644 lines
No EOL
26 KiB
JSON
644 lines
No EOL
26 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5500579e-e1b4-43fe-b7c5-73da950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T20:26:55.000Z",
|
|
"modified": "2017-06-22T20:26:55.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5500579e-e1b4-43fe-b7c5-73da950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T20:26:55.000Z",
|
|
"modified": "2017-06-22T20:26:55.000Z",
|
|
"name": "OSINT Backdoor.Win32.Equationdrug.A report by Telus",
|
|
"published": "2017-06-22T20:29:01Z",
|
|
"object_refs": [
|
|
"observed-data--550057b6-5448-42be-8d12-78ac950d210b",
|
|
"url--550057b6-5448-42be-8d12-78ac950d210b",
|
|
"indicator--550057cb-d4ec-49dc-af05-66d8950d210b",
|
|
"indicator--550057cb-04d4-466e-b522-66d8950d210b",
|
|
"indicator--550057cb-667c-4b34-9062-66d8950d210b",
|
|
"indicator--550057dd-bcdc-469d-87a2-b0e6950d210b",
|
|
"indicator--550057dd-ccf8-4241-9569-b0e6950d210b",
|
|
"indicator--550057dd-e1cc-412b-a961-b0e6950d210b",
|
|
"x-misp-attribute--55005815-743c-40a5-91ce-a62f950d210b",
|
|
"x-misp-attribute--55005815-0c10-4aa6-9901-a62f950d210b",
|
|
"x-misp-attribute--55005815-f5b0-488a-8f44-a62f950d210b",
|
|
"x-misp-attribute--55005815-5b74-4b5f-8eda-a62f950d210b",
|
|
"x-misp-attribute--55005815-bbc8-4a52-b652-a62f950d210b",
|
|
"x-misp-attribute--55005815-1198-438e-acbd-a62f950d210b",
|
|
"x-misp-attribute--55005815-b4f8-4575-bd92-a62f950d210b",
|
|
"x-misp-attribute--55005815-c87c-4ff5-965d-a62f950d210b",
|
|
"x-misp-attribute--55005815-e388-436f-98f6-a62f950d210b",
|
|
"x-misp-attribute--55005815-f5d8-457a-868a-a62f950d210b",
|
|
"x-misp-attribute--55005816-1e40-4a7a-878a-a62f950d210b",
|
|
"x-misp-attribute--55005816-8c14-4ffd-8bb9-a62f950d210b",
|
|
"x-misp-attribute--55005816-fa70-4133-9ec0-a62f950d210b",
|
|
"observed-data--55005861-315c-4a3c-b489-6d66950d210b",
|
|
"url--55005861-315c-4a3c-b489-6d66950d210b",
|
|
"observed-data--55005861-0cc0-4bc4-99fc-6d66950d210b",
|
|
"url--55005861-0cc0-4bc4-99fc-6d66950d210b",
|
|
"indicator--55005882-d8dc-47aa-b9d5-723f950d210b",
|
|
"indicator--55005895-b290-4c42-818e-66d8950d210b",
|
|
"x-misp-attribute--55005ede-ce48-4b86-a041-6d66950d210b",
|
|
"indicator--56c657b8-fdf8-4a90-a5ee-c654950d210f",
|
|
"indicator--56c657ba-18c8-4ee5-bcbf-599f950d210f",
|
|
"indicator--56c657ba-b680-4acd-a75c-5ca1950d210f",
|
|
"indicator--56c657bb-ed34-4fb5-a5f0-599d950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"misp-galaxy:tool=\"EquationDrug\"",
|
|
"misp-galaxy:threat-actor=\"Equation Group\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--550057b6-5448-42be-8d12-78ac950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:56:54.000Z",
|
|
"modified": "2015-03-11T14:56:54.000Z",
|
|
"first_observed": "2015-03-11T14:56:54Z",
|
|
"last_observed": "2015-03-11T14:56:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--550057b6-5448-42be-8d12-78ac950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--550057b6-5448-42be-8d12-78ac950d210b",
|
|
"value": "http://telussecuritylabs.com/threats/show/TSL20150219-06"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--550057cb-d4ec-49dc-af05-66d8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:57:15.000Z",
|
|
"modified": "2015-03-11T14:57:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4556ce5eb007af1de5bd3b457f0b216d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-03-11T14:57:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--550057cb-04d4-466e-b522-66d8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:57:15.000Z",
|
|
"modified": "2015-03-11T14:57:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5767b9d851d0c24e13eca1bfd16ea424']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-03-11T14:57:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--550057cb-667c-4b34-9062-66d8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:57:15.000Z",
|
|
"modified": "2015-03-11T14:57:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c4f8671c1f00dab30f5f88d684af1927']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-03-11T14:57:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--550057dd-bcdc-469d-87a2-b0e6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:57:33.000Z",
|
|
"modified": "2015-03-11T14:57:33.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '597715224249e9fb77dc733b2e4d507f0cc41af6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-03-11T14:57:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--550057dd-ccf8-4241-9569-b0e6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:57:33.000Z",
|
|
"modified": "2015-03-11T14:57:33.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '61fab1b8451275c7fd580895d9c68e152ff46417']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-03-11T14:57:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--550057dd-e1cc-412b-a961-b0e6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:57:33.000Z",
|
|
"modified": "2015-03-11T14:57:33.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'febc4f30786db7804008dc9bc1cebdc26993e240']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-03-11T14:57:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005815-743c-40a5-91ce-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "TROJAN.WIN32.EQUATIONDRUG.GEN"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005815-0c10-4aa6-9901-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "BACKDOOR-FKQ"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005815-f5b0-488a-8f44-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "TROJAN:WIN32/EQTONDRAG.A!DHA"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005815-5b74-4b5f-8eda-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "TROJ/EQDRUG-A"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005815-bbc8-4a52-b652-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "TROJAN.EQUDRUG"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005815-1198-438e-acbd-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "TROJ_DOTTUN.VTH"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005815-b4f8-4575-bd92-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "WIN-TROJAN/EQUATION.380928"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005815-c87c-4ff5-965d-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "TR/DLDR.DOTTUN.380928"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005815-e388-436f-98f6-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "TROJAN.WIN32.EQUATIONDRUG.AFQK"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005815-f5d8-457a-868a-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "TROJAN.EQUATIONDRUG.R4"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005816-1e40-4a7a-878a-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "TROJWARE.WIN32.EQUATIONDRUG.A"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005816-8c14-4ffd-8bb9-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "TROJAN.SIGGEN6.30429"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005816-fa70-4133-9ec0-a62f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:58:49.000Z",
|
|
"modified": "2015-03-11T14:58:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "WIN32/DOTTUN.AA"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55005861-315c-4a3c-b489-6d66950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:59:45.000Z",
|
|
"modified": "2015-03-11T14:59:45.000Z",
|
|
"first_observed": "2015-03-11T14:59:45Z",
|
|
"last_observed": "2015-03-11T14:59:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55005861-315c-4a3c-b489-6d66950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55005861-315c-4a3c-b489-6d66950d210b",
|
|
"value": "http://telussecuritylabs.com/threats/show/TSL20110614-01"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55005861-0cc0-4bc4-99fc-6d66950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T14:59:45.000Z",
|
|
"modified": "2015-03-11T14:59:45.000Z",
|
|
"first_observed": "2015-03-11T14:59:45Z",
|
|
"last_observed": "2015-03-11T14:59:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55005861-0cc0-4bc4-99fc-6d66950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55005861-0cc0-4bc4-99fc-6d66950d210b",
|
|
"value": "http://telussecuritylabs.com/threats/show/TSL20150217-05"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55005882-d8dc-47aa-b9d5-723f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T15:00:18.000Z",
|
|
"modified": "2015-03-11T15:00:18.000Z",
|
|
"description": "Trojan.Win32.Micstus.A",
|
|
"pattern": "[file:hashes.MD5 = '51e0a0fb96fa2f6f7ea1b53f656c1b1a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-03-11T15:00:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55005895-b290-4c42-818e-66d8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T15:00:37.000Z",
|
|
"modified": "2015-03-11T15:00:37.000Z",
|
|
"description": "Trojan.Win32.Micstus.A",
|
|
"pattern": "[file:hashes.SHA1 = '99fe38d1c06b31803120598232e20b650a0616a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-03-11T15:00:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55005ede-ce48-4b86-a041-6d66950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-03-11T15:27:26.000Z",
|
|
"modified": "2015-03-11T15:27:26.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Equation Group"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c657b8-fdf8-4a90-a5ee-c654950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T23:46:00.000Z",
|
|
"modified": "2016-02-18T23:46:00.000Z",
|
|
"description": "Automatically added (via 4556ce5eb007af1de5bd3b457f0b216d)",
|
|
"pattern": "[file:hashes.SHA256 = '1b0eb1a1591140175d1ac111a98c89472b196599baf13ef67ee7f63d0052b00e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T23:46:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c657ba-18c8-4ee5-bcbf-599f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T23:46:02.000Z",
|
|
"modified": "2016-02-18T23:46:02.000Z",
|
|
"description": "Automatically added (via 5767b9d851d0c24e13eca1bfd16ea424)",
|
|
"pattern": "[file:hashes.SHA256 = '9df733c565cf3c98878911af11ff17f8788c06e56466db6eaab81f8fa80344e4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T23:46:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c657ba-b680-4acd-a75c-5ca1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T23:46:02.000Z",
|
|
"modified": "2016-02-18T23:46:02.000Z",
|
|
"description": "Automatically added (via c4f8671c1f00dab30f5f88d684af1927)",
|
|
"pattern": "[file:hashes.SHA256 = '9f1b82e6c2e9760284c53c5377a054d6cfcb2bd5e36329e0f7c395aa02d79d0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T23:46:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c657bb-ed34-4fb5-a5f0-599d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T23:46:03.000Z",
|
|
"modified": "2016-02-18T23:46:03.000Z",
|
|
"description": "Automatically added (via 51e0a0fb96fa2f6f7ea1b53f656c1b1a)",
|
|
"pattern": "[file:hashes.SHA256 = '40930aee76cdc9fff5db261154ed42f74945c17ad6f15905762aa024508b861a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T23:46:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:GREEN",
|
|
"definition": {
|
|
"tlp": "green"
|
|
}
|
|
}
|
|
]
|
|
} |