1812 lines
No EOL
75 KiB
JSON
1812 lines
No EOL
75 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--58473b79-10e4-4931-a187-472a950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:31:04.000Z",
|
|
"modified": "2016-12-06T22:31:04.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--58473b79-10e4-4931-a187-472a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:31:04.000Z",
|
|
"modified": "2016-12-06T22:31:04.000Z",
|
|
"name": "OSINT - Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads",
|
|
"published": "2016-12-06T22:32:59Z",
|
|
"object_refs": [
|
|
"observed-data--58473b93-8b04-4367-8a07-4e96950d210f",
|
|
"url--58473b93-8b04-4367-8a07-4e96950d210f",
|
|
"x-misp-attribute--58473bac-080c-4b36-9f89-4b64950d210f",
|
|
"indicator--58473bc4-cc54-4b8e-adee-49f7950d210f",
|
|
"indicator--58473bc4-8f78-4318-a42f-414a950d210f",
|
|
"indicator--58473bc4-f444-4be4-969b-48cc950d210f",
|
|
"indicator--58473bc5-c4f4-4b3f-b2cf-4e8a950d210f",
|
|
"indicator--58473bc5-143c-4060-818b-477f950d210f",
|
|
"indicator--58473bc5-d588-4203-a1cb-4941950d210f",
|
|
"indicator--58473bc5-cae8-40c2-829d-48d1950d210f",
|
|
"indicator--58473bc6-0ca4-4a6a-a992-4e01950d210f",
|
|
"indicator--58473bd7-06b4-45f9-8188-40bb950d210f",
|
|
"indicator--58473bd7-40e8-4c90-81ce-4fca950d210f",
|
|
"indicator--58473bd7-07ac-4702-962c-47e4950d210f",
|
|
"indicator--58473bd7-7d10-4042-a6ae-4b50950d210f",
|
|
"indicator--58473bd7-3cc8-40f6-9eef-41cc950d210f",
|
|
"indicator--58473bd8-54b4-4840-a28f-4056950d210f",
|
|
"indicator--58473bd8-d8e8-4034-9839-48e1950d210f",
|
|
"indicator--58473bd8-17dc-4e3e-b928-448a950d210f",
|
|
"indicator--58473bd8-ac9c-41d1-9fb4-423d950d210f",
|
|
"indicator--58473bd8-0ef0-4a76-85e6-49e8950d210f",
|
|
"indicator--58473bd9-b554-4bd7-b197-4dd8950d210f",
|
|
"indicator--58473bd9-eaf0-4d10-a40c-4a99950d210f",
|
|
"indicator--58473bea-8fec-4e8a-95c7-472b950d210f",
|
|
"indicator--58473bea-0990-42c5-bf0c-4f24950d210f",
|
|
"indicator--58473beb-a7e4-41fa-a9e2-4c8a950d210f",
|
|
"indicator--58473beb-54b8-4d3d-b644-477d950d210f",
|
|
"indicator--58473beb-bfd8-4644-b04f-46d7950d210f",
|
|
"indicator--58473beb-e4e8-4867-ad67-4015950d210f",
|
|
"indicator--58473bec-ece4-4d6d-a6cc-4b6f950d210f",
|
|
"indicator--58473bec-ed18-4dd3-89a8-4a88950d210f",
|
|
"indicator--58473bec-3928-45d5-8513-4e97950d210f",
|
|
"indicator--58473bec-8bf4-4264-9bca-4858950d210f",
|
|
"indicator--58473bed-1e7c-4100-8d9d-4d08950d210f",
|
|
"indicator--58473bed-720c-4693-8898-4341950d210f",
|
|
"indicator--58473bed-8070-4696-903c-4eef950d210f",
|
|
"indicator--58473bed-aa70-40ef-81fe-4506950d210f",
|
|
"indicator--58473bee-9c28-4b3c-9098-4abf950d210f",
|
|
"indicator--58473bee-9524-43f0-b238-4608950d210f",
|
|
"indicator--58473bee-312c-4e1f-8051-4d76950d210f",
|
|
"indicator--58473bee-b968-4ac8-b21f-40f3950d210f",
|
|
"indicator--58473bee-7cd8-413f-b003-457b950d210f",
|
|
"indicator--58473bef-69c4-4068-9bcb-4dc2950d210f",
|
|
"indicator--58473bef-1084-4b12-95d2-4017950d210f",
|
|
"indicator--58473c02-f168-48e0-bc0b-4aac950d210f",
|
|
"indicator--58473c02-4368-4624-bda5-47b5950d210f",
|
|
"indicator--58473c02-8780-4472-9144-4dbd950d210f",
|
|
"indicator--58473c03-cb64-4840-8a2e-4185950d210f",
|
|
"indicator--58473c03-97d0-4249-8535-4826950d210f",
|
|
"indicator--58473c03-eb80-47b3-afe0-4d78950d210f",
|
|
"indicator--58473c03-2e78-4f70-b901-42f4950d210f",
|
|
"indicator--58473c03-cf38-47bb-ba11-435f950d210f",
|
|
"indicator--58473c04-66f4-4c3a-b2ef-45dc950d210f",
|
|
"indicator--58473c04-fa08-4f7b-8a22-4db0950d210f",
|
|
"indicator--58473c04-4fc4-4dc4-a1a8-4223950d210f",
|
|
"indicator--58473c04-f410-468a-9f9e-4b9f950d210f",
|
|
"indicator--58473c05-d584-4151-87c7-4ad7950d210f",
|
|
"indicator--58473c05-6540-4b58-bc4a-4df8950d210f",
|
|
"indicator--58473c05-50ec-4c65-9df1-404e950d210f",
|
|
"indicator--58473c05-496c-4855-b04b-462f950d210f",
|
|
"indicator--58473c05-329c-4019-889f-411d950d210f",
|
|
"indicator--58473c06-d9b0-40ff-9b8e-434a950d210f",
|
|
"indicator--58473c06-bff8-454c-b836-4ea8950d210f",
|
|
"indicator--58473c06-99c8-498a-8d45-4fb1950d210f",
|
|
"indicator--58473c06-c3d4-408c-bfc4-4456950d210f",
|
|
"indicator--58473c06-0694-4173-85fb-43a2950d210f",
|
|
"indicator--58473c07-3904-49e1-863f-4057950d210f",
|
|
"indicator--58473c07-bda8-49fd-a372-4c15950d210f",
|
|
"indicator--58473c07-23fc-4953-a696-4111950d210f",
|
|
"indicator--58473c07-a14c-414d-b35f-4682950d210f",
|
|
"indicator--58473c15-d8f0-4c51-85ca-4e6f950d210f",
|
|
"indicator--58473c27-ae2c-40b7-98d6-4494950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58473b93-8b04-4367-8a07-4e96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:28:35.000Z",
|
|
"modified": "2016-12-06T22:28:35.000Z",
|
|
"first_observed": "2016-12-06T22:28:35Z",
|
|
"last_observed": "2016-12-06T22:28:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58473b93-8b04-4367-8a07-4e96950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58473b93-8b04-4367-8a07-4e96950d210f",
|
|
"value": "http://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58473bac-080c-4b36-9f89-4b64950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:00.000Z",
|
|
"modified": "2016-12-06T22:29:00.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Millions of readers who visited popular news websites have been targeted by a series of malicious ads redirecting to an exploit kit exploiting several Flash vulnerabilities. Since at least the beginning of October, users might have encountered ads promoting applications calling themselves \u00e2\u20ac\u0153Browser Defence\u00e2\u20ac\u009d and \u00e2\u20ac\u0153Broxu\u00e2\u20ac\u009d using banners similar to the ones below:\r\nStegano2-y0vbp\r\nThese advertisement banners were stored on a remote domain with the URL hxxps://browser-defence.com and hxxps://broxu.com.\r\nWithout requiring any user interaction, the initial script reports information about the victim\u00e2\u20ac\u2122s machine to the attacker\u00e2\u20ac\u2122s remote server. Based on server-side logic, the target is then served either a clean image or its almost imperceptibly modified malicious evil twin.\r\nThe malicious version of the graphic has a script encoded in its alpha channel, which defines the transparency of each pixel. Since the modification is minor, the final picture\u00e2\u20ac\u2122s color tone is only slightly different to that of the clean version:"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bc4-cc54-4b8e-adee-49f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:24.000Z",
|
|
"modified": "2016-12-06T22:29:24.000Z",
|
|
"description": "Stegano exploit kit landing pages",
|
|
"pattern": "[url:value = 'http://conce.republicoftaste.com/urq5kb7mnimqz/3dyv72cqtwjbgf5e89hyqryq5zu60_os24kfs1j3u_i']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bc4-8f78-4318-a42f-414a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:24.000Z",
|
|
"modified": "2016-12-06T22:29:24.000Z",
|
|
"description": "Stegano exploit kit landing pages",
|
|
"pattern": "[url:value = 'http://compe.quincephotographyvideo.com/kil5mrm1z0t-ytwgvx/g7fjx4_caz9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bc4-f444-4be4-969b-48cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:24.000Z",
|
|
"modified": "2016-12-06T22:29:24.000Z",
|
|
"description": "Stegano exploit kit landing pages",
|
|
"pattern": "[url:value = 'http://ntion.atheist-tees.com/v2mit3j_fz0cx172oab_eys6940_rgloynan40mfqju6183a9a4kn/f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bc5-c4f4-4b3f-b2cf-4e8a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:25.000Z",
|
|
"modified": "2016-12-06T22:29:25.000Z",
|
|
"description": "Stegano exploit kit landing pages",
|
|
"pattern": "[url:value = 'http://entat.usedmachinetools.co/6yg1vl0q15zr6hn780pu43fwm5297itxgd19rh54-3juc2xz1t-oes5bh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bc5-143c-4060-818b-477f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:25.000Z",
|
|
"modified": "2016-12-06T22:29:25.000Z",
|
|
"description": "Stegano exploit kit landing pages",
|
|
"pattern": "[url:value = 'http://connt.modusinrebus.net/34v-87d0u3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bc5-d588-4203-a1cb-4941950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:25.000Z",
|
|
"modified": "2016-12-06T22:29:25.000Z",
|
|
"description": "Stegano exploit kit landing pages",
|
|
"pattern": "[url:value = 'http://ainab.photographyquincemiami.com/w2juxekry8h9votrvb3-k72wiogn2yq2f3it5d17/j9r']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bc5-cae8-40c2-829d-48d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:25.000Z",
|
|
"modified": "2016-12-06T22:29:25.000Z",
|
|
"description": "Stegano exploit kit landing pages",
|
|
