1721 lines
No EOL
70 KiB
JSON
1721 lines
No EOL
70 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--54651e3e-3934-4d34-9396-956a950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:47.000Z",
|
|
"modified": "2014-11-13T21:35:47.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--54651e3e-3934-4d34-9396-956a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:47.000Z",
|
|
"modified": "2014-11-13T21:35:47.000Z",
|
|
"name": "OSINT Korplug military targeted attacks: Afghanistan & Tajikistan blog post from ESET",
|
|
"published": "2016-02-22T14:38:51Z",
|
|
"object_refs": [
|
|
"observed-data--54651fd0-3988-45ca-8816-9a37950d210b",
|
|
"url--54651fd0-3988-45ca-8816-9a37950d210b",
|
|
"x-misp-attribute--54651fe0-6ad0-4955-ad1a-4960950d210b",
|
|
"x-misp-attribute--54652006-ed94-4a90-8907-9a22950d210b",
|
|
"x-misp-attribute--54652006-32ac-4819-abb7-9a22950d210b",
|
|
"indicator--5465202e-7418-4999-bb7e-4767950d210b",
|
|
"indicator--5465203b-92c4-46ea-bb24-9a39950d210b",
|
|
"indicator--546520b5-18ac-4f42-a306-956a950d210b",
|
|
"indicator--546520b5-659c-43c0-9b37-956a950d210b",
|
|
"indicator--546520c6-31a4-4603-9ec4-93c7950d210b",
|
|
"indicator--546520c7-0f04-463c-879c-93c7950d210b",
|
|
"x-misp-attribute--54652117-1e68-455f-b492-9a39950d210b",
|
|
"x-misp-attribute--54652117-f490-4062-9d03-9a39950d210b",
|
|
"x-misp-attribute--54652117-4e70-4163-a7bd-9a39950d210b",
|
|
"indicator--5465234c-0940-4a89-8115-d85b950d210b",
|
|
"indicator--5465234c-83f0-4e58-ad78-d85b950d210b",
|
|
"indicator--5465234c-0f44-4060-bba3-d85b950d210b",
|
|
"indicator--5465234c-5dd8-4054-a92e-d85b950d210b",
|
|
"indicator--5465234c-bc40-4ed7-983c-d85b950d210b",
|
|
"indicator--5465234c-46c4-48dd-9b2c-d85b950d210b",
|
|
"indicator--5465234c-c30c-4fd1-84ed-d85b950d210b",
|
|
"indicator--5465234c-57dc-44bf-9ed1-d85b950d210b",
|
|
"indicator--5465234c-001c-495c-b61c-d85b950d210b",
|
|
"vulnerability--54652382-8914-451f-b266-956a950d210b",
|
|
"vulnerability--54652382-58a0-48df-b92b-956a950d210b",
|
|
"indicator--546523c1-e814-42dd-aa3f-c0c0950d210b",
|
|
"indicator--546523c1-52d0-4d19-88d5-c0c0950d210b",
|
|
"indicator--546523c1-77cc-41e3-899b-c0c0950d210b",
|
|
"indicator--546523c1-0bf0-4d16-b80a-c0c0950d210b",
|
|
"indicator--546523c2-f568-45e6-914a-c0c0950d210b",
|
|
"indicator--546523c2-0038-4c87-98fb-c0c0950d210b",
|
|
"indicator--546523c2-6b20-4c51-a75a-c0c0950d210b",
|
|
"indicator--546523c2-acd0-4e34-877a-c0c0950d210b",
|
|
"indicator--546523c2-aebc-4b25-b287-c0c0950d210b",
|
|
"indicator--546523c2-0f80-462b-a405-c0c0950d210b",
|
|
"indicator--546523c2-4098-49d6-9d70-c0c0950d210b",
|
|
"indicator--546523c2-8fac-49e7-8751-c0c0950d210b",
|
|
"indicator--546523c2-e534-4aaa-bfbd-c0c0950d210b",
|
|
"indicator--546523c2-1e68-4f24-b7b8-c0c0950d210b",
|
|
"indicator--5465240a-ff00-4d83-877e-9a37950d210b",
|
|
"indicator--5465240b-f640-47a2-9f11-9a37950d210b",
|
|
"indicator--5465240b-1604-4b57-81ac-9a37950d210b",
|
|
"indicator--5465240b-3c64-4dbb-9adc-9a37950d210b",
|
|
"indicator--5465240b-d1e0-4bc2-8505-9a37950d210b",
|
|
"indicator--5465240b-3924-4b91-b38f-9a37950d210b",
|
|
"indicator--5465240b-d138-402c-ae8f-9a37950d210b",
|
|
"indicator--54652433-5664-4cae-ba8b-9a39950d210b",
|
|
"indicator--54652433-218c-4ba7-9fc0-9a39950d210b",
|
|
"indicator--54652433-d50c-4a22-96c2-9a39950d210b",
|
|
"indicator--54652433-0384-4c5e-95b6-9a39950d210b",
|
|
"indicator--54652434-8b2c-4d61-b247-9a39950d210b",
|
|
"indicator--54652434-1f48-484a-bf2a-9a39950d210b",
|
|
"indicator--54652434-95d0-4bc5-8232-9a39950d210b",
|
|
"indicator--54652434-91a4-40ac-bb34-9a39950d210b",
|
|
"indicator--54652434-dbb4-4417-9505-9a39950d210b",
|
|
"indicator--54652434-c010-43b5-8ff4-9a39950d210b",
|
|
"indicator--54652434-93d0-42fe-8bbe-9a39950d210b",
|
|
"indicator--56c64533-4454-42f6-bcbb-59a3950d210f",
|
|
"indicator--56c64535-5680-4596-8cec-59a2950d210f",
|
|
"indicator--56c64538-d5a4-494e-bd85-4a96950d210f",
|
|
"indicator--56c6453a-ab4c-49b9-bafc-599c950d210f",
|
|
"indicator--56c6453c-16fc-4833-b304-469e950d210f",
|
|
"indicator--56c6453f-b078-46b4-a427-59a0950d210f",
|
|
"indicator--56c64543-2df0-4f2a-ab13-59a0950d210f",
|
|
"indicator--56c64534-da74-4d4c-adb7-5ca1950d210f",
|
|
"indicator--56c64536-cbb0-42f1-9383-c653950d210f",
|
|
"indicator--56c64538-e3dc-4ff0-8208-c651950d210f",
|
|
"indicator--56c6453b-8654-4926-b86a-59a0950d210f",
|
|
"indicator--56c6453d-cb18-4837-976b-59a3950d210f",
|
|
"indicator--56c64540-35b8-40fe-972a-59a1950d210f",
|
|
"indicator--56c64544-bb7c-4291-ae52-c651950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--54651fd0-3988-45ca-8816-9a37950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:17:04.000Z",
|
|
"modified": "2014-11-13T21:17:04.000Z",
|
|
"first_observed": "2014-11-13T21:17:04Z",
|
|
"last_observed": "2014-11-13T21:17:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--54651fd0-3988-45ca-8816-9a37950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--54651fd0-3988-45ca-8816-9a37950d210b",
|
|
"value": "http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghanistan-tajikistan/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54651fe0-6ad0-4955-ad1a-4960950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:17:20.000Z",
|
|
"modified": "2014-11-13T21:17:20.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54652006-ed94-4a90-8907-9a22950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:17:58.000Z",
|
|
"modified": "2014-11-13T21:17:58.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Korplug"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54652006-32ac-4819-abb7-9a22950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:17:58.000Z",
|
|
"modified": "2014-11-13T21:17:58.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "PlugX"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465202e-7418-4999-bb7e-4767950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:18:38.000Z",
|
|
"modified": "2014-11-13T21:18:38.000Z",
|
|
"pattern": "[domain-name:value = 'www.notebookhk.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:18:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465203b-92c4-46ea-bb24-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:18:51.000Z",
|
|
"modified": "2014-11-13T21:18:51.000Z",
|
|
"pattern": "[domain-name:value = 'notebookhk.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:18:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546520b5-18ac-4f42-a306-956a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:20:53.000Z",
|
|
"modified": "2014-11-13T21:20:53.000Z",
|
|
"pattern": "[domain-name:value = 'www.dicemention.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:20:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546520b5-659c-43c0-9b37-956a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:20:53.000Z",
|
|
"modified": "2014-11-13T21:20:53.000Z",
|
|
"pattern": "[domain-name:value = 'www.abudlrasul.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:20:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546520c6-31a4-4603-9ec4-93c7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:21:10.000Z",
|
|
"modified": "2014-11-13T21:21:10.000Z",
|
|
"pattern": "[domain-name:value = 'dicemention.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:21:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546520c7-0f04-463c-879c-93c7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:21:11.000Z",
|
|
"modified": "2014-11-13T21:21:11.000Z",
|
|
"pattern": "[domain-name:value = 'abudlrasul.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:21:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54652117-1e68-455f-b492-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:22:31.000Z",
|
|
"modified": "2014-11-13T21:22:31.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_comment": "Registrant",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "stanlee@gmail.com"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54652117-f490-4062-9d03-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:22:31.000Z",
|
|
"modified": "2014-11-13T21:22:31.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_comment": "Registrant",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "123@123.com"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54652117-4e70-4163-a7bd-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:22:31.000Z",
|
|
"modified": "2014-11-13T21:22:31.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_comment": "Registrant",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "woffg89@yahoo.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465234c-0940-4a89-8115-d85b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:31:56.000Z",
|
|
"modified": "2014-11-13T21:31:56.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '36119221826d0290bc23371b55a8c0e6a84718dd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:31:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465234c-83f0-4e58-ad78-d85b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:31:56.000Z",
|
|
"modified": "2014-11-13T21:31:56.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'a6642bc9f3425f0ab93d462002456be231bb5646']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:31:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465234c-0f44-4060-bba3-d85b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:31:56.000Z",
|
|
"modified": "2014-11-13T21:31:56.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '51cdc273b5638e06906bcb700335e288807744b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:31:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465234c-5dd8-4054-a92e-d85b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:31:56.000Z",
|
|
"modified": "2014-11-13T21:31:56.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'ea6ee9eab546fb9f93b75dcb650af22a95486391']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:31:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465234c-bc40-4ed7-983c-d85b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:31:56.000Z",
|
|
"modified": "2014-11-13T21:31:56.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'd297dc7d29e42e8d37c951b0b11629051eebe9c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:31:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465234c-46c4-48dd-9b2c-d85b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:31:56.000Z",
|
|
"modified": "2014-11-13T21:31:56.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '8e5e19ebe719ebf7f8be4290931ffa173e658cb8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:31:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465234c-c30c-4fd1-84ed-d85b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:31:56.000Z",
|
|
"modified": "2014-11-13T21:31:56.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '1f726e94b90034e7abd148fe31eba08774d1506f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:31:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465234c-57dc-44bf-9ed1-d85b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:31:56.000Z",
|
|
"modified": "2014-11-13T21:31:56.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'a9c627aa09b8cc50a83ff2728a3978492aeb79d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:31:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465234c-001c-495c-b61c-d85b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:31:56.000Z",
|
|
"modified": "2014-11-13T21:31:56.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'e32081c56f39ea14dfd1e449c28219d264d80b2f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:31:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--54652382-8914-451f-b266-956a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:32:50.000Z",
|
|
"modified": "2014-11-13T21:32:50.000Z",
|
|
"name": "CVE-2012-0158",
|
|
"labels": [
|
|
"misp:type=\"vulnerability\"",
|
|
"misp:category=\"Payload delivery\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2012-0158"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--54652382-58a0-48df-b92b-956a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:32:50.000Z",
|
|
"modified": "2014-11-13T21:32:50.000Z",
|
|
"name": "CVE-2014-1761",
|
|
"labels": [
|
|
"misp:type=\"vulnerability\"",
|
|
"misp:category=\"Payload delivery\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2014-1761"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c1-e814-42dd-aa3f-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:53.000Z",
|
|
"modified": "2014-11-13T21:33:53.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = '5dfa79eb89b3a8ddbc55252bd330d04d285f9189']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c1-52d0-4d19-88d5-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:53.000Z",
|
|
"modified": "2014-11-13T21:33:53.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = '095550e3f0e5d24a59add9390e6e17120039355e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c1-77cc-41e3-899b-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:53.000Z",
|
|
"modified": "2014-11-13T21:33:53.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = '5d760403108bdcdce5c22403387e89edc2694860']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c1-0bf0-4d16-b80a-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:53.000Z",
|
|
"modified": "2014-11-13T21:33:53.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = '05bfe122f207df7806eb5e4ce69d3aec26d74190']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c2-f568-45e6-914a-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:54.000Z",
|
|
"modified": "2014-11-13T21:33:54.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = '548577598a670ffd7770f01b8c8eeff853c222c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c2-0038-4c87-98fb-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:54.000Z",
|
|
"modified": "2014-11-13T21:33:54.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = '530d26a9beedcced0c36c54c1bf3cda28d2b6e62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c2-6b20-4c51-a75a-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:54.000Z",
|
|
"modified": "2014-11-13T21:33:54.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = 'f6cb6db20aa8f17769095042790aeb60eecd58b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c2-acd0-4e34-877a-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:54.000Z",
|
|
"modified": "2014-11-13T21:33:54.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = 'ef17b7ec3111949cbdbdeb5e0e15bd2c6e90358f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c2-aebc-4b25-b287-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:54.000Z",
|
|
"modified": "2014-11-13T21:33:54.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = '17ca3bbddef164e6493f32c952002e34c55a74f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c2-0f80-462b-a405-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:54.000Z",
|
|
"modified": "2014-11-13T21:33:54.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = '973ea910ea3734e45fde304f20ab6cf067456551']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c2-4098-49d6-9d70-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:54.000Z",
|
|
"modified": "2014-11-13T21:33:54.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = '47d78fbfb2efc3ab9ddc653a0f03d560d972bf67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c2-8fac-49e7-8751-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:54.000Z",
|
|
"modified": "2014-11-13T21:33:54.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = '0b5a7e49987ef2c320864cf205b7048f7032300d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c2-e534-4aaa-bfbd-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:54.000Z",
|
|
"modified": "2014-11-13T21:33:54.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = 'e81e0f416752b336396294d24e639ae86d9c6baa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546523c2-1e68-4f24-b7b8-c0c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:33:54.000Z",
|
|
"modified": "2014-11-13T21:33:54.000Z",
|
|
"description": "Korplug",
|
|
"pattern": "[file:hashes.SHA1 = 'e930d3a2e6b2ffdc7052d7e18f51bd5a765bdb90']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:33:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465240a-ff00-4d83-877e-9a37950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:06.000Z",
|
|
"modified": "2014-11-13T21:35:06.000Z",
|
|
"description": "Alternative Malware #1",
|
|
"pattern": "[file:hashes.SHA1 = 'fdd41eb3cbb631f38ac415347e25926e3e3f09b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465240b-f640-47a2-9f11-9a37950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:07.000Z",
|
|
"modified": "2014-11-13T21:35:07.000Z",
|
|
"description": "Alternative Malware #1",
|
|
"pattern": "[file:hashes.SHA1 = '457f4ffa2fe1cacfea53f8f5ff72c3fa61939ccd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465240b-1604-4b57-81ac-9a37950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:07.000Z",
|
|
"modified": "2014-11-13T21:35:07.000Z",
|
|
"description": "Alternative Malware #1",
|
|
"pattern": "[file:hashes.SHA1 = '5b6d654eb16fc84a212acf7d5a05a8e8a642ce20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465240b-3c64-4dbb-9adc-9a37950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:07.000Z",
|
|
"modified": "2014-11-13T21:35:07.000Z",
|
|
"description": "Alternative Malware #1",
|
|
"pattern": "[file:hashes.SHA1 = '7d59b19bd56e1d2c742c39a2aba9ac34f6bc58d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465240b-d1e0-4bc2-8505-9a37950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:07.000Z",
|
|
"modified": "2014-11-13T21:35:07.000Z",
|
|
"description": "Alternative Malware #1",
|
|
"pattern": "[file:hashes.SHA1 = 'd7d130b8cc9bea51143f28820f08068521763494']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465240b-3924-4b91-b38f-9a37950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:07.000Z",
|
|
"modified": "2014-11-13T21:35:07.000Z",
|
|
"description": "Alternative Malware #1",
|
|
"pattern": "[file:hashes.SHA1 = '01b4b92d5839ecf3130f5c69652295fe4f2da0c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5465240b-d138-402c-ae8f-9a37950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:07.000Z",
|
|
"modified": "2014-11-13T21:35:07.000Z",
|
|
"description": "Alternative Malware #1",
|
|
"pattern": "[file:hashes.SHA1 = '02c38ec1c67098e1f6854d1125d3aed6268540de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652433-5664-4cae-ba8b-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:47.000Z",
|
|
"modified": "2014-11-13T21:35:47.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = '3a7fb6e819eec52111693219e604239bd25629e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652433-218c-4ba7-9fc0-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:47.000Z",
|
|
"modified": "2014-11-13T21:35:47.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = 'bf77d0ba7f3e60b45bd0801979b12bea703b227b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652433-d50c-4a22-96c2-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:47.000Z",
|
|
"modified": "2014-11-13T21:35:47.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = '55ef67afa2ec2f260b046a901868c48a76bc7b72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652433-0384-4c5e-95b6-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:47.000Z",
|
|
"modified": "2014-11-13T21:35:47.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = 'a29f64cd7b78e51d0c9fdfbdcbc57ced43a157b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652434-8b2c-4d61-b247-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:48.000Z",
|
|
"modified": "2014-11-13T21:35:48.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = '34754e8b410c9480e1adfb31a4aa72419056b622']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652434-1f48-484a-bf2a-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:48.000Z",
|
|
"modified": "2014-11-13T21:35:48.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = '17a2f18c9ccaaa714fd31be2de0bc62b2c310d8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652434-95d0-4bc5-8232-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:48.000Z",
|
|
"modified": "2014-11-13T21:35:48.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = '6d99acea8323b8797560f7284607db08eca616d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652434-91a4-40ac-bb34-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:48.000Z",
|
|
"modified": "2014-11-13T21:35:48.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = '1884a05409c7ef877e0e1aaaec6bb9d59e065d7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652434-dbb4-4417-9505-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:48.000Z",
|
|
"modified": "2014-11-13T21:35:48.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = '1fc6fb0d35dcd0517c82adaef1a85ffe2afab4ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652434-c010-43b5-8ff4-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:48.000Z",
|
|
"modified": "2014-11-13T21:35:48.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = '5860c99e5065a414c91f51b9e8b779d10f40adc4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54652434-93d0-42fe-8bbe-9a39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-13T21:35:48.000Z",
|
|
"modified": "2014-11-13T21:35:48.000Z",
|
|
"description": "Alternative Malware #2",
|
|
"pattern": "[file:hashes.SHA1 = '7950d5b57fa651ca6fa9180e39b6e8cc1e65b746']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-13T21:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c64533-4454-42f6-bcbb-59a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:26:59.000Z",
|
|
"modified": "2016-02-18T22:26:59.000Z",
|
|
"description": "Automatically added (via 973ea910ea3734e45fde304f20ab6cf067456551)",
|
|
"pattern": "[file:hashes.MD5 = 'b948c6616215ba79bc152e7eccc21044']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:26:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c64535-5680-4596-8cec-59a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:01.000Z",
|
|
"modified": "2016-02-18T22:27:01.000Z",
|
|
"description": "Automatically added (via fdd41eb3cbb631f38ac415347e25926e3e3f09b6)",
|
|
"pattern": "[file:hashes.MD5 = 'd4c0390698f5332cc6e0f3fe611d1d38']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c64538-d5a4-494e-bd85-4a96950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:04.000Z",
|
|
"modified": "2016-02-18T22:27:04.000Z",
|
|
"description": "Automatically added (via 5b6d654eb16fc84a212acf7d5a05a8e8a642ce20)",
|
|
"pattern": "[file:hashes.MD5 = '66c411a966f01575c0ab39f197638e73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6453a-ab4c-49b9-bafc-599c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:06.000Z",
|
|
"modified": "2016-02-18T22:27:06.000Z",
|
|
"description": "Automatically added (via 01b4b92d5839ecf3130f5c69652295fe4f2da0c5)",
|
|
"pattern": "[file:hashes.MD5 = '4c184b9f897999b4daa4fbe2b023292e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6453c-16fc-4833-b304-469e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:08.000Z",
|
|
"modified": "2016-02-18T22:27:08.000Z",
|
|
"description": "Automatically added (via 3a7fb6e819eec52111693219e604239bd25629e9)",
|
|
"pattern": "[file:hashes.MD5 = '18d7adcdade1942efd572ed5256a0d2e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6453f-b078-46b4-a427-59a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:11.000Z",
|
|
"modified": "2016-02-18T22:27:11.000Z",
|
|
"description": "Automatically added (via 5860c99e5065a414c91f51b9e8b779d10f40adc4)",
|
|
"pattern": "[file:hashes.MD5 = '6f6eeade8fac2509b677a33c5c6b2628']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c64543-2df0-4f2a-ab13-59a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:15.000Z",
|
|
"modified": "2016-02-18T22:27:15.000Z",
|
|
"description": "Automatically added (via e32081c56f39ea14dfd1e449c28219d264d80b2f)",
|
|
"pattern": "[file:hashes.MD5 = '273e3694afb362d836fdeafa03921a19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c64534-da74-4d4c-adb7-5ca1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:00.000Z",
|
|
"modified": "2016-02-18T22:27:00.000Z",
|
|
"description": "Automatically added (via 973ea910ea3734e45fde304f20ab6cf067456551)",
|
|
"pattern": "[file:hashes.SHA256 = 'baf81d98dcdd218ee1dd89610ec44cbfcc75667b11efb52987011b4f15202fb0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c64536-cbb0-42f1-9383-c653950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:02.000Z",
|
|
"modified": "2016-02-18T22:27:02.000Z",
|
|
"description": "Automatically added (via fdd41eb3cbb631f38ac415347e25926e3e3f09b6)",
|
|
"pattern": "[file:hashes.SHA256 = 'a623949b9624e1410fdb22e490d014cad175b98b758d786f50ed9edb2549607a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c64538-e3dc-4ff0-8208-c651950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:04.000Z",
|
|
"modified": "2016-02-18T22:27:04.000Z",
|
|
"description": "Automatically added (via 5b6d654eb16fc84a212acf7d5a05a8e8a642ce20)",
|
|
"pattern": "[file:hashes.SHA256 = '38fea14bf5c8c6cd82b8f46a83389f2eab28ca6c007e887e14e9c37f688df762']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6453b-8654-4926-b86a-59a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:07.000Z",
|
|
"modified": "2016-02-18T22:27:07.000Z",
|
|
"description": "Automatically added (via 01b4b92d5839ecf3130f5c69652295fe4f2da0c5)",
|
|
"pattern": "[file:hashes.SHA256 = '0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6453d-cb18-4837-976b-59a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:09.000Z",
|
|
"modified": "2016-02-18T22:27:09.000Z",
|
|
"description": "Automatically added (via 3a7fb6e819eec52111693219e604239bd25629e9)",
|
|
"pattern": "[file:hashes.SHA256 = '3c4d6ddfc047fccb21ae5e4294a195920bb35a21cf8cb795928c55d94233e7e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c64540-35b8-40fe-972a-59a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:12.000Z",
|
|
"modified": "2016-02-18T22:27:12.000Z",
|
|
"description": "Automatically added (via 5860c99e5065a414c91f51b9e8b779d10f40adc4)",
|
|
"pattern": "[file:hashes.SHA256 = 'd685fc5a95189c6cecfbdec160de75401161a959d8e98f00a75d3b89465ddd4e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c64544-bb7c-4291-ae52-c651950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:27:16.000Z",
|
|
"modified": "2016-02-18T22:27:16.000Z",
|
|
"description": "Automatically added (via e32081c56f39ea14dfd1e449c28219d264d80b2f)",
|
|
"pattern": "[file:hashes.SHA256 = '97ada78fe46d46d9d640b34c2d66bd55ff5c543d99efe951ec489de7d5b3de1c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:27:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:GREEN",
|
|
"definition": {
|
|
"tlp": "green"
|
|
}
|
|
}
|
|
]
|
|
} |