adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/54e590ba-cccc-46a6-87a3-3d1f950d210b.json

927 lines
No EOL
39 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--54e590ba-cccc-46a6-87a3-3d1f950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T08:53:32.000Z",
"modified": "2015-02-19T08:53:32.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--54e590ba-cccc-46a6-87a3-3d1f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T08:53:32.000Z",
"modified": "2015-02-19T08:53:32.000Z",
"name": "OSINT Babar: espionage software finally found and put under the microscope by gdata",
"published": "2016-02-22T14:41:43Z",
"object_refs": [
"observed-data--54e590d2-26d8-4e7f-846b-b1af950d210b",
"url--54e590d2-26d8-4e7f-846b-b1af950d210b",
"x-misp-attribute--54e590dd-a174-42ae-93cc-59b1950d210b",
"indicator--54e591a2-22e4-4267-bb0c-59b1950d210b",
"indicator--54e591a2-0f44-4be6-8702-59b1950d210b",
"indicator--54e591a2-68ac-4214-9571-59b1950d210b",
"indicator--54e591a2-4fb8-4bc1-a444-59b1950d210b",
"indicator--54e591c4-3af0-47ed-8a08-4040950d210b",
"indicator--54e591c4-24b4-48b2-a7b5-49f1950d210b",
"indicator--54e591e1-2ad0-47df-8902-b1af950d210b",
"indicator--54e591e1-0534-4347-bb35-b1af950d210b",
"indicator--54e59202-54ac-4382-adf8-3ec6950d210b",
"indicator--54e59202-9084-428f-945a-3ec6950d210b",
"x-misp-attribute--54e59216-83a8-42c5-9b4c-3d1f950d210b",
"x-misp-attribute--54e59216-86b8-457d-a0c5-3d1f950d210b",
"indicator--54e59237-3a7c-419e-af13-59b1950d210b",
"indicator--54e59250-78a8-4e0e-9f89-4ca0950d210b",
"x-misp-attribute--54e59279-7e7c-415f-82e6-b1af950d210b",
"x-misp-attribute--54e59286-b1b8-47d2-add0-ed35950d210b",
"x-misp-attribute--54e592a0-ed0c-4528-ae1e-3ec6950d210b",
"indicator--54e592f5-3dec-4d81-a380-435f950d210b",
"indicator--54e592f5-ebc0-4abb-baa2-4071950d210b",
"indicator--54e59343-c124-4ada-880a-4872950d210b",
"indicator--54e59343-45ac-4dbd-a123-4c80950d210b",
"indicator--54e59343-f520-4fe3-a2cb-4d3e950d210b",
"indicator--54e59343-3478-436a-90dd-433d950d210b",
"indicator--54e5a00e-26ac-4a0c-99ca-4b17950d210b",
"x-misp-attribute--54e5a46a-5cd4-4f32-b417-03a7950d210b",
"indicator--56c6554c-3788-4d50-aba6-c650950d210f",
"indicator--56c6554d-a40c-47f4-8b23-599d950d210f",
"indicator--56c6554f-4dc0-4434-89d0-c650950d210f",
"indicator--56c65551-91e0-4512-b931-5f51950d210f",
"indicator--56c65553-6740-46ff-8026-4b53950d210f",
"indicator--56c65554-b968-4704-9b03-599e950d210f",
"indicator--56c6554e-83c8-47a3-a52a-59a2950d210f",
"indicator--56c65550-3e74-4254-86b0-4db1950d210f",
"indicator--56c65552-ecc8-4e6d-8eba-59a1950d210f",
"indicator--56c65553-24d4-4860-a2ae-59a0950d210f",
"indicator--56c65555-dc5c-4066-9c9c-59a0950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54e590d2-26d8-4e7f-846b-b1af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:29:22.000Z",
"modified": "2015-02-19T07:29:22.000Z",
"first_observed": "2015-02-19T07:29:22Z",
"last_observed": "2015-02-19T07:29:22Z",
"number_observed": 1,
"object_refs": [
"url--54e590d2-26d8-4e7f-846b-b1af950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54e590d2-26d8-4e7f-846b-b1af950d210b",
"value": "https://blog.gdatasoftware.com/blog/article/babar-espionage-software-finally-found-and-put-under-the-microscope.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e590dd-a174-42ae-93cc-59b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:29:33.000Z",
"modified": "2015-02-19T07:29:33.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Babar"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e591a2-22e4-4267-bb0c-59b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:32:50.000Z",
"modified": "2015-02-19T07:32:50.000Z",
"description": "Evil Bunny",
"pattern": "[file:hashes.SHA256 = 'c6a182f410b4cda0665cd792f00177c56338018fbc31bb34e41b72f8195c20cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:32:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e591a2-0f44-4be6-8702-59b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:32:50.000Z",
"modified": "2015-02-19T07:32:50.000Z",
"description": "Evil Bunny",
"pattern": "[file:hashes.SHA256 = '7d1e5c4afb1682087d86e793b3fc5a8371dc7c28e27e7196e3b258934f6bafb5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:32:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e591a2-68ac-4214-9571-59b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:32:50.000Z",
"modified": "2015-02-19T07:32:50.000Z",
"description": "Evil Bunny",
"pattern": "[file:hashes.SHA256 = '7bfc135194d3e5b85cbe46ed1c6f5e21dbe8f62c0a3ef56245b2d6500fc3a618']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:32:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e591a2-4fb8-4bc1-a444-59b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:32:50.000Z",
"modified": "2015-02-19T07:32:50.000Z",
"description": "Evil Bunny",
"pattern": "[file:hashes.SHA256 = 'be14d781b85125a6074724964622ab05f89f41e6bacbda398bc7709d1d98a2ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:32:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e591c4-3af0-47ed-8a08-4040950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:33:24.000Z",
"modified": "2015-02-19T07:33:24.000Z",
"description": "Babar dropper",
"pattern": "[file:hashes.SHA256 = 'c72a055b677cd9e5e2b2dcbba520425d023d906e6ee609b79c643d9034938ebf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:33:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e591c4-24b4-48b2-a7b5-49f1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:33:24.000Z",
"modified": "2015-02-19T07:33:24.000Z",
"description": "Babar dropper",
"pattern": "[file:hashes.SHA256 = '82e6f9c10c7ba737f8c79deae4132b9ff82090ccd220eb3d3739365b5276c3c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:33:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e591e1-2ad0-47df-8902-b1af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:33:53.000Z",
"modified": "2015-02-19T07:33:53.000Z",
"description": "Babar payload",
"pattern": "[file:hashes.SHA256 = 'aa73634ca325022dd6daff2df30484ec9031939044cf4c2a004cbdb66108281d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:33:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e591e1-0534-4347-bb35-b1af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:33:53.000Z",
"modified": "2015-02-19T07:33:53.000Z",
"description": "Babar payload",
"pattern": "[file:hashes.SHA256 = '57437a675cae8e71ac33cd2e001ca7ef1b206b028f3c810e884223a0369d2f8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:33:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e59202-54ac-4382-adf8-3ec6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:34:26.000Z",
"modified": "2015-02-19T07:34:26.000Z",
"pattern": "[file:name = 'perf_585.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:34:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e59202-9084-428f-945a-3ec6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:34:26.000Z",
"modified": "2015-02-19T07:34:26.000Z",
"pattern": "[file:name = 'dump21cb.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:34:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e59216-83a8-42c5-9b4c-3d1f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:34:46.000Z",
"modified": "2015-02-19T07:34:46.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "text",
"x_misp_value": "%USERPROFILE%\\Desktop\\bunny 2.3.2\\Release\\Transporter2.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e59216-86b8-457d-a0c5-3d1f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:34:46.000Z",
"modified": "2015-02-19T07:34:46.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "text",
"x_misp_value": "%USERPROFILE%\\Desktop\\Babar64\\Babar64\\obj\\DllWrapper Release\\Release.pdb"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e59237-3a7c-419e-af13-59b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:35:19.000Z",
"modified": "2015-02-19T07:35:19.000Z",
"pattern": "[url:value = 'http://1.9.32.11/bunny/test.php?rec=nvista']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:35:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e59250-78a8-4e0e-9f89-4ca0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:35:44.000Z",
"modified": "2015-02-19T07:35:44.000Z",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'User-Agent: Mozilla/4.0 (compatible; MSI 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:35:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e59279-7e7c-415f-82e6-b1af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:36:25.000Z",
"modified": "2015-02-19T07:36:25.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "comment",
"x_misp_value": "The CSEC mentioned the locale option \u00e2\u20ac\u0153fr_FR\u00e2\u20ac\u009d during the spear-phishing attack."
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e59286-b1b8-47d2-add0-ed35950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:36:38.000Z",
"modified": "2015-02-19T07:36:38.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "comment",
"x_misp_value": "In the EvilBunny samples, during the HTTP queries to the command and control servers the Accept-Language parameter is set to \u00e2\u20ac\u0153fr\u00e2\u20ac\u009d."
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e592a0-ed0c-4528-ae1e-3ec6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:37:04.000Z",
"modified": "2015-02-19T07:37:04.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "comment",
"x_misp_value": "We found English mistakes in EvilBunny and Babar samples, such as this example from Babar: \r\n\r\n!!!EXTRACT ERROR!!!File Does Not Exists-->[%s]"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e592f5-3dec-4d81-a380-435f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:38:29.000Z",
"modified": "2015-02-19T07:38:29.000Z",
"pattern": "[file:hashes.SHA1 = 'efbe18eb8a66e4b6289a5c53f22254f76e3a29db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:38:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e592f5-ebc0-4abb-baa2-4071950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:38:29.000Z",
"modified": "2015-02-19T07:38:29.000Z",
"pattern": "[file:hashes.SHA1 = '5da5079754d975d5b04342abf9d60bd0bae181a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:38:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e59343-c124-4ada-880a-4872950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:39:47.000Z",
"modified": "2015-02-19T07:39:47.000Z",
"description": "Unclear if those are dedicated CnC or compromise legitimate websites.",
"pattern": "[domain-name:value = 'www.alexpetro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:39:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e59343-45ac-4dbd-a123-4c80950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:39:47.000Z",
"modified": "2015-02-19T07:39:47.000Z",
"description": "Unclear if those are dedicated CnC or compromise legitimate websites.",
"pattern": "[domain-name:value = 'www.etehadyie.ir']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:39:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e59343-f520-4fe3-a2cb-4d3e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:39:47.000Z",
"modified": "2015-02-19T07:39:47.000Z",
"description": "Unclear if those are dedicated CnC or compromise legitimate websites.",
"pattern": "[domain-name:value = 'www.horizons-tourisme.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:39:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e59343-3478-436a-90dd-433d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T07:39:47.000Z",
"modified": "2015-02-19T07:39:47.000Z",
"description": "Unclear if those are dedicated CnC or compromise legitimate websites.",
"pattern": "[domain-name:value = 'www.gezelimmi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T07:39:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e5a00e-26ac-4a0c-99ca-4b17950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T08:34:22.000Z",
"modified": "2015-02-19T08:34:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '1.9.32.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-19T08:34:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e5a46a-5cd4-4f32-b417-03a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-19T08:53:32.000Z",
"modified": "2015-02-19T08:53:32.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Data added here by Dav from Cthulhu Solutions sprl"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6554c-3788-4d50-aba6-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:40.000Z",
"modified": "2016-02-18T23:35:40.000Z",
"description": "Automatically added (via 5da5079754d975d5b04342abf9d60bd0bae181a0)",
"pattern": "[file:hashes.MD5 = '4582d9d2120fb9c80ef01e2135fa3515']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6554d-a40c-47f4-8b23-599d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:41.000Z",
"modified": "2016-02-18T23:35:41.000Z",
"description": "Automatically added (via aa73634ca325022dd6daff2df30484ec9031939044cf4c2a004cbdb66108281d)",
"pattern": "[file:hashes.MD5 = '4525141d9e6e7b5a7f4e8c3db3f0c24c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6554f-4dc0-4434-89d0-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:43.000Z",
"modified": "2016-02-18T23:35:43.000Z",
"description": "Automatically added (via c72a055b677cd9e5e2b2dcbba520425d023d906e6ee609b79c643d9034938ebf)",
"pattern": "[file:hashes.MD5 = '9fff114f15b86896d8d4978c0ad2813d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65551-91e0-4512-b931-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:45.000Z",
"modified": "2016-02-18T23:35:45.000Z",
"description": "Automatically added (via be14d781b85125a6074724964622ab05f89f41e6bacbda398bc7709d1d98a2ef)",
"pattern": "[file:hashes.MD5 = '3bbb59afdf9bda4ffdc644d9d51c53e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65553-6740-46ff-8026-4b53950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:47.000Z",
"modified": "2016-02-18T23:35:47.000Z",
"description": "Automatically added (via 7d1e5c4afb1682087d86e793b3fc5a8371dc7c28e27e7196e3b258934f6bafb5)",
"pattern": "[file:hashes.MD5 = 'b8ac16701c3c15b103e61b5a317692bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65554-b968-4704-9b03-599e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:48.000Z",
"modified": "2016-02-18T23:35:48.000Z",
"description": "Automatically added (via c6a182f410b4cda0665cd792f00177c56338018fbc31bb34e41b72f8195c20cc)",
"pattern": "[file:hashes.MD5 = 'c40e3ee23cf95d992b7cd0b7c01b8599']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6554e-83c8-47a3-a52a-59a2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:42.000Z",
"modified": "2016-02-18T23:35:42.000Z",
"description": "Automatically added (via aa73634ca325022dd6daff2df30484ec9031939044cf4c2a004cbdb66108281d)",
"pattern": "[file:hashes.SHA1 = 'efbe18eb8a66e4b6289a5c53f22254f76e3a29bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65550-3e74-4254-86b0-4db1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:44.000Z",
"modified": "2016-02-18T23:35:44.000Z",
"description": "Automatically added (via c72a055b677cd9e5e2b2dcbba520425d023d906e6ee609b79c643d9034938ebf)",
"pattern": "[file:hashes.SHA1 = '27a0a98053f3eed82a51cdefbdfec7bb948e1f36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65552-ecc8-4e6d-8eba-59a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:46.000Z",
"modified": "2016-02-18T23:35:46.000Z",
"description": "Automatically added (via be14d781b85125a6074724964622ab05f89f41e6bacbda398bc7709d1d98a2ef)",
"pattern": "[file:hashes.SHA1 = '1798985f4cc2398a482f2232e72e5817562530de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65553-24d4-4860-a2ae-59a0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:47.000Z",
"modified": "2016-02-18T23:35:47.000Z",
"description": "Automatically added (via 7d1e5c4afb1682087d86e793b3fc5a8371dc7c28e27e7196e3b258934f6bafb5)",
"pattern": "[file:hashes.SHA1 = 'a4226714f346c7844a9183e01961e7609d6fa241']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65555-dc5c-4066-9c9c-59a0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:35:49.000Z",
"modified": "2016-02-18T23:35:49.000Z",
"description": "Automatically added (via c6a182f410b4cda0665cd792f00177c56338018fbc31bb34e41b72f8195c20cc)",
"pattern": "[file:hashes.SHA1 = '1e8b4c374db03dcca026c5feba0a5c117f740233']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:35:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}
Reference in a new issue View git blame Copy permalink