"pattern": "[url:value = 'http://rated.republicoftaste.com/6t8os/lv-pne1_dshrmqgx-8zl8wd2v5h5m26m_w_zqwzq']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bc6-0ca4-4a6a-a992-4e01950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:26.000Z",
|
|
"modified": "2016-12-06T22:29:26.000Z",
|
|
"description": "Stegano exploit kit landing pages",
|
|
"pattern": "[url:value = 'http://rence.backstageteeshirts.com/qen5sy/6hjyrw79zr2zokq1t4dpl276ta8h8-/3sf9jlfcu0v7daixie_do6zb843/z7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd7-06b4-45f9-8188-40bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:43.000Z",
|
|
"modified": "2016-12-06T22:29:43.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = 'badae04bff7afd890c3275e0434f174c6706c2c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd7-40e8-4c90-81ce-4fca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:43.000Z",
|
|
"modified": "2016-12-06T22:29:43.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = '6ef95acb8aa14d3ba8f1b3c147b7fb0a9da579a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd7-07ac-4702-962c-47e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:43.000Z",
|
|
"modified": "2016-12-06T22:29:43.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = '10840aeb8342a26dfc68e0e706b36ac2b5a0d5b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd7-7d10-4042-a6ae-4b50950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:43.000Z",
|
|
"modified": "2016-12-06T22:29:43.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = '093b25b04fe21185bfeeafd48f712942d3a3f0c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd7-3cc8-40f6-9eef-41cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:43.000Z",
|
|
"modified": "2016-12-06T22:29:43.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = 'c680734af8670895f961c951a3629b5bc64efe8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd8-54b4-4840-a28f-4056950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:44.000Z",
|
|
"modified": "2016-12-06T22:29:44.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = 'eedbbb65a441979974592343c6ca71c90cc2550f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd8-d8e8-4034-9839-48e1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:44.000Z",
|
|
"modified": "2016-12-06T22:29:44.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = 'de288cade8ee3f13d44719796a5896d88d379a1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd8-17dc-4e3e-b928-448a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:44.000Z",
|
|
"modified": "2016-12-06T22:29:44.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = '9488cdbb242be50df3d20b12f589af2e39080882']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd8-ac9c-41d1-9fb4-423d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:44.000Z",
|
|
"modified": "2016-12-06T22:29:44.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = 'b664365fc8c0b93f6a992c44d11f44dd091426dd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd8-0ef0-4a76-85e6-49e8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:44.000Z",
|
|
"modified": "2016-12-06T22:29:44.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = '7557b5d987f0236ff838cd3af05663efa98ebc56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd9-b554-4bd7-b197-4dd8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:45.000Z",
|
|
"modified": "2016-12-06T22:29:45.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = '24b7933a8a8f6ed50fbaf2a5021ef47ce614a46f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bd9-eaf0-4d10-a40c-4a99950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:29:45.000Z",
|
|
"modified": "2016-12-06T22:29:45.000Z",
|
|
"description": "Flash files",
|
|
"pattern": "[file:hashes.SHA1 = '11ba8b354001900ed79c43ea858f1bc732961097']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:29:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bea-8fec-4e8a-95c7-472b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:02.000Z",
|
|
"modified": "2016-12-06T22:30:02.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '67e26597cf1ff35e4b8300bf181c84015f9d1134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bea-0990-42c5-bf0c-4f24950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:02.000Z",
|
|
"modified": "2016-12-06T22:30:02.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = 'cd46cee45f2fc982fba7c4d246d3a1d58d13ed4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473beb-a7e4-41fa-a9e2-4c8a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:03.000Z",
|
|
"modified": "2016-12-06T22:30:03.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '191ffa6eb2c33a56e750bffeffe169b0d9e4bbe4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473beb-54b8-4d3d-b644-477d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:03.000Z",
|
|
"modified": "2016-12-06T22:30:03.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '4b2f4c20cc9294f103319938f37c99c0de7b4932']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473beb-bfd8-4644-b04f-46d7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:03.000Z",
|
|
"modified": "2016-12-06T22:30:03.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '3fcea1afda9888400d8de5a232e4bf1e50d3380f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473beb-e4e8-4867-ad67-4015950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:03.000Z",
|
|
"modified": "2016-12-06T22:30:03.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = 'ca750f492691f4d31a31d8a638ce4a56af8690d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bec-ece4-4d6d-a6cc-4b6f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:04.000Z",
|
|
"modified": "2016-12-06T22:30:04.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '1374ee22d99ecfc6d68ade3ace833d4000e4705b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bec-ed18-4dd3-89a8-4a88950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:04.000Z",
|
|
"modified": "2016-12-06T22:30:04.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '6bf1a2b7e8ca44e63e1a801e25189dc0212d71b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bec-3928-45d5-8513-4e97950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:04.000Z",
|
|
"modified": "2016-12-06T22:30:04.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = 'b84ab2d5ead12c257982386bc39f18532bf6939e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bec-8bf4-4264-9bca-4858950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:04.000Z",
|
|
"modified": "2016-12-06T22:30:04.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '476a0455044b9111bda42cdb7f4ea4e76aa7ab2d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bed-1e7c-4100-8d9d-4d08950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:05.000Z",
|
|
"modified": "2016-12-06T22:30:05.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '0c1ca7d9c7e4b26a433946a6495782630ef6fd18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bed-720c-4693-8898-4341950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:05.000Z",
|
|
"modified": "2016-12-06T22:30:05.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '29b6dd92fbdf6070b171c38b1d3ca374f66e4b66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bed-8070-4696-903c-4eef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:05.000Z",
|
|
"modified": "2016-12-06T22:30:05.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '89da7e7a88f9b6cbbfaf7f229bfea8767220c831']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bed-aa70-40ef-81fe-4506950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:05.000Z",
|
|
"modified": "2016-12-06T22:30:05.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = 'cee32c8e45a59d3084d832a9e6500ae44f75f7b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bee-9c28-4b3c-9098-4abf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:06.000Z",
|
|
"modified": "2016-12-06T22:30:06.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = 'a152ab43bedcd8f6b7bfb67249c5599cf663d050']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bee-9524-43f0-b238-4608950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:06.000Z",
|
|
"modified": "2016-12-06T22:30:06.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '3ac722ac0d4764545a3e8a6df02059c8a164ca17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bee-312c-4e1f-8051-4d76950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:06.000Z",
|
|
"modified": "2016-12-06T22:30:06.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '25e0474e4f8d7d3053278b45a9c24380275b4705']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bee-b968-4ac8-b21f-40f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:06.000Z",
|
|
"modified": "2016-12-06T22:30:06.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '35fb5f3c2957b4525a0330427397915aeefddd91']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bee-7cd8-413f-b003-457b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:06.000Z",
|
|
"modified": "2016-12-06T22:30:06.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = '19eee9745e25194dd573423c6db0f5af5d8cfe1d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bef-69c4-4068-9bcb-4dc2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:07.000Z",
|
|
"modified": "2016-12-06T22:30:07.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = 'e88b2b7a08322738c74b29c4ca538741f85a0b7f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473bef-1084-4b12-95d2-4017950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:07.000Z",
|
|
"modified": "2016-12-06T22:30:07.000Z",
|
|
"description": "Stegano exploit kit landing page",
|
|
"pattern": "[file:hashes.SHA1 = 'a388a2a241339489685cb4ad22eba9e04b72cd67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c02-f168-48e0-bc0b-4aac950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:26.000Z",
|
|
"modified": "2016-12-06T22:30:26.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '55309eae2b826a1409357306125631fdf2513ac5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c02-4368-4624-bda5-47b5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:26.000Z",
|
|
"modified": "2016-12-06T22:30:26.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '67799f80cef4a82a07efb3698627d7ae7e6101ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c02-8780-4472-9144-4dbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:26.000Z",
|
|
"modified": "2016-12-06T22:30:26.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '09425b3b8bf71ba12b1b740a001240cd43378a6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c03-cb64-4840-8a2e-4185950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:27.000Z",
|
|
"modified": "2016-12-06T22:30:27.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '4528736618bbb44a42388522481c1820d8494e37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c03-97d0-4249-8535-4826950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:27.000Z",
|
|
"modified": "2016-12-06T22:30:27.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = 'fe841df1acd15e32b4ffc046205caafd21ed2ab2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c03-eb80-47b3-afe0-4d78950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:27.000Z",
|
|
"modified": "2016-12-06T22:30:27.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '7be0a9387f8528ec185acc6b9573233d167df71b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c03-2e78-4f70-b901-42f4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:27.000Z",
|
|
"modified": "2016-12-06T22:30:27.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = 'a5bc07e8e223a0df3e7b45eefd69040486e47f27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c03-cf38-47bb-ba11-435f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:27.000Z",
|
|
"modified": "2016-12-06T22:30:27.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = 'ec326ba5cd406f656c3b26d4a5319daa26d4d5fe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c04-66f4-4c3a-b2ef-45dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:28.000Z",
|
|
"modified": "2016-12-06T22:30:28.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '3f1a5f624e0e974caa4f290116ce7908d360e981']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c04-fa08-4f7b-8a22-4db0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:28.000Z",
|
|
"modified": "2016-12-06T22:30:28.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '33f921c61d02e0758dcb0019c5f37a4d047c9ec7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c04-4fc4-4dc4-a1a8-4223950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:28.000Z",
|
|
"modified": "2016-12-06T22:30:28.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '2ff89048d39be75f327031f6d308ce1b5a512f73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c04-f410-468a-9f9e-4b9f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:28.000Z",
|
|
"modified": "2016-12-06T22:30:28.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '9a0d9ebc236df87788e4a3e16400eb8513743233']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c05-d584-4151-87c7-4ad7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:29.000Z",
|
|
"modified": "2016-12-06T22:30:29.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = 'f36c283b89c9f1b21a4ad3e384f54b0c8e7d417a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c05-6540-4b58-bc4a-4df8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:29.000Z",
|
|
"modified": "2016-12-06T22:30:29.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '17787879d550f11580c74da1ea36561a270e16f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c05-50ec-4c65-9df1-404e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:29.000Z",
|
|
"modified": "2016-12-06T22:30:29.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '9090db6731a8d49e8b2506087a261d857946a0eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c05-496c-4855-b04b-462f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:29.000Z",
|
|
"modified": "2016-12-06T22:30:29.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '45b3ee46ada9c842e65dcf235111ab81ef733f34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c05-329c-4019-889f-411d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:29.000Z",
|
|
"modified": "2016-12-06T22:30:29.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = 'f56a878ca094d461bdf0e5e0ceced5b9903db6e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c06-d9b0-40ff-9b8e-434a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:30.000Z",
|
|
"modified": "2016-12-06T22:30:30.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '6c74a357b932cf27d5634fd88aa593aef3a77672']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c06-bff8-454c-b836-4ea8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:30.000Z",
|
|
"modified": "2016-12-06T22:30:30.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '0c3c22b8aa461c7de4d68567eea4ae3cd8e4d845']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c06-99c8-498a-8d45-4fb1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:30.000Z",
|
|
"modified": "2016-12-06T22:30:30.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '5a5a015c378159e6dc3d7978dad8d04711d997f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c06-c3d4-408c-bfc4-4456950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:30.000Z",
|
|
"modified": "2016-12-06T22:30:30.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = 'b2473b3658c13831c62a85d1634b035bc7ebd515']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c06-0694-4173-85fb-43a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:30.000Z",
|
|
"modified": "2016-12-06T22:30:30.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '9638e1897b748d120149b94d596cec6a5d547067']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c07-3904-49e1-863f-4057950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:31.000Z",
|
|
"modified": "2016-12-06T22:30:31.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '0195c8c7b687dd4cbf2578ad3cb13cd2807f25cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c07-bda8-49fd-a372-4c15950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:31.000Z",
|
|
"modified": "2016-12-06T22:30:31.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = 'fec222095abd62fc7635e2c7fa226903c849c25c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c07-23fc-4953-a696-4111950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:31.000Z",
|
|
"modified": "2016-12-06T22:30:31.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '0fcb2b3ed16672a94cd003b4b53181b568e35912']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c07-a14c-414d-b35f-4682950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:31.000Z",
|
|
"modified": "2016-12-06T22:30:31.000Z",
|
|
"description": "banner.png with stegano",
|
|
"pattern": "[file:hashes.SHA1 = '03483e4039839f0807d7bec08090179e62dbcc60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c15-d8f0-4c51-85ca-4e6f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:30:45.000Z",
|
|
"modified": "2016-12-06T22:30:45.000Z",
|
|
"description": "Code from banner",
|
|
"pattern": "[file:hashes.SHA1 = 'a57971193b2ffff1137e083bfacfd694905f1a94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:30:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58473c27-ae2c-40b7-98d6-4494950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-06T22:31:03.000Z",
|
|
"modified": "2016-12-06T22:31:03.000Z",
|
|
"description": "countly.min.js",
|
|
"pattern": "[file:hashes.SHA1 = '24fa6490d207e06f22a67bc261c68f61b082acf8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-06T22:31:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |