adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/55473e1b-e828-4fe9-ba30-dd1b950d210b.json

1848 lines
No EOL
74 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--55473e1b-e828-4fe9-ba30-dd1b950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:46:08.000Z",
"modified": "2015-05-04T09:46:08.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--55473e1b-e828-4fe9-ba30-dd1b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:46:08.000Z",
"modified": "2015-05-04T09:46:08.000Z",
"name": "OSINT Dalexis/CTB-Locker malspam campaign by SANS Internet Storm Center",
"published": "2015-05-04T12:38:34Z",
"object_refs": [
"observed-data--55473e28-9758-4548-a2e8-dd36950d210b",
"url--55473e28-9758-4548-a2e8-dd36950d210b",
"x-misp-attribute--55473e8c-b778-4465-bc47-4e7f950d210b",
"x-misp-attribute--55473e8c-05bc-4de4-b271-432f950d210b",
"observed-data--55473eba-6368-4f39-ab0a-40cb950d210b",
"url--55473eba-6368-4f39-ab0a-40cb950d210b",
"observed-data--55473eba-65e8-4bbb-b986-4d66950d210b",
"url--55473eba-65e8-4bbb-b986-4d66950d210b",
"observed-data--55473ebb-06dc-4738-9dff-4a52950d210b",
"url--55473ebb-06dc-4738-9dff-4a52950d210b",
"observed-data--55473ebb-8b04-4a74-9f89-4f61950d210b",
"url--55473ebb-8b04-4a74-9f89-4f61950d210b",
"indicator--55473ef3-983c-4cc0-80b5-ced1950d210b",
"indicator--55473ef3-4c14-48b5-a203-ced1950d210b",
"indicator--55473ef4-b074-4e67-9216-ced1950d210b",
"indicator--55473ef4-ee00-4cf7-88f4-ced1950d210b",
"indicator--55473ef4-b068-4793-9801-ced1950d210b",
"indicator--55473ef4-47d8-4705-b461-ced1950d210b",
"indicator--55473ef4-8d6c-4b13-9824-ced1950d210b",
"indicator--55473f24-bb08-434a-a470-4086950d210b",
"indicator--55473f24-14f0-4914-a834-4593950d210b",
"indicator--55473f24-2f90-4e5d-8212-48dc950d210b",
"indicator--55473f24-6b7c-46e6-8b6a-4b05950d210b",
"indicator--55473f24-b8a4-4ea0-a5a4-46ae950d210b",
"indicator--55473f24-7d2c-4083-9914-4723950d210b",
"indicator--55473f24-8b30-4e89-b079-434a950d210b",
"indicator--55473f24-d9bc-46a5-b590-4e7c950d210b",
"indicator--55473f25-8c94-427d-a239-4a4f950d210b",
"indicator--55473f9c-cdf0-48ef-a72e-42a0950d210b",
"indicator--55473f9c-23f0-473b-82e9-4ccf950d210b",
"indicator--55473f9c-3494-4232-b25c-4b45950d210b",
"indicator--55473f9d-90b8-416f-9ee2-4145950d210b",
"indicator--55473f9d-618c-4572-b9bf-4da8950d210b",
"indicator--55473f9d-d724-4b83-9952-4301950d210b",
"indicator--55473f9d-ac3c-43e8-8277-4d20950d210b",
"indicator--55473f9d-02e4-48d8-a743-4614950d210b",
"indicator--55473f9d-ac4c-4eaf-b76d-4e7e950d210b",
"indicator--55473f9d-ef9c-4187-b836-48c6950d210b",
"indicator--55473f9d-28e8-42a7-8c23-4761950d210b",
"indicator--55473f9e-eec0-4c6f-80c5-4926950d210b",
"indicator--55473f9e-9bd8-4c1b-ae0b-48aa950d210b",
"indicator--55473f9e-938c-421c-9951-48a3950d210b",
"indicator--55473f9e-d96c-4296-9fa1-460f950d210b",
"indicator--55473f9e-5154-4338-82df-44f9950d210b",
"indicator--55473f9e-ccd0-4d12-996a-4d5b950d210b",
"indicator--55473f9e-e53c-4c6e-9eec-435e950d210b",
"indicator--55473f9e-b9ec-4108-aaaa-40e2950d210b",
"indicator--55473f9e-be68-4e68-b576-4841950d210b",
"indicator--55473f9f-8ad4-499d-ac7f-4bc3950d210b",
"indicator--55473f9f-3d38-47a3-ad33-4a70950d210b",
"indicator--55473f9f-c5bc-4ca0-96ac-45bf950d210b",
"indicator--55473f9f-05a8-4d12-880c-4a61950d210b",
"indicator--55473fac-2268-46c8-a5b2-ce99950d210b",
"indicator--55473fac-9c24-424d-8b06-ce99950d210b",
"indicator--55473fac-00b8-4fd2-a9e1-ce99950d210b",
"indicator--55473fac-2988-4a90-94bf-ce99950d210b",
"indicator--55473fac-6e14-44d4-aea4-ce99950d210b",
"indicator--55473fad-3be0-4231-a30e-ce99950d210b",
"indicator--55473fad-2d68-4b6d-95ae-ce99950d210b",
"indicator--55473fad-3fc8-48cc-b267-ce99950d210b",
"indicator--55473fad-2e4c-431f-aaa8-ce99950d210b",
"indicator--55473fad-52c8-48a2-8171-ce99950d210b",
"indicator--55473fad-7e44-4180-a5be-ce99950d210b",
"indicator--55473fad-8894-4f57-8cd6-ce99950d210b",
"indicator--55473fad-1e5c-4904-b6b3-ce99950d210b",
"indicator--55473fad-e9a8-4c3b-9cf7-ce99950d210b",
"indicator--55473fae-3b78-4a2b-b89a-ce99950d210b",
"indicator--55473fae-4458-49ff-9c56-ce99950d210b",
"indicator--55473fae-394c-4124-94be-ce99950d210b",
"indicator--55473fae-834c-4cc2-a913-ce99950d210b",
"indicator--55473fae-747c-47c6-81e3-ce99950d210b",
"indicator--55473fae-ea7c-45b8-8488-ce99950d210b",
"indicator--55473fae-558c-4c6d-a818-ce99950d210b",
"indicator--55473fae-5ffc-4df1-b7cc-ce99950d210b",
"indicator--55473faf-4980-4dac-a0b5-ce99950d210b",
"indicator--55473faf-1724-473b-9903-ce99950d210b",
"observed-data--55473fe0-fc54-436f-a764-4d6c950d210b",
"url--55473fe0-fc54-436f-a764-4d6c950d210b",
"observed-data--55473fe1-29a8-4903-b16e-40c6950d210b",
"url--55473fe1-29a8-4903-b16e-40c6950d210b",
"observed-data--55473fe1-0294-4e87-b885-4a2c950d210b",
"url--55473fe1-0294-4e87-b885-4a2c950d210b",
"observed-data--55473fe1-4be4-4e68-97dc-4e38950d210b",
"url--55473fe1-4be4-4e68-97dc-4e38950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55473e28-9758-4548-a2e8-dd36950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:38:48.000Z",
"modified": "2015-05-04T09:38:48.000Z",
"first_observed": "2015-05-04T09:38:48Z",
"last_observed": "2015-05-04T09:38:48Z",
"number_observed": 1,
"object_refs": [
"url--55473e28-9758-4548-a2e8-dd36950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55473e28-9758-4548-a2e8-dd36950d210b",
"value": "https://isc.sans.edu/diary/DalexisCTB-Locker+malspam+campaign/19641"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55473e8c-b778-4465-bc47-4e7f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:40:28.000Z",
"modified": "2015-05-04T09:40:28.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Dalexis"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55473e8c-05bc-4de4-b271-432f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:40:28.000Z",
"modified": "2015-05-04T09:40:28.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "CTB-Locker"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55473eba-6368-4f39-ab0a-40cb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:41:14.000Z",
"modified": "2015-05-04T09:41:14.000Z",
"first_observed": "2015-05-04T09:41:14Z",
"last_observed": "2015-05-04T09:41:14Z",
"number_observed": 1,
"object_refs": [
"url--55473eba-6368-4f39-ab0a-40cb950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55473eba-6368-4f39-ab0a-40cb950d210b",
"value": "https://malwr.com/analysis/OTVjMzRjZDFjNWYwNDlmYzk4MTVmOWRlM2IzMmVkN2Y/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55473eba-65e8-4bbb-b986-4d66950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:41:14.000Z",
"modified": "2015-05-04T09:41:14.000Z",
"first_observed": "2015-05-04T09:41:14Z",
"last_observed": "2015-05-04T09:41:14Z",
"number_observed": 1,
"object_refs": [
"url--55473eba-65e8-4bbb-b986-4d66950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55473eba-65e8-4bbb-b986-4d66950d210b",
"value": "https://malwr.com/analysis/M2NlYmU3YmIwMzM0NGY1NTk4MTBjMzM0ZmZmZmZmZTE/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55473ebb-06dc-4738-9dff-4a52950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:41:15.000Z",
"modified": "2015-05-04T09:41:15.000Z",
"first_observed": "2015-05-04T09:41:15Z",
"last_observed": "2015-05-04T09:41:15Z",
"number_observed": 1,
"object_refs": [
"url--55473ebb-06dc-4738-9dff-4a52950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55473ebb-06dc-4738-9dff-4a52950d210b",
"value": "http://www.malware-traffic-analysis.net/2015/04/28/2015-04-28-Dalexis-and-CTB-Locker-traffic.pcap"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55473ebb-8b04-4a74-9f89-4f61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:41:15.000Z",
"modified": "2015-05-04T09:41:15.000Z",
"first_observed": "2015-05-04T09:41:15Z",
"last_observed": "2015-05-04T09:41:15Z",
"number_observed": 1,
"object_refs": [
"url--55473ebb-8b04-4a74-9f89-4f61950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55473ebb-8b04-4a74-9f89-4f61950d210b",
"value": "http://www.malware-traffic-analysis.net/2015/04/28/2015-04-28-Dalexis-samples.zip"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473ef3-983c-4cc0-80b5-ced1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:42:11.000Z",
"modified": "2015-05-04T09:42:11.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.160.229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:42:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473ef3-4c14-48b5-a203-ced1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:42:11.000Z",
"modified": "2015-05-04T09:42:11.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.162.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:42:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473ef4-b074-4e67-9216-ced1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:42:12.000Z",
"modified": "2015-05-04T09:42:12.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.187.72.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:42:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473ef4-ee00-4cf7-88f4-ced1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:42:12.000Z",
"modified": "2015-05-04T09:42:12.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.19.37.108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:42:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473ef4-b068-4793-9801-ced1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:42:12.000Z",
"modified": "2015-05-04T09:42:12.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.149.140.213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:42:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473ef4-47d8-4705-b461-ced1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:42:12.000Z",
"modified": "2015-05-04T09:42:12.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.10.55.30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:42:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473ef4-8d6c-4b13-9824-ced1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:42:12.000Z",
"modified": "2015-05-04T09:42:12.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.224.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:42:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f24-bb08-434a-a470-4086950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:43:00.000Z",
"modified": "2015-05-04T09:43:00.000Z",
"pattern": "[domain-name:value = 'earthfromspace.host56.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f24-14f0-4914-a834-4593950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:43:00.000Z",
"modified": "2015-05-04T09:43:00.000Z",
"pattern": "[domain-name:value = 'gkl.net76.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f24-2f90-4e5d-8212-48dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:43:00.000Z",
"modified": "2015-05-04T09:43:00.000Z",
"pattern": "[domain-name:value = 'volcanoscreens.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f24-6b7c-46e6-8b6a-4b05950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:43:00.000Z",
"modified": "2015-05-04T09:43:00.000Z",
"pattern": "[domain-name:value = 'ip.telize.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f24-b8a4-4ea0-a5a4-46ae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:43:00.000Z",
"modified": "2015-05-04T09:43:00.000Z",
"pattern": "[domain-name:value = 'www.gaglianico74.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f24-7d2c-4083-9914-4723950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:43:00.000Z",
"modified": "2015-05-04T09:43:00.000Z",
"pattern": "[domain-name:value = 'lancia.hr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f24-8b30-4e89-b079-434a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:43:00.000Z",
"modified": "2015-05-04T09:43:00.000Z",
"pattern": "[domain-name:value = 'bdfschool.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f24-d9bc-46a5-b590-4e7c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:43:00.000Z",
"modified": "2015-05-04T09:43:00.000Z",
"pattern": "[domain-name:value = 'fizxfsi3cad3kn7v.tor2web.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f25-8c94-427d-a239-4a4f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:43:01.000Z",
"modified": "2015-05-04T09:43:01.000Z",
"pattern": "[domain-name:value = 'fizxfsi3cad3kn7v.onion.cab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:43:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9c-cdf0-48ef-a72e-42a0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:00.000Z",
"modified": "2015-05-04T09:45:00.000Z",
"pattern": "[file:hashes.MD5 = '1a9fdce6b6efd094af354a389b0e04da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9c-23f0-473b-82e9-4ccf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:00.000Z",
"modified": "2015-05-04T09:45:00.000Z",
"pattern": "[file:hashes.MD5 = 'a1b066361440a5ff6125f15b1ba2e1b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9c-3494-4232-b25c-4b45950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:00.000Z",
"modified": "2015-05-04T09:45:00.000Z",
"pattern": "[file:hashes.MD5 = '01f8976034223337915e4900b76f9f26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9d-90b8-416f-9ee2-4145950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:01.000Z",
"modified": "2015-05-04T09:45:01.000Z",
"pattern": "[file:hashes.MD5 = 'ab9a07054a985c6ce31c7d53eee90fbe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9d-618c-4572-b9bf-4da8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:01.000Z",
"modified": "2015-05-04T09:45:01.000Z",
"pattern": "[file:hashes.MD5 = '899689538df49556197bf1bac52f1b84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9d-d724-4b83-9952-4301950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:01.000Z",
"modified": "2015-05-04T09:45:01.000Z",
"pattern": "[file:hashes.MD5 = 'eea0fd780ecad755940110fc7ee6d727']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9d-ac3c-43e8-8277-4d20950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:01.000Z",
"modified": "2015-05-04T09:45:01.000Z",
"pattern": "[file:hashes.MD5 = 'f236e637e17bc44764e43a8041749e6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9d-02e4-48d8-a743-4614950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:01.000Z",
"modified": "2015-05-04T09:45:01.000Z",
"pattern": "[file:hashes.MD5 = 'eda8075438646c617419eda13700c43a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9d-ac4c-4eaf-b76d-4e7e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:01.000Z",
"modified": "2015-05-04T09:45:01.000Z",
"pattern": "[file:hashes.MD5 = 'd00861c5066289ea9cca3f0076f97681']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9d-ef9c-4187-b836-48c6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:01.000Z",
"modified": "2015-05-04T09:45:01.000Z",
"pattern": "[file:hashes.MD5 = '657e3d615bb1b6e7168319e1f9c5039f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9d-28e8-42a7-8c23-4761950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:01.000Z",
"modified": "2015-05-04T09:45:01.000Z",
"pattern": "[file:hashes.MD5 = 'b7fe085962dc7aa7622bd15c3a303b41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9e-eec0-4c6f-80c5-4926950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:01.000Z",
"modified": "2015-05-04T09:45:01.000Z",
"pattern": "[file:hashes.MD5 = '2ba4d511e07090937b5d6305af13db68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9e-9bd8-4c1b-ae0b-48aa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:02.000Z",
"modified": "2015-05-04T09:45:02.000Z",
"pattern": "[file:hashes.MD5 = '24698aa84b14c42121f96a22fb107d00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9e-938c-421c-9951-48a3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:02.000Z",
"modified": "2015-05-04T09:45:02.000Z",
"pattern": "[file:hashes.MD5 = '04abf53d3b4d7bb7941a5c8397594db7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9e-d96c-4296-9fa1-460f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:02.000Z",
"modified": "2015-05-04T09:45:02.000Z",
"pattern": "[file:hashes.MD5 = 'b2ca48afbc0eb578a9908af8241f2ae8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9e-5154-4338-82df-44f9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:02.000Z",
"modified": "2015-05-04T09:45:02.000Z",
"pattern": "[file:hashes.MD5 = 'fa43842bda650c44db99f5789ef314e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9e-ccd0-4d12-996a-4d5b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:02.000Z",
"modified": "2015-05-04T09:45:02.000Z",
"pattern": "[file:hashes.MD5 = '802d9abf21c812501400320f2efe7040']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9e-e53c-4c6e-9eec-435e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:02.000Z",
"modified": "2015-05-04T09:45:02.000Z",
"pattern": "[file:hashes.MD5 = '0687f63ce92e57a76b990a8bd5500b69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9e-b9ec-4108-aaaa-40e2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:02.000Z",
"modified": "2015-05-04T09:45:02.000Z",
"pattern": "[file:hashes.MD5 = '0918c8bfed6daac6b63145545d911c72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9e-be68-4e68-b576-4841950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:02.000Z",
"modified": "2015-05-04T09:45:02.000Z",
"pattern": "[file:hashes.MD5 = '2e90e6d71e665b2a079b80979ab0e2cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9f-8ad4-499d-ac7f-4bc3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:03.000Z",
"modified": "2015-05-04T09:45:03.000Z",
"pattern": "[file:hashes.MD5 = '5b8a27e6f366f40cda9c2167d501552e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9f-3d38-47a3-ad33-4a70950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:03.000Z",
"modified": "2015-05-04T09:45:03.000Z",
"pattern": "[file:hashes.MD5 = '9c1acc3f27d7007a44fc0da8fceba120']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9f-c5bc-4ca0-96ac-45bf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:03.000Z",
"modified": "2015-05-04T09:45:03.000Z",
"pattern": "[file:hashes.MD5 = '1a6b20a5636115ac8ed3c4c4dd73f6aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473f9f-05a8-4d12-880c-4a61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:03.000Z",
"modified": "2015-05-04T09:45:03.000Z",
"pattern": "[file:hashes.MD5 = 'b9d19a68205f2a7e2321ca3228aa74d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fac-2268-46c8-a5b2-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:16.000Z",
"modified": "2015-05-04T09:45:16.000Z",
"pattern": "[file:hashes.MD5 = '46838a76fbf59e9b78d684699417b216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fac-9c24-424d-8b06-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:16.000Z",
"modified": "2015-05-04T09:45:16.000Z",
"pattern": "[file:hashes.MD5 = '8f5df86fdf5f3c8e475357bab7bc38e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fac-00b8-4fd2-a9e1-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:16.000Z",
"modified": "2015-05-04T09:45:16.000Z",
"pattern": "[file:hashes.MD5 = '59f71ef10861d1339e9765fb512d991c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fac-2988-4a90-94bf-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:16.000Z",
"modified": "2015-05-04T09:45:16.000Z",
"pattern": "[file:hashes.MD5 = '0baa21fab10c7d8c64157ede39453ae5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fac-6e14-44d4-aea4-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:16.000Z",
"modified": "2015-05-04T09:45:16.000Z",
"pattern": "[file:hashes.MD5 = 'f953b4c8093276fbde3cfa5e63f990eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fad-3be0-4231-a30e-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:17.000Z",
"modified": "2015-05-04T09:45:17.000Z",
"pattern": "[file:hashes.MD5 = '6580e4ee7d718421128476a1f2f09951']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fad-2d68-4b6d-95ae-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:17.000Z",
"modified": "2015-05-04T09:45:17.000Z",
"pattern": "[file:hashes.MD5 = '6a15d6fa9f00d931ca95632697e5ba70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fad-3fc8-48cc-b267-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:17.000Z",
"modified": "2015-05-04T09:45:17.000Z",
"pattern": "[file:hashes.MD5 = '54c1ac0d5e8fa05255ae594adfe5706e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fad-2e4c-431f-aaa8-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:17.000Z",
"modified": "2015-05-04T09:45:17.000Z",
"pattern": "[file:hashes.MD5 = '08a0c2aaf7653530322f4d7ec738a3df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fad-52c8-48a2-8171-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:17.000Z",
"modified": "2015-05-04T09:45:17.000Z",
"pattern": "[file:hashes.MD5 = '1aaecdfd929725c195a7a67fc6be9b4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fad-7e44-4180-a5be-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:17.000Z",
"modified": "2015-05-04T09:45:17.000Z",
"pattern": "[file:hashes.MD5 = 'f51fcf418c973a94a7d208c3a8a30f19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fad-8894-4f57-8cd6-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:17.000Z",
"modified": "2015-05-04T09:45:17.000Z",
"pattern": "[file:hashes.MD5 = 'dbea4b3fb5341ce3ca37272e2b8052ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fad-1e5c-4904-b6b3-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:17.000Z",
"modified": "2015-05-04T09:45:17.000Z",
"pattern": "[file:hashes.MD5 = 'c0dc49296b0aec09c5bfefcf4129c29b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fad-e9a8-4c3b-9cf7-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:17.000Z",
"modified": "2015-05-04T09:45:17.000Z",
"pattern": "[file:hashes.MD5 = '9239ec6fe6703279e959f498919fdfb0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fae-3b78-4a2b-b89a-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:18.000Z",
"modified": "2015-05-04T09:45:18.000Z",
"pattern": "[file:hashes.MD5 = 'a9d11a69c692b35235ce9c69175f0796']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fae-4458-49ff-9c56-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:18.000Z",
"modified": "2015-05-04T09:45:18.000Z",
"pattern": "[file:hashes.MD5 = 'bcaf9ce1881f0f282cec5489ec303585']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fae-394c-4124-94be-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:18.000Z",
"modified": "2015-05-04T09:45:18.000Z",
"pattern": "[file:hashes.MD5 = '70a63f45eb84cb10ab1cc3dfb4ac8a3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fae-834c-4cc2-a913-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:18.000Z",
"modified": "2015-05-04T09:45:18.000Z",
"pattern": "[file:hashes.MD5 = 'd1b1e371aebfc3d500919e9e33bcd6c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fae-747c-47c6-81e3-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:18.000Z",
"modified": "2015-05-04T09:45:18.000Z",
"pattern": "[file:hashes.MD5 = '15a5acfbccbb80b01e6d270ea8af3789']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fae-ea7c-45b8-8488-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:18.000Z",
"modified": "2015-05-04T09:45:18.000Z",
"pattern": "[file:hashes.MD5 = 'fa0fe28ffe83ef3dcc5c667bf2127d4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fae-558c-4c6d-a818-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:18.000Z",
"modified": "2015-05-04T09:45:18.000Z",
"pattern": "[file:hashes.MD5 = '646640f63f327296df0767fd0c9454d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473fae-5ffc-4df1-b7cc-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:18.000Z",
"modified": "2015-05-04T09:45:18.000Z",
"pattern": "[file:hashes.MD5 = 'ec872872bff91040d2bc1e4c4619cbbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473faf-4980-4dac-a0b5-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:19.000Z",
"modified": "2015-05-04T09:45:19.000Z",
"pattern": "[file:hashes.MD5 = 'b8e8e3ec7f4d6efee311e36613193b8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55473faf-1724-473b-9903-ce99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:45:19.000Z",
"modified": "2015-05-04T09:45:19.000Z",
"pattern": "[file:hashes.MD5 = '36abcedd5fb6d17038bd7069808574e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-04T09:45:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55473fe0-fc54-436f-a764-4d6c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:46:08.000Z",
"modified": "2015-05-04T09:46:08.000Z",
"first_observed": "2015-05-04T09:46:08Z",
"last_observed": "2015-05-04T09:46:08Z",
"number_observed": 1,
"object_refs": [
"url--55473fe0-fc54-436f-a764-4d6c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55473fe0-fc54-436f-a764-4d6c950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanDownloader:Win32/Dalexis#tab=2"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55473fe1-29a8-4903-b16e-40c6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:46:09.000Z",
"modified": "2015-05-04T09:46:09.000Z",
"first_observed": "2015-05-04T09:46:09Z",
"last_observed": "2015-05-04T09:46:09Z",
"number_observed": 1,
"object_refs": [
"url--55473fe1-29a8-4903-b16e-40c6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55473fe1-29a8-4903-b16e-40c6950d210b",
"value": "https://heimdalsecurity.com/blog/ctb-locker-ransomware/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55473fe1-0294-4e87-b885-4a2c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:46:09.000Z",
"modified": "2015-05-04T09:46:09.000Z",
"first_observed": "2015-05-04T09:46:09Z",
"last_observed": "2015-05-04T09:46:09Z",
"number_observed": 1,
"object_refs": [
"url--55473fe1-0294-4e87-b885-4a2c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55473fe1-0294-4e87-b885-4a2c950d210b",
"value": "https://blogs.mcafee.com/mcafee-labs/rise-backdoor-fckq-ctb-locker"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55473fe1-4be4-4e68-97dc-4e38950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-04T09:46:09.000Z",
"modified": "2015-05-04T09:46:09.000Z",
"first_observed": "2015-05-04T09:46:09Z",
"last_observed": "2015-05-04T09:46:09Z",
"number_observed": 1,
"object_refs": [
"url--55473fe1-4be4-4e68-97dc-4e38950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55473fe1-4be4-4e68-97dc-4e38950d210b",
"value": "https://techhelplist.com/index.php/spam-list/796-your-account-has-been-something-bad-various-malware"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink