05-23T16:54:46.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/nikkireed11/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:54:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a80-5060-4284-bc21-08d10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:48.000Z",
"modified": "2018-05-23T16:44:48.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.SHA256 = '4b03288e9e44d214426a02327223b5e516b1ea29ce72fa25a2fcef9aa65c4b0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a81-fa30-4539-8c5f-095f0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:54:50.000Z",
"modified": "2018-05-23T16:54:50.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/monicabelci4/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:54:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a81-6d98-4ec6-9560-09610acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:49.000Z",
"modified": "2018-05-23T16:44:49.000Z",
"description": "Stage 3, plugins",
"pattern": "[file:hashes.SHA256 = 'f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a81-6dfc-49b8-90be-095d0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:54:53.000Z",
"modified": "2018-05-23T16:54:53.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/amandaseyfried1/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:54:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a81-6d98-49ac-9b95-09630acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:49.000Z",
"modified": "2018-05-23T16:44:49.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.SHA256 = '776cb9a7a9f5afbaffdd4dbd052c6420030b2c7c3058c1455e0a79df0e6f7a1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a81-6e60-44a1-814b-095e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:49.000Z",
"modified": "2018-05-23T16:44:49.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.SHA256 = '9eb6c779dbad1b717caa462d8e040852759436ed79cc2172692339bc62432387']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a82-4d68-4ef7-b896-0a990acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:54:55.000Z",
"modified": "2018-05-23T16:54:55.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/eva_green1/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:54:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a82-7dd0-419a-b375-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:54:57.000Z",
"modified": "2018-05-23T16:54:57.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/jeniferaniston1/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:54:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a82-ebf4-4907-970c-0aa70acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:50.000Z",
"modified": "2018-05-23T16:44:50.000Z",
"description": "Stage 3, plugins",
"pattern": "[file:hashes.SHA256 = 'afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a82-a558-4725-8498-0a9a0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:55:01.000Z",
"modified": "2018-05-23T16:55:01.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/suwe8/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:55:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a82-92b8-469e-8156-0a980acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:55:04.000Z",
"modified": "2018-05-23T16:55:04.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/millerfred/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:55:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a82-20e4-4bb7-9818-0aa50acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:55:06.000Z",
"modified": "2018-05-23T16:55:06.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/kmila302/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:55:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a82-6be0-4ba5-896b-0a9e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:55:08.000Z",
"modified": "2018-05-23T16:55:08.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/katyperry45/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:55:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a82-85c0-4e16-9e4d-0a9f0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:44:50.000Z",
"modified": "2018-05-23T16:44:50.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.SHA256 = '0649fda8888d701eb2f91e6e0a05a2e2be714f564497c44a3813082ef8ff250b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:44:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059a82-458c-4317-9ac7-0aa80acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:55:11.000Z",
"modified": "2018-05-23T16:55:11.000Z",
"description": "Stage 1, downloads picture",
"pattern": "[url:value = 'http://photobucket.com/user/lisabraun87/library']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:55:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-af74-4f75-bf51-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-af74-4f75-bf51-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-af74-4f75-bf51-0aa00acd0835",
"hashes": {
"SHA-256": "d113ce61ab1e4bfcb32fb3c53bd3cdeee81108d02d3886f6e2286e0b6a006747"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-3038-4637-a319-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-3038-4637-a319-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-3038-4637-a319-0aa00acd0835",
"hashes": {
"SHA-256": "c52b3901a26df1680acbfb9e6184b321f0b22dd6c4bb107e5e071553d375c851"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-8f64-4625-a3ed-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-8f64-4625-a3ed-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-8f64-4625-a3ed-0aa00acd0835",
"hashes": {
"SHA-256": "f372ebe8277b78d50c5600d0e2af3fe29b1e04b5435a7149f04edd165743c16d"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-d4c8-41ed-ab2d-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-d4c8-41ed-ab2d-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-d4c8-41ed-ab2d-0aa00acd0835",
"hashes": {
"SHA-256": "be4715b029cbd3f8e2f37bc525005b2cb9cad977117a26fac94339a721e3f2a5"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-01f4-4734-a5a2-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-01f4-4734-a5a2-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-01f4-4734-a5a2-0aa00acd0835",
"hashes": {
"SHA-256": "27af4b890db1a611d0054d5d4a7d9a36c9f52dffeb67a053be9ea03a495a9302"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-3ec0-4ac8-a8b6-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-3ec0-4ac8-a8b6-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-3ec0-4ac8-a8b6-0aa00acd0835",
"hashes": {
"SHA-256": "fb47ba27dceea486aab7a0f8ec5674332ca1f6af962a1724df89d658d470348f"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-6994-433a-bc16-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-6994-433a-bc16-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-6994-433a-bc16-0aa00acd0835",
"hashes": {
"SHA-256": "b25336c2dd388459dec37fa8d0467cf2ac3c81a272176128338a2c1d7c083c78"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-df04-424a-831b-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-df04-424a-831b-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-df04-424a-831b-0aa00acd0835",
"hashes": {
"SHA-256": "cd75d3a70e3218688bdd23a0f618add964603736f7c899265b1d8386b9902526"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-06b8-4eea-9ef5-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-06b8-4eea-9ef5-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-06b8-4eea-9ef5-0aa00acd0835",
"hashes": {
"SHA-256": "110da84f31e7868ad741bcb0d9f7771a0bb39c44785055e6da0ecc393598adc8"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-2bb0-4fe2-abdb-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-2bb0-4fe2-abdb-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-2bb0-4fe2-abdb-0aa00acd0835",
"hashes": {
"SHA-256": "909cf80d3ef4c52abc95d286df8d218462739889b6be4762a1d2fac1adb2ec2b"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-63cc-4cf3-8f1e-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-63cc-4cf3-8f1e-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-63cc-4cf3-8f1e-0aa00acd0835",
"hashes": {
"SHA-256": "044bfa11ea91b5559f7502c3a504b19ee3c555e95907a98508825b4aa56294e4"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-9990-4e08-bf61-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:45:47.000Z",
"modified": "2018-05-23T16:45:47.000Z",
"first_observed": "2018-05-23T16:45:47Z",
"last_observed": "2018-05-23T16:45:47Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-9990-4e08-bf61-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-9990-4e08-bf61-0aa00acd0835",
"hashes": {
"SHA-256": "c0f8bde03df3dec6e43b327378777ebc35d9ea8cfe39628f79f20b1c40c1b412"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-baa0-4df2-9da5-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-baa0-4df2-9da5-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-baa0-4df2-9da5-0aa00acd0835",
"hashes": {
"SHA-256": "8f1d0cd5dd6585c3d5d478e18a85e7109c8a88489c46987621e01d21fab5095d"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059abb-ec7c-4959-9548-0aa00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--5b059abb-ec7c-4959-9548-0aa00acd0835"
],
"labels": [
"misp:type=\"x509-fingerprint-sha256\"",
"misp:category=\"Attribution\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--5b059abb-ec7c-4959-9548-0aa00acd0835",
"hashes": {
"SHA-256": "d5dec646c957305d91303a1d7931b30e7fb2f38d54a1102e14fd7a4b9f6e0806"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b06-76c8-42ef-a695-0ce50acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:47:26.000Z",
"modified": "2018-05-23T16:47:26.000Z",
"first_observed": "2018-05-23T16:47:26Z",
"last_observed": "2018-05-23T16:47:26Z",
"number_observed": 1,
"object_refs": [
"url--5b059b06-76c8-42ef-a695-0ce50acd0835"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b059b06-76c8-42ef-a695-0ce50acd0835",
"value": "https://blog.talosintelligence.com/2018/05/VPNFilter.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b42-1798-4ab9-92df-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:02.000Z",
"modified": "2018-05-23T16:48:02.000Z",
"first_observed": "2018-05-23T16:48:02Z",
"last_observed": "2018-05-23T16:48:02Z",
"number_observed": 1,
"object_refs": [
"file--5b059b42-1798-4ab9-92df-0d3005dc1b25"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b42-1798-4ab9-92df-0d3005dc1b25",
"name": "%USERPROFILE%\\Documents\\qsync.php"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b43-3ca8-4c94-a835-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:03.000Z",
"modified": "2018-05-23T16:48:03.000Z",
"first_observed": "2018-05-23T16:48:03Z",
"last_observed": "2018-05-23T16:48:03Z",
"number_observed": 1,
"object_refs": [
"file--5b059b43-3ca8-4c94-a835-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b43-3ca8-4c94-a835-0d3005dc1b25",
"hashes": {
"SSDEEP": "6144:gPgrKJ+zIIglQIU1BILPTQGEk9pmnhdTnfdkV8Ww+BthUeX2ut:gPkSAoQIUILwkwTy8Wye9"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b46-3d9c-458f-80bb-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:06.000Z",
"modified": "2018-05-23T16:48:06.000Z",
"first_observed": "2018-05-23T16:48:06Z",
"last_observed": "2018-05-23T16:48:06Z",
"number_observed": 1,
"object_refs": [
"file--5b059b46-3d9c-458f-80bb-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b46-3d9c-458f-80bb-0d3005dc1b25",
"hashes": {
"SSDEEP": "6144:BLXXE5rpmlrk7dHlG+wQ+GEfNB/ORZy+Om7BC:dU5rpkw7i+Z6fNBiC"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b4a-bde0-4a4f-acae-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:10.000Z",
"modified": "2018-05-23T16:48:10.000Z",
"first_observed": "2018-05-23T16:48:10Z",
"last_observed": "2018-05-23T16:48:10Z",
"number_observed": 1,
"object_refs": [
"file--5b059b4a-bde0-4a4f-acae-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b4a-bde0-4a4f-acae-0d3005dc1b25",
"hashes": {
"SSDEEP": "6144:cmbS6GCJukDhQnhcOsKMglGEZVHTMKc+Mkf7su:csS6zJuoOnMKMQZVYBu"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b4d-cb7c-4a49-b039-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:13.000Z",
"modified": "2018-05-23T16:48:13.000Z",
"first_observed": "2018-05-23T16:48:13Z",
"last_observed": "2018-05-23T16:48:13Z",
"number_observed": 1,
"object_refs": [
"file--5b059b4d-cb7c-4a49-b039-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b4d-cb7c-4a49-b039-0d3005dc1b25",
"hashes": {
"SSDEEP": "6144:+9GiuTGkBPoiJhaalRXd6Rv0XXvpPJ7tkISJZM9PJetlXSImnb:62T/oiHRXU8bCZM9X9b"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b51-6b8c-4566-ad05-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:17.000Z",
"modified": "2018-05-23T16:48:17.000Z",
"first_observed": "2018-05-23T16:48:17Z",
"last_observed": "2018-05-23T16:48:17Z",
"number_observed": 1,
"object_refs": [
"file--5b059b51-6b8c-4566-ad05-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b51-6b8c-4566-ad05-0d3005dc1b25",
"hashes": {
"SSDEEP": "6144:aCwworoTxC3REpYGACnkEBWkTGEmRqCTGqmpc47qa:ax7olCBEanCpWKmRbha"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b54-8974-4c23-a736-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:20.000Z",
"modified": "2018-05-23T16:48:20.000Z",
"first_observed": "2018-05-23T16:48:20Z",
"last_observed": "2018-05-23T16:48:20Z",
"number_observed": 1,
"object_refs": [
"file--5b059b54-8974-4c23-a736-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b54-8974-4c23-a736-0d3005dc1b25",
"hashes": {
"SSDEEP": "6144:9QkvS9EWCxns8zTwJWIck9NpU6zT3C+rkoyoa3y0c2TLCAVrSj2+9Ea:89EhLkdfLQXoaE2TOAV2Rt"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b58-5a9c-4784-b358-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:24.000Z",
"modified": "2018-05-23T16:48:24.000Z",
"first_observed": "2018-05-23T16:48:24Z",
"last_observed": "2018-05-23T16:48:24Z",
"number_observed": 1,
"object_refs": [
"file--5b059b58-5a9c-4784-b358-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b58-5a9c-4784-b358-0d3005dc1b25",
"hashes": {
"SSDEEP": "6144:baJi/5AF4DV6+aCOGi8eaFa63MNQmII5ktPLh:ba0RFaB6jyktd"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b5b-7ba4-4371-8e6a-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:27.000Z",
"modified": "2018-05-23T16:48:27.000Z",
"first_observed": "2018-05-23T16:48:27Z",
"last_observed": "2018-05-23T16:48:27Z",
"number_observed": 1,
"object_refs": [
"file--5b059b5b-7ba4-4371-8e6a-0d3005dc1b25"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b5b-7ba4-4371-8e6a-0d3005dc1b25",
"name": "vpnfilterm_ps"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b5b-46ec-4e86-8e00-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:27.000Z",
"modified": "2018-05-23T16:48:27.000Z",
"first_observed": "2018-05-23T16:48:27Z",
"last_observed": "2018-05-23T16:48:27Z",
"number_observed": 1,
"object_refs": [
"file--5b059b5b-46ec-4e86-8e00-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b5b-46ec-4e86-8e00-0d3005dc1b25",
"hashes": {
"SSDEEP": "384:MEoMAy/GRMYA0V/e3mAbCy5wjwl3eX02wcLieJIh/PyVMItRwMeZz+zr1gBePaI9:MEQeFYX0/cLhIJPyVMKfe0fYIT9"
}
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b5e-3da8-4fc2-8da7-08d20acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:55:27.000Z",
"modified": "2018-05-23T16:55:27.000Z",
"description": "Stage 1 if Photobucket Fails",
"pattern": "[domain-name:value = 'toknowall.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:55:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b5f-d4d0-4640-8fd0-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:31.000Z",
"modified": "2018-05-23T16:48:31.000Z",
"first_observed": "2018-05-23T16:48:31Z",
"last_observed": "2018-05-23T16:48:31Z",
"number_observed": 1,
"object_refs": [
"file--5b059b5f-d4d0-4640-8fd0-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b5f-d4d0-4640-8fd0-0d3005dc1b25",
"hashes": {
"SSDEEP": "6144:muz6HAcALFnJ6A1HtguhY2xwaSV58bDSXBteLq:mo+vG17UE0BtB"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b63-af28-4bbc-bb18-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:35.000Z",
"modified": "2018-05-23T16:48:35.000Z",
"first_observed": "2018-05-23T16:48:35Z",
"last_observed": "2018-05-23T16:48:35Z",
"number_observed": 1,
"object_refs": [
"file--5b059b63-af28-4bbc-bb18-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b63-af28-4bbc-bb18-0d3005dc1b25",
"hashes": {
"SSDEEP": "6144:uZXfvVijz85XiCcYuty8f0trKy1AUiJh8SWMJvEKKvk1Dc3F/FkZX97U:uXiwXi9tnfHv7tK81ugY"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b67-4818-4075-a163-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:39.000Z",
"modified": "2018-05-23T16:48:39.000Z",
"first_observed": "2018-05-23T16:48:39Z",
"last_observed": "2018-05-23T16:48:39Z",
"number_observed": 1,
"object_refs": [
"file--5b059b67-4818-4075-a163-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b67-4818-4075-a163-0d3005dc1b25",
"hashes": {
"SSDEEP": "98304:ZUKUXKMOzkGNCPCEQi0EADYT9Bci7A5HqPwy/pfmITeaysckQj:tUXK6CBVlDYMf5HqPwyhuITTy"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b059b6a-b2c4-43a8-80d0-0d3005dc1b25",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:48:42.000Z",
"modified": "2018-05-23T16:48:42.000Z",
"first_observed": "2018-05-23T16:48:42Z",
"last_observed": "2018-05-23T16:48:42Z",
"number_observed": 1,
"object_refs": [
"file--5b059b6a-b2c4-43a8-80d0-0d3005dc1b25"
],
"labels": [
"misp:type=\"ssdeep\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b059b6a-b2c4-43a8-80d0-0d3005dc1b25",
"hashes": {
"SSDEEP": "6144:hlyC+z6zIitnujMMYNyCSyza7csDZmA/x2LwB7jvXHiY1:DCzgIiwMJ2DQux2L6Pr1"
}
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b81-1950-4d6a-a03e-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:05.000Z",
"modified": "2018-05-23T16:49:05.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.121.109.209']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b81-5cbc-44f0-8aa5-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:05.000Z",
"modified": "2018-05-23T16:49:05.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.202.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b81-fc3c-4407-b68c-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:05.000Z",
"modified": "2018-05-23T16:49:05.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.242.222.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b82-4d84-4afe-9c9b-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:06.000Z",
"modified": "2018-05-23T16:49:06.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.118.242.124']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b82-4b90-4e10-8744-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:06.000Z",
"modified": "2018-05-23T16:49:06.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.151.209.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b82-843c-47bc-bc1e-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:06.000Z",
"modified": "2018-05-23T16:49:06.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.79.179.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b82-cf94-4cab-8abc-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:06.000Z",
"modified": "2018-05-23T16:49:06.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.203.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b82-ce54-4359-8228-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:06.000Z",
"modified": "2018-05-23T16:49:06.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.198.231']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b82-5f9c-4949-b910-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:06.000Z",
"modified": "2018-05-23T16:49:06.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.180.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b82-baa0-4804-a02c-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:06.000Z",
"modified": "2018-05-23T16:49:06.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.149.250.54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b82-e848-4bb6-a465-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:06.000Z",
"modified": "2018-05-23T16:49:06.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.200.13.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b82-85e4-48be-b33d-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:06.000Z",
"modified": "2018-05-23T16:49:06.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.185.80.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059b82-c03c-4400-983a-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:49:06.000Z",
"modified": "2018-05-23T16:49:06.000Z",
"description": "Stage 2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.210.180.229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:49:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059e0e-9e7c-4f4a-a1a3-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:59:58.000Z",
"modified": "2018-05-23T16:59:58.000Z",
"description": "Stage 1",
"pattern": "[file:hashes.MD5 = '45871bad3a9b4594fc3de39e4b5930ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:59:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059e0e-8b0c-486a-b473-0aa30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T16:59:58.000Z",
"modified": "2018-05-23T16:59:58.000Z",
"description": "Stage 1",
"pattern": "[file:hashes.MD5 = '5f358afee76f2a74b1a3443c6012b27b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T16:59:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059e84-0dec-4d5e-b31c-0f810acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T17:01:56.000Z",
"modified": "2018-05-23T17:01:56.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.MD5 = '4912aad5e79c78bc143e71633df9c17b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T17:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059e84-b6f0-4a60-8d6e-0f810acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T17:01:56.000Z",
"modified": "2018-05-23T17:01:56.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.MD5 = '87049e223dd922dc1d8180c83e2fde77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T17:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059e84-3408-4d9c-94d6-0f810acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T17:01:56.000Z",
"modified": "2018-05-23T17:01:56.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.MD5 = '17e5e5c25eef807a08f02b8e435dda30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T17:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059e84-5850-4b83-a6e6-0f810acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T17:01:56.000Z",
"modified": "2018-05-23T17:01:56.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.MD5 = '42d891bcdee9588f8ed5d27456896a5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T17:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059e84-1d48-43aa-ae5b-0f810acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T17:01:56.000Z",
"modified": "2018-05-23T17:01:56.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.MD5 = '19dd8b95fcca498582642f5a0b2fc58b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T17:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059e84-4ed8-4713-809f-0f810acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T17:01:56.000Z",
"modified": "2018-05-23T17:01:56.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.MD5 = '8e74e36ba104389aa6dc4d4429bcf0cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T17:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059e84-17b8-4674-bbb7-0f810acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T17:01:56.000Z",
"modified": "2018-05-23T17:01:56.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.MD5 = '92d47495c92d8c5dba107163df2bb212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T17:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059e84-d8c8-43a8-8069-0f810acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T17:01:56.000Z",
"modified": "2018-05-23T17:01:56.000Z",
"description": "Stage 2",
"pattern": "[file:hashes.MD5 = '93ff367439becebd9d71c3e12041c95e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T17:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059eb4-c45c-4cd3-8de0-0f810acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T17:02:44.000Z",
"modified": "2018-05-23T17:02:44.000Z",
"description": "Stage 3 Plugins",
"pattern": "[file:hashes.MD5 = '97444b5209278ed611e6a94076e814c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T17:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b059eb4-f058-450a-b54f-0f810acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-23T17:02:44.000Z",
"modified": "2018-05-23T17:02:44.000Z",
"description": "Stage 3 Plugins",
"pattern": "[file:hashes.MD5 = 'b5dc976043db9b42c9f6fa889205c68a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-23T17:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}