adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/587e787d-c9f8-4132-9673-4d8402de0b81.json

643 lines
No EOL
28 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--587e787d-c9f8-4132-9673-4d8402de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:54.000Z",
"modified": "2017-01-17T20:12:54.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--587e787d-c9f8-4132-9673-4d8402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:54.000Z",
"modified": "2017-01-17T20:12:54.000Z",
"name": "OSINT - CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL",
"published": "2017-01-17T20:13:43Z",
"object_refs": [
"x-misp-attribute--587e789e-d278-42a1-aa6a-457e02de0b81",
"observed-data--587e78b8-05ac-41d3-88b0-4a4902de0b81",
"url--587e78b8-05ac-41d3-88b0-4a4902de0b81",
"indicator--587e7a5e-f1e8-4295-b5ce-473102de0b81",
"indicator--587e7a5f-6d14-4a0e-a94e-448802de0b81",
"indicator--587e7a60-99e8-4a1c-afdc-4cc302de0b81",
"indicator--587e7a72-c370-4b7e-853a-41bc02de0b81",
"indicator--587e7a72-963c-4a15-8a07-4c6102de0b81",
"indicator--587e7a73-7e5c-4fb3-b848-4ce002de0b81",
"indicator--587e7a81-f360-40d6-943b-42a502de0b81",
"indicator--587e7a82-9c50-4923-bc1e-460002de0b81",
"indicator--587e7a83-8088-4b4e-a146-43b102de0b81",
"indicator--587e7a90-1318-4655-bfb4-4bcf02de0b81",
"indicator--587e7a91-cfa8-4d57-8ff5-4e5602de0b81",
"indicator--587e7aa0-3a6c-4023-9e36-4c6402de0b81",
"indicator--587e7aa1-f6b4-4b0d-9e3c-400802de0b81",
"indicator--587e7ac6-6f94-4ab2-a39b-4d0802de0b81",
"indicator--587e7ac7-072c-4bb4-8650-46d702de0b81",
"observed-data--587e7ac7-3a78-4e9e-aa27-436a02de0b81",
"url--587e7ac7-3a78-4e9e-aa27-436a02de0b81",
"indicator--587e7ac8-81ac-4b8b-9a34-422c02de0b81",
"indicator--587e7ac9-c1ec-4401-bfc2-4def02de0b81",
"observed-data--587e7aca-6bc4-44dd-b72a-449b02de0b81",
"url--587e7aca-6bc4-44dd-b72a-449b02de0b81",
"indicator--587e7acb-41a4-481b-a177-42b702de0b81",
"indicator--587e7acc-5c98-4e6d-b6f3-4cf302de0b81",
"observed-data--587e7acc-e2d4-4795-abf7-4afb02de0b81",
"url--587e7acc-e2d4-4795-abf7-4afb02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Anunak\"",
"osint:source-type=\"blog-post\"",
"veris:actor:motive=\"Financial\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--587e789e-d278-42a1-aa6a-457e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:03:42.000Z",
"modified": "2017-01-17T20:03:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Forcepoint Security Labs\u00e2\u201e\u00a2 recently investigated a trojanized RTF document which we tied to the Carbank criminal gang. The document contains an encoded Visual Basic Script (VBScript) typical of previous Carbanak malware. Recent samples of the malware have now included the ability to use Google services for command-and-control (C&C) communication. We have notified Google of the abuse and are working with them to share additional information.\r\n\r\nCarbanak (also known as Anunak) are a group of financially motivated criminals first exposed in 2015. The actors typically steal from financial institutions using targeted malware. Recently a new Carbanak attack campaign dubbed \"Digital Plagiarist\" was exposed where the group used weaponized office documents hosted on mirrored domains, in order to distribute malware."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--587e78b8-05ac-41d3-88b0-4a4902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:04:08.000Z",
"modified": "2017-01-17T20:04:08.000Z",
"first_observed": "2017-01-17T20:04:08Z",
"last_observed": "2017-01-17T20:04:08Z",
"number_observed": 1,
"object_refs": [
"url--587e78b8-05ac-41d3-88b0-4a4902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--587e78b8-05ac-41d3-88b0-4a4902de0b81",
"value": "https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-command-and-control"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a5e-f1e8-4295-b5ce-473102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:11:10.000Z",
"modified": "2017-01-17T20:11:10.000Z",
"description": "3-ThompsonDan.rtf",
"pattern": "[file:hashes.SHA1 = '1ec48e5c0b88f4f850facc718bbdec9200e4bd2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:11:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a5f-6d14-4a0e-a94e-448802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:11:11.000Z",
"modified": "2017-01-17T20:11:11.000Z",
"description": "order.docx",
"pattern": "[file:hashes.SHA1 = '400f02249ba29a19ad261373e6ff3488646e95fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:11:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a60-99e8-4a1c-afdc-4cc302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:11:12.000Z",
"modified": "2017-01-17T20:11:12.000Z",
"description": "claim.rtf",
"pattern": "[file:hashes.SHA1 = '88f9bf3d6e767f1d324632b998051f4730f011c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:11:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a72-c370-4b7e-853a-41bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:11:30.000Z",
"modified": "2017-01-17T20:11:30.000Z",
"description": "Carbanak Google Apps Script C&Cs",
"pattern": "[url:value = 'https://script.google.com/macros/s/AKfycbzuykcvX7j3TlBNyQfxtB1mqii31b4VTON640yiRJT0t6rS4s4/exec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:11:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a72-963c-4a15-8a07-4c6102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:11:30.000Z",
"modified": "2017-01-17T20:11:30.000Z",
"description": "Carbanak Google Apps Script C&Cs",
"pattern": "[url:value = 'https://script.google.com/macros/s/AKfycbxxx5DHr0F8AYhLuDjnp7kGNELq6g27J4c_JWWx1p1nDfZh6InO/exec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:11:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a73-7e5c-4fb3-b848-4ce002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:11:31.000Z",
"modified": "2017-01-17T20:11:31.000Z",
"description": "Carbanak Google Apps Script C&Cs",
"pattern": "[url:value = 'https://script.google.com/macros/s/AKfycbwZHCgg5EsCiPup_mNxDbSX7k7yBMeXWenOVN1BWXHmyBpb8ng/exec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:11:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a81-f360-40d6-943b-42a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:11:45.000Z",
"modified": "2017-01-17T20:11:45.000Z",
"description": "Carbanak Google Forms C&Cs",
"pattern": "[url:value = 'https://docs.google.com/forms/d/e/1FAIpQLScx9gwNadC7Vjo11mXLbU3aBQRrqVpoWjmNJ1ZneqpjaYLE3g/formResponse']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:11:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a82-9c50-4923-bc1e-460002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:11:46.000Z",
"modified": "2017-01-17T20:11:46.000Z",
"description": "Carbanak Google Forms C&Cs",
"pattern": "[url:value = 'https://docs.google.com/forms/d/e/1FAIpQLSfE9kshYBFSDAfRclW8m9rAdajqoYhzhEYmEAgZexE3LQ-17A/formResponse']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:11:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a83-8088-4b4e-a146-43b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:11:47.000Z",
"modified": "2017-01-17T20:11:47.000Z",
"description": "Carbanak Google Forms C&Cs",
"pattern": "[url:value = 'https://docs.google.com/forms/d/e/1FAIpQLSdcdE7lTEiqV5MW3Up8Hgcy5NGkIKnLKoe0YPFriD4_9qYq9A/formResponse']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:11:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a90-1318-4655-bfb4-4bcf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:00.000Z",
"modified": "2017-01-17T20:12:00.000Z",
"description": "Carbanak C&Cs",
"pattern": "[url:value = 'http://atlantis-bahamas.com/css/informs.jsp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:12:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7a91-cfa8-4d57-8ff5-4e5602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:01.000Z",
"modified": "2017-01-17T20:12:01.000Z",
"description": "Carbanak C&Cs",
"pattern": "[url:value = 'http://138.201.44.4/informs.jsp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:12:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7aa0-3a6c-4023-9e36-4c6402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:16.000Z",
"modified": "2017-01-17T20:12:16.000Z",
"description": "Carbanak Cobalt Strike / Meterpreter DNS Beacon C&Cs",
"pattern": "[domain-name:value = 'aaa.stage.15594901.en.onokder.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:12:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7aa1-f6b4-4b0d-9e3c-400802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:17.000Z",
"modified": "2017-01-17T20:12:17.000Z",
"description": "Carbanak Cobalt Strike / Meterpreter DNS Beacon C&Cs",
"pattern": "[domain-name:value = 'aaa.stage.4710846.ns3.kiposerd.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:12:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7ac6-6f94-4ab2-a39b-4d0802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:54.000Z",
"modified": "2017-01-17T20:12:54.000Z",
"description": "3-ThompsonDan.rtf - Xchecked via VT: 1ec48e5c0b88f4f850facc718bbdec9200e4bd2d",
"pattern": "[file:hashes.SHA256 = '7db1b8fd3ca8edbcb25a3849bad0182ea0b840e3cabc53c30b74af070d3ba247']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:12:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7ac7-072c-4bb4-8650-46d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:55.000Z",
"modified": "2017-01-17T20:12:55.000Z",
"description": "3-ThompsonDan.rtf - Xchecked via VT: 1ec48e5c0b88f4f850facc718bbdec9200e4bd2d",
"pattern": "[file:hashes.MD5 = '4b783bd0bd7fcf880ca75359d9fc4da6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:12:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--587e7ac7-3a78-4e9e-aa27-436a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:55.000Z",
"modified": "2017-01-17T20:12:55.000Z",
"first_observed": "2017-01-17T20:12:55Z",
"last_observed": "2017-01-17T20:12:55Z",
"number_observed": 1,
"object_refs": [
"url--587e7ac7-3a78-4e9e-aa27-436a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--587e7ac7-3a78-4e9e-aa27-436a02de0b81",
"value": "https://www.virustotal.com/file/7db1b8fd3ca8edbcb25a3849bad0182ea0b840e3cabc53c30b74af070d3ba247/analysis/1483977881/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7ac8-81ac-4b8b-9a34-422c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:56.000Z",
"modified": "2017-01-17T20:12:56.000Z",
"description": "order.docx - Xchecked via VT: 400f02249ba29a19ad261373e6ff3488646e95fb",
"pattern": "[file:hashes.SHA256 = 'c9f3e017b921c3d90127b25ef2f0c770a7fcbb429177284115ad18569ba4a441']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:12:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7ac9-c1ec-4401-bfc2-4def02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:57.000Z",
"modified": "2017-01-17T20:12:57.000Z",
"description": "order.docx - Xchecked via VT: 400f02249ba29a19ad261373e6ff3488646e95fb",
"pattern": "[file:hashes.MD5 = 'ae8404ad422e92b1be7561c418c35fb7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--587e7aca-6bc4-44dd-b72a-449b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:58.000Z",
"modified": "2017-01-17T20:12:58.000Z",
"first_observed": "2017-01-17T20:12:58Z",
"last_observed": "2017-01-17T20:12:58Z",
"number_observed": 1,
"object_refs": [
"url--587e7aca-6bc4-44dd-b72a-449b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--587e7aca-6bc4-44dd-b72a-449b02de0b81",
"value": "https://www.virustotal.com/file/c9f3e017b921c3d90127b25ef2f0c770a7fcbb429177284115ad18569ba4a441/analysis/1484193729/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7acb-41a4-481b-a177-42b702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:12:59.000Z",
"modified": "2017-01-17T20:12:59.000Z",
"description": "claim.rtf - Xchecked via VT: 88f9bf3d6e767f1d324632b998051f4730f011c3",
"pattern": "[file:hashes.SHA256 = '5c431c3c66b6dde35ffd528edca614b8b00ba7026714f431af8200f13098665f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:12:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587e7acc-5c98-4e6d-b6f3-4cf302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:13:00.000Z",
"modified": "2017-01-17T20:13:00.000Z",
"description": "claim.rtf - Xchecked via VT: 88f9bf3d6e767f1d324632b998051f4730f011c3",
"pattern": "[file:hashes.MD5 = 'af53db730732aa7db5fdd45ebba34b94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-17T20:13:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--587e7acc-e2d4-4795-abf7-4afb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-17T20:13:00.000Z",
"modified": "2017-01-17T20:13:00.000Z",
"first_observed": "2017-01-17T20:13:00Z",
"last_observed": "2017-01-17T20:13:00Z",
"number_observed": 1,
"object_refs": [
"url--587e7acc-e2d4-4795-abf7-4afb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--587e7acc-e2d4-4795-abf7-4afb02de0b81",
"value": "https://www.virustotal.com/file/5c431c3c66b6dde35ffd528edca614b8b00ba7026714f431af8200f13098665f/analysis/1483178982/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink