1498 lines
No EOL
61 KiB
JSON
1498 lines
No EOL
61 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--56425772-8500-45c6-9575-6056950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:39:01.000Z",
|
|
"modified": "2015-11-11T06:39:01.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--56425772-8500-45c6-9575-6056950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:39:01.000Z",
|
|
"modified": "2015-11-11T06:39:01.000Z",
|
|
"name": "OSINT Macro documents with XOR Encoded Payloads by PhishMe",
|
|
"published": "2015-11-11T06:39:05Z",
|
|
"object_refs": [
|
|
"observed-data--564257a4-c8e4-45ee-85cb-68b9950d210b",
|
|
"url--564257a4-c8e4-45ee-85cb-68b9950d210b",
|
|
"observed-data--564257a4-dc24-4003-ba5d-68b9950d210b",
|
|
"url--564257a4-dc24-4003-ba5d-68b9950d210b",
|
|
"indicator--564257d9-0874-4b4c-a7e7-41c1950d210b",
|
|
"indicator--564257d9-2698-4470-a9cf-4a37950d210b",
|
|
"indicator--564257da-6700-4ad5-85c9-4f66950d210b",
|
|
"indicator--564257da-bc04-40c4-a00c-4ee3950d210b",
|
|
"indicator--564257db-c1f4-40f5-bb86-4f46950d210b",
|
|
"indicator--564257db-28e0-40b0-8ca7-450e950d210b",
|
|
"indicator--564257dc-a3c8-429f-ac03-454a950d210b",
|
|
"indicator--564257dc-1118-4bf2-9236-4520950d210b",
|
|
"indicator--564257dd-975c-4f08-8e5c-4a77950d210b",
|
|
"indicator--564257dd-3508-4ea3-bc79-4aee950d210b",
|
|
"indicator--564257de-b044-4b6f-975e-4a1f950d210b",
|
|
"indicator--564257de-2384-4fc4-abb4-4787950d210b",
|
|
"indicator--564257df-89e0-4c5f-adde-46aa950d210b",
|
|
"indicator--564257df-1000-41fb-86e2-46fc950d210b",
|
|
"indicator--564257df-ab7c-4b4a-bc73-43e2950d210b",
|
|
"indicator--564257e0-cdc8-44b6-b522-4f0f950d210b",
|
|
"indicator--564257e0-1050-4ff4-9bd5-440b950d210b",
|
|
"indicator--564257e1-ba44-43e5-b26c-4459950d210b",
|
|
"indicator--564257e1-0dc8-4d4d-8e82-4def950d210b",
|
|
"indicator--564257e2-f604-43c4-9c84-4670950d210b",
|
|
"indicator--564257e2-5b68-490b-838d-4f7c950d210b",
|
|
"indicator--564257e3-c77c-4eaa-88c1-4671950d210b",
|
|
"indicator--564257e3-7d40-43c9-836d-4ff7950d210b",
|
|
"indicator--564257e4-b6b4-489c-ae17-4ada950d210b",
|
|
"indicator--564257e4-6150-4492-b77c-44a6950d210b",
|
|
"indicator--564257e5-0a28-44b8-9746-424e950d210b",
|
|
"indicator--564257e5-d794-49d1-923a-4b64950d210b",
|
|
"indicator--564257e6-90d0-4602-9126-4793950d210b",
|
|
"indicator--564257e6-2228-48a1-b657-4a8a950d210b",
|
|
"indicator--564257e7-1fb4-4784-9fbc-4d93950d210b",
|
|
"indicator--564257e7-b818-4071-8678-4126950d210b",
|
|
"indicator--564257e8-f91c-4c1f-a83d-4114950d210b",
|
|
"indicator--564257e8-5450-4b7d-8107-4ea0950d210b",
|
|
"indicator--5642e05c-b2ac-435e-8e69-cf3b950d210b",
|
|
"indicator--5642e05d-5bd0-4654-9173-cf3b950d210b",
|
|
"observed-data--5642e05d-5c80-4e8b-b8bd-cf3b950d210b",
|
|
"url--5642e05d-5c80-4e8b-b8bd-cf3b950d210b",
|
|
"indicator--5642e05d-7228-48a1-878a-cf3b950d210b",
|
|
"indicator--5642e05e-7f10-43eb-abf3-cf3b950d210b",
|
|
"observed-data--5642e05e-fe34-4e45-bc71-cf3b950d210b",
|
|
"url--5642e05e-fe34-4e45-bc71-cf3b950d210b",
|
|
"indicator--5642e05f-21c8-4e6d-95de-cf3b950d210b",
|
|
"indicator--5642e05f-2524-4897-a9e4-cf3b950d210b",
|
|
"observed-data--5642e05f-f524-4a8e-964d-cf3b950d210b",
|
|
"url--5642e05f-f524-4a8e-964d-cf3b950d210b",
|
|
"indicator--5642e060-4254-4c74-a273-cf3b950d210b",
|
|
"indicator--5642e060-83d4-4c39-83f0-cf3b950d210b",
|
|
"observed-data--5642e061-a414-4721-bb09-cf3b950d210b",
|
|
"url--5642e061-a414-4721-bb09-cf3b950d210b",
|
|
"indicator--5642e061-dbdc-40e1-9046-cf3b950d210b",
|
|
"indicator--5642e061-b8c0-4e7e-b9f2-cf3b950d210b",
|
|
"observed-data--5642e062-26e0-4b53-b43e-cf3b950d210b",
|
|
"url--5642e062-26e0-4b53-b43e-cf3b950d210b",
|
|
"indicator--5642e062-1d50-48d9-aeb4-cf3b950d210b",
|
|
"indicator--5642e063-f650-40eb-8441-cf3b950d210b",
|
|
"observed-data--5642e063-ef9c-44b3-8f16-cf3b950d210b",
|
|
"url--5642e063-ef9c-44b3-8f16-cf3b950d210b",
|
|
"indicator--5642e063-1cc8-4af3-bedc-cf3b950d210b",
|
|
"indicator--5642e064-effc-4189-b0ea-cf3b950d210b",
|
|
"observed-data--5642e064-3c6c-4e78-bc64-cf3b950d210b",
|
|
"url--5642e064-3c6c-4e78-bc64-cf3b950d210b",
|
|
"indicator--5642e065-ab24-419d-90f4-cf3b950d210b",
|
|
"indicator--5642e065-0828-45ae-9f47-cf3b950d210b",
|
|
"observed-data--5642e065-d998-48b4-9b6e-cf3b950d210b",
|
|
"url--5642e065-d998-48b4-9b6e-cf3b950d210b"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--564257a4-c8e4-45ee-85cb-68b9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:46:28.000Z",
|
|
"modified": "2015-11-10T20:46:28.000Z",
|
|
"first_observed": "2015-11-10T20:46:28Z",
|
|
"last_observed": "2015-11-10T20:46:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--564257a4-c8e4-45ee-85cb-68b9950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--564257a4-c8e4-45ee-85cb-68b9950d210b",
|
|
"value": "http://phishme.com/macro-documents-with-xor-encoded-payloads/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--564257a4-dc24-4003-ba5d-68b9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:46:28.000Z",
|
|
"modified": "2015-11-10T20:46:28.000Z",
|
|
"first_observed": "2015-11-10T20:46:28Z",
|
|
"last_observed": "2015-11-10T20:46:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--564257a4-dc24-4003-ba5d-68b9950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--564257a4-dc24-4003-ba5d-68b9950d210b",
|
|
"value": "http://phishme.com/wp-content/uploads/Intel.csv"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257d9-0874-4b4c-a7e7-41c1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:21.000Z",
|
|
"modified": "2015-11-10T20:47:21.000Z",
|
|
"pattern": "[url:value = 'http://vintageselects.com/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257d9-2698-4470-a9cf-4a37950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:21.000Z",
|
|
"modified": "2015-11-10T20:47:21.000Z",
|
|
"pattern": "[url:value = 'http://finehotels.net/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257da-6700-4ad5-85c9-4f66950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:22.000Z",
|
|
"modified": "2015-11-10T20:47:22.000Z",
|
|
"pattern": "[url:value = 'http://basislabel.com/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257da-bc04-40c4-a00c-4ee3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:22.000Z",
|
|
"modified": "2015-11-10T20:47:22.000Z",
|
|
"pattern": "[url:value = 'http://textidea.com/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257db-c1f4-40f5-bb86-4f46950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:23.000Z",
|
|
"modified": "2015-11-10T20:47:23.000Z",
|
|
"pattern": "[url:value = 'http://camelcap.com/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257db-28e0-40b0-8ca7-450e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:23.000Z",
|
|
"modified": "2015-11-10T20:47:23.000Z",
|
|
"pattern": "[url:value = 'http://mgsmedia.ru/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257dc-a3c8-429f-ac03-454a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:24.000Z",
|
|
"modified": "2015-11-10T20:47:24.000Z",
|
|
"pattern": "[url:value = 'http://pausephone.com/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257dc-1118-4bf2-9236-4520950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:24.000Z",
|
|
"modified": "2015-11-10T20:47:24.000Z",
|
|
"pattern": "[url:value = 'http://fievenghapun.ru/gate.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257dd-975c-4f08-8e5c-4a77950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:25.000Z",
|
|
"modified": "2015-11-10T20:47:25.000Z",
|
|
"pattern": "[url:value = 'http://zilibrinixs.net/mizzo773/gate.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257dd-3508-4ea3-bc79-4aee950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:25.000Z",
|
|
"modified": "2015-11-10T20:47:25.000Z",
|
|
"pattern": "[url:value = 'http://guesstrade.com/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257de-b044-4b6f-975e-4a1f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:26.000Z",
|
|
"modified": "2015-11-10T20:47:26.000Z",
|
|
"pattern": "[url:value = 'http://beheutsi.ru/gate.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257de-2384-4fc4-abb4-4787950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:26.000Z",
|
|
"modified": "2015-11-10T20:47:26.000Z",
|
|
"pattern": "[url:value = 'http://wildclick.net/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257df-89e0-4c5f-adde-46aa950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:27.000Z",
|
|
"modified": "2015-11-10T20:47:27.000Z",
|
|
"pattern": "[url:value = 'http://juskinsandfo.ru/gate.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257df-1000-41fb-86e2-46fc950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:27.000Z",
|
|
"modified": "2015-11-10T20:47:27.000Z",
|
|
"pattern": "[url:value = 'http://ninthclub.com/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257df-ab7c-4b4a-bc73-43e2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:27.000Z",
|
|
"modified": "2015-11-10T20:47:27.000Z",
|
|
"pattern": "[url:value = 'http://yeebay.co/media/system/host.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e0-cdc8-44b6-b522-4f0f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:28.000Z",
|
|
"modified": "2015-11-10T20:47:28.000Z",
|
|
"pattern": "[url:value = 'http://helloalliance.net/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e0-1050-4ff4-9bd5-440b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:28.000Z",
|
|
"modified": "2015-11-10T20:47:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '444e36f7f825164db3cb165526b38d7e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e1-ba44-43e5-b26c-4459950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:29.000Z",
|
|
"modified": "2015-11-10T20:47:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4c4e81db339f03b0b5ab0d18d3a40202']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e1-0dc8-4d4d-8e82-4def950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:29.000Z",
|
|
"modified": "2015-11-10T20:47:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '25cd7beff6db77752efda58b703c1acd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e2-f604-43c4-9c84-4670950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:30.000Z",
|
|
"modified": "2015-11-10T20:47:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b198efe59d67728c7d0a339a7490222c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e2-5b68-490b-838d-4f7c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:30.000Z",
|
|
"modified": "2015-11-10T20:47:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = '539ffbf98931aaaea5b745640988071a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e3-c77c-4eaa-88c1-4671950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:31.000Z",
|
|
"modified": "2015-11-10T20:47:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = '88c69cd7738b6c2228e3c602d385fab3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e3-7d40-43c9-836d-4ff7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:31.000Z",
|
|
"modified": "2015-11-10T20:47:31.000Z",
|
|
"pattern": "[url:value = 'http://webshop.outsourcing4work.de/m1.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e4-b6b4-489c-ae17-4ada950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:32.000Z",
|
|
"modified": "2015-11-10T20:47:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7b14b4a5c21168de932e3c9bdce5805e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e4-6150-4492-b77c-44a6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:32.000Z",
|
|
"modified": "2015-11-10T20:47:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6a2acafe7cd587351b3ef40b0f0384cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e5-0a28-44b8-9746-424e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:33.000Z",
|
|
"modified": "2015-11-10T20:47:33.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.148.26.44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e5-d794-49d1-923a-4b64950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:33.000Z",
|
|
"modified": "2015-11-10T20:47:33.000Z",
|
|
"pattern": "[url:value = 'http://hungphatea.com.au/media/system/host.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e6-90d0-4602-9126-4793950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:34.000Z",
|
|
"modified": "2015-11-10T20:47:34.000Z",
|
|
"pattern": "[url:value = 'http://castuning.ru/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e6-2228-48a1-b657-4a8a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:34.000Z",
|
|
"modified": "2015-11-10T20:47:34.000Z",
|
|
"pattern": "[url:value = 'http://seaboy.net/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e7-1fb4-4784-9fbc-4d93950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:35.000Z",
|
|
"modified": "2015-11-10T20:47:35.000Z",
|
|
"pattern": "[url:value = 'http://hybridtrend.com/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e7-b818-4071-8678-4126950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:35.000Z",
|
|
"modified": "2015-11-10T20:47:35.000Z",
|
|
"pattern": "[url:value = 'http://gourmet.pergaz.com/media/system/host.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e8-f91c-4c1f-a83d-4114950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:36.000Z",
|
|
"modified": "2015-11-10T20:47:36.000Z",
|
|
"pattern": "[url:value = 'http://circlewear.net/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--564257e8-5450-4b7d-8107-4ea0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-10T20:47:36.000Z",
|
|
"modified": "2015-11-10T20:47:36.000Z",
|
|
"pattern": "[url:value = 'http://ideagreens.com/work/new/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-10T20:47:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e05c-b2ac-435e-8e69-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:48.000Z",
|
|
"modified": "2015-11-11T06:29:48.000Z",
|
|
"description": "- Xchecked via VT: 6a2acafe7cd587351b3ef40b0f0384cd",
|
|
"pattern": "[file:hashes.SHA256 = 'f6ff1eeb531beb2900b0c377eb684df87ebb146f86ab9397c935298fb0cf09f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e05d-5bd0-4654-9173-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:49.000Z",
|
|
"modified": "2015-11-11T06:29:49.000Z",
|
|
"description": "- Xchecked via VT: 6a2acafe7cd587351b3ef40b0f0384cd",
|
|
"pattern": "[file:hashes.SHA1 = '0be14ac098d24b2ec3cd7f7560e2a47587c33f8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5642e05d-5c80-4e8b-b8bd-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:49.000Z",
|
|
"modified": "2015-11-11T06:29:49.000Z",
|
|
"first_observed": "2015-11-11T06:29:49Z",
|
|
"last_observed": "2015-11-11T06:29:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5642e05d-5c80-4e8b-b8bd-cf3b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5642e05d-5c80-4e8b-b8bd-cf3b950d210b",
|
|
"value": "https://www.virustotal.com/file/f6ff1eeb531beb2900b0c377eb684df87ebb146f86ab9397c935298fb0cf09f2/analysis/1446306023/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e05d-7228-48a1-878a-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:49.000Z",
|
|
"modified": "2015-11-11T06:29:49.000Z",
|
|
"description": "- Xchecked via VT: 7b14b4a5c21168de932e3c9bdce5805e",
|
|
"pattern": "[file:hashes.SHA256 = 'dfe92f53d5dbae6390482383defaab2925a1f6da1116a086068ab85ca316aa00']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e05e-7f10-43eb-abf3-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:50.000Z",
|
|
"modified": "2015-11-11T06:29:50.000Z",
|
|
"description": "- Xchecked via VT: 7b14b4a5c21168de932e3c9bdce5805e",
|
|
"pattern": "[file:hashes.SHA1 = '0dcae2786f206149c06940c168945c58ae916be3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5642e05e-fe34-4e45-bc71-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:50.000Z",
|
|
"modified": "2015-11-11T06:29:50.000Z",
|
|
"first_observed": "2015-11-11T06:29:50Z",
|
|
"last_observed": "2015-11-11T06:29:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5642e05e-fe34-4e45-bc71-cf3b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5642e05e-fe34-4e45-bc71-cf3b950d210b",
|
|
"value": "https://www.virustotal.com/file/dfe92f53d5dbae6390482383defaab2925a1f6da1116a086068ab85ca316aa00/analysis/1446984972/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e05f-21c8-4e6d-95de-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:51.000Z",
|
|
"modified": "2015-11-11T06:29:51.000Z",
|
|
"description": "- Xchecked via VT: 88c69cd7738b6c2228e3c602d385fab3",
|
|
"pattern": "[file:hashes.SHA256 = '8b191a0aa1f1bbf485e2ca677a67a05539507c52358632b81f902295b5b3a597']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e05f-2524-4897-a9e4-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:51.000Z",
|
|
"modified": "2015-11-11T06:29:51.000Z",
|
|
"description": "- Xchecked via VT: 88c69cd7738b6c2228e3c602d385fab3",
|
|
"pattern": "[file:hashes.SHA1 = 'ba6c7c6139f293dc5c442bf838c0bf90967496ad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5642e05f-f524-4a8e-964d-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:51.000Z",
|
|
"modified": "2015-11-11T06:29:51.000Z",
|
|
"first_observed": "2015-11-11T06:29:51Z",
|
|
"last_observed": "2015-11-11T06:29:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5642e05f-f524-4a8e-964d-cf3b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5642e05f-f524-4a8e-964d-cf3b950d210b",
|
|
"value": "https://www.virustotal.com/file/8b191a0aa1f1bbf485e2ca677a67a05539507c52358632b81f902295b5b3a597/analysis/1446927268/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e060-4254-4c74-a273-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:52.000Z",
|
|
"modified": "2015-11-11T06:29:52.000Z",
|
|
"description": "- Xchecked via VT: 539ffbf98931aaaea5b745640988071a",
|
|
"pattern": "[file:hashes.SHA256 = 'f0d27b51e8cb463777c7fc326212304e9cc7aa234d670e23838e507eb1b7afd4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e060-83d4-4c39-83f0-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:52.000Z",
|
|
"modified": "2015-11-11T06:29:52.000Z",
|
|
"description": "- Xchecked via VT: 539ffbf98931aaaea5b745640988071a",
|
|
"pattern": "[file:hashes.SHA1 = 'c0c2d67ed3cb2f684687c33846a62557faa20059']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5642e061-a414-4721-bb09-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:53.000Z",
|
|
"modified": "2015-11-11T06:29:53.000Z",
|
|
"first_observed": "2015-11-11T06:29:53Z",
|
|
"last_observed": "2015-11-11T06:29:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5642e061-a414-4721-bb09-cf3b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5642e061-a414-4721-bb09-cf3b950d210b",
|
|
"value": "https://www.virustotal.com/file/f0d27b51e8cb463777c7fc326212304e9cc7aa234d670e23838e507eb1b7afd4/analysis/1446984946/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e061-dbdc-40e1-9046-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:53.000Z",
|
|
"modified": "2015-11-11T06:29:53.000Z",
|
|
"description": "- Xchecked via VT: b198efe59d67728c7d0a339a7490222c",
|
|
"pattern": "[file:hashes.SHA256 = '2b75705c538a522faafb6a19c57327ceeadbab0b29fcd02a417d392a4e849ba4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e061-b8c0-4e7e-b9f2-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:53.000Z",
|
|
"modified": "2015-11-11T06:29:53.000Z",
|
|
"description": "- Xchecked via VT: b198efe59d67728c7d0a339a7490222c",
|
|
"pattern": "[file:hashes.SHA1 = 'b0c27b220d32f2e94d75c0074835a8345f81b725']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5642e062-26e0-4b53-b43e-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:54.000Z",
|
|
"modified": "2015-11-11T06:29:54.000Z",
|
|
"first_observed": "2015-11-11T06:29:54Z",
|
|
"last_observed": "2015-11-11T06:29:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5642e062-26e0-4b53-b43e-cf3b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5642e062-26e0-4b53-b43e-cf3b950d210b",
|
|
"value": "https://www.virustotal.com/file/2b75705c538a522faafb6a19c57327ceeadbab0b29fcd02a417d392a4e849ba4/analysis/1447109802/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e062-1d50-48d9-aeb4-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:54.000Z",
|
|
"modified": "2015-11-11T06:29:54.000Z",
|
|
"description": "- Xchecked via VT: 25cd7beff6db77752efda58b703c1acd",
|
|
"pattern": "[file:hashes.SHA256 = '7bd0f161a9c3ca12fa8ef2ba04003c2a3ff93c19ab72e0ad9faec4f464b95aca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e063-f650-40eb-8441-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:55.000Z",
|
|
"modified": "2015-11-11T06:29:55.000Z",
|
|
"description": "- Xchecked via VT: 25cd7beff6db77752efda58b703c1acd",
|
|
"pattern": "[file:hashes.SHA1 = '69d552eec7853df9c92802ac8f4a0601366b1e72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5642e063-ef9c-44b3-8f16-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:55.000Z",
|
|
"modified": "2015-11-11T06:29:55.000Z",
|
|
"first_observed": "2015-11-11T06:29:55Z",
|
|
"last_observed": "2015-11-11T06:29:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5642e063-ef9c-44b3-8f16-cf3b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5642e063-ef9c-44b3-8f16-cf3b950d210b",
|
|
"value": "https://www.virustotal.com/file/7bd0f161a9c3ca12fa8ef2ba04003c2a3ff93c19ab72e0ad9faec4f464b95aca/analysis/1446249621/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e063-1cc8-4af3-bedc-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:55.000Z",
|
|
"modified": "2015-11-11T06:29:55.000Z",
|
|
"description": "- Xchecked via VT: 4c4e81db339f03b0b5ab0d18d3a40202",
|
|
"pattern": "[file:hashes.SHA256 = '5654604e27918b86b891839254c1a9b7469c82193c78aa000aa3a9032482e340']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e064-effc-4189-b0ea-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:56.000Z",
|
|
"modified": "2015-11-11T06:29:56.000Z",
|
|
"description": "- Xchecked via VT: 4c4e81db339f03b0b5ab0d18d3a40202",
|
|
"pattern": "[file:hashes.SHA1 = '92eab2d3224bd1c465052dc48bca7e379c7c1cdf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5642e064-3c6c-4e78-bc64-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:56.000Z",
|
|
"modified": "2015-11-11T06:29:56.000Z",
|
|
"first_observed": "2015-11-11T06:29:56Z",
|
|
"last_observed": "2015-11-11T06:29:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5642e064-3c6c-4e78-bc64-cf3b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5642e064-3c6c-4e78-bc64-cf3b950d210b",
|
|
"value": "https://www.virustotal.com/file/5654604e27918b86b891839254c1a9b7469c82193c78aa000aa3a9032482e340/analysis/1446927456/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e065-ab24-419d-90f4-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:57.000Z",
|
|
"modified": "2015-11-11T06:29:57.000Z",
|
|
"description": "- Xchecked via VT: 444e36f7f825164db3cb165526b38d7e",
|
|
"pattern": "[file:hashes.SHA256 = 'db3e48670d013d9d0989175a2ace180f1b2403450985ae434472c813f8cdb401']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5642e065-0828-45ae-9f47-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:57.000Z",
|
|
"modified": "2015-11-11T06:29:57.000Z",
|
|
"description": "- Xchecked via VT: 444e36f7f825164db3cb165526b38d7e",
|
|
"pattern": "[file:hashes.SHA1 = '97ea5ac4bc95e6d660c362bf478b4d1f6bfaf7db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-11T06:29:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5642e065-d998-48b4-9b6e-cf3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-11T06:29:57.000Z",
|
|
"modified": "2015-11-11T06:29:57.000Z",
|
|
"first_observed": "2015-11-11T06:29:57Z",
|
|
"last_observed": "2015-11-11T06:29:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5642e065-d998-48b4-9b6e-cf3b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5642e065-d998-48b4-9b6e-cf3b950d210b",
|
|
"value": "https://www.virustotal.com/file/db3e48670d013d9d0989175a2ace180f1b2403450985ae434472c813f8cdb401/analysis/1446472959/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |