3497 lines
No EOL
150 KiB
JSON
3497 lines
No EOL
150 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--559d537c-f570-4e97-8154-98d9950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:31:12.000Z",
|
|
"modified": "2020-08-03T06:31:12.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--559d537c-f570-4e97-8154-98d9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:31:12.000Z",
|
|
"modified": "2020-08-03T06:31:12.000Z",
|
|
"name": "OSINT Morpho: Profiting from high-level corporate attacks by Symantec",
|
|
"published": "2020-08-03T06:34:53Z",
|
|
"object_refs": [
|
|
"observed-data--559d539e-3848-4a7a-a61a-579a950d210b",
|
|
"url--559d539e-3848-4a7a-a61a-579a950d210b",
|
|
"observed-data--559d539e-1e30-42bd-add3-579a950d210b",
|
|
"url--559d539e-1e30-42bd-add3-579a950d210b",
|
|
"x-misp-attribute--559d53a7-885c-4439-91d2-4f5d950d210b",
|
|
"indicator--559e20a1-70a4-430f-b7c4-a038950d210b",
|
|
"indicator--559e20b3-ac64-41f5-881a-4db2950d210b",
|
|
"indicator--559e20cc-3b88-4598-8dfd-eae3950d210b",
|
|
"indicator--559e20dc-8188-4564-aa28-4feb950d210b",
|
|
"indicator--559e20ee-bb88-40d4-96a7-a037950d210b",
|
|
"indicator--559e20fc-2154-465d-a50e-e09a950d210b",
|
|
"indicator--559e2111-9998-4ca2-ba49-4861950d210b",
|
|
"indicator--559e2131-66b8-4b07-97e2-e09a950d210b",
|
|
"indicator--559e2176-9470-4372-b288-45b9950d210b",
|
|
"indicator--559e2176-8708-4641-a871-43c1950d210b",
|
|
"indicator--559e2177-e0fc-478a-9412-4bf1950d210b",
|
|
"indicator--559e2177-6d28-44c8-9b18-41d1950d210b",
|
|
"indicator--559e229f-6234-4f9d-a587-49de950d210b",
|
|
"indicator--559e229f-b908-4716-ac97-418b950d210b",
|
|
"indicator--559e229f-25d8-4ce8-b3e1-40a6950d210b",
|
|
"indicator--559e229f-8e58-4706-a012-4fb4950d210b",
|
|
"indicator--559e229f-6e30-4831-bc56-4e54950d210b",
|
|
"indicator--559e22a0-9884-48fa-b96d-42b0950d210b",
|
|
"indicator--559e22a0-2324-490c-a1b3-40ea950d210b",
|
|
"indicator--559e22a0-a37c-46a2-aa27-47e0950d210b",
|
|
"indicator--559e22a0-45c0-4bd2-b6aa-49f9950d210b",
|
|
"indicator--559e22a0-9048-416b-b549-4ee2950d210b",
|
|
"indicator--559e22a0-5e64-4f0e-abc1-4820950d210b",
|
|
"indicator--559e22a1-e808-42aa-952c-4b87950d210b",
|
|
"indicator--559e22a1-2844-4ff3-8ce3-4fa5950d210b",
|
|
"indicator--559e22a1-cfac-4f92-9226-49a0950d210b",
|
|
"indicator--559e22a1-97b8-4437-9246-4173950d210b",
|
|
"indicator--559e22a1-9300-428a-8642-44ed950d210b",
|
|
"indicator--559e22a1-f5cc-41ff-9e59-401a950d210b",
|
|
"indicator--559e22a2-a3b8-4da5-8dd0-4fb6950d210b",
|
|
"indicator--559e22a2-411c-4b2b-900b-4d20950d210b",
|
|
"indicator--559e22a2-5698-449a-a2e9-4ee6950d210b",
|
|
"indicator--559e22a2-3a28-4047-bcc1-4b85950d210b",
|
|
"indicator--559e22a2-1d24-4ca2-adbc-40be950d210b",
|
|
"indicator--559e22a2-3df4-4350-8444-41f8950d210b",
|
|
"indicator--559e22a3-7f28-4a03-883b-46db950d210b",
|
|
"indicator--559e22a3-bce8-4a85-a9d9-480e950d210b",
|
|
"indicator--559e22a3-99b0-49ac-9f0e-4f6b950d210b",
|
|
"indicator--559e22a3-b928-4fd6-8424-4775950d210b",
|
|
"indicator--559e22a3-357c-419f-9f9a-4381950d210b",
|
|
"indicator--559e22a3-640c-4502-98b8-4394950d210b",
|
|
"indicator--559e22a4-c05c-4ed7-a801-450a950d210b",
|
|
"indicator--559e22a4-a60c-44bd-bbf2-41fb950d210b",
|
|
"indicator--559e22a4-49c0-4b9b-a7d5-4244950d210b",
|
|
"indicator--559e22a4-d564-4cb3-9f36-46f8950d210b",
|
|
"indicator--559e22a4-0bd4-47db-b133-472f950d210b",
|
|
"indicator--559e22a4-8508-4c6d-9c4f-4b55950d210b",
|
|
"indicator--559e22a5-d3bc-4475-b0db-49fd950d210b",
|
|
"indicator--559e22a5-f8cc-4d7e-92a0-4cd6950d210b",
|
|
"indicator--559e22a5-7ed0-4845-8e5b-4be8950d210b",
|
|
"indicator--559e22a5-5f08-4268-819c-4736950d210b",
|
|
"indicator--559e22a5-744c-4f64-b245-471b950d210b",
|
|
"indicator--559e22a5-cf90-4254-a283-42b9950d210b",
|
|
"indicator--559e22a6-91d8-450b-bdce-46df950d210b",
|
|
"indicator--559e22a6-c660-4ea1-9a11-46d0950d210b",
|
|
"indicator--559e22a6-8144-43f8-9676-4921950d210b",
|
|
"indicator--559e22a6-c90c-43cf-8ccf-42f7950d210b",
|
|
"indicator--559e22a6-5f4c-4bae-8709-4e08950d210b",
|
|
"indicator--559e22a6-7970-46de-bfb5-4fee950d210b",
|
|
"indicator--559e22a7-4ea4-4a79-b9de-4c33950d210b",
|
|
"indicator--559e22a7-bba0-4fbc-b479-466d950d210b",
|
|
"indicator--559e22d0-e8b0-4992-947b-44b8950d210b",
|
|
"indicator--559e22d0-f144-4775-9fd4-483b950d210b",
|
|
"indicator--559e22f1-0f1c-48b6-900c-a038950d210b",
|
|
"indicator--559e22f1-bf04-4e8d-b839-a038950d210b",
|
|
"indicator--559e22f2-f898-4624-8cca-a038950d210b",
|
|
"indicator--559e22f2-3030-4832-8da7-a038950d210b",
|
|
"indicator--559e22f2-ae4c-4264-b113-a038950d210b",
|
|
"indicator--559e232d-b48c-4c45-800d-4b34950d210b",
|
|
"x-misp-attribute--559e2341-1b68-406c-84c5-4c62950d210b",
|
|
"x-misp-attribute--559e2445-1780-408a-a19c-42f4950d210b",
|
|
"x-misp-attribute--559e2445-32ec-4657-b803-4ce4950d210b",
|
|
"x-misp-attribute--559e2445-1f1c-4665-9b46-4b73950d210b",
|
|
"x-misp-attribute--559e2445-fb10-4967-bec2-4665950d210b",
|
|
"x-misp-attribute--559e2445-a434-43a7-b45f-4a90950d210b",
|
|
"x-misp-attribute--559e2446-ce48-4a27-b1af-44f3950d210b",
|
|
"x-misp-attribute--559f6755-80e8-44bc-9190-d94a950d210b",
|
|
"indicator--560a8311-c798-492e-818a-4caf950d210b",
|
|
"indicator--560a8311-6628-485f-8530-4caf950d210b",
|
|
"observed-data--560a8312-e670-49a3-8fee-4caf950d210b",
|
|
"url--560a8312-e670-49a3-8fee-4caf950d210b",
|
|
"indicator--560a8312-89b0-4e30-9fa7-4caf950d210b",
|
|
"indicator--560a8312-6414-4e82-bfd0-4caf950d210b",
|
|
"observed-data--560a8313-83cc-45df-905f-4caf950d210b",
|
|
"url--560a8313-83cc-45df-905f-4caf950d210b",
|
|
"indicator--560a8313-a258-48de-b71e-4caf950d210b",
|
|
"indicator--560a8313-f004-435c-9313-4caf950d210b",
|
|
"observed-data--560a8314-fbc8-492c-bc94-4caf950d210b",
|
|
"url--560a8314-fbc8-492c-bc94-4caf950d210b",
|
|
"indicator--560a8314-d274-42eb-acc8-4caf950d210b",
|
|
"indicator--560a8314-b004-4c81-a944-4caf950d210b",
|
|
"observed-data--560a8315-e55c-4aec-bd84-4caf950d210b",
|
|
"url--560a8315-e55c-4aec-bd84-4caf950d210b",
|
|
"indicator--560a8315-abd0-46aa-9116-4caf950d210b",
|
|
"indicator--560a8315-00a4-42d4-81a1-4caf950d210b",
|
|
"observed-data--560a8316-85ec-418d-a594-4caf950d210b",
|
|
"url--560a8316-85ec-418d-a594-4caf950d210b",
|
|
"indicator--560a8316-1c10-464d-b502-4caf950d210b",
|
|
"indicator--560a8317-9d64-4faa-a6df-4caf950d210b",
|
|
"observed-data--560a8317-a63c-42a1-a6cd-4caf950d210b",
|
|
"url--560a8317-a63c-42a1-a6cd-4caf950d210b",
|
|
"indicator--560a8317-e030-4412-9bd0-4caf950d210b",
|
|
"indicator--560a8318-3fd4-47be-886f-4caf950d210b",
|
|
"observed-data--560a8318-5500-45fe-adaf-4caf950d210b",
|
|
"url--560a8318-5500-45fe-adaf-4caf950d210b",
|
|
"indicator--560a8318-2394-4b3c-8da9-4caf950d210b",
|
|
"indicator--560a8319-9444-4cb6-8d83-4caf950d210b",
|
|
"observed-data--560a8319-e2a8-4339-a36e-4caf950d210b",
|
|
"url--560a8319-e2a8-4339-a36e-4caf950d210b",
|
|
"indicator--560a8319-8714-4bd0-a38f-4caf950d210b",
|
|
"indicator--560a831a-c794-46b8-b30f-4caf950d210b",
|
|
"observed-data--560a831a-d0cc-4511-a83a-4caf950d210b",
|
|
"url--560a831a-d0cc-4511-a83a-4caf950d210b",
|
|
"indicator--560a831a-e06c-462d-b089-4caf950d210b",
|
|
"indicator--560a831b-7228-4c80-a531-4caf950d210b",
|
|
"observed-data--560a831b-2818-46a8-acb2-4caf950d210b",
|
|
"url--560a831b-2818-46a8-acb2-4caf950d210b",
|
|
"indicator--560a831b-acfc-4d35-9543-4caf950d210b",
|
|
"indicator--560a831c-5534-43a2-a94a-4caf950d210b",
|
|
"observed-data--560a831c-9404-44e3-b6a5-4caf950d210b",
|
|
"url--560a831c-9404-44e3-b6a5-4caf950d210b",
|
|
"indicator--560a831c-2e34-4fb1-aaf8-4caf950d210b",
|
|
"indicator--560a831d-f5dc-4ee0-b521-4caf950d210b",
|
|
"observed-data--560a831d-b258-4d4f-be96-4caf950d210b",
|
|
"url--560a831d-b258-4d4f-be96-4caf950d210b",
|
|
"indicator--560a831d-d694-48a7-93f2-4caf950d210b",
|
|
"indicator--560a831e-9cd8-4a38-8acd-4caf950d210b",
|
|
"observed-data--560a831e-5dc8-440e-9c2c-4caf950d210b",
|
|
"url--560a831e-5dc8-440e-9c2c-4caf950d210b",
|
|
"indicator--560a831e-52b8-4a6a-87a6-4caf950d210b",
|
|
"indicator--560a831f-2874-469a-bf82-4caf950d210b",
|
|
"observed-data--560a831f-743c-4994-8890-4caf950d210b",
|
|
"url--560a831f-743c-4994-8890-4caf950d210b",
|
|
"indicator--560a8320-c720-456b-af5f-4caf950d210b",
|
|
"indicator--560a8320-fd48-4fe6-acd8-4caf950d210b",
|
|
"observed-data--560a8320-8054-46f8-9954-4caf950d210b",
|
|
"url--560a8320-8054-46f8-9954-4caf950d210b",
|
|
"indicator--560a8321-ad04-4dc8-9bd7-4caf950d210b",
|
|
"indicator--560a8321-d414-48bc-83ee-4caf950d210b",
|
|
"observed-data--560a8321-8e40-404f-b37c-4caf950d210b",
|
|
"url--560a8321-8e40-404f-b37c-4caf950d210b",
|
|
"indicator--560a8322-d02c-4c55-8798-4caf950d210b",
|
|
"indicator--560a8322-d204-4a57-af5e-4caf950d210b",
|
|
"observed-data--560a8322-7310-4e0f-af2a-4caf950d210b",
|
|
"url--560a8322-7310-4e0f-af2a-4caf950d210b",
|
|
"indicator--560a8323-dfbc-47fa-8272-4caf950d210b",
|
|
"indicator--560a8323-69ac-4c4f-ad7e-4caf950d210b",
|
|
"observed-data--560a8323-4868-45fe-a5df-4caf950d210b",
|
|
"url--560a8323-4868-45fe-a5df-4caf950d210b",
|
|
"indicator--560a8324-00c0-400e-aa5c-4caf950d210b",
|
|
"indicator--560a8324-d7a8-4f9b-9060-4caf950d210b",
|
|
"observed-data--560a8324-3544-4138-abf1-4caf950d210b",
|
|
"url--560a8324-3544-4138-abf1-4caf950d210b",
|
|
"indicator--560a8325-bad4-4ea1-bb31-4caf950d210b",
|
|
"indicator--560a8325-afd0-4ece-b4af-4caf950d210b",
|
|
"observed-data--560a8325-96ac-4952-83a3-4caf950d210b",
|
|
"url--560a8325-96ac-4952-83a3-4caf950d210b",
|
|
"indicator--560a8326-0e80-46ba-85a1-4caf950d210b",
|
|
"indicator--560a8326-05a0-4ec8-9c74-4caf950d210b",
|
|
"observed-data--560a8326-b3f4-4e88-b8d6-4caf950d210b",
|
|
"url--560a8326-b3f4-4e88-b8d6-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"misp-galaxy:threat-actor=\"WildNeutron\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--559d539e-3848-4a7a-a61a-579a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-08T16:45:18.000Z",
|
|
"modified": "2015-07-08T16:45:18.000Z",
|
|
"first_observed": "2015-07-08T16:45:18Z",
|
|
"last_observed": "2015-07-08T16:45:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--559d539e-3848-4a7a-a61a-579a950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--559d539e-3848-4a7a-a61a-579a950d210b",
|
|
"value": "http://www.symantec.com/connect/blogs/morpho-profiting-high-level-corporate-attacks"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--559d539e-1e30-42bd-add3-579a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-08T16:45:18.000Z",
|
|
"modified": "2015-07-08T16:45:18.000Z",
|
|
"first_observed": "2015-07-08T16:45:18Z",
|
|
"last_observed": "2015-07-08T16:45:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--559d539e-1e30-42bd-add3-579a950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--559d539e-1e30-42bd-add3-579a950d210b",
|
|
"value": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/morpho-corporate-spies-out-for-financial-gain.pdf"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--559d53a7-885c-4439-91d2-4f5d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-08T16:45:27.000Z",
|
|
"modified": "2015-07-08T16:45:27.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Morpho"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e20a1-70a4-430f-b7c4-a038950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:26:12.000Z",
|
|
"modified": "2020-08-03T06:26:12.000Z",
|
|
"pattern": "[rule Bannerjack\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho BannerJack hacktool\"\r\n strings:\r\n $str_1 = \"Usage: ./banner-jack [options]\"\r\n $str_2 = \"-f: file.csv\"\r\n $str_3 = \"-s: ip start\"\r\n $str_4 = \"-R: timeout read (optional, default %d secs)\"\r\n condition:\r\n all of them\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2020-08-03T06:26:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e20b3-ac64-41f5-881a-4db2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:30:48.000Z",
|
|
"modified": "2020-08-03T06:30:48.000Z",
|
|
"pattern": "[rule Eventlog\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho Eventlog hacktool\"\r\n strings:\r\n $str_1 = \"wevtsvc.dll\"\r\n $str_2 = \"Stealing %S.evtx handle ...\"\r\n $str_3 = \"ElfChnk\"\r\n $str_4 = \"-Dr Dump all logs from a channel or .evtx file (raw\"\r\n condition:\r\n all of them\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2020-08-03T06:30:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e20cc-3b88-4598-8dfd-eae3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:29:56.000Z",
|
|
"modified": "2020-08-03T06:29:56.000Z",
|
|
"pattern": "[rule Hacktool\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho hacktool\"\r\n strings:\r\n $str_1 = \"\\\\\\\\.\\\\pipe\\\\winsession\" wide\r\n $str_2 = \"WsiSvc\" wide\r\n $str_3 = \"ConnectNamedPipe\"\r\n $str_4 = \"CreateNamedPipeW\"\r\n $str_5 = \"CreateProcessAsUserW\"\r\n condition:\r\n all of them\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2020-08-03T06:29:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e20dc-8188-4564-aa28-4feb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:26:16.000Z",
|
|
"modified": "2020-08-03T06:26:16.000Z",
|
|
"pattern": "[rule Multipurpose\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho Multipurpose hacktool\"\r\n\r\n strings:\r\n $str_1 = \"dump %d|%d|%d|%d|%d|%d|%s|%d\"\r\n $str_2 = \"kerberos%d.dll\"\r\n $str_3 = \"\\\\\\\\.\\\\pipe\\\\lsassp\"\r\n $str_4 = \"pth <PID:USER:DOMAIN:NTLM>: change\"\r\n condition:\r\n all of them\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2020-08-03T06:26:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e20ee-bb88-40d4-96a7-a037950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:26:40.000Z",
|
|
"modified": "2020-08-03T06:26:40.000Z",
|
|
"pattern": "[rule Securetunnel\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho Securetunnel hacktool\"\r\n strings:\r\n $str_1 = \"KRB5CCNAME\"\r\n $str_2 = \"SSH _ AUTH _ SOCK\"\r\n $str_3 = \"f:l:u:cehR\"\r\n $str_4 = \".o+=*BOX@%&#/^SE\"\r\n condition:\r\n all of them\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2020-08-03T06:26:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e20fc-2154-465d-a50e-e09a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:26:29.000Z",
|
|
"modified": "2020-08-03T06:26:29.000Z",
|
|
"pattern": "[rule Proxy\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho proxy hacktool\"\r\n strings:\r\n $str_1 = \"-u user : proxy username\"\r\n $str_2 = \"--pleh : displays help\"\r\n $str_3 = \"-x ip/host : proxy ip or host\"\r\n $str_4 = \"-m : bypass mutex check\"\r\n condition:\r\n all of them\r\n }]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2020-08-03T06:26:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e2111-9998-4ca2-ba49-4861950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-11-20T14:57:35.000Z",
|
|
"modified": "2017-11-20T14:57:35.000Z",
|
|
"pattern": "[rule jiripbot_ascii_str_decrypt\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho Jiripbot hacktool\"\r\n strings:\r\n $decrypt_func = {\r\n 85 FF\r\n 75 03\r\n 33 C0\r\n C3\r\n 8B C7\r\n 8D 50 01\r\n 8A 08\r\n 40\r\n 84 C9\r\n 75 F9\r\n 2B C2\r\n 53\r\n 8B D8\r\n 80 7C 3B FF ??\r\n 75 3E\r\n 83 3D ?? ?? ?? ?? 00\r\n 56\r\n BE ?? ?? ?? ??\r\n 75 11\r\n 56\r\n FF 15 ?? ?? ?? ??\r\n C7 05 ?? ?? ?? ?? 01 00 00 00\r\n 56\r\n FF 15 ?? ?? ?? ??\r\n 33 C0\r\n 85 DB\r\n 74 09\r\n 80 34 38 ??\r\n 40\r\n 3B C3\r\n 72 F7\r\n 56\r\n FF 15 ?? ?? ?? ??\r\n 5E\r\n 8B C7\r\n 5B\r\n C3\r\n }\r\n condition:\r\n $decrypt_func\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2017-11-20T14:57:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e2131-66b8-4b07-97e2-e09a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-04-29T08:09:09.000Z",
|
|
"modified": "2017-04-29T08:09:09.000Z",
|
|
"pattern": "[rule jiripbot_unicode_str_decrypt\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho Jiripbot Unicode hacktool\"\r\n strings:\r\n $decrypt = {\r\n 85 ??\r\n 75 03\r\n 33 C0\r\n C3\r\n 8B ??\r\n 8D 50 02\r\n 66 8B 08\r\n 83 C0 02\r\n 66 85 C9\r\n 75 F5\r\n 2B C2\r\n D1 F8\r\n 57\r\n 8B F8\r\n B8 ?? ?? ?? ??\r\n 66 39 44 7E FE\r\n 75 43\r\n 83 3D ?? ?? ?? ?? 00\r\n 53\r\n BB ?? ?? ?? ??\r\n 75 11\r\n 53\r\n FF 15 ?? ?? ?? ??\r\n C7 05 ?? ?? ?? ?? 01 00 00 00\r\n 53\r\n FF 15 ?? ?? ?? ??\r\n 33 C0\r\n 85 FF\r\n 74 0E\r\n B9 ?? 00 00 00\r\n 66 31 0C 46\r\n 40\r\n 3B C7\r\n 72 F2\r\n 53\r\n FF 15 ?? ?? ?? ??\r\n 5B\r\n 8B C6\r\n 5F\r\n C3\r\n }\r\n condition:\r\n $decrypt\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2017-04-29T08:09:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e2176-9470-4372-b288-45b9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:23:34.000Z",
|
|
"modified": "2015-07-09T07:23:34.000Z",
|
|
"description": "SSH over port 443",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.183.217.132']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:23:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e2176-8708-4641-a871-43c1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:23:34.000Z",
|
|
"modified": "2015-07-09T07:23:34.000Z",
|
|
"description": "SSH over port 443",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.165.237.75']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:23:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e2177-e0fc-478a-9412-4bf1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:23:35.000Z",
|
|
"modified": "2015-07-09T07:23:35.000Z",
|
|
"description": "SSH over port 443",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.23.3.112']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:23:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e2177-6d28-44c8-9b18-41d1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:23:35.000Z",
|
|
"modified": "2015-07-09T07:23:35.000Z",
|
|
"description": "SSH over port 443",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.162.197.9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:23:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e229f-6234-4f9d-a587-49de950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:31.000Z",
|
|
"modified": "2015-07-09T07:28:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '0ac7b594aaae21b61af2f3aabdc5eda9b6811eca52dcbf4691c4ec6dfd2d5cd8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e229f-b908-4716-ac97-418b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:31.000Z",
|
|
"modified": "2015-07-09T07:28:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '14bfc2bf8a80a19ff2c1480f513c96b8e8adc89a8d75d7c0064f810f1a7a2e61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e229f-25d8-4ce8-b3e1-40a6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:31.000Z",
|
|
"modified": "2015-07-09T07:28:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1677573bb02cc073e248e4a14334db90be8052d0b236e446e29582f50441fa33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e229f-8e58-4706-a012-4fb4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:31.000Z",
|
|
"modified": "2015-07-09T07:28:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '178b25ddca2bd5ea1b8c3432291d4d0b5b725e16961f5e4596fb9267a700fa2f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e229f-6e30-4831-bc56-4e54950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:31.000Z",
|
|
"modified": "2015-07-09T07:28:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1a9f679016e38d399ff33efcfe7dc6560ec658d964297dbe377ff7c68e0dfbaf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a0-9884-48fa-b96d-42b0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:32.000Z",
|
|
"modified": "2015-07-09T07:28:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1c81bc28ad91baed60ca5e7fee68fbcb976cf8a483112fa81aab71a18450a6b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a0-2324-490c-a1b3-40ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:32.000Z",
|
|
"modified": "2015-07-09T07:28:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1c9af096e4c7daa440af136f2b1439089a827101098cfe25b8c19fc7321eaad9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a0-a37c-46a2-aa27-47e0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:32.000Z",
|
|
"modified": "2015-07-09T07:28:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '25fe7dd1e2b19514346cb2b8b5e91ae110c6adb9df5a440b8e7bbc5e8bc74227']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a0-45c0-4bd2-b6aa-49f9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:32.000Z",
|
|
"modified": "2015-07-09T07:28:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '29906c51217d15b9bbbcc8130f64dabdb69bd32baa7999500c7a230c218e8b0a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a0-9048-416b-b549-4ee2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:32.000Z",
|
|
"modified": "2015-07-09T07:28:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2a8cb295f85f8d1d5aae7744899875ebb4e6c3ef74fbc5bfad6e7723c192c5cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a0-5e64-4f0e-abc1-4820950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:32.000Z",
|
|
"modified": "2015-07-09T07:28:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a1-e808-42aa-952c-4b87950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:33.000Z",
|
|
"modified": "2015-07-09T07:28:33.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2bd5f7e0382956a7c135cdeb96edfdbccfcfc1955d26e317e2328ea83ace7cee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a1-2844-4ff3-8ce3-4fa5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:33.000Z",
|
|
"modified": "2015-07-09T07:28:33.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2d3ea11c5aea7e8a60cd4f530c1e234a2aa2df900d90122dd2fcf1fa9f47b935']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a1-cfac-4f92-9226-49a0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:33.000Z",
|
|
"modified": "2015-07-09T07:28:33.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3756ddcb5d52f938dd9e07d61fae21b70e665f01bbb2cbe04164e82892b86e2f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a1-97b8-4437-9246-4173950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:33.000Z",
|
|
"modified": "2015-07-09T07:28:33.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3cfdd3cd1089c4152c0d4c7955210d489565f28fb0af9861b195db34e7ad2502']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a1-9300-428a-8642-44ed950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:33.000Z",
|
|
"modified": "2015-07-09T07:28:33.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '4327ce696b5bce9e9b2a691b4e915796218c00998363c7602d8461dd0c1c8fbb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a1-f5cc-41ff-9e59-401a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:33.000Z",
|
|
"modified": "2015-07-09T07:28:33.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '45f363e498312a34fa99af3c1cdd635fcebefaa3222dff348a9ab8ca25530797']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a2-a3b8-4da5-8dd0-4fb6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:34.000Z",
|
|
"modified": "2015-07-09T07:28:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '48c0bd55e1cf3f75e911ef66a9ccb9436c1571c982c5281d2d8bf00a99f0ee1a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a2-411c-4b2b-900b-4d20950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:34.000Z",
|
|
"modified": "2015-07-09T07:28:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '49e4198c94b80483302e11c2e7d83e0ac2379f081ee3a3aa32d96d690729f2d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a2-5698-449a-a2e9-4ee6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:34.000Z",
|
|
"modified": "2015-07-09T07:28:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '534004a473761e60d0db8afbc99390b19c32e7c5af3445ecd63f43ba6187ded4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a2-3a28-4047-bcc1-4b85950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:34.000Z",
|
|
"modified": "2015-07-09T07:28:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '54a8afb10a0569785d4a530ff25b07320881c139e813e58cb5a621da85f8a9f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a2-1d24-4ca2-adbc-40be950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:34.000Z",
|
|
"modified": "2015-07-09T07:28:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '5ab4c378fd8b3254808d66c22bbaacc035874f1c9b4cee511b96458fedff64ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a2-3df4-4350-8444-41f8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:34.000Z",
|
|
"modified": "2015-07-09T07:28:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '683f5b476f8ffe87ec22b8bab57f74da4a13ecc3a5c2cbf951999953c2064fc9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a3-7f28-4a03-883b-46db950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:35.000Z",
|
|
"modified": "2015-07-09T07:28:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6fb43afb191b09c7b62da7a5ddafdc1a9a4c46058fd376c045d69dd0a2ea71a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a3-bce8-4a85-a9d9-480e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:35.000Z",
|
|
"modified": "2015-07-09T07:28:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '758e6b519f6c0931ff93542b767524fc1eab589feb5cfc3854c77842f9785c92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a3-99b0-49ac-9f0e-4f6b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:35.000Z",
|
|
"modified": "2015-07-09T07:28:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a3-b928-4fd6-8424-4775950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:35.000Z",
|
|
"modified": "2015-07-09T07:28:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '796b1523573c889833f154aeb59532d2a9784e4747b25681a97ec00b9bb4fb19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a3-357c-419f-9f9a-4381950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:35.000Z",
|
|
"modified": "2015-07-09T07:28:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7aa1716426614463b8c20716acf8fd6461052a354b88c31ad2cc8b8a3b3e6868']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a3-640c-4502-98b8-4394950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:35.000Z",
|
|
"modified": "2015-07-09T07:28:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '81955e36dd46f3b05a1d7e47ffd53b7d1455406d952c890b5210a698dd97e938']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a4-c05c-4ed7-a801-450a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:36.000Z",
|
|
"modified": "2015-07-09T07:28:36.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '8ca7ed720babb32a6f381769ea00e16082a563704f8b672cb21cf11843f4da7a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a4-a60c-44bd-bbf2-41fb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:36.000Z",
|
|
"modified": "2015-07-09T07:28:36.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '8db5c2b645eee393d0f676fe457cd2cd3e4b144bbe86a61e4f4fd48d9de4aeae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a4-49c0-4b9b-a7d5-4244950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:36.000Z",
|
|
"modified": "2015-07-09T07:28:36.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '90b5fec973d31cc149d0e2683872785fa61770deec6925006e9142374c315fde']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a4-d564-4cb3-9f36-46f8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:36.000Z",
|
|
"modified": "2015-07-09T07:28:36.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9bff19ca48b43b148ff95e054efc39882d868527cdd4f036389a6f11750adddc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a4-0bd4-47db-b133-472f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:36.000Z",
|
|
"modified": "2015-07-09T07:28:36.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9d077a37b94bf69b94426041e5d5bf1fe56c482ca358191ca911ae041305f3ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a4-8508-4c6d-9c4f-4b55950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:36.000Z",
|
|
"modified": "2015-07-09T07:28:36.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9fab34fa2d31a56609b56874e1265969dbfa6c17d967cca5ecce0e0760670a60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a5-d3bc-4475-b0db-49fd950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:37.000Z",
|
|
"modified": "2015-07-09T07:28:37.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a5-f8cc-4d7e-92a0-4cd6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:37.000Z",
|
|
"modified": "2015-07-09T07:28:37.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a5-7ed0-4845-8e5b-4be8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:37.000Z",
|
|
"modified": "2015-07-09T07:28:37.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b81484220a46c853dc996c19db9416493662d943b638915ed2b3a4a0471cc8d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a5-5f08-4268-819c-4736950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:37.000Z",
|
|
"modified": "2015-07-09T07:28:37.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'bc177e879fd941911eb2ea404febffa2042310c632d9922205949155e9b35cb6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a5-744c-4f64-b245-471b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:37.000Z",
|
|
"modified": "2015-07-09T07:28:37.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a5-cf90-4254-a283-42b9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:37.000Z",
|
|
"modified": "2015-07-09T07:28:37.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c54f31f190b06649dff91f6b915273b88ee27a2f8e766d54ee4213671fc09f90']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a6-91d8-450b-bdce-46df950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:38.000Z",
|
|
"modified": "2015-07-09T07:28:38.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c83bb0330d69f6ad4c79d4a0ce1891e6f34091aecfeaf72cf80b2532268a0abc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a6-c660-4ea1-9a11-46d0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:38.000Z",
|
|
"modified": "2015-07-09T07:28:38.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ccc851cbd600592f1ed2c2969a30b87f0bf29046cdfa1590d8f09cfe454608a5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a6-8144-43f8-9676-4921950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:38.000Z",
|
|
"modified": "2015-07-09T07:28:38.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'cfacc5389683518ecdd78002c975af6870fa5876337600e0b362abbbab0a19d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a6-c90c-43cf-8ccf-42f7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:38.000Z",
|
|
"modified": "2015-07-09T07:28:38.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd15b8071994bad01226a06f2802cbfe86a5483803244de4e99b91f130535d972']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a6-5f4c-4bae-8709-4e08950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:38.000Z",
|
|
"modified": "2015-07-09T07:28:38.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'da41d27070488316cbf9776e9468fae34f2e14651280e3ec1fb8524fda0873de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a6-7970-46de-bfb5-4fee950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:38.000Z",
|
|
"modified": "2015-07-09T07:28:38.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'efbc082796df566261b07f51a325503231e5a7ce41617d3dfff3640b0be06162']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a7-4ea4-4a79-b9de-4c33950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:39.000Z",
|
|
"modified": "2015-07-09T07:28:39.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'fcaab8f77e4c9ba922d825b837acfffc9f231c3abb21015369431afae679d644']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22a7-bba0-4fbc-b479-466d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:28:39.000Z",
|
|
"modified": "2015-07-09T07:28:39.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'fd616d1298653119fb4fbd88c0d39b881181398d2011320dc9c8c698897848c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:28:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22d0-e8b0-4992-947b-44b8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:29:20.000Z",
|
|
"modified": "2015-07-09T07:29:20.000Z",
|
|
"pattern": "[domain-name:value = 'ddosprotected.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:29:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22d0-f144-4775-9fd4-483b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:29:20.000Z",
|
|
"modified": "2015-07-09T07:29:20.000Z",
|
|
"pattern": "[domain-name:value = 'drfx.chickenkiller.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:29:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22f1-0f1c-48b6-900c-a038950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:29:53.000Z",
|
|
"modified": "2015-07-09T07:29:53.000Z",
|
|
"pattern": "[domain-name:value = 'digitalinsight-ltd.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22f1-bf04-4e8d-b839-a038950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:29:53.000Z",
|
|
"modified": "2015-07-09T07:29:53.000Z",
|
|
"pattern": "[domain-name:value = 'clust12-akmai.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22f2-f898-4624-8cca-a038950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:29:54.000Z",
|
|
"modified": "2015-07-09T07:29:54.000Z",
|
|
"pattern": "[domain-name:value = 'jdk-update.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:29:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22f2-3030-4832-8da7-a038950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:29:54.000Z",
|
|
"modified": "2015-07-09T07:29:54.000Z",
|
|
"pattern": "[domain-name:value = 'corp-aapl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:29:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e22f2-ae4c-4264-b113-a038950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:29:54.000Z",
|
|
"modified": "2015-07-09T07:29:54.000Z",
|
|
"pattern": "[domain-name:value = 'cloudprotect.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:29:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--559e232d-b48c-4c45-800d-4b34950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:30:53.000Z",
|
|
"modified": "2015-07-09T07:30:53.000Z",
|
|
"pattern": "[domain-name:value = 'jdk.20e8ad99287f7fc244651237cbe8292a.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-07-09T07:30:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--559e2341-1b68-406c-84c5-4c62950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:31:13.000Z",
|
|
"modified": "2015-07-09T07:31:13.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"Network activity\""
|
|
],
|
|
"x_misp_category": "Network activity",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "The following shows the format of Backdoor.Jiripbot\u00e2\u20ac\u2122s DGA domains:\r\njdk\\.[a-f0-9]{32}\\.org e.g. jdk.20e8ad99287f7fc244651237cbe8292a.org"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--559e2445-1780-408a-a19c-42f4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:35:33.000Z",
|
|
"modified": "2015-07-09T07:35:33.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_comment": "Symantec",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Backdoor.Jiripbot"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--559e2445-32ec-4657-b803-4ce4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:35:33.000Z",
|
|
"modified": "2015-07-09T07:35:33.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_comment": "Symantec",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Hacktool.Multipurpose"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--559e2445-1f1c-4665-9b46-4b73950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:35:33.000Z",
|
|
"modified": "2015-07-09T07:35:33.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_comment": "Symantec",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Hacktool.Securetunnel"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--559e2445-fb10-4967-bec2-4665950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:35:33.000Z",
|
|
"modified": "2015-07-09T07:35:33.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_comment": "Symantec",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Hacktool.Eventlog"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--559e2445-a434-43a7-b45f-4a90950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:35:33.000Z",
|
|
"modified": "2015-07-09T07:35:33.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_comment": "Symantec",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Hacktool.Bannerjack"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--559e2446-ce48-4a27-b1af-44f3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-09T07:35:34.000Z",
|
|
"modified": "2015-07-09T07:35:34.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_comment": "Symantec",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Hacktool.Proxy.A"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--559f6755-80e8-44bc-9190-d94a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-07-10T06:33:57.000Z",
|
|
"modified": "2015-07-10T06:33:57.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Wild Neutron"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8311-c798-492e-818a-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:49.000Z",
|
|
"modified": "2015-09-29T12:24:49.000Z",
|
|
"description": "- Xchecked via VT: fd616d1298653119fb4fbd88c0d39b881181398d2011320dc9c8c698897848c4",
|
|
"pattern": "[file:hashes.SHA1 = 'a22290d32d8a01e9b58da9bc5c8c047764e89336']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8311-6628-485f-8530-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:49.000Z",
|
|
"modified": "2015-09-29T12:24:49.000Z",
|
|
"description": "- Xchecked via VT: fd616d1298653119fb4fbd88c0d39b881181398d2011320dc9c8c698897848c4",
|
|
"pattern": "[file:hashes.MD5 = '1a352beadff958f13b09fde8a89f36f1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8312-e670-49a3-8fee-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:50.000Z",
|
|
"modified": "2015-09-29T12:24:50.000Z",
|
|
"first_observed": "2015-09-29T12:24:50Z",
|
|
"last_observed": "2015-09-29T12:24:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8312-e670-49a3-8fee-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8312-e670-49a3-8fee-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/fd616d1298653119fb4fbd88c0d39b881181398d2011320dc9c8c698897848c4/analysis/1442486779/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8312-89b0-4e30-9fa7-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:50.000Z",
|
|
"modified": "2015-09-29T12:24:50.000Z",
|
|
"description": "- Xchecked via VT: da41d27070488316cbf9776e9468fae34f2e14651280e3ec1fb8524fda0873de",
|
|
"pattern": "[file:hashes.SHA1 = '6a4a1076d7ad25d9a3f0052096e1e6697653db6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8312-6414-4e82-bfd0-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:50.000Z",
|
|
"modified": "2015-09-29T12:24:50.000Z",
|
|
"description": "- Xchecked via VT: da41d27070488316cbf9776e9468fae34f2e14651280e3ec1fb8524fda0873de",
|
|
"pattern": "[file:hashes.MD5 = '7ae1b2ad1e40d0b19ce76a64348fa534']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8313-83cc-45df-905f-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:51.000Z",
|
|
"modified": "2015-09-29T12:24:51.000Z",
|
|
"first_observed": "2015-09-29T12:24:51Z",
|
|
"last_observed": "2015-09-29T12:24:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8313-83cc-45df-905f-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8313-83cc-45df-905f-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/da41d27070488316cbf9776e9468fae34f2e14651280e3ec1fb8524fda0873de/analysis/1442486617/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8313-a258-48de-b71e-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:51.000Z",
|
|
"modified": "2015-09-29T12:24:51.000Z",
|
|
"description": "- Xchecked via VT: cfacc5389683518ecdd78002c975af6870fa5876337600e0b362abbbab0a19d2",
|
|
"pattern": "[file:hashes.SHA1 = '3b8f6dbaa55c63ef87e96a9eb983a2890a6d9da7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8313-f004-435c-9313-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:51.000Z",
|
|
"modified": "2015-09-29T12:24:51.000Z",
|
|
"description": "- Xchecked via VT: cfacc5389683518ecdd78002c975af6870fa5876337600e0b362abbbab0a19d2",
|
|
"pattern": "[file:hashes.MD5 = 'ece3cc272134b4ea0b3839228883a14c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8314-fbc8-492c-bc94-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:52.000Z",
|
|
"modified": "2015-09-29T12:24:52.000Z",
|
|
"first_observed": "2015-09-29T12:24:52Z",
|
|
"last_observed": "2015-09-29T12:24:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8314-fbc8-492c-bc94-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8314-fbc8-492c-bc94-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/cfacc5389683518ecdd78002c975af6870fa5876337600e0b362abbbab0a19d2/analysis/1442486690/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8314-d274-42eb-acc8-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:52.000Z",
|
|
"modified": "2015-09-29T12:24:52.000Z",
|
|
"description": "- Xchecked via VT: ccc851cbd600592f1ed2c2969a30b87f0bf29046cdfa1590d8f09cfe454608a5",
|
|
"pattern": "[file:hashes.SHA1 = '7f9c67959c273c76271d5d58a1049ced1c3b0e23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8314-b004-4c81-a944-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:52.000Z",
|
|
"modified": "2015-09-29T12:24:52.000Z",
|
|
"description": "- Xchecked via VT: ccc851cbd600592f1ed2c2969a30b87f0bf29046cdfa1590d8f09cfe454608a5",
|
|
"pattern": "[file:hashes.MD5 = '342887a7ec6b9f709adcb81fef0d30a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8315-e55c-4aec-bd84-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:53.000Z",
|
|
"modified": "2015-09-29T12:24:53.000Z",
|
|
"first_observed": "2015-09-29T12:24:53Z",
|
|
"last_observed": "2015-09-29T12:24:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8315-e55c-4aec-bd84-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8315-e55c-4aec-bd84-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/ccc851cbd600592f1ed2c2969a30b87f0bf29046cdfa1590d8f09cfe454608a5/analysis/1442486074/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8315-abd0-46aa-9116-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:53.000Z",
|
|
"modified": "2015-09-29T12:24:53.000Z",
|
|
"description": "- Xchecked via VT: c54f31f190b06649dff91f6b915273b88ee27a2f8e766d54ee4213671fc09f90",
|
|
"pattern": "[file:hashes.SHA1 = '30359201338053af55109266ebcea3b0060b7d61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8315-00a4-42d4-81a1-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:53.000Z",
|
|
"modified": "2015-09-29T12:24:53.000Z",
|
|
"description": "- Xchecked via VT: c54f31f190b06649dff91f6b915273b88ee27a2f8e766d54ee4213671fc09f90",
|
|
"pattern": "[file:hashes.MD5 = '2cafcd57e7fcb1649da9fef9664ea4da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8316-85ec-418d-a594-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:54.000Z",
|
|
"modified": "2015-09-29T12:24:54.000Z",
|
|
"first_observed": "2015-09-29T12:24:54Z",
|
|
"last_observed": "2015-09-29T12:24:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8316-85ec-418d-a594-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8316-85ec-418d-a594-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/c54f31f190b06649dff91f6b915273b88ee27a2f8e766d54ee4213671fc09f90/analysis/1442486621/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8316-1c10-464d-b502-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:54.000Z",
|
|
"modified": "2015-09-29T12:24:54.000Z",
|
|
"description": "- Xchecked via VT: c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0",
|
|
"pattern": "[file:hashes.SHA1 = '3d11dfaf87753b8a0622023607dcae6fa8bddc12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8317-9d64-4faa-a6df-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:54.000Z",
|
|
"modified": "2015-09-29T12:24:54.000Z",
|
|
"description": "- Xchecked via VT: c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0",
|
|
"pattern": "[file:hashes.MD5 = '331e0b7f94708c39a07c6da38a665fdb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8317-a63c-42a1-a6cd-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:55.000Z",
|
|
"modified": "2015-09-29T12:24:55.000Z",
|
|
"first_observed": "2015-09-29T12:24:55Z",
|
|
"last_observed": "2015-09-29T12:24:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8317-a63c-42a1-a6cd-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8317-a63c-42a1-a6cd-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0/analysis/1442486656/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8317-e030-4412-9bd0-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:55.000Z",
|
|
"modified": "2015-09-29T12:24:55.000Z",
|
|
"description": "- Xchecked via VT: b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45",
|
|
"pattern": "[file:hashes.SHA1 = 'e8c3660c87a2265ddb01dcffcd1d0bb040ab247a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8318-3fd4-47be-886f-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:56.000Z",
|
|
"modified": "2015-09-29T12:24:56.000Z",
|
|
"description": "- Xchecked via VT: b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45",
|
|
"pattern": "[file:hashes.MD5 = 'f0fff29391e7c2e7b13eb4a806276a84']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8318-5500-45fe-adaf-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:56.000Z",
|
|
"modified": "2015-09-29T12:24:56.000Z",
|
|
"first_observed": "2015-09-29T12:24:56Z",
|
|
"last_observed": "2015-09-29T12:24:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8318-5500-45fe-adaf-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8318-5500-45fe-adaf-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45/analysis/1442486077/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8318-2394-4b3c-8da9-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:56.000Z",
|
|
"modified": "2015-09-29T12:24:56.000Z",
|
|
"description": "- Xchecked via VT: a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c",
|
|
"pattern": "[file:hashes.SHA1 = 'c0721460f4ee074b25fb0b1ed8dae4d2cb7517c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8319-9444-4cb6-8d83-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:57.000Z",
|
|
"modified": "2015-09-29T12:24:57.000Z",
|
|
"description": "- Xchecked via VT: a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c",
|
|
"pattern": "[file:hashes.MD5 = 'fe2439ef0ace518e1c1a32585099dab8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8319-e2a8-4339-a36e-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:57.000Z",
|
|
"modified": "2015-09-29T12:24:57.000Z",
|
|
"first_observed": "2015-09-29T12:24:57Z",
|
|
"last_observed": "2015-09-29T12:24:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8319-e2a8-4339-a36e-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8319-e2a8-4339-a36e-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c/analysis/1442486694/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8319-8714-4bd0-a38f-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:57.000Z",
|
|
"modified": "2015-09-29T12:24:57.000Z",
|
|
"description": "- Xchecked via VT: 9d077a37b94bf69b94426041e5d5bf1fe56c482ca358191ca911ae041305f3ed",
|
|
"pattern": "[file:hashes.SHA1 = 'e540b71e8a4eafc5f26ab379ca5376ac01f05add']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831a-c794-46b8-b30f-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:58.000Z",
|
|
"modified": "2015-09-29T12:24:58.000Z",
|
|
"description": "- Xchecked via VT: 9d077a37b94bf69b94426041e5d5bf1fe56c482ca358191ca911ae041305f3ed",
|
|
"pattern": "[file:hashes.MD5 = 'e92ff1d7b66a112bfc29d5ccb98aeadc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a831a-d0cc-4511-a83a-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:58.000Z",
|
|
"modified": "2015-09-29T12:24:58.000Z",
|
|
"first_observed": "2015-09-29T12:24:58Z",
|
|
"last_observed": "2015-09-29T12:24:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a831a-d0cc-4511-a83a-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a831a-d0cc-4511-a83a-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/9d077a37b94bf69b94426041e5d5bf1fe56c482ca358191ca911ae041305f3ed/analysis/1442486781/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831a-e06c-462d-b089-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:58.000Z",
|
|
"modified": "2015-09-29T12:24:58.000Z",
|
|
"description": "- Xchecked via VT: 8ca7ed720babb32a6f381769ea00e16082a563704f8b672cb21cf11843f4da7a",
|
|
"pattern": "[file:hashes.SHA1 = '3d75a14f3552d881061449d53577614430ff9e26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831b-7228-4c80-a531-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:59.000Z",
|
|
"modified": "2015-09-29T12:24:59.000Z",
|
|
"description": "- Xchecked via VT: 8ca7ed720babb32a6f381769ea00e16082a563704f8b672cb21cf11843f4da7a",
|
|
"pattern": "[file:hashes.MD5 = '1582d68144de2808b518934f0a02bfd6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a831b-2818-46a8-acb2-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:59.000Z",
|
|
"modified": "2015-09-29T12:24:59.000Z",
|
|
"first_observed": "2015-09-29T12:24:59Z",
|
|
"last_observed": "2015-09-29T12:24:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a831b-2818-46a8-acb2-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a831b-2818-46a8-acb2-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/8ca7ed720babb32a6f381769ea00e16082a563704f8b672cb21cf11843f4da7a/analysis/1442486067/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831b-acfc-4d35-9543-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:24:59.000Z",
|
|
"modified": "2015-09-29T12:24:59.000Z",
|
|
"description": "- Xchecked via VT: 781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e",
|
|
"pattern": "[file:hashes.SHA1 = 'cc941c08b2ff523651aefda9d2df3ee052a3b5cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:24:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831c-5534-43a2-a94a-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:00.000Z",
|
|
"modified": "2015-09-29T12:25:00.000Z",
|
|
"description": "- Xchecked via VT: 781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e",
|
|
"pattern": "[file:hashes.MD5 = '95ffe4ab4b158602917dd2a999a8caf8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a831c-9404-44e3-b6a5-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:00.000Z",
|
|
"modified": "2015-09-29T12:25:00.000Z",
|
|
"first_observed": "2015-09-29T12:25:00Z",
|
|
"last_observed": "2015-09-29T12:25:00Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a831c-9404-44e3-b6a5-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a831c-9404-44e3-b6a5-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e/analysis/1442486072/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831c-2e34-4fb1-aaf8-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:00.000Z",
|
|
"modified": "2015-09-29T12:25:00.000Z",
|
|
"description": "- Xchecked via VT: 758e6b519f6c0931ff93542b767524fc1eab589feb5cfc3854c77842f9785c92",
|
|
"pattern": "[file:hashes.SHA1 = '050eb34e35feb95b78bfeba3dea70d8dd27a5064']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831d-f5dc-4ee0-b521-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:01.000Z",
|
|
"modified": "2015-09-29T12:25:01.000Z",
|
|
"description": "- Xchecked via VT: 758e6b519f6c0931ff93542b767524fc1eab589feb5cfc3854c77842f9785c92",
|
|
"pattern": "[file:hashes.MD5 = '0fa3657af06a8cc8ef14c445acd92c0f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a831d-b258-4d4f-be96-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:01.000Z",
|
|
"modified": "2015-09-29T12:25:01.000Z",
|
|
"first_observed": "2015-09-29T12:25:01Z",
|
|
"last_observed": "2015-09-29T12:25:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a831d-b258-4d4f-be96-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a831d-b258-4d4f-be96-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/758e6b519f6c0931ff93542b767524fc1eab589feb5cfc3854c77842f9785c92/analysis/1442486070/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831d-d694-48a7-93f2-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:01.000Z",
|
|
"modified": "2015-09-29T12:25:01.000Z",
|
|
"description": "- Xchecked via VT: 683f5b476f8ffe87ec22b8bab57f74da4a13ecc3a5c2cbf951999953c2064fc9",
|
|
"pattern": "[file:hashes.SHA1 = '6493bb7decbb6142d9ddb041af0dd385de1d3756']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831e-9cd8-4a38-8acd-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:02.000Z",
|
|
"modified": "2015-09-29T12:25:02.000Z",
|
|
"description": "- Xchecked via VT: 683f5b476f8ffe87ec22b8bab57f74da4a13ecc3a5c2cbf951999953c2064fc9",
|
|
"pattern": "[file:hashes.MD5 = '14ba21a3a0081ef60e676fd4945a8bdc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a831e-5dc8-440e-9c2c-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:02.000Z",
|
|
"modified": "2015-09-29T12:25:02.000Z",
|
|
"first_observed": "2015-09-29T12:25:02Z",
|
|
"last_observed": "2015-09-29T12:25:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a831e-5dc8-440e-9c2c-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a831e-5dc8-440e-9c2c-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/683f5b476f8ffe87ec22b8bab57f74da4a13ecc3a5c2cbf951999953c2064fc9/analysis/1442486069/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831e-52b8-4a6a-87a6-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:02.000Z",
|
|
"modified": "2015-09-29T12:25:02.000Z",
|
|
"description": "- Xchecked via VT: 5ab4c378fd8b3254808d66c22bbaacc035874f1c9b4cee511b96458fedff64ed",
|
|
"pattern": "[file:hashes.SHA1 = '35d6935dc04df08031f11696ea407eba9003888a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a831f-2874-469a-bf82-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:03.000Z",
|
|
"modified": "2015-09-29T12:25:03.000Z",
|
|
"description": "- Xchecked via VT: 5ab4c378fd8b3254808d66c22bbaacc035874f1c9b4cee511b96458fedff64ed",
|
|
"pattern": "[file:hashes.MD5 = '0af7a57ec3311128b58281a4deb425ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a831f-743c-4994-8890-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:03.000Z",
|
|
"modified": "2015-09-29T12:25:03.000Z",
|
|
"first_observed": "2015-09-29T12:25:03Z",
|
|
"last_observed": "2015-09-29T12:25:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a831f-743c-4994-8890-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a831f-743c-4994-8890-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/5ab4c378fd8b3254808d66c22bbaacc035874f1c9b4cee511b96458fedff64ed/analysis/1442486788/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8320-c720-456b-af5f-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:04.000Z",
|
|
"modified": "2015-09-29T12:25:04.000Z",
|
|
"description": "- Xchecked via VT: 4327ce696b5bce9e9b2a691b4e915796218c00998363c7602d8461dd0c1c8fbb",
|
|
"pattern": "[file:hashes.SHA1 = 'fdfa0c4757b843c2728b876861390566dbcdba54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8320-fd48-4fe6-acd8-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:04.000Z",
|
|
"modified": "2015-09-29T12:25:04.000Z",
|
|
"description": "- Xchecked via VT: 4327ce696b5bce9e9b2a691b4e915796218c00998363c7602d8461dd0c1c8fbb",
|
|
"pattern": "[file:hashes.MD5 = '828b19af6f4b94667960cb85079b458b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8320-8054-46f8-9954-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:04.000Z",
|
|
"modified": "2015-09-29T12:25:04.000Z",
|
|
"first_observed": "2015-09-29T12:25:04Z",
|
|
"last_observed": "2015-09-29T12:25:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8320-8054-46f8-9954-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8320-8054-46f8-9954-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/4327ce696b5bce9e9b2a691b4e915796218c00998363c7602d8461dd0c1c8fbb/analysis/1442486786/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8321-ad04-4dc8-9bd7-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:05.000Z",
|
|
"modified": "2015-09-29T12:25:05.000Z",
|
|
"description": "- Xchecked via VT: 3cfdd3cd1089c4152c0d4c7955210d489565f28fb0af9861b195db34e7ad2502",
|
|
"pattern": "[file:hashes.SHA1 = 'd026039b985949f1f0d222b38d9fa0defb025309']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8321-d414-48bc-83ee-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:05.000Z",
|
|
"modified": "2015-09-29T12:25:05.000Z",
|
|
"description": "- Xchecked via VT: 3cfdd3cd1089c4152c0d4c7955210d489565f28fb0af9861b195db34e7ad2502",
|
|
"pattern": "[file:hashes.MD5 = '0bf56a08d031b08163b0a19576e56292']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8321-8e40-404f-b37c-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:05.000Z",
|
|
"modified": "2015-09-29T12:25:05.000Z",
|
|
"first_observed": "2015-09-29T12:25:05Z",
|
|
"last_observed": "2015-09-29T12:25:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8321-8e40-404f-b37c-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8321-8e40-404f-b37c-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/3cfdd3cd1089c4152c0d4c7955210d489565f28fb0af9861b195db34e7ad2502/analysis/1442486784/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8322-d02c-4c55-8798-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:06.000Z",
|
|
"modified": "2015-09-29T12:25:06.000Z",
|
|
"description": "- Xchecked via VT: 2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94",
|
|
"pattern": "[file:hashes.SHA1 = '8e4e662682f0f7f7fa59d39a2fc023a1843238a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8322-d204-4a57-af5e-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:06.000Z",
|
|
"modified": "2015-09-29T12:25:06.000Z",
|
|
"description": "- Xchecked via VT: 2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94",
|
|
"pattern": "[file:hashes.MD5 = '425b40d687e34623f54ff58a079fc9af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8322-7310-4e0f-af2a-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:06.000Z",
|
|
"modified": "2015-09-29T12:25:06.000Z",
|
|
"first_observed": "2015-09-29T12:25:06Z",
|
|
"last_observed": "2015-09-29T12:25:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8322-7310-4e0f-af2a-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8322-7310-4e0f-af2a-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94/analysis/1442486660/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8323-dfbc-47fa-8272-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:07.000Z",
|
|
"modified": "2015-09-29T12:25:07.000Z",
|
|
"description": "- Xchecked via VT: 2a8cb295f85f8d1d5aae7744899875ebb4e6c3ef74fbc5bfad6e7723c192c5cf",
|
|
"pattern": "[file:hashes.SHA1 = '29804cb689f1949e5f127378351f72fada48c1e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8323-69ac-4c4f-ad7e-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:07.000Z",
|
|
"modified": "2015-09-29T12:25:07.000Z",
|
|
"description": "- Xchecked via VT: 2a8cb295f85f8d1d5aae7744899875ebb4e6c3ef74fbc5bfad6e7723c192c5cf",
|
|
"pattern": "[file:hashes.MD5 = 'b7efead869c3d92f1086c43cb99ab0a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8323-4868-45fe-a5df-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:07.000Z",
|
|
"modified": "2015-09-29T12:25:07.000Z",
|
|
"first_observed": "2015-09-29T12:25:07Z",
|
|
"last_observed": "2015-09-29T12:25:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8323-4868-45fe-a5df-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8323-4868-45fe-a5df-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/2a8cb295f85f8d1d5aae7744899875ebb4e6c3ef74fbc5bfad6e7723c192c5cf/analysis/1442486615/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8324-00c0-400e-aa5c-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:08.000Z",
|
|
"modified": "2015-09-29T12:25:08.000Z",
|
|
"description": "- Xchecked via VT: 29906c51217d15b9bbbcc8130f64dabdb69bd32baa7999500c7a230c218e8b0a",
|
|
"pattern": "[file:hashes.SHA1 = 'd838b54b755d6ec7be71f46c244cb3ecd180f2e5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8324-d7a8-4f9b-9060-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:08.000Z",
|
|
"modified": "2015-09-29T12:25:08.000Z",
|
|
"description": "- Xchecked via VT: 29906c51217d15b9bbbcc8130f64dabdb69bd32baa7999500c7a230c218e8b0a",
|
|
"pattern": "[file:hashes.MD5 = '2c9cbe71dc98897aeaef4d6d3afc7eb3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8324-3544-4138-abf1-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:08.000Z",
|
|
"modified": "2015-09-29T12:25:08.000Z",
|
|
"first_observed": "2015-09-29T12:25:08Z",
|
|
"last_observed": "2015-09-29T12:25:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8324-3544-4138-abf1-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8324-3544-4138-abf1-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/29906c51217d15b9bbbcc8130f64dabdb69bd32baa7999500c7a230c218e8b0a/analysis/1442486782/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8325-bad4-4ea1-bb31-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:09.000Z",
|
|
"modified": "2015-09-29T12:25:09.000Z",
|
|
"description": "- Xchecked via VT: 1c9af096e4c7daa440af136f2b1439089a827101098cfe25b8c19fc7321eaad9",
|
|
"pattern": "[file:hashes.SHA1 = 'c2b09f227d141befeab81df132c9abbad4b73c46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8325-afd0-4ece-b4af-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:09.000Z",
|
|
"modified": "2015-09-29T12:25:09.000Z",
|
|
"description": "- Xchecked via VT: 1c9af096e4c7daa440af136f2b1439089a827101098cfe25b8c19fc7321eaad9",
|
|
"pattern": "[file:hashes.MD5 = '5c42ec22da050bbc82e4a86d4dd0e086']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8325-96ac-4952-83a3-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:09.000Z",
|
|
"modified": "2015-09-29T12:25:09.000Z",
|
|
"first_observed": "2015-09-29T12:25:09Z",
|
|
"last_observed": "2015-09-29T12:25:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8325-96ac-4952-83a3-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8325-96ac-4952-83a3-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/1c9af096e4c7daa440af136f2b1439089a827101098cfe25b8c19fc7321eaad9/analysis/1442486777/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8326-0e80-46ba-85a1-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:10.000Z",
|
|
"modified": "2015-09-29T12:25:10.000Z",
|
|
"description": "- Xchecked via VT: 1677573bb02cc073e248e4a14334db90be8052d0b236e446e29582f50441fa33",
|
|
"pattern": "[file:hashes.SHA1 = 'f42e316292f59ea51f4c40d1c574747eec227796']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a8326-05a0-4ec8-9c74-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:10.000Z",
|
|
"modified": "2015-09-29T12:25:10.000Z",
|
|
"description": "- Xchecked via VT: 1677573bb02cc073e248e4a14334db90be8052d0b236e446e29582f50441fa33",
|
|
"pattern": "[file:hashes.MD5 = 'a16e58bba851ea00e4ea79f9763df6f1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T12:25:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a8326-b3f4-4e88-b8d6-4caf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T12:25:10.000Z",
|
|
"modified": "2015-09-29T12:25:10.000Z",
|
|
"first_observed": "2015-09-29T12:25:10Z",
|
|
"last_observed": "2015-09-29T12:25:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a8326-b3f4-4e88-b8d6-4caf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a8326-b3f4-4e88-b8d6-4caf950d210b",
|
|
"value": "https://www.virustotal.com/file/1677573bb02cc073e248e4a14334db90be8052d0b236e446e29582f50441fa33/analysis/1442486775/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |