3059 lines
No EOL
130 KiB
JSON
3059 lines
No EOL
130 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--57460863-76dc-4272-8116-4ea302de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-07-27T08:38:38.000Z",
|
|
"modified": "2016-07-27T08:38:38.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--57460863-76dc-4272-8116-4ea302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-07-27T08:38:38.000Z",
|
|
"modified": "2016-07-27T08:38:38.000Z",
|
|
"name": "OSINT - CVE-2015-2545: overview of current threats",
|
|
"published": "2016-07-27T08:39:06Z",
|
|
"object_refs": [
|
|
"vulnerability--57460889-aeb0-4560-95a9-4f1802de0b81",
|
|
"observed-data--574608d6-0abc-48d9-9b54-443502de0b81",
|
|
"url--574608d6-0abc-48d9-9b54-443502de0b81",
|
|
"x-misp-attribute--574608e6-2b38-4738-b31a-453902de0b81",
|
|
"indicator--57460928-61e0-4a43-83f2-477202de0b81",
|
|
"indicator--57460929-ad38-4a8d-9e38-45bb02de0b81",
|
|
"indicator--57460929-61c0-4cb1-aa13-4f7e02de0b81",
|
|
"indicator--5746092a-6dd0-420b-ba0c-4b4a02de0b81",
|
|
"indicator--5746094e-8e0c-489f-93bf-4b9502de0b81",
|
|
"indicator--5746094f-cd60-4203-a6b2-467e02de0b81",
|
|
"indicator--57460998-5644-40f4-9db5-488702de0b81",
|
|
"indicator--574609cb-b624-4311-85cb-41ba02de0b81",
|
|
"indicator--57460a0b-88c8-4d09-8a10-45ca02de0b81",
|
|
"indicator--57460a0b-9768-43d3-bd39-4a3f02de0b81",
|
|
"indicator--57460a0b-3c7c-4504-b6a3-488e02de0b81",
|
|
"indicator--57460a0c-9ee4-4b9c-a7bb-44bd02de0b81",
|
|
"indicator--57460a0c-3538-46c6-903b-472e02de0b81",
|
|
"indicator--57460a0d-e3d8-4ddc-b1b2-4d2a02de0b81",
|
|
"indicator--57460a0d-d384-4108-99dc-43e602de0b81",
|
|
"indicator--57460a0d-05f8-4769-9f57-41c302de0b81",
|
|
"indicator--57460a5a-a738-4354-a28b-434902de0b81",
|
|
"indicator--57460a5a-4b44-4948-842e-42bf02de0b81",
|
|
"indicator--57460a5b-9358-4317-9e00-451902de0b81",
|
|
"indicator--57460a5b-a94c-4b80-af51-4d2802de0b81",
|
|
"indicator--57460a5b-a1d8-4c40-afe6-448902de0b81",
|
|
"indicator--57460a5c-92c4-425f-8048-409402de0b81",
|
|
"indicator--57460a5c-6788-4cbb-a57b-467402de0b81",
|
|
"indicator--57460a5c-040c-47b0-9e8a-424702de0b81",
|
|
"indicator--57460a5d-8bf8-4467-b032-4f6d02de0b81",
|
|
"indicator--57460aab-7250-4e4e-a149-4f0802de0b81",
|
|
"indicator--57460ac4-b81c-4962-a877-4bd702de0b81",
|
|
"indicator--57460ac4-848c-4f38-a3f5-455302de0b81",
|
|
"indicator--57460b11-4d68-4fb9-a1a2-4ec202de0b81",
|
|
"indicator--57460b12-3aa4-4416-8b50-4fd702de0b81",
|
|
"indicator--57460b12-f4c8-44b4-a0b5-459702de0b81",
|
|
"indicator--57460b12-2e74-4080-ba7e-468402de0b81",
|
|
"indicator--57460b33-0d18-47d6-b3c8-467102de0b81",
|
|
"indicator--57460b6e-9314-47e7-8f43-4aec02de0b81",
|
|
"indicator--57460b6e-04e8-435c-9c6d-4afe02de0b81",
|
|
"indicator--57460b6e-ca7c-43e4-9de2-419302de0b81",
|
|
"indicator--57460bb6-e4d0-4c1f-b19a-4cc902de0b81",
|
|
"indicator--57460bb6-5ed8-403c-bfc3-46d502de0b81",
|
|
"indicator--57460bb7-8b94-4426-a516-465102de0b81",
|
|
"indicator--57460bb7-5abc-41e9-8f48-471a02de0b81",
|
|
"indicator--57460bb7-5dac-4821-b3cc-4c1102de0b81",
|
|
"indicator--57460bb8-da3c-4092-b589-4f6d02de0b81",
|
|
"indicator--57460c01-da8c-4831-a3b7-434d02de0b81",
|
|
"indicator--57460c02-a9f0-4aee-86c3-4cc502de0b81",
|
|
"observed-data--57460c02-add0-4029-8b6f-412e02de0b81",
|
|
"url--57460c02-add0-4029-8b6f-412e02de0b81",
|
|
"indicator--57460c03-e688-4ff9-a888-452a02de0b81",
|
|
"indicator--57460c03-ae98-4185-b4d4-405102de0b81",
|
|
"observed-data--57460c04-44e8-43e7-b23d-45a102de0b81",
|
|
"url--57460c04-44e8-43e7-b23d-45a102de0b81",
|
|
"indicator--57460c04-9008-43ba-9994-483102de0b81",
|
|
"indicator--57460c04-ef20-4fd9-912d-493f02de0b81",
|
|
"observed-data--57460c05-7538-4d64-ae0a-42c302de0b81",
|
|
"url--57460c05-7538-4d64-ae0a-42c302de0b81",
|
|
"indicator--57460c05-4b18-493f-9403-471102de0b81",
|
|
"indicator--57460c06-8dbc-4313-baac-492302de0b81",
|
|
"observed-data--57460c06-c2e4-47eb-bdf2-4bfb02de0b81",
|
|
"url--57460c06-c2e4-47eb-bdf2-4bfb02de0b81",
|
|
"indicator--57460c07-d200-400e-b3af-423602de0b81",
|
|
"indicator--57460c07-6844-4ad1-bba9-41ec02de0b81",
|
|
"observed-data--57460c07-2530-431c-b761-4dfa02de0b81",
|
|
"url--57460c07-2530-431c-b761-4dfa02de0b81",
|
|
"indicator--57460c08-6cb8-4762-b60e-4f5102de0b81",
|
|
"indicator--57460c08-4894-4a04-98d1-444102de0b81",
|
|
"observed-data--57460c09-5318-4158-90c5-463502de0b81",
|
|
"url--57460c09-5318-4158-90c5-463502de0b81",
|
|
"indicator--57460c09-5ab4-4592-83ed-44b502de0b81",
|
|
"indicator--57460c0a-d480-4a88-9eb0-41c802de0b81",
|
|
"observed-data--57460c0a-8b3c-4f04-8981-4e9d02de0b81",
|
|
"url--57460c0a-8b3c-4f04-8981-4e9d02de0b81",
|
|
"indicator--57460c0a-0800-4d12-8383-401102de0b81",
|
|
"indicator--57460c0b-4ab8-4de1-8259-487702de0b81",
|
|
"observed-data--57460c0b-8fe4-4a00-9aef-47cb02de0b81",
|
|
"url--57460c0b-8fe4-4a00-9aef-47cb02de0b81",
|
|
"indicator--57460c0c-22e4-4fd4-a42b-45e602de0b81",
|
|
"indicator--57460c0c-b8c0-4913-a3fa-4d8202de0b81",
|
|
"observed-data--57460c0d-7c3c-4b38-ab60-4f2402de0b81",
|
|
"url--57460c0d-7c3c-4b38-ab60-4f2402de0b81",
|
|
"indicator--57460c0d-9d08-4b8d-9245-49d402de0b81",
|
|
"indicator--57460c0d-3bb0-42dc-994b-410302de0b81",
|
|
"observed-data--57460c0e-15b8-4410-8cb7-454d02de0b81",
|
|
"url--57460c0e-15b8-4410-8cb7-454d02de0b81",
|
|
"indicator--57460c0e-8c28-4313-a417-4f5702de0b81",
|
|
"indicator--57460c0f-6ee4-46f4-8ca7-4a6402de0b81",
|
|
"observed-data--57460c0f-5548-4146-9105-42b602de0b81",
|
|
"url--57460c0f-5548-4146-9105-42b602de0b81",
|
|
"indicator--57460c10-81f0-4684-8c4c-49eb02de0b81",
|
|
"indicator--57460c10-ad14-451b-802e-44bb02de0b81",
|
|
"observed-data--57460c10-0e94-4dc4-ad53-447202de0b81",
|
|
"url--57460c10-0e94-4dc4-ad53-447202de0b81",
|
|
"indicator--57460c11-e8e0-4acd-a9b8-4cbe02de0b81",
|
|
"indicator--57460c11-6bdc-461c-ace8-429802de0b81",
|
|
"observed-data--57460c12-eba8-4360-8fda-40b702de0b81",
|
|
"url--57460c12-eba8-4360-8fda-40b702de0b81",
|
|
"indicator--57460c12-0c68-4d35-9524-4a8102de0b81",
|
|
"indicator--57460c12-3f18-4de3-9ce6-47d002de0b81",
|
|
"observed-data--57460c13-8078-42e0-bc53-4dc902de0b81",
|
|
"url--57460c13-8078-42e0-bc53-4dc902de0b81",
|
|
"indicator--57460c13-2428-4521-8a72-4fb802de0b81",
|
|
"indicator--57460c14-88c0-4ff6-8f31-4c0002de0b81",
|
|
"observed-data--57460c14-6d70-4035-aee1-4eb702de0b81",
|
|
"url--57460c14-6d70-4035-aee1-4eb702de0b81",
|
|
"indicator--57460c14-7924-4921-aad9-4fb902de0b81",
|
|
"indicator--57460c15-0d08-4786-9fb2-403e02de0b81",
|
|
"observed-data--57460c15-2d38-4aae-8764-47ce02de0b81",
|
|
"url--57460c15-2d38-4aae-8764-47ce02de0b81",
|
|
"indicator--57460c16-70c4-40f1-8327-4d9a02de0b81",
|
|
"indicator--57460c16-d238-476d-bbf8-4f0e02de0b81",
|
|
"observed-data--57460c16-ac98-4a52-bbe2-489202de0b81",
|
|
"url--57460c16-ac98-4a52-bbe2-489202de0b81",
|
|
"indicator--57460c17-48ac-4f94-b9ee-4aa202de0b81",
|
|
"indicator--57460c17-7b8c-46e3-bbb1-44a402de0b81",
|
|
"observed-data--57460c17-75fc-4e71-bdab-4b7f02de0b81",
|
|
"url--57460c17-75fc-4e71-bdab-4b7f02de0b81",
|
|
"indicator--57460c18-384c-4f96-ab3c-4dd102de0b81",
|
|
"indicator--57460c18-6224-4072-81e8-449a02de0b81",
|
|
"observed-data--57460c18-be9c-480a-9fab-477502de0b81",
|
|
"url--57460c18-be9c-480a-9fab-477502de0b81",
|
|
"indicator--57460c19-a3dc-4911-bf50-451e02de0b81",
|
|
"indicator--57460c19-4c04-4e65-9eb8-445702de0b81",
|
|
"observed-data--57460c19-456c-494a-b765-4fa102de0b81",
|
|
"url--57460c19-456c-494a-b765-4fa102de0b81",
|
|
"indicator--57460c1a-ad58-4ef9-bb4d-4ce002de0b81",
|
|
"indicator--57460c1a-c00c-48cf-8d94-483202de0b81",
|
|
"observed-data--57460c1b-cd80-4797-980c-46c902de0b81",
|
|
"url--57460c1b-cd80-4797-980c-46c902de0b81",
|
|
"indicator--57460c1b-0ef0-4c52-a04d-420202de0b81",
|
|
"indicator--57460c1b-d1a4-49fe-960a-415b02de0b81",
|
|
"observed-data--57460c1c-1fbc-4beb-b6f1-433a02de0b81",
|
|
"url--57460c1c-1fbc-4beb-b6f1-433a02de0b81",
|
|
"indicator--57460c1c-51d4-43cf-a490-4a5702de0b81",
|
|
"indicator--57460c1c-ac6c-4ceb-bab8-4ab902de0b81",
|
|
"observed-data--57460c1d-a1f0-47c5-9029-4f7502de0b81",
|
|
"url--57460c1d-a1f0-47c5-9029-4f7502de0b81",
|
|
"indicator--57460c1d-6c8c-4374-911c-492602de0b81",
|
|
"indicator--57460c1e-23bc-4d2c-9338-4e8102de0b81",
|
|
"observed-data--57460c1e-7f14-4a52-bb7d-4d0e02de0b81",
|
|
"url--57460c1e-7f14-4a52-bb7d-4d0e02de0b81",
|
|
"indicator--57460c1e-16fc-4357-bcfb-4d2002de0b81",
|
|
"indicator--57460c1f-8cc8-4e06-afc4-423202de0b81",
|
|
"observed-data--57460c1f-764c-49a1-869f-44fe02de0b81",
|
|
"url--57460c1f-764c-49a1-869f-44fe02de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"estimative-language:likelihood-probability=\"very-likely\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--57460889-aeb0-4560-95a9-4f1802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:18:17.000Z",
|
|
"modified": "2016-05-25T20:18:17.000Z",
|
|
"name": "CVE-2015-2545",
|
|
"labels": [
|
|
"misp:type=\"vulnerability\"",
|
|
"misp:category=\"Payload delivery\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2015-2545"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--574608d6-0abc-48d9-9b54-443502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:19:34.000Z",
|
|
"modified": "2016-05-25T20:19:34.000Z",
|
|
"first_observed": "2016-05-25T20:19:34Z",
|
|
"last_observed": "2016-05-25T20:19:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--574608d6-0abc-48d9-9b54-443502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--574608d6-0abc-48d9-9b54-443502de0b81",
|
|
"value": "https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--574608e6-2b38-4738-b31a-453902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:19:50.000Z",
|
|
"modified": "2016-05-25T20:19:50.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "CVE-2015-2545 is a vulnerability discovered in 2015 and corrected with Microsoft\u00e2\u20ac\u2122s update MS15-099. The vulnerability affects Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1 and 2013 RT SP1.\r\n\r\nThe error enables an attacker to execute arbitrary code using a specially crafted EPS image file. The exploit uses PostScript and can evade Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protection methods.\r\n\r\nThe exploit was discovered in the wild in August 2015, when it was used in a targeted attack by the Platinum group, presumably against targets in India. Over the following months, there was significant growth in the number of threat actors using the vulnerability as a primary tool for initial penetration, with both the attack groups and their targets located in South-East and Central Asia and the Far East.\r\n\r\nIn this research paper, we discuss examples of attacks using the CVE-2015-2545 vulnerability undertaken by some of these groups."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460928-61e0-4a43-83f2-477202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:20:56.000Z",
|
|
"modified": "2016-05-25T20:20:56.000Z",
|
|
"description": "SVCMONDR attacks",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.13.204']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:20:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460929-ad38-4a8d-9e38-45bb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:20:57.000Z",
|
|
"modified": "2016-05-25T20:20:57.000Z",
|
|
"description": "SVCMONDR attacks",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.128.10.28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:20:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460929-61c0-4cb1-aa13-4f7e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:20:57.000Z",
|
|
"modified": "2016-05-25T20:20:57.000Z",
|
|
"description": "SVCMONDR attacks",
|
|
"pattern": "[domain-name:value = 'www.ocaler.mooo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:20:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5746092a-6dd0-420b-ba0c-4b4a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:20:58.000Z",
|
|
"modified": "2016-05-25T20:20:58.000Z",
|
|
"description": "SVCMONDR attacks",
|
|
"pattern": "[domain-name:value = 'www.onmypc.serverpit.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:20:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5746094e-8e0c-489f-93bf-4b9502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:21:34.000Z",
|
|
"modified": "2016-05-25T20:21:34.000Z",
|
|
"description": "(svcmondr.ex, Taiwan) - SVCMONDR attacks",
|
|
"pattern": "[file:hashes.MD5 = '8052234dcd41a7d619acb0ec9636be0b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:21:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5746094f-cd60-4203-a6b2-467e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:21:35.000Z",
|
|
"modified": "2016-05-25T20:21:35.000Z",
|
|
"description": "(svcmondr.ex,Thailand) - SVCMONDR attacks",
|
|
"pattern": "[file:hashes.MD5 = '046b98a742cecc11fb18d9554483be2d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:21:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460998-5644-40f4-9db5-488702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:22:48.000Z",
|
|
"modified": "2016-05-25T20:22:48.000Z",
|
|
"description": "Taiwan, 1-3\u00e8\u00aa\u00aa\u00e6\u02dc\u017d\u00e6\u00aa\u201d.doc - SVCMONDR attacks",
|
|
"pattern": "[file:hashes.MD5 = 'd0533874d7255b881187e842e747c268']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--574609cb-b624-4311-85cb-41ba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:23:39.000Z",
|
|
"modified": "2016-05-25T20:23:39.000Z",
|
|
"description": "EPS - Taiwan - SVCMONDR attacks",
|
|
"pattern": "[file:hashes.MD5 = '98c57aa9c7e3f90c4eb4afeba8128484']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:23:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a0b-88c8-4d09-8a10-45ca02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:24:43.000Z",
|
|
"modified": "2016-05-25T20:24:43.000Z",
|
|
"description": "Danti",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.208.4.200']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:24:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a0b-9768-43d3-bd39-4a3f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:24:43.000Z",
|
|
"modified": "2016-05-25T20:24:43.000Z",
|
|
"description": "Danti",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.208.4.201']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:24:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a0b-3c7c-4504-b6a3-488e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:24:43.000Z",
|
|
"modified": "2016-05-25T20:24:43.000Z",
|
|
"description": "Danti",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.150.227.135']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:24:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a0c-9ee4-4b9c-a7bb-44bd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:24:44.000Z",
|
|
"modified": "2016-05-25T20:24:44.000Z",
|
|
"description": "Danti port 443",
|
|
"pattern": "[domain-name:value = 'goback.strangled.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:24:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a0c-3538-46c6-903b-472e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:24:44.000Z",
|
|
"modified": "2016-05-25T20:24:44.000Z",
|
|
"description": "Danti",
|
|
"pattern": "[domain-name:value = 'carwiseplot.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:24:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a0d-e3d8-4ddc-b1b2-4d2a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-07-27T08:38:38.000Z",
|
|
"modified": "2016-07-27T08:38:38.000Z",
|
|
"description": "Danti",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.144.69.54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-07-27T08:38:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a0d-d384-4108-99dc-43e602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:24:45.000Z",
|
|
"modified": "2016-05-25T20:24:45.000Z",
|
|
"description": "Danti",
|
|
"pattern": "[domain-name:value = 'newsupdate.dynssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a0d-05f8-4769-9f57-41c302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:24:45.000Z",
|
|
"modified": "2016-05-25T20:24:45.000Z",
|
|
"description": "Danti",
|
|
"pattern": "[domain-name:value = 'dnsnews.dns05.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:24:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a5a-a738-4354-a28b-434902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:26:02.000Z",
|
|
"modified": "2016-05-25T20:26:02.000Z",
|
|
"description": "(dropper, from cab-archive) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '6bbdbf6d3b24b8bfa296b9c76b95bb2f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:26:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a5a-4b44-4948-842e-42bf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:26:02.000Z",
|
|
"modified": "2016-05-25T20:26:02.000Z",
|
|
"description": "(http.exe) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '3fbe576d33595734a92a665e72e5a04f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:26:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a5b-9358-4317-9e00-451902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:26:03.000Z",
|
|
"modified": "2016-05-25T20:26:03.000Z",
|
|
"description": "(lsass.exe) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '8ad9cb6b948bcf7f9211887e0cf6f02a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:26:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a5b-a94c-4b80-af51-4d2802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:26:03.000Z",
|
|
"modified": "2016-05-25T20:26:03.000Z",
|
|
"description": "Danti",
|
|
"pattern": "[file:hashes.MD5 = '9469dd12136b6514d82c3b01d6082f59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:26:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a5b-a1d8-4c40-afe6-448902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:26:03.000Z",
|
|
"modified": "2016-05-25T20:26:03.000Z",
|
|
"description": "(mshtml.dll) - Danti",
|
|
"pattern": "[file:hashes.MD5 = 'be0cc8411c066eac246097045b73c282']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:26:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a5c-92c4-425f-8048-409402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:26:04.000Z",
|
|
"modified": "2016-05-25T20:26:04.000Z",
|
|
"description": "Danti",
|
|
"pattern": "[file:hashes.MD5 = 'bae673964e9bc2a45ebcc667895104ef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:26:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a5c-6788-4cbb-a57b-467402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:26:04.000Z",
|
|
"modified": "2016-05-25T20:26:04.000Z",
|
|
"description": "(update.dat) - Danti",
|
|
"pattern": "[file:hashes.MD5 = 'd44e971b202d573f8c797845c90e4658']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:26:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a5c-040c-47b0-9e8a-424702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:26:04.000Z",
|
|
"modified": "2016-05-25T20:26:04.000Z",
|
|
"description": "(potplayer.dll) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '332397ec261393aaa58522c4357c3e48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:26:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460a5d-8bf8-4467-b032-4f6d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:26:05.000Z",
|
|
"modified": "2016-05-25T20:26:05.000Z",
|
|
"description": "(appinfo.dat) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '2460871a040628c379e04f79af37060d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:26:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460aab-7250-4e4e-a149-4f0802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:27:23.000Z",
|
|
"modified": "2016-05-25T20:27:23.000Z",
|
|
"description": "Potplayer - Danti",
|
|
"pattern": "[file:hashes.MD5 = 'f16903b2ff82689404f7d0820f461e5d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:27:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460ac4-b81c-4962-a877-4bd702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:27:48.000Z",
|
|
"modified": "2016-05-25T20:27:48.000Z",
|
|
"description": "RarSFX - Danti",
|
|
"pattern": "[file:hashes.MD5 = 'd0407e1a66ee2082a0d170814bd4ab02']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:27:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460ac4-848c-4f38-a3f5-455302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:27:48.000Z",
|
|
"modified": "2016-05-25T20:27:48.000Z",
|
|
"description": "RarSFX - Danti",
|
|
"pattern": "[file:hashes.MD5 = '4902abe46039d36b45ac8a39c745445a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:27:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460b11-4d68-4fb9-a1a2-4ec202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:29:05.000Z",
|
|
"modified": "2016-05-25T20:29:05.000Z",
|
|
"description": "(India, from Mission list) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '07f4b663cc3bcb5899edba9eaf9cf4b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:29:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460b12-3aa4-4416-8b50-4fd702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:29:06.000Z",
|
|
"modified": "2016-05-25T20:29:06.000Z",
|
|
"description": "(India, HQ List) - Danti",
|
|
"pattern": "[file:hashes.MD5 = 'a90a329335fa0af64d8394b28e0f86c1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:29:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460b12-f4c8-44b4-a0b5-459702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:29:06.000Z",
|
|
"modified": "2016-05-25T20:29:06.000Z",
|
|
"description": "(India, Hotels) - Danti",
|
|
"pattern": "[file:hashes.MD5 = 'b751323586c5e36d1d644ab42888a100']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:29:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460b12-2e74-4080-ba7e-468402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:29:06.000Z",
|
|
"modified": "2016-05-25T20:29:06.000Z",
|
|
"description": "(Holidays in India in 2016) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '8cd2eb90fabd03ac97279d398b09a5e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:29:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460b33-0d18-47d6-b3c8-467102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:29:39.000Z",
|
|
"modified": "2016-05-25T20:29:39.000Z",
|
|
"description": "(Holidays in India in 2016) - Danti",
|
|
"pattern": "[file:hashes.MD5 = 'd91f101427a39d9f40c41aa041197a9c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:29:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460b6e-9314-47e7-8f43-4aec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:30:38.000Z",
|
|
"modified": "2016-05-25T20:30:38.000Z",
|
|
"description": "Doc web archive - (HQ List)",
|
|
"pattern": "[file:hashes.MD5 = 'c591263d56b57dfadd06a68dd9657343']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:30:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460b6e-04e8-435c-9c6d-4afe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:30:38.000Z",
|
|
"modified": "2016-05-25T20:30:38.000Z",
|
|
"description": "Doc web archive - (Mission List)",
|
|
"pattern": "[file:hashes.MD5 = 'aebf03ceaef042a833ee5459016f5bde']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:30:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460b6e-ca7c-43e4-9de2-419302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:30:38.000Z",
|
|
"modified": "2016-05-25T20:30:38.000Z",
|
|
"description": "Doc web archive - (India\u00e2\u20ac\u2122s 10 Top Luxury Hotels)",
|
|
"pattern": "[file:hashes.MD5 = 'fd6636af7d2358c40fe6923b23a690e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:30:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460bb6-e4d0-4c1f-b19a-4cc902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:31:50.000Z",
|
|
"modified": "2016-05-25T20:31:50.000Z",
|
|
"description": "(chancery@indianembassy.hu) - Danti",
|
|
"pattern": "[file:hashes.MD5 = 'aae962611da956a26a76d185455f1d44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:31:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460bb6-5ed8-403c-bfc3-46d502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:31:50.000Z",
|
|
"modified": "2016-05-25T20:31:50.000Z",
|
|
"description": "(amb.bogota@mea.gov.in) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '3ed40dec891fd48c7ec6fa49b1058d24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:31:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460bb7-8b94-4426-a516-465102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:31:51.000Z",
|
|
"modified": "2016-05-25T20:31:51.000Z",
|
|
"description": "(amb.copenhagen@mea.gov.in) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '1aefd1c30d1710f901c70be7f1366cae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:31:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460bb7-5abc-41e9-8f48-471a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:31:51.000Z",
|
|
"modified": "2016-05-25T20:31:51.000Z",
|
|
"description": "(India, dsfsi@nic.in) - Danti",
|
|
"pattern": "[file:hashes.MD5 = 'f4c1e96717c82b14ca76384cb005fbe5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:31:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460bb7-5dac-4821-b3cc-4c1102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:31:51.000Z",
|
|
"modified": "2016-05-25T20:31:51.000Z",
|
|
"description": "(India, chumarpost@gmail.com) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '1ba92c6d35b7a31046e013d35fa48775']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:31:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460bb8-da3c-4092-b589-4f6d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:31:52.000Z",
|
|
"modified": "2016-05-25T20:31:52.000Z",
|
|
"description": "(India, Cabinet Secretary) - Danti",
|
|
"pattern": "[file:hashes.MD5 = '6d55eb3ced35c7479f67167d84bf15f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:31:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c01-da8c-4831-a3b7-434d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:05.000Z",
|
|
"modified": "2016-05-25T20:33:05.000Z",
|
|
"description": "(India, Cabinet Secretary) - Danti - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0",
|
|
"pattern": "[file:hashes.SHA256 = '7f9495399da2782e0fef913fed25fa0e5a80f2f31b1d24018ca1f198132f396a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c02-a9f0-4aee-86c3-4cc502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:06.000Z",
|
|
"modified": "2016-05-25T20:33:06.000Z",
|
|
"description": "(India, Cabinet Secretary) - Danti - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0",
|
|
"pattern": "[file:hashes.SHA1 = 'd12324a522b404b7949a971fbe767ae06b03c576']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c02-add0-4029-8b6f-412e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:06.000Z",
|
|
"modified": "2016-05-25T20:33:06.000Z",
|
|
"first_observed": "2016-05-25T20:33:06Z",
|
|
"last_observed": "2016-05-25T20:33:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c02-add0-4029-8b6f-412e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c02-add0-4029-8b6f-412e02de0b81",
|
|
"value": "https://www.virustotal.com/file/7f9495399da2782e0fef913fed25fa0e5a80f2f31b1d24018ca1f198132f396a/analysis/1463177598/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c03-e688-4ff9-a888-452a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:07.000Z",
|
|
"modified": "2016-05-25T20:33:07.000Z",
|
|
"description": "(India, chumarpost@gmail.com) - Danti - Xchecked via VT: 1ba92c6d35b7a31046e013d35fa48775",
|
|
"pattern": "[file:hashes.SHA256 = 'e60bd3259177f787718e940c1bb2196ffd3ea0d1f722cc644c85006ddb7a28f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c03-ae98-4185-b4d4-405102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:07.000Z",
|
|
"modified": "2016-05-25T20:33:07.000Z",
|
|
"description": "(India, chumarpost@gmail.com) - Danti - Xchecked via VT: 1ba92c6d35b7a31046e013d35fa48775",
|
|
"pattern": "[file:hashes.SHA1 = '8f2b1de6ef70b1ac5ffb8f3aa77af6c402cfdf56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c04-44e8-43e7-b23d-45a102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:08.000Z",
|
|
"modified": "2016-05-25T20:33:08.000Z",
|
|
"first_observed": "2016-05-25T20:33:08Z",
|
|
"last_observed": "2016-05-25T20:33:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c04-44e8-43e7-b23d-45a102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c04-44e8-43e7-b23d-45a102de0b81",
|
|
"value": "https://www.virustotal.com/file/e60bd3259177f787718e940c1bb2196ffd3ea0d1f722cc644c85006ddb7a28f3/analysis/1456743780/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c04-9008-43ba-9994-483102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:08.000Z",
|
|
"modified": "2016-05-25T20:33:08.000Z",
|
|
"description": "(India, dsfsi@nic.in) - Danti - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5",
|
|
"pattern": "[file:hashes.SHA256 = '5c28d82f10711adef0b6e04533c0e9170fa4ebe47c9530181239b21126b9c20b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c04-ef20-4fd9-912d-493f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:08.000Z",
|
|
"modified": "2016-05-25T20:33:08.000Z",
|
|
"description": "(India, dsfsi@nic.in) - Danti - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5",
|
|
"pattern": "[file:hashes.SHA1 = 'c4830ed7558cff7abebc15e13fb0a9ad8d1edb71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c05-7538-4d64-ae0a-42c302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:09.000Z",
|
|
"modified": "2016-05-25T20:33:09.000Z",
|
|
"first_observed": "2016-05-25T20:33:09Z",
|
|
"last_observed": "2016-05-25T20:33:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c05-7538-4d64-ae0a-42c302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c05-7538-4d64-ae0a-42c302de0b81",
|
|
"value": "https://www.virustotal.com/file/5c28d82f10711adef0b6e04533c0e9170fa4ebe47c9530181239b21126b9c20b/analysis/1462540391/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c05-4b18-493f-9403-471102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:09.000Z",
|
|
"modified": "2016-05-25T20:33:09.000Z",
|
|
"description": "(amb.copenhagen@mea.gov.in) - Danti - Xchecked via VT: 1aefd1c30d1710f901c70be7f1366cae",
|
|
"pattern": "[file:hashes.SHA256 = '1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c06-8dbc-4313-baac-492302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:10.000Z",
|
|
"modified": "2016-05-25T20:33:10.000Z",
|
|
"description": "(amb.copenhagen@mea.gov.in) - Danti - Xchecked via VT: 1aefd1c30d1710f901c70be7f1366cae",
|
|
"pattern": "[file:hashes.SHA1 = '6793228ee3b6bd1a4bc91f17460b89d12d347fc9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c06-c2e4-47eb-bdf2-4bfb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:10.000Z",
|
|
"modified": "2016-05-25T20:33:10.000Z",
|
|
"first_observed": "2016-05-25T20:33:10Z",
|
|
"last_observed": "2016-05-25T20:33:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c06-c2e4-47eb-bdf2-4bfb02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c06-c2e4-47eb-bdf2-4bfb02de0b81",
|
|
"value": "https://www.virustotal.com/file/1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51/analysis/1464092908/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c07-d200-400e-b3af-423602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:11.000Z",
|
|
"modified": "2016-05-25T20:33:11.000Z",
|
|
"description": "(amb.bogota@mea.gov.in) - Danti - Xchecked via VT: 3ed40dec891fd48c7ec6fa49b1058d24",
|
|
"pattern": "[file:hashes.SHA256 = 'de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c07-6844-4ad1-bba9-41ec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:11.000Z",
|
|
"modified": "2016-05-25T20:33:11.000Z",
|
|
"description": "(amb.bogota@mea.gov.in) - Danti - Xchecked via VT: 3ed40dec891fd48c7ec6fa49b1058d24",
|
|
"pattern": "[file:hashes.SHA1 = '0e2c603e23219598dc3432d94df6dfae147cceab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c07-2530-431c-b761-4dfa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:11.000Z",
|
|
"modified": "2016-05-25T20:33:11.000Z",
|
|
"first_observed": "2016-05-25T20:33:11Z",
|
|
"last_observed": "2016-05-25T20:33:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c07-2530-431c-b761-4dfa02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c07-2530-431c-b761-4dfa02de0b81",
|
|
"value": "https://www.virustotal.com/file/de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649/analysis/1464092543/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c08-6cb8-4762-b60e-4f5102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:12.000Z",
|
|
"modified": "2016-05-25T20:33:12.000Z",
|
|
"description": "(chancery@indianembassy.hu) - Danti - Xchecked via VT: aae962611da956a26a76d185455f1d44",
|
|
"pattern": "[file:hashes.SHA256 = '4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c08-4894-4a04-98d1-444102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:12.000Z",
|
|
"modified": "2016-05-25T20:33:12.000Z",
|
|
"description": "(chancery@indianembassy.hu) - Danti - Xchecked via VT: aae962611da956a26a76d185455f1d44",
|
|
"pattern": "[file:hashes.SHA1 = '8bed9000c2f6347e683beadb1a5d4dedaccbd21f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c09-5318-4158-90c5-463502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:13.000Z",
|
|
"modified": "2016-05-25T20:33:13.000Z",
|
|
"first_observed": "2016-05-25T20:33:13Z",
|
|
"last_observed": "2016-05-25T20:33:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c09-5318-4158-90c5-463502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c09-5318-4158-90c5-463502de0b81",
|
|
"value": "https://www.virustotal.com/file/4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5/analysis/1464093143/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c09-5ab4-4592-83ed-44b502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:13.000Z",
|
|
"modified": "2016-05-25T20:33:13.000Z",
|
|
"description": "Doc web archive - (India\u00e2\u20ac\u2122s 10 Top Luxury Hotels) - Xchecked via VT: fd6636af7d2358c40fe6923b23a690e8",
|
|
"pattern": "[file:hashes.SHA256 = '6a1706e1351cf911126b0ee57a11ed01135f7d42d911b4067f61067786407e7e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c0a-d480-4a88-9eb0-41c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:14.000Z",
|
|
"modified": "2016-05-25T20:33:14.000Z",
|
|
"description": "Doc web archive - (India\u00e2\u20ac\u2122s 10 Top Luxury Hotels) - Xchecked via VT: fd6636af7d2358c40fe6923b23a690e8",
|
|
"pattern": "[file:hashes.SHA1 = '415c13cfc0344303fc484c8465f973525975a338']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c0a-8b3c-4f04-8981-4e9d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:14.000Z",
|
|
"modified": "2016-05-25T20:33:14.000Z",
|
|
"first_observed": "2016-05-25T20:33:14Z",
|
|
"last_observed": "2016-05-25T20:33:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c0a-8b3c-4f04-8981-4e9d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c0a-8b3c-4f04-8981-4e9d02de0b81",
|
|
"value": "https://www.virustotal.com/file/6a1706e1351cf911126b0ee57a11ed01135f7d42d911b4067f61067786407e7e/analysis/1458811357/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c0a-0800-4d12-8383-401102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:14.000Z",
|
|
"modified": "2016-05-25T20:33:14.000Z",
|
|
"description": "Doc web archive - (Mission List) - Xchecked via VT: aebf03ceaef042a833ee5459016f5bde",
|
|
"pattern": "[file:hashes.SHA256 = '785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c0b-4ab8-4de1-8259-487702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:15.000Z",
|
|
"modified": "2016-05-25T20:33:15.000Z",
|
|
"description": "Doc web archive - (Mission List) - Xchecked via VT: aebf03ceaef042a833ee5459016f5bde",
|
|
"pattern": "[file:hashes.SHA1 = '31b92f816c9f3f45aeb435d47b654cd02c07a633']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c0b-8fe4-4a00-9aef-47cb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:15.000Z",
|
|
"modified": "2016-05-25T20:33:15.000Z",
|
|
"first_observed": "2016-05-25T20:33:15Z",
|
|
"last_observed": "2016-05-25T20:33:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c0b-8fe4-4a00-9aef-47cb02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c0b-8fe4-4a00-9aef-47cb02de0b81",
|
|
"value": "https://www.virustotal.com/file/785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db/analysis/1464092177/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c0c-22e4-4fd4-a42b-45e602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:16.000Z",
|
|
"modified": "2016-05-25T20:33:16.000Z",
|
|
"description": "Doc web archive - (HQ List) - Xchecked via VT: c591263d56b57dfadd06a68dd9657343",
|
|
"pattern": "[file:hashes.SHA256 = 'eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c0c-b8c0-4913-a3fa-4d8202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:16.000Z",
|
|
"modified": "2016-05-25T20:33:16.000Z",
|
|
"description": "Doc web archive - (HQ List) - Xchecked via VT: c591263d56b57dfadd06a68dd9657343",
|
|
"pattern": "[file:hashes.SHA1 = '8c248daec675cb873a9ee850336e871dd4642c5b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c0d-7c3c-4b38-ab60-4f2402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:17.000Z",
|
|
"modified": "2016-05-25T20:33:17.000Z",
|
|
"first_observed": "2016-05-25T20:33:17Z",
|
|
"last_observed": "2016-05-25T20:33:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c0d-7c3c-4b38-ab60-4f2402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c0d-7c3c-4b38-ab60-4f2402de0b81",
|
|
"value": "https://www.virustotal.com/file/eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc/analysis/1464091843/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c0d-9d08-4b8d-9245-49d402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:17.000Z",
|
|
"modified": "2016-05-25T20:33:17.000Z",
|
|
"description": "(Holidays in India in 2016) - Danti - Xchecked via VT: d91f101427a39d9f40c41aa041197a9c",
|
|
"pattern": "[file:hashes.SHA256 = 'ba0b721350a6fcc036b0b78cc13ecb154a4f11d221c1be763ee3c559ef544028']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c0d-3bb0-42dc-994b-410302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:17.000Z",
|
|
"modified": "2016-05-25T20:33:17.000Z",
|
|
"description": "(Holidays in India in 2016) - Danti - Xchecked via VT: d91f101427a39d9f40c41aa041197a9c",
|
|
"pattern": "[file:hashes.SHA1 = '9fcf5973260f0c5ca3f95570b76dbaab1a1c28d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c0e-15b8-4410-8cb7-454d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:18.000Z",
|
|
"modified": "2016-05-25T20:33:18.000Z",
|
|
"first_observed": "2016-05-25T20:33:18Z",
|
|
"last_observed": "2016-05-25T20:33:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c0e-15b8-4410-8cb7-454d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c0e-15b8-4410-8cb7-454d02de0b81",
|
|
"value": "https://www.virustotal.com/file/ba0b721350a6fcc036b0b78cc13ecb154a4f11d221c1be763ee3c559ef544028/analysis/1460625569/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c0e-8c28-4313-a417-4f5702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:18.000Z",
|
|
"modified": "2016-05-25T20:33:18.000Z",
|
|
"description": "(Holidays in India in 2016) - Danti - Xchecked via VT: 8cd2eb90fabd03ac97279d398b09a5e9",
|
|
"pattern": "[file:hashes.SHA256 = 'bfe23053efd11dbe2d577e25f5d029c0e145f0ef1c14753e03010e95c1d1d910']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c0f-6ee4-46f4-8ca7-4a6402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:19.000Z",
|
|
"modified": "2016-05-25T20:33:19.000Z",
|
|
"description": "(Holidays in India in 2016) - Danti - Xchecked via VT: 8cd2eb90fabd03ac97279d398b09a5e9",
|
|
"pattern": "[file:hashes.SHA1 = '81a82080da14b670a39d5b34728a9e79ba7ccbec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c0f-5548-4146-9105-42b602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:19.000Z",
|
|
"modified": "2016-05-25T20:33:19.000Z",
|
|
"first_observed": "2016-05-25T20:33:19Z",
|
|
"last_observed": "2016-05-25T20:33:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c0f-5548-4146-9105-42b602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c0f-5548-4146-9105-42b602de0b81",
|
|
"value": "https://www.virustotal.com/file/bfe23053efd11dbe2d577e25f5d029c0e145f0ef1c14753e03010e95c1d1d910/analysis/1463393903/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c10-81f0-4684-8c4c-49eb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:20.000Z",
|
|
"modified": "2016-05-25T20:33:20.000Z",
|
|
"description": "RarSFX - Danti - Xchecked via VT: d0407e1a66ee2082a0d170814bd4ab02",
|
|
"pattern": "[file:hashes.SHA256 = 'b75ab0079160d388f92e641789415566e0b9e276859ebe3b9d08f074d9d2fd74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c10-ad14-451b-802e-44bb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:20.000Z",
|
|
"modified": "2016-05-25T20:33:20.000Z",
|
|
"description": "RarSFX - Danti - Xchecked via VT: d0407e1a66ee2082a0d170814bd4ab02",
|
|
"pattern": "[file:hashes.SHA1 = 'eeccda3083a268c377f65574a8e7ac8ceffed20a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c10-0e94-4dc4-ad53-447202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:20.000Z",
|
|
"modified": "2016-05-25T20:33:20.000Z",
|
|
"first_observed": "2016-05-25T20:33:20Z",
|
|
"last_observed": "2016-05-25T20:33:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c10-0e94-4dc4-ad53-447202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c10-0e94-4dc4-ad53-447202de0b81",
|
|
"value": "https://www.virustotal.com/file/b75ab0079160d388f92e641789415566e0b9e276859ebe3b9d08f074d9d2fd74/analysis/1459200615/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c11-e8e0-4acd-a9b8-4cbe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:21.000Z",
|
|
"modified": "2016-05-25T20:33:21.000Z",
|
|
"description": "Potplayer - Danti - Xchecked via VT: f16903b2ff82689404f7d0820f461e5d",
|
|
"pattern": "[file:hashes.SHA256 = '76da9d0046fe76fc28b80c4c1062b17852264348fd873b7dd781f39491f911e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c11-6bdc-461c-ace8-429802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:21.000Z",
|
|
"modified": "2016-05-25T20:33:21.000Z",
|
|
"description": "Potplayer - Danti - Xchecked via VT: f16903b2ff82689404f7d0820f461e5d",
|
|
"pattern": "[file:hashes.SHA1 = '58b6b5fd3f2bfd182622f547a93222a4afdf4e76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c12-eba8-4360-8fda-40b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:22.000Z",
|
|
"modified": "2016-05-25T20:33:22.000Z",
|
|
"first_observed": "2016-05-25T20:33:22Z",
|
|
"last_observed": "2016-05-25T20:33:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c12-eba8-4360-8fda-40b702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c12-eba8-4360-8fda-40b702de0b81",
|
|
"value": "https://www.virustotal.com/file/76da9d0046fe76fc28b80c4c1062b17852264348fd873b7dd781f39491f911e0/analysis/1459917767/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c12-0c68-4d35-9524-4a8102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:22.000Z",
|
|
"modified": "2016-05-25T20:33:22.000Z",
|
|
"description": "(appinfo.dat) - Danti - Xchecked via VT: 2460871a040628c379e04f79af37060d",
|
|
"pattern": "[file:hashes.SHA256 = '904a005e253a723263274c46236739cc907471f597e333836e153da142c62dc1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c12-3f18-4de3-9ce6-47d002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:22.000Z",
|
|
"modified": "2016-05-25T20:33:22.000Z",
|
|
"description": "(appinfo.dat) - Danti - Xchecked via VT: 2460871a040628c379e04f79af37060d",
|
|
"pattern": "[file:hashes.SHA1 = '1cabd426bc1b1825f045c21f6face31a9512a1fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c13-8078-42e0-bc53-4dc902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:23.000Z",
|
|
"modified": "2016-05-25T20:33:23.000Z",
|
|
"first_observed": "2016-05-25T20:33:23Z",
|
|
"last_observed": "2016-05-25T20:33:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c13-8078-42e0-bc53-4dc902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c13-8078-42e0-bc53-4dc902de0b81",
|
|
"value": "https://www.virustotal.com/file/904a005e253a723263274c46236739cc907471f597e333836e153da142c62dc1/analysis/1462190688/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c13-2428-4521-8a72-4fb802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:23.000Z",
|
|
"modified": "2016-05-25T20:33:23.000Z",
|
|
"description": "(potplayer.dll) - Danti - Xchecked via VT: 332397ec261393aaa58522c4357c3e48",
|
|
"pattern": "[file:hashes.SHA256 = '705409bc11fb45fa3c4e2fa9dd35af7d4613e52a713d9c6ea6bc4baff49aa74a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c14-88c0-4ff6-8f31-4c0002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:24.000Z",
|
|
"modified": "2016-05-25T20:33:24.000Z",
|
|
"description": "(potplayer.dll) - Danti - Xchecked via VT: 332397ec261393aaa58522c4357c3e48",
|
|
"pattern": "[file:hashes.SHA1 = '6f10644a4509d6fc8bbefee04db855b43d9f91c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c14-6d70-4035-aee1-4eb702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:24.000Z",
|
|
"modified": "2016-05-25T20:33:24.000Z",
|
|
"first_observed": "2016-05-25T20:33:24Z",
|
|
"last_observed": "2016-05-25T20:33:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c14-6d70-4035-aee1-4eb702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c14-6d70-4035-aee1-4eb702de0b81",
|
|
"value": "https://www.virustotal.com/file/705409bc11fb45fa3c4e2fa9dd35af7d4613e52a713d9c6ea6bc4baff49aa74a/analysis/1463384101/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c14-7924-4921-aad9-4fb902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:24.000Z",
|
|
"modified": "2016-05-25T20:33:24.000Z",
|
|
"description": "(update.dat) - Danti - Xchecked via VT: d44e971b202d573f8c797845c90e4658",
|
|
"pattern": "[file:hashes.SHA256 = 'f49bbd7f0ecfa75b134e2cf0acc9931872d79072069f35a49f6de1a0a2347e2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c15-0d08-4786-9fb2-403e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:25.000Z",
|
|
"modified": "2016-05-25T20:33:25.000Z",
|
|
"description": "(update.dat) - Danti - Xchecked via VT: d44e971b202d573f8c797845c90e4658",
|
|
"pattern": "[file:hashes.SHA1 = 'af3ae8a6164e31b366ec372d699e1c89ad1b42fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c15-2d38-4aae-8764-47ce02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:25.000Z",
|
|
"modified": "2016-05-25T20:33:25.000Z",
|
|
"first_observed": "2016-05-25T20:33:25Z",
|
|
"last_observed": "2016-05-25T20:33:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c15-2d38-4aae-8764-47ce02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c15-2d38-4aae-8764-47ce02de0b81",
|
|
"value": "https://www.virustotal.com/file/f49bbd7f0ecfa75b134e2cf0acc9931872d79072069f35a49f6de1a0a2347e2a/analysis/1459239370/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c16-70c4-40f1-8327-4d9a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:26.000Z",
|
|
"modified": "2016-05-25T20:33:26.000Z",
|
|
"description": "Danti - Xchecked via VT: bae673964e9bc2a45ebcc667895104ef",
|
|
"pattern": "[file:hashes.SHA256 = '67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c16-d238-476d-bbf8-4f0e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:26.000Z",
|
|
"modified": "2016-05-25T20:33:26.000Z",
|
|
"description": "Danti - Xchecked via VT: bae673964e9bc2a45ebcc667895104ef",
|
|
"pattern": "[file:hashes.SHA1 = 'f1f895aa6bdb7369525abfb86b4475241e9dbfbb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c16-ac98-4a52-bbe2-489202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:26.000Z",
|
|
"modified": "2016-05-25T20:33:26.000Z",
|
|
"first_observed": "2016-05-25T20:33:26Z",
|
|
"last_observed": "2016-05-25T20:33:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c16-ac98-4a52-bbe2-489202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c16-ac98-4a52-bbe2-489202de0b81",
|
|
"value": "https://www.virustotal.com/file/67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed/analysis/1464058721/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c17-48ac-4f94-b9ee-4aa202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:27.000Z",
|
|
"modified": "2016-05-25T20:33:27.000Z",
|
|
"description": "(mshtml.dll) - Danti - Xchecked via VT: be0cc8411c066eac246097045b73c282",
|
|
"pattern": "[file:hashes.SHA256 = '9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c17-7b8c-46e3-bbb1-44a402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:27.000Z",
|
|
"modified": "2016-05-25T20:33:27.000Z",
|
|
"description": "(mshtml.dll) - Danti - Xchecked via VT: be0cc8411c066eac246097045b73c282",
|
|
"pattern": "[file:hashes.SHA1 = '1a14cfdf652bcd1df572e47ed261abe453a41399']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c17-75fc-4e71-bdab-4b7f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:27.000Z",
|
|
"modified": "2016-05-25T20:33:27.000Z",
|
|
"first_observed": "2016-05-25T20:33:27Z",
|
|
"last_observed": "2016-05-25T20:33:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c17-75fc-4e71-bdab-4b7f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c17-75fc-4e71-bdab-4b7f02de0b81",
|
|
"value": "https://www.virustotal.com/file/9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba/analysis/1464058857/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c18-384c-4f96-ab3c-4dd102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:28.000Z",
|
|
"modified": "2016-05-25T20:33:28.000Z",
|
|
"description": "Danti - Xchecked via VT: 9469dd12136b6514d82c3b01d6082f59",
|
|
"pattern": "[file:hashes.SHA256 = '2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c18-6224-4072-81e8-449a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:28.000Z",
|
|
"modified": "2016-05-25T20:33:28.000Z",
|
|
"description": "Danti - Xchecked via VT: 9469dd12136b6514d82c3b01d6082f59",
|
|
"pattern": "[file:hashes.SHA1 = '47a963e7588e9af060dfac62b94076f270d4008e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c18-be9c-480a-9fab-477502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:28.000Z",
|
|
"modified": "2016-05-25T20:33:28.000Z",
|
|
"first_observed": "2016-05-25T20:33:28Z",
|
|
"last_observed": "2016-05-25T20:33:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c18-be9c-480a-9fab-477502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c18-be9c-480a-9fab-477502de0b81",
|
|
"value": "https://www.virustotal.com/file/2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18/analysis/1464079999/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c19-a3dc-4911-bf50-451e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:29.000Z",
|
|
"modified": "2016-05-25T20:33:29.000Z",
|
|
"description": "(lsass.exe) - Danti - Xchecked via VT: 8ad9cb6b948bcf7f9211887e0cf6f02a",
|
|
"pattern": "[file:hashes.SHA256 = '38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c19-4c04-4e65-9eb8-445702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:29.000Z",
|
|
"modified": "2016-05-25T20:33:29.000Z",
|
|
"description": "(lsass.exe) - Danti - Xchecked via VT: 8ad9cb6b948bcf7f9211887e0cf6f02a",
|
|
"pattern": "[file:hashes.SHA1 = '0246a237b281162059b84f1bc013d90bbb4104f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c19-456c-494a-b765-4fa102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:29.000Z",
|
|
"modified": "2016-05-25T20:33:29.000Z",
|
|
"first_observed": "2016-05-25T20:33:29Z",
|
|
"last_observed": "2016-05-25T20:33:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c19-456c-494a-b765-4fa102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c19-456c-494a-b765-4fa102de0b81",
|
|
"value": "https://www.virustotal.com/file/38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f/analysis/1464170885/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c1a-ad58-4ef9-bb4d-4ce002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:30.000Z",
|
|
"modified": "2016-05-25T20:33:30.000Z",
|
|
"description": "(http.exe) - Danti - Xchecked via VT: 3fbe576d33595734a92a665e72e5a04f",
|
|
"pattern": "[file:hashes.SHA256 = 'ad191d1d18841f0c5e48a5a1c9072709e2dd6359a6f6d427e0de59cfcd1d9666']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c1a-c00c-48cf-8d94-483202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:30.000Z",
|
|
"modified": "2016-05-25T20:33:30.000Z",
|
|
"description": "(http.exe) - Danti - Xchecked via VT: 3fbe576d33595734a92a665e72e5a04f",
|
|
"pattern": "[file:hashes.SHA1 = 'fe48b93058cf7e0ff9c27ec9322015d230545646']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c1b-cd80-4797-980c-46c902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:31.000Z",
|
|
"modified": "2016-05-25T20:33:31.000Z",
|
|
"first_observed": "2016-05-25T20:33:31Z",
|
|
"last_observed": "2016-05-25T20:33:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c1b-cd80-4797-980c-46c902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c1b-cd80-4797-980c-46c902de0b81",
|
|
"value": "https://www.virustotal.com/file/ad191d1d18841f0c5e48a5a1c9072709e2dd6359a6f6d427e0de59cfcd1d9666/analysis/1463728182/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c1b-0ef0-4c52-a04d-420202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:31.000Z",
|
|
"modified": "2016-05-25T20:33:31.000Z",
|
|
"description": "(dropper, from cab-archive) - Danti - Xchecked via VT: 6bbdbf6d3b24b8bfa296b9c76b95bb2f",
|
|
"pattern": "[file:hashes.SHA256 = '9e7e5f70c4b32a4d5e8c798c26671843e76bb4bd5967056a822e982ed36e047b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c1b-d1a4-49fe-960a-415b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:31.000Z",
|
|
"modified": "2016-05-25T20:33:31.000Z",
|
|
"description": "(dropper, from cab-archive) - Danti - Xchecked via VT: 6bbdbf6d3b24b8bfa296b9c76b95bb2f",
|
|
"pattern": "[file:hashes.SHA1 = '469abc3cf1e3b871566cf404c1e382a5b7a20212']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c1c-1fbc-4beb-b6f1-433a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:32.000Z",
|
|
"modified": "2016-05-25T20:33:32.000Z",
|
|
"first_observed": "2016-05-25T20:33:32Z",
|
|
"last_observed": "2016-05-25T20:33:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c1c-1fbc-4beb-b6f1-433a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c1c-1fbc-4beb-b6f1-433a02de0b81",
|
|
"value": "https://www.virustotal.com/file/9e7e5f70c4b32a4d5e8c798c26671843e76bb4bd5967056a822e982ed36e047b/analysis/1459335213/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c1c-51d4-43cf-a490-4a5702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:32.000Z",
|
|
"modified": "2016-05-25T20:33:32.000Z",
|
|
"description": "Taiwan, 1-3\u00e8\u00aa\u00aa\u00e6\u02dc\u017d\u00e6\u00aa\u201d.doc - SVCMONDR attacks - Xchecked via VT: d0533874d7255b881187e842e747c268",
|
|
"pattern": "[file:hashes.SHA256 = 'd903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c1c-ac6c-4ceb-bab8-4ab902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:32.000Z",
|
|
"modified": "2016-05-25T20:33:32.000Z",
|
|
"description": "Taiwan, 1-3\u00e8\u00aa\u00aa\u00e6\u02dc\u017d\u00e6\u00aa\u201d.doc - SVCMONDR attacks - Xchecked via VT: d0533874d7255b881187e842e747c268",
|
|
"pattern": "[file:hashes.SHA1 = '8cca13ea2381b50be9880047d504d9bc423c1102']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c1d-a1f0-47c5-9029-4f7502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:33.000Z",
|
|
"modified": "2016-05-25T20:33:33.000Z",
|
|
"first_observed": "2016-05-25T20:33:33Z",
|
|
"last_observed": "2016-05-25T20:33:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c1d-a1f0-47c5-9029-4f7502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c1d-a1f0-47c5-9029-4f7502de0b81",
|
|
"value": "https://www.virustotal.com/file/d903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2/analysis/1456452590/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c1d-6c8c-4374-911c-492602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:33.000Z",
|
|
"modified": "2016-05-25T20:33:33.000Z",
|
|
"description": "(svcmondr.ex,Thailand) - SVCMONDR attacks - Xchecked via VT: 046b98a742cecc11fb18d9554483be2d",
|
|
"pattern": "[file:hashes.SHA256 = 'ee6cfaa117cce98abe49ae0c3c848bc5669dca53e8219ee6a338491393799118']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c1e-23bc-4d2c-9338-4e8102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:34.000Z",
|
|
"modified": "2016-05-25T20:33:34.000Z",
|
|
"description": "(svcmondr.ex,Thailand) - SVCMONDR attacks - Xchecked via VT: 046b98a742cecc11fb18d9554483be2d",
|
|
"pattern": "[file:hashes.SHA1 = 'fe54fd458dcef3f120c71c7818ddd5a6d6731c29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c1e-7f14-4a52-bb7d-4d0e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:34.000Z",
|
|
"modified": "2016-05-25T20:33:34.000Z",
|
|
"first_observed": "2016-05-25T20:33:34Z",
|
|
"last_observed": "2016-05-25T20:33:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c1e-7f14-4a52-bb7d-4d0e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c1e-7f14-4a52-bb7d-4d0e02de0b81",
|
|
"value": "https://www.virustotal.com/file/ee6cfaa117cce98abe49ae0c3c848bc5669dca53e8219ee6a338491393799118/analysis/1462817646/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c1e-16fc-4357-bcfb-4d2002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:34.000Z",
|
|
"modified": "2016-05-25T20:33:34.000Z",
|
|
"description": "(svcmondr.ex, Taiwan) - SVCMONDR attacks - Xchecked via VT: 8052234dcd41a7d619acb0ec9636be0b",
|
|
"pattern": "[file:hashes.SHA256 = '12ca6760857d1bb0751c3e108d4175ebcbc9688cfecad0db189efc56b0ff9768']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57460c1f-8cc8-4e06-afc4-423202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:35.000Z",
|
|
"modified": "2016-05-25T20:33:35.000Z",
|
|
"description": "(svcmondr.ex, Taiwan) - SVCMONDR attacks - Xchecked via VT: 8052234dcd41a7d619acb0ec9636be0b",
|
|
"pattern": "[file:hashes.SHA1 = 'a512228f9499a96d7cbf027854a04032d742fd6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-05-25T20:33:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57460c1f-764c-49a1-869f-44fe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-05-25T20:33:35.000Z",
|
|
"modified": "2016-05-25T20:33:35.000Z",
|
|
"first_observed": "2016-05-25T20:33:35Z",
|
|
"last_observed": "2016-05-25T20:33:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--57460c1f-764c-49a1-869f-44fe02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--57460c1f-764c-49a1-869f-44fe02de0b81",
|
|
"value": "https://www.virustotal.com/file/12ca6760857d1bb0751c3e108d4175ebcbc9688cfecad0db189efc56b0ff9768/analysis/1464134416/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